Hack Forums

In June 2011, the hacktivist group LulzSec, as part of a campaign titled "50 days of lulz", breached Hack Forums and released the data they obtained. The leaked data included credentials and personal information of nearly 200,000 registered users.{{Cite web|url=https://haveibeenpwned.com/PwnedWebsites|title=Have I Been Pwned: Pwned websites|website=haveibeenpwned.com|access-date=11 July 2018|archive-url=https://web.archive.org/web/20151003211856/https://haveibeenpwned.com/PwnedWebsites|archive-date=3 October 2015|url-status=dead}}

On 27 August 2014, Hack Forums was hacked with a defacement message by an Egyptian hacker, using the online handle "Eg-R1z".{{Cite news |last=Wei |first=Wang |date=2014-08-28 |title=Popular Hackforums Website Defaced by Egyptian Hacker |url=https://thehackernews.com/2014/08/popular-hackforums-website-defaced-by_27.html |url-status=live |archive-url=https://web.archive.org/web/20180713142856/https://thehackernews.com/2014/08/popular-hackforums-website-defaced-by_27.html |archive-date=13 July 2018 |access-date=2 June 2018 |work=The Hacker News}}{{Cite news|url=http://www.cyberkendra.com/2014/08/hackforumsnet-hacked-and-deface-by.html|title=HackForums.net hacked and deface by Egyptian hacker|last=Gurung|first=Vivek|work=Cyber Kendra - Hacking News and Tech Updates|access-date=2018-07-13|language=en-US|archive-url=https://web.archive.org/web/20180713173104/http://www.cyberkendra.com/2014/08/hackforumsnet-hacked-and-deface-by.html|archive-date=13 July 2018|url-status=live}}

On 26 July 2016, Hack Forums administrator ("Omniscient") warned its users of a security breach.{{Cite news|url=https://www.ibtimes.co.uk/hackforums-investigating-possible-account-security-compromise-1558246|title=HackForums may have just been hacked|last=Murdock|first=Jason|date=4 May 2016|work=International Business Times UK|access-date=3 June 2018|archive-url=https://web.archive.org/web/20180712001200/https://www.ibtimes.co.uk/hackforums-investigating-possible-account-security-compromise-1558246|archive-date=12 July 2018|url-status=live}} In an e-mail he suggested users to change their passwords and enable 2FA.{{Cite news|url=https://twitter.com/troyhunt/status/727852007747366912|title=Troy Hunt on Twitter|work=Twitter|access-date=3 June 2018}}{{Cite web |last=Murdock |first=Jason |date=2016-05-04 |title=HackForums may have just been hacked |url=https://www.ibtimes.co.uk/hackforums-investigating-possible-account-security-compromise-1558246 |access-date=2025-05-08 |website=International Business Times UK |language=en}}

According to a press release from the United States Department of Justice, Zachary Shames developed a keylogger in 2013 that allowed users to steal sensitive information, including passwords and banking credentials, from a victim's computer. Shames developed the keylogger known as "Limitless Logger Pro", which was sold for $35 on Hack Forums.{{Cite news|url=https://thehackernews.com/2017/01/limitless-keylogger-pro.html|title=Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger|last=Khandelwal|first=Swati|work=The Hacker News|access-date=2 June 2018|archive-url=https://web.archive.org/web/20180707034124/https://thehackernews.com/2017/01/limitless-keylogger-pro.html|archive-date=7 July 2018|url-status=live}}{{Cite news|url=https://www.vice.com/en/article/student-hacker-faces-10-years-in-prison-for-spyware-that-hit-16000-computers/|title=Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers|date=13 January 2017|work=Motherboard|access-date=3 June 2018|archive-url=https://web.archive.org/web/20180707005952/https://motherboard.vice.com/en_us/article/aek9yj/student-hacker-faces-10-years-in-prison-for-spyware-that-hit-16000-computers|archive-date=7 July 2018|url-status=live}}{{Cite web|url=https://www.vice.com/en/article/student-hacker-faces-10-years-in-prison-for-spyware-that-hit-16000-computers/|title=Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers|last=Franceschi-Bicchierai|first=Lorenzo|date=2017-01-13|website=Vice|language=en-US|access-date=2019-08-14|archive-url=https://web.archive.org/web/20190814121350/https://www.vice.com/en_us/article/aek9yj/student-hacker-faces-10-years-in-prison-for-spyware-that-hit-16000-computers|archive-date=14 August 2019|url-status=live}}

On 12 August 2013, hackers used SSH brute-force to mass target Linux systems with weak passwords. The tools used by hackers were then later posted on Hack Forums.{{Cite news|url=https://www.bleepingcomputer.com/news/linux/psa-improperly-secured-linux-servers-targeted-with-chaos-backdoor/|title=PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor|work=BleepingComputer|access-date=2018-07-21|language=en-us|archive-url=https://web.archive.org/web/20180223125508/https://www.bleepingcomputer.com/news/linux/psa-improperly-secured-linux-servers-targeted-with-chaos-backdoor/|archive-date=23 February 2018|url-status=live}}

