Two of the largest private forums used by professional credit card fraudsters and spammers were hacked on 18 February.
Forum topics, information on thousands of registered users and private correspondence were all stolen and passed on to leading companies combating online fraud (RSA, Anti Money Laundering Alliance, IISFA) and to European, Russian and American law enforcement agencies.
The first forum to be hacked was the well known cybercrime forum “MAZA.la” (also known as “MAZAFAKA”). The forum members main activities and the topics discussed can be put into the following categories:
- document forgery,
- sale of stolen internet service records,
- virus creation,
- laundering of illegally gained money.
It seemed to be impossible to enter this forum. It was completely private, and it was only possible to register if you had several authoritative backers who were already registered. The forum was protected by the most up to date security solutions: digital security certificates, an anti phishing filter and the server was located in Taiwan.
On 18 February the forum was attacked by hackers and the forum’s database (more than 2000 users) was stolen and handed over to law enforcement agencies.
Following this another similar forum, “Direct Connection”, was also successfully attacked.
Analysts now suggest that a struggle has begun between Russian carders and spammers for influence in the cybercrime world. However, there are no details or any evidence that this may be the case.