Hacker Wants $50K From Hacker Forum or He’ll Share Stolen Database With the Feds

Security News ThreatsCybercrime Uncategorized

Extortion can also be funny when it happens to the bad guys, and there’s one extortion attempt going on right now that will put a big smile on your face.

The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums.

Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand.

Basetools extortion demand

The attacker is asking for $50,000 or he’ll share data on the site’s administrator with US authorities, such as the FBI, DHS, DOJ, and the DOT (Department of Treasury).

To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin’s login details and IP address.

Basetools backend

Basetools admin data

In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more.

Data leaked in the Basetools hack

As soon as the ransom demand and accompanying data was published online, the Basetools portal went offline and entered maintenance mode.

Basetools in maintenance mode

“Yeah, the fact that site is down right now certainly doesn’t look good for them,” security researcher Dylan Katz told Bleeping Computer today regarding the possibility of the ransom demand being a fake breach.

Nonetheless, “50k is a pretty steep ransom, seeing as the damange has already been done,” Katz added.

But financial gain is not the only motivation behind this hack. According to other text included in the ransom demand, the hacker also appears to have carried out the hack out of revenge, claiming the site’s operator has been manipulating stats.

“Basetools.pw is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place,” the text reads.

Lots of sensitive data leaked online

Despite the “small potatoes” feel that you get when reading about a breach at a hackers’ forum, this security incident is quite of note.

All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it.

Other hackers could take over these servers and deploy them in spam, malware hosting, or other malicious campaigns. The owners of these services will need to be notified so they can change credentials and clean up affected systems.

Furthermore, Katz has also identified user data that appears to come from services that have not previously announced they suffered a data breach. These services will also need to be notified so they can investigate any potential breaches, and reset passwords for affected accounts.

Katz is currently processing the leaked data and intends to reach out to some of the affected parties.