On 15 May 2014, the FBI targeted customers of a popular Remote Administration Tool (RAT) called 'Blackshades'.{{Cite news |last=Finkle |first=Jim |last2=Menn |first2=Joseph |date=2014-05-15 |title=FBI plans cyber crime crackdown, arrests coming in weeks |url=https://www.reuters.com/article/us-cyber-summit-fbi/fbi-plans-cyber-crime-crackdown-arrests-coming-in-weeks-idUSBREA4D0UP20140514 |url-status=live |archive-url=https://web.archive.org/web/20180713141628/https://www.reuters.com/article/us-cyber-summit-fbi/fbi-plans-cyber-crime-crackdown-arrests-coming-in-weeks-idUSBREA4D0UP20140514 |archive-date=13 July 2018 |access-date=2 June 2018 |publisher=Reuters}} Blackshades RAT was malware created and sold on Hack Forums.

On 14 January 2016, the developer of the MegalodonHTTP Botnet was arrested. MegalodonHTTP included a number of features as "Binary downloading and executing", "Distributed Denial of service (DDoS) attack methods", "Remote Shell", "Antivirus Disabling", "Crypto miner for Bitcoin, Litecoin, Omnicoin and Dogecoin". The malware was sold on Hack Forums.{{Cite news |last=Khandelwal |first=Swati |date=2016-01-15 |title=Creator of MegalodonHTTP DDoS Botnet Arrested |url=https://thehackernews.com/2016/01/MegalodonHTTP-DDoS-Botnet.html |url-status=live |archive-url=https://web.archive.org/web/20180707034555/https://thehackernews.com/2016/01/MegalodonHTTP-DDoS-Botnet.html |archive-date=7 July 2018 |access-date=2 June 2018 |work=The Hacker News}}

On 22 September 2016, many major websites were forced offline after being hit with “Mirai”, a malware that targeted unsecured Internet of Things (IoT) devices.{{cite web|url=https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/|title=Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security|website=krebsonsecurity.com|access-date=2 June 2018|archive-url=https://web.archive.org/web/20170122013744/https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/|archive-date=22 January 2017|url-status=dead}} The source code for Mirai was published on Hack Forums as open-source.{{Cite news|url=https://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained|title=How an army of vulnerable gadgets took down the web today|work=The Verge|access-date=2 June 2018|archive-url=https://web.archive.org/web/20161116151137/http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained|archive-date=16 November 2016|url-status=live}} In response, on 26 October 2016, Omniscient, the administrator of Hack Forums, removed the DDoS-for-Hire section from the forum permanently.{{Cite news |last=Cimpanu |first=Catalin |date=2016-10-30 |title=The Internet's Biggest Hacking Forum Removes Its DDoS-for-Hire Section |url=https://news.softpedia.com/news/the-internet-s-biggest-hacking-forum-removes-its-ddos-for-hire-section-509810.shtml |url-status=live |archive-url=https://web.archive.org/web/20180707011113/https://news.softpedia.com/news/the-internet-s-biggest-hacking-forum-removes-its-ddos-for-hire-section-509810.shtml |archive-date=7 July 2018 |access-date=3 June 2018 |work=Softpedia}}{{Cite news |last=Kan |first=Michael |date=2016-10-31 |title=Hacking forum cuts section allegedly linked to DDoS attacks |url=https://www.computerworld.com/article/3136202/security/hacking-forum-cuts-section-allegedly-linked-to-ddos-attacks.html |url-status=live |archive-url=https://web.archive.org/web/20180707010302/https://www.computerworld.com/article/3136202/security/hacking-forum-cuts-section-allegedly-linked-to-ddos-attacks.html |archive-date=7 July 2018 |access-date=26 June 2018 |work=Computerworld}}{{Cite news|url=https://www.hackread.com/hackforums-deletes-server-stress-testing-ddos-dyn/|title=HackForums delete "Server Stress Testing" amidst links with Dyn DDoS Attack|last=Waqas|date=2016-10-29|work=HackRead|access-date=2018-07-13|language=en-US|archive-url=https://web.archive.org/web/20180713165853/https://www.hackread.com/hackforums-deletes-server-stress-testing-ddos-dyn/|archive-date=13 July 2018|url-status=live}}

On 21 October 2016, popular websites, including Twitter, Amazon, Netflix, were taken down by a distributed denial-of-service attack. Researchers claimed that the attack was stemmed from contributors on Hack Forums.{{Cite news |last=Powell |first=Austin |date=16 November 2016 |title=Internet Experts Issue Dire Warning to Government about the Internet of Things |url=https://www.dailydot.com/layer8/internet-of-things-committee-security/ |url-status=live |archive-url=https://web.archive.org/web/20180713143318/https://www.dailydot.com/layer8/internet-of-things-committee-security/ |archive-date=13 July 2018 |access-date=3 June 2018 |work=The Daily Dot}}

