December 25, 2010

Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are exploit database exploit-db.org and backtrack-linux.org, the home of Backtrack, an open source “live CD” distribution of Linux.

The hacks were detailed in the second edition of “Owned and Exposed,” an ezine whose first edition in May included the internal database and thousands of stolen credit card numbers and passwords from Carders.cc. The Christmas version of the ezine doesn’t feature credit card numbers, but it does list the user names and hashed passwords of the carders.cc forum administrators. The carders.cc forum itself appears to be down at the moment.

Mati Aharoni, the main administrator for both exploit-db.org and backtrack-linux.org, confirmed that the hacks against his sites were legitimate. Shortly after my e-mail, Aharoni replied with a link to a short statement, noting that a hacking team called inj3ct0r initially took credit for the attack, only to find itself also targeted and shamed in this edition of Owned and Exposed.

“There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion,” Aharoni wrote. “Initially, the inj3ct0r team took ‘creds’ for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. As a wise Chinese man once said: ‘do not anger one who has shell on your server’. The zine also mentioned other sites, as well as the ettercap project being backdoored.”

To his credit, Aharoni posted a link to the 2nd edition of Owned and Exposed.

“The irony of posting your zine in our papers section is not lost on us,” Aharoni wrote.

Update 10:40 p.m. ET: An earlier version of this blog post incorrectly identified one of the hacked domains as linux-exploit.org. The blog post above has been corrected. My apologies for the confusion.


29 thoughts on “Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked

      1. Alex

        Спасибо. Вас также.
        Вообще, я атеист и анархо-коммунист, как я уже здесь писал. Хотя и в меру толерантен.

        1. JCitizen

          Христианский себя, рад тебя знаю!

          1. AlphaCentauri

            I think that in the East, Christmas is more of a religious holiday than in the West, where there is family celebration, feasting, and exchange of gifts on that day. The churches in the West struggle to remind people that there is a religious basis to Christmas. People who never attend church any other day of the year celebrate Christmas here.

        2. Anyone

          Я также не христианин, но не нужно быть христианином, чтобы отметить языческий праздник. Брайан, с другой стороны, я считаю, это не атеист.

      1. Anyone

        Hi Brian,
        You might want to reconsider your file format and go with plain text, tsv, csv, whatever – rtf invites ghosts of MS Word and is hell on your non-Windows readers. Have a happy holiday, though, now! 😛

        PS: I think you may like them because they give you shouts…

          1. Anyone

            PS: By invites ghosts of it, I was referring to the fact that any of your readers who use Windows, if given that file to open, would have it open in Word or at least some sort of interpretive application — it just would not be seen as ‘text’, and is therefore a little bit misleading. Not to nitpick. Personally I use Linux and BSD and strings destroys formatting. 🙂

        1. F-3000

          Brian already replied to this, but I’ll point out further.

          .rtf is default format for Mac OS X’s basic text editor.

        2. drzaiusapelord

          RTF is fine. Its an old format from the 1980s that everything can read. It sure beats PDF when you need to copy and paste large parts or do editing.

          1. F-3000

            @Mike:
            So it’s fault of the text-format, if certain programs can be used for malicious purposes thru it?

            Almost as if saying that xhtml is evil just because IE can be exploited with it. (I wouldn’t be suprised if that would actually be true)

  1. Anyone

    BTW I think you forgot to change your hashtag along with the correction. 🙂

    I now return to lurking. Sorry for deluge.

  2. Sean

    Hey Brian, Happy holidays to you and your family, and best wishes for the new year.

  3. Bri

    The Owned and Exposed crew just did everyone a favor by revealing the fact Inj3ct0r is indeed sharing credit card information… I hope the law enforcement folks are doing something about that.

    1. Barakat

      Thank you sir for the reply 🙂

      I just wanted to know how they are?
      Because it’s the first time that I hear about them and
      when I googled I found nothing about them.

  4. internetspecialist

    THE happy ninjas are just some kids that have no responsibility on 0days.I say that cause they just want a little fame with hacking ettercap lol.Carders.cc/free-hack..Same shit. But hacking sites like ettercap (white hats)Shows what kids they are.In 1year they find 1exploit and they try to hack much famous sites as possible.So kids pls go die!

  5. Huu

    We are ethical hackers and here to help not make money, we only charge because of the cost,time and effort involved in the services and products we offer.
    I Sell Many More Stuffs For Sell Here I Am Honest And Good In Deals Has Well In True,Be Patient I have Any Delays. I Do All So Fast How We Can. We Thank For Your Understanding.For Demo For Free And For Sample If You Want You Will Have 1 Cc For Test If Good ,Please Deal More Time I Dont Want See Ripper Or Scammer

    CONTACT ME:
    —————————————-
    Yahoo Mail: Bian_lien30

    Email: Bian_lien30@yahoo.com

    Icq: 568983850

  6. Y@KhOo

    wich You All the best
    We love read Your blog
    Bonne annee
    et bonne continuation

Comments are closed.