[BreachExchange] Criminal Forums Ban Hacker Linked to Myspace, LinkedIn Breaches

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 11 19:18:53 EDT 2016


http://motherboard.vice.com/read/criminal-forums-ban-hacker-linked-to-myspace-linkedin-breaches

Several hackers and data traders have gained notoriety recently because of
so-called “mega-breaches”—data dumps of hundreds of millions of users from
high-profile sites such as LinkedIn and Myspace.

But along with that kind of attention comes more opportunities to make
cash, and greed can get the better of anyone. Tessa88, the hacker who was
one of the primary sources for several recent dumps, has now been banned
from multiple Russian crime forums for scamming other users.

On June 8, Tessa88 agreed to sell the Myspace, VK.com, and LinkedIn
databases for 10 bitcoins (worth just under $6,000 at the time) on a
Russian forum, according to a user called InstallsBuyer. The deal turned
sour, however, when Tessa88 didn’t deliver the goods, but instead allegedly
provided tampered or false versions. InstallsBuyer wrote a long post laying
out their complaint, complete with apparent chat logs between them and one
of Tessa88's alternate handles.

According to those logs, which are in Russian, InstallsBuyer wanted to
check the legitimacy of the dumps beforehand, so Tessa88 provided links to
three databases. But InstallsBuyer claims many of the VK.com user records
were missing passwords, a load of the password hashes from the LinkedIn
dump had been removed, and certain individuals were missing from the data.
According to InstallsBuyer, Tessa88 kept making excuses for the shoddy
customer service, and for not dealing with the problem.

“He rides in a car, he had a bad Internet, it is on the phone and so on,”
InstallsBuyer wrote, according to a Google translation.

“Fell asleep or something :-),” InstallBuyers wrote in a chat message when
Tessa88 did not reply for several hours.

Summing up, InstallsBuyer writes that since none of the databases were as
advertised, they want a refund of 80 percent.

Tessa88's account has since been banned on that forum, and given the label
of “RIPPER,” meaning that they have a history of scamming people. Tessa88
has been kicked off two more Russian crime sites too. On another Romanian
forum, a further user has accused him of being a cheater.

The name Tessa88 first appeared in early 2016, when whoever was behind it
started advertising a slew of databases on various crime forums, as well as
a dedicated online shop. Andrei Barysevich, director of Eastern European
research and analysis for security firm Flashpoint Intel, previously told
Motherboard that Tessa88 had made between $50,000 and $60,000 worth of
bitcoin.

Barysevich thought it was “very likely” that there were two people behind
the Tessa88 moniker, and only one of those was a native Russian speaker,
judging by how they speak.

Scamming is perhaps not much of a surprise in the digital underworld, but
customer service does play a significant role in modern cybercrime.
Customers leave ratings and reviews for vendors of data and drugs on dark
web marketplaces; hacking forum users often “vouch” for one another, so
potential buyers have a better sense of whether the seller is legitimate or
not; and those who spread ransomware have to deliver on their promise of
unlocking victims’ files, otherwise future targets will be less likely to
pay up.

And when someone does decide to not play by the rules, those who are ripped
off will write detailed posts about what exactly happened.

For Tessa88, it looks like being at the centre of a whirlwind of data
breaches was just too much of a good opportunity to pass up.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160711/db5a9a22/attachment.html>


More information about the BreachExchange mailing list