On Monday, 26 February 2018, Agence France-Presse (AFP) reported{{Cite news|url=https://ph.news.yahoo.com/ukraine-arrests-avalanche-cybercrime-organiser-police-102908616.html|title=Ukraine arrests 'Avalanche' cybercrime organiser: police|access-date=2 June 2018|archive-url=https://web.archive.org/web/20180707010523/https://ph.news.yahoo.com/ukraine-arrests-avalanche-cybercrime-organiser-police-102908616.html|archive-date=7 July 2018|url-status=live}} that Ukrainian authorities had collared Avalanche cybercrime organizer Gennady Kapkanov, who was allegedly living under a fake passport in Poltava, a city in central Ukraine. He marketed the Remote Administration Tool (NanoCore RAT) and another software licensing program called Net Seal exclusively on Hack Forums.{{cite web |last=Krebs |first=Brian |author-link=Brian Krebs |date=27 February 2018 |title=Bot Roundup: Avalanche, Kronos, NanoCore |url=https://krebsonsecurity.com/2018/02/bot-roundup-avalanche-kronos-nanocore/ |url-status=live |archive-url=https://web.archive.org/web/20180608173533/https://krebsonsecurity.com/2018/02/bot-roundup-avalanche-kronos-nanocore/ |archive-date=8 June 2018 |access-date=2 June 2018 |website=Krebs on Security}} Earlier, in December 2016, the FBI had arrested Taylor Huddleston, the programmer who created NanoCore and announced it first on Hack Forums.{{Cite news|url=https://www.thedailybeast.com/articles/2017/03/31/fbi-arrests-hacker-who-hacked-no-one|title=FBI Arrests Hacker Who Hacked No One|last=Poulsen|first=Kevin|date=31 March 2017|work=The Daily Beast|access-date=26 June 2018|archive-url=https://web.archive.org/web/20170531145400/http://www.thedailybeast.com/articles/2017/03/31/fbi-arrests-hacker-who-hacked-no-one|archive-date=31 May 2017|url-status=live}}

On 31 August 2018, several users on Hack Forums claimed to have received an e-mail from Google informing them that the FBI demanded the release of user data linked to the LuminosityLink malware sold on Hack Forums.{{Cite news |last=Franceschi-Bicchierai |first=Lorenzo |date=2018-09-04 |title=Google Notifies People Targeted by Secret FBI Investigation |url=https://www.vice.com/en/article/google-email-secret-fbi-investigation/ |url-status=live |archive-url=https://web.archive.org/web/20180922063658/https://motherboard.vice.com/en_us/article/pawjjn/google-email-secret-fbi-investigation |archive-date=22 September 2018 |access-date=2018-09-22 |work=Vice |language=en-us}}

On 29 October 2018, Vice Media reported that Saud Al-Qahtani, advisor to Crown Prince Mohammed bin Salman of Saudi Arabia and one of the alleged masterminds behind the assassination of Jamal Khashoggi, was heavily active on Hack Forums for many years under the username Nokia2mon2, requesting assistance in hacking victims and purchasing malicious surveillance software. There were rumours among users of Hack Forums that Nokia2mon2 was connected to the government of Saudi Arabia and he was using the website as a resource to perform espionage on journalists, foreigners, and dissidents.{{Cite news |last=Franceschi-Bicchierai |first=Lorenzo |date=2018-10-29 |title=How 'Mr. Hashtag' Helped Saudi Arabia Spy on Dissidents |url=https://www.vice.com/en/article/saud-al-qahtani-saudi-arabia-hacking-team/ |access-date=2025-04-15 |work=Vice}}

According to CyberScoop's Patrick Howell O'Neill, "The forum caters mostly to a young audience who are curious and occasionally malicious, but still learning... Furthermore, HackForums is the kind of internet community that can seem impenetrable, even incomprehensible, to outsiders. It has a reputation for being populated by trolls: chaos-driven children and brazen criminal activity."

Cybersecurity journalist Brian Krebs described HackForums as "a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another."

Allison Nixon, Director of Security Research at Flashpoint, compared the activity on HackForums to that of real-world street gangs, stating: {{blockquote|You have a bunch of kids, not a lot of adults, and some people have their own predispositions, and sometimes there is not a lot of guidance to steer that in a productive direction. You see gangs end up forming. There are these online street gangs so to speak, some of them can get pretty destructive in the same way you have violent street gangs in a neighborhood. The individuals themselves may become part of such a gang in order to get a sense of community, a sense of safety, or perhaps something to do because they’re bored. It seems like there’s a lot of parallels.}}

• BlackHatWorld
• BreachForums
• Dark0de
• Hydra Market
• Nulled
• OGUsers
• RaidForums
• ShinyHunters

{{Reflist}}

• [https://hackforums.net/ Official website]

Category:Crime forums

Category:Hacker culture

Category:Hacking (computer security)