So, What’s New with the Hackers?

Public resources for keeping up with the folks after your data

By Elijah Woodward  |   Dec 13, 2016
Share on Facebook1Tweet about this on TwitterShare on LinkedIn1Share on Google+0Email this to someonePrint this page

[Publisher’s Note: Criminal hackers are constantly evolving their practices to evade detection. Although the information in this article is still applicable, with time it will lose relevance as hackers discover new channels. That’s the nature of the challenge, so keep learning and keep in touch!] 

If you’re interested in learning more about the current events in the hacker community, check out the various “paste” sites. One of the most well known is pastebin.com. Pastebin was originally started as a place for coders to post helpful and interesting tips and code. Sadly, it has devolved in to a social place for underground and nefarious actors to post information, in addition to some very good information. If you visit pastebin.com/trends you can get a look at some of the most popular “pastes” that have been posted recently.

Hakcerosint1 (1)

As of this writing, it appears that a website, Bitcointalk.org, was breached and someone is selling off the database of usernames, passwords, and associated emails. These breaches are always helpful and lead to bigger breaches since password reuse across websites is so common. A classic example of this was the recent full disclosure of the 2012 LinkedIn breach, which resulted in several high-profile personalities having their social media accounts hijacked because, even though the passwords were four years old, these high-profile people were still using the same passwords.

These sites (including Skidpaste, Ghostbin, and Doxbin) have also become repositories of “doxes,” or full informational account of certain people. These have also included law enforcement personnel’s information (credit cards, SSNs, etc.) and the passwords of breached law enforcement accounts. (Remember the breach of the FBI LEAP portal last year? This is where that info shows up.)

Many of these websites are easily searched, and you don’t even have to visit them to get info. Using special Google terms like inurl:pastebin.com “police” “dox” would return all pages on pastebin.com where the term “dox” and “police” show up.

Hackerosint2

Since these websites are so easily located, one of the new trends has been websites like Cryptobin and Ghostbin, which are not so easily found through internet searches. However, one need merely look where they also appear: social media!

By searching sources like Facebook and Twitter, we can find new posts all the time from these sites that are difficult to locate otherwise. For example, searching “ghostbin” on Facebook and looking at the most recent posts finds a lot of interesting information, like Michelle Obama’s, Donald Trump’s, and Hillary Clinton’s personal details, including their SSNs.

Hackerosint3

Clicking the link for the ghostbin page post pulls this up:

Hackerosint4

You can find Cryptobin in a similar fashion, except when you hit the Cryptonbin website you will get a screen full of random text because it’s encrypted and you must enter the password to decrypt and read the information.

In this example, I searched for Cryptonbin on Twitter and found someone auctioning off the database to a foreign government database. Here, “pass: easy” means the password is the word “easy.”

Hackerosint5

Once you enter the password “easy” and click “unbin it!” you can see a sample of the database details that the seller is showing to prove the validity of the data breach.

There are also ways you can automate all of these searches through various Facebook and Twitter tools that will send you notifications whenever terms of interest show up on your preferred social media platform.

Conclusion

This sort of monitoring can allow you to maintain a cyber ear to the ground to stay in the know about what’s going on, and see if your organization has been affected as well (checking “Yourpd” and “Ghostbin” would be one way). By cross-referencing these sites with other terms of interest, you can find out if you are showing up on any of these paste or bin sites.

The following two tabs change content below.
Elijah Woodward
Elijah Woodward teaches Cyber Security for Calibre Press. He has been a police officer in Arizona since 2007. During this time he has worked in patrol, motors, and now works in community resources. He is a member of the FBI’s InfraGard program, and the High Technology Crime Investigator’s Association. He’s also an accomplished bagpipe player and can be found most weekends during the summer traveling the western U.S. in a kilt. It is his belief law enforcement is in a prime position to address the issues of cyber crime and fraud, and it will be cops at the local level who will have the greatest impact on these new crimes as they continue to plague our communities. Reach him at [email protected]
Elijah Woodward

Latest posts by Elijah Woodward (see all)