Archives For HackBB

hackbb heist

A story about how the popular hacking and fraud forum HackBB was taken down twice this year:

Before he gutted and nearly destroyed one of the most influential criminal markets on the Internet, a man using the nickname Boneless published a detailed guide on the art of disappearing.

“I have some experience in this area,” he wrote, detailing how fugitives should best go about buying phony passports, dodging cops, and keeping their stories straight.

The guide was just one of many contributions Boneless made to HackBB, a popular destination on the Deep Web, a group of sites that sit hidden behind walls of encryption and anonymity. Back in 2012, the forum was a top destination for buying stolen credit cards, skimming ATMs, and hacking anything from personal computers to server hardware. And thanks to Tor’s anonymizing software, members were shielded from the ire of law enforcement around the globe. It was one of the safest and most popular places on the Deep Web to break the law.

Then one day in March, HackBB simply vanished, its databases destroyed. One user likened the events to burning a city—its library, market, bank, and entire community—to the ground. It wasn’t hard to guess who’d done it. A few days earlier, Boneless had disappeared—and with him, a serious chunk of the market’s sizable hoards of money.

Read more at the Daily Dot.

In 2012, HackBB was far and away the most popular hacking, fraud and carding forum on Tor. All good things come to an end: 2013 had been a whole lot less kind to the famous forum.

HackBB has been hacked and wiped twice so far this year. The first hack on March 22, 2013 took place when a moderator’s account was compromised. Through that account, the hacker gained greater access and was eventually able to access the site’s database. He attempted to delete it.

A post quickly went up on Silk Road discussing the attack:

The hacker has been exploiting people’s PMs, and using whatever info he gleaned from them to try to extort money.  If anything, it’s a lesson in deleting your PMs on the regular.

Others took it as a reminder to always use PGP in illicit communications.

The second hack took place on May 15, 2013. Here’s site owner Optimus Crime addressing the issue:

Just to update everyone the site was hacked again. Other user permissions were set for separate accounts during the last hack that I overlooked (sound familiar?) which gave the attacker enough leverage to get back into ACP. I have removed permissions and closed all compromised accounts that could be used. I had backups this time but unfortunately I get timed out when attempting to restore the datatabase. I am trying to contact the server admin now to see if he has a working backup but there is a slim chance he will check his inbox. I’m going to continue working today on tryign to get my last db back restored so we at least have that.

hackbb

HackBB was a valuable hacking resource for thousands of readers. Now, popular tutorials are gone, remaining members are weary, volumes of buyer and vendor feedback history has been erased and markets are quieter than many would like.

Scammers are now testing members on a regular basis, making a recovery that much more difficult.

Multiple scammers are posing as Optimus Crime and other popular members. OC addressed the large uptick in attempted rip-offs on the site:

This happens during moments of uncertainty. Rippers know if they can cast doubt on management then users are more susceptible to pay directly. As I mentioned in the announcement we will be down for maintenance soon. Once we are back up I will be bringing our moderators back and work diligently to clean up here. Until then as sorealsr suggested use escrow. You don’t have to use ours if you prefer but for your own sake use somebody’s and don’t let it be the “service” they suggested.

Maintenance and extended downtime has not solved the myriad problems facing HackBB so far but Optimus Crime is holding out hope of restoring the database to some extent.

The Verified Marketplace is showing some signs of life. Three vendors are selling credit cards and forged documents. The HackBB Escrow — one of the most widely trusted .onion escrows outside of Silk Road and Black Market Reloaded — is active and accepting customers.

hackbbmarket

You can read more about what HackBB was like here.

hackbblong

The rise of Errata’s Shop.

Whatever else they might have to say about it today, no one can deny that Errata’s Shop was good at what it did. Errata himself was the consummate online startup CEO: ambitious, affable, attractive to new customers, community-oriented, charismatic and smart enough to think he could get away with running a massively illegal and mightily profitable enterprise.

On Sunday, September 23, 2012, Errata created a thread on the HackBB.onion forums to promote his new business: he sold working American credit card numbers to anyone willing to pay. In the same way that a legal startup might create a thread on a large site like reddit or Hacker News, Errata skillfully placed his slick new product in the face of customers who wanted it badly.

HackBB (pictured above) is a public forum that helps facilitate and support a number of black markets. The relevant market here is fraudulent finances. That includes credit card fraud, Paypal fraud, ATM skimming and a variety of other crimes.

Being public and popular, HackBB is often the subject of scorn, scoffed at as full of scammers and relative immature amateurs compared to private forums and other less-than-public carding communities. One look at the HackBB forums shows the truth in those statements — see the adolescent-level aggression, flames and occasional outright naivete. But that story leaves out an important fact: HackBB is full of money ready to be spent. That alone is enough to keep it worthwhile for its visitors.

Once an entrepreneur like Errata has a service or market he’d like to promote, all he has to do is post about it on HackBB to attract attention. Once enough users and, ultimately, the site’s administrators use the service successfully, it is declared verified. This new status can open the floodgates to many more customers, money and people of all stripes who want to see what’s being offered.

Over the past decade, there have been many attempts to build sustainable, professional-quality online storefronts for stolen credit cards, a necessarily fragmented criminal industry that costs American businesses $190 billion per year according to Forbes. This 2011 report surveys more than a dozen different shops available just one year ago.

If you’re in the market for stolen cards, the problem you’ll immediately notice with the 2011 report is that many of the shops are now closed up. It’s often unclear just who shuts the door on these services. Carding shops and dealers come and go quickly, most often without a note to the customers. The holy grail of carding is a steady, reliable and, if you’re lucky, quick source. If you find one, you stick to it. When Errata came around in September, there were thousands of carders searching for just that.

Here’s how Errata first pitched his new credit card shop:

Tired of waiting days for cards? Not knowing if you will get a refund for dead cards?

We present to you Errata Shop. An automated CVV onion site with built in checker for auto refund of dead cards.

Features:
Automatic bitcoin payments available 24/7.
Fresh stock added every day.
Listings include many infos like BIN, ZIP so can buy only what you need exactly.
Automated checker for instant refund of invalid cards.
Cheapest prices and even more discounts on cards expiring soon.
Fast and professional support.
More products coming soon.

Registration is open. If no deposit in 24hours after register, account will be deleted and you have to register again.

Please read site instructions in Help/FAQ section. Any other questions you can contact me.

Email Support: Errata@tormail.org

The pitch linked to Errata’s shop.
errata's shop front

No one bit immediately. With no response for three hours after posting his thread, Errata decided to light the fires by tempting his first customers in with an offer they couldn’t resist. He gave them something for nothing.

Continue Reading…