{"id":6418,"date":"2017-01-27T14:30:28","date_gmt":"2017-01-27T22:30:28","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/27\/news-255\/"},"modified":"2017-01-27T14:30:28","modified_gmt":"2017-01-27T22:30:28","slug":"news-255","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/27\/news-255\/","title":{"rendered":"LeakedSource's shutdown deals a blow to amateur hackers"},"content":{"rendered":"

<\/p>\n

Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that\u2019s been accused of doing more harm than good.<\/p>\n

U.S. law enforcement has\u00a0allegedly<\/a> confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next. \u00a0<\/p>\n

\u201cAll the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,\u201d wrote<\/a> one user on HackForums.net.<\/p>\n

LeakedSource had functioned as a giant repository with more than 3 billion internet accounts — all of which had been compiled from stolen databases, taken from the likes of LinkedIn, MySpace, and Dropbox. For as little as US$2 a day, anyone could use the site to look up password and other login information.<\/p>\n

That made it particularly popular<\/a> with users on HackForums.net, a site filled with discussion on hacking techniques often by amateurs known as \u201cscript kiddies.\u201d<\/p>\n

But whether the FBI really shut down LeakedSource is still unclear. The site itself has been offline and its operators have been mum on Twitter and through email.<\/p>\n

In addition, the U.S. Department of Justice has declined to comment.<\/p>\n

Nevertheless, experts in data breach notification said the situation with LeakedSource was inevitable.<\/p>\n

\u201cThey weren\u2019t handling the data ethically or responsibly,\u201d said a data collector who goes by the name Keen. He runs a separate notification site at Vigilante.pw<\/a> that tries to warn<\/a> the public about the latest data breaches.<\/p>\n

But unlike LeakedSource, he doesn\u2019t make the data searchable or post any sensitive user information. Nor does he buy stolen records obtained by hackers. \u00a0\u00a0<\/p>\n

The same can\u2019t be said of LeakedSource, he claimed.<\/p>\n

\u201cThey would always say things like \u2018the data is publicly available,\u2019\u201d Keen said. \u00a0\u201cBut most of the data was not publicly available. They were straight up buying it from hackers.\u201d<\/p>\n

He suspects this was the case with the December\u00a0data breach<\/a> at E-Sports Entertainment Association (ESEA) that involved a hacker seeking a $100,000 ransom. LeakedSource managed to receive the stolen database, which Keen found odd.<\/p>\n

\u201cThey posted … on Twitter that ESEA\u2019s database got leaked online,\u201d Keen said. \u201cThat\u2019s not true, because nobody had it, apart from them and the hacker.\u201d<\/p>\n

Troy Hunt, an Australian software architect who runs a separate breach monitoring service,<\/a> also approved of LeakedSource\u2019s apparent shutdown.<\/p>\n

In a Friday blog post<\/a>, he wrote that LeakedSource even had searchable information on his internet accounts.<\/p>\n

\u201cI see a lot of data breaches in my travels but I was still shocked to see my own personal information sold in this way,\u201d he wrote. \u201cMy birth date. My IP address. My password hashes.\u201d<\/p>\n

There was also \u201cnever any doubt\u201d the service was being used for malicious purposes, Hunt said. He posted screenshots of Twitter users saying they had used LeakedSource for hacking activities.<\/p>\n

Others online have wondered if LeakedSource\u2019s apparent closure is a publicity stunt, but Keen disagrees.<\/p>\n

\u201cIt\u2019s not positive publicity,\u201d he said. \u201cBecause it is leaving their customers scared and frustrated.\u201d<\/p>\n

Users on HackForums are already looking for alternatives. One alternative talked about has been LeakBase.pw<\/a>, a site that offers similar services.\u00a0<\/p>\n

However, the operators of LeakBase want to avoid any federal investigation.<\/p>\n

“If the government genuinely considers our service a threat we will have to shut down as well,” the service said in a Twitter message. “Our team has no intention of breaking the law.”<\/p>\n

The service is adding new features and policies to help reduce possible user abuse. “We want to keep offering a service where anyone can search their own data,” it said. “After all, the data is already in the hands of many hackers.”<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that\u2019s been accused of doing more harm than good.<\/p>\n

U.S. law enforcement has\u00a0allegedly<\/a> confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next. \u00a0<\/p>\n

\u201cAll the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,\u201d wrote<\/a> one user on HackForums.net.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-6418","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6418"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6418\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6418"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}