14 DAY TRIAL // An unidentified individual has exposed the members of a Pakistani carding forum called PakBugs after hacking into the website. The vigilante posted a file containing usernames, hashed passwords and e-mail addresses belonging to the forum's registered users on the Full Disclosure mailing list.
According to Mikko Hyppönen, chief research officer at antivirus vendor F-Secure, PakBugs "was one of those 'underground' forums where people discuss hacking techniques and sell malware code, bank logins and stolen credit card numbers." However, the site has experienced significant downtimes since last week, after someone exposed its complete userlist online.
The problems for the hackers frequenting PakBugs started on September 12, when an individual's vendetta against it culminated with a full disclosure of the accounts registered on the website. The previously unknown vigilante, identified only by a live.com e-mail account called "catch.them," motivated his actions by claiming that he wanted to assist the authorities.
"As you may know these are mostly based in Pakistan involved in illegal activities which include carding, hacking, cracking, etc.. I am including this list of their users for law enforcement agencies to investigate and take action where necessary. Currently their site is hosted in pacificrack.com's server," he wrote in the message to the Full Disclosure mailing list.
The attached HTML file contained the usernames and passwords. The passwords are hashed and apparently salted, however, the "salt" (random bits) used to secure each of the hash was also provided, making them potentially vulnerable to brute-force attacks using pre-encrypted dictionary entries. The e-mail addresses associated with the accounts were also disclosed and most of them were from free e-mail providers such as Gmail, Hotmail, Live, AOL or Yahoo, which means that the authorities can relatively easily obtain the access logs.
The vigilante ended his e-mail with a manifesto that read, "WAR Against Cyber Crime. Catch Them If you can." However, even though this might suggest some strong sense of civic duty or justice, there is also the possibility that he is a rival hacker who wanted to harm the PakBugs crew for personal reasons. After all, security researchers and white hat hackers generally follow a code of ethics that doesn't involve breaking the law to reach their goals.