Posts Tagged: Vbulletin 3.0


22
Jun 11

Antichat Hacker Forum Breach Reveals Weak Passwords

Ordinary Internet users frequently are scolded for choosing weak, easily-guessed passwords. New research suggests that hackers in the cyber underground are also likely to pick lame passwords for their favorite online forums.

Last month, KrebsOnSecurity was sent a massive database file that the source said was the user database of Antichat.ru, a Russian language hacker forum that has attracted more than 41,000 users since its founding nearly a decade ago. By matching the user names in the database with those listed in the public pages of the forum, I discovered that I’d been given a snapshot of all Antichat user information and private messages prior to June 2010, when Antichat.ru apparently experienced a forum compromise.

I wanted to match the Antichat user names, associated email and ICQ addresses with those of other forums for which I’ve collected user databases. I also wanted to see how many of the passwords were easily crackable. To do this, I enlisted the help of an anti-spam source that has access to some serious hardware and software capable of cracking thousands of passwords per hour.

More than 18,000 of the 41,037 passwords in the database were crackable within a few days. 4,500 passwords were used by five or more individual users.

The most easily-guessed passwords were six characters long or less, and 75 percent of the top 20 most common simple passwords were uncomplicated number strings. More than three percent of Antichat users whose passwords were cracked (567) picked one of the simplest passwords, “123456”; 1.77 percent (322) chose “111111”; Just over 1 percent selected “123123”. Another 196 users opted for “qwerty,” a common meme easily typed from left to right across a keyboard. Sixty-five Antichat users picked a single-character password: “0.”

Although nearly half of the Antichat user passwords were crackable, the passwords aren’t useful for gaining access to Antichat user accounts: Forum administrators have changed the site’s login process to automatically tie the user’s credentials to his or her Internet address. However, the Internet address data tied to each account may be of interest to law enforcement investigators.

Continue reading →