High Tech Crime Solutions' SPOOFEM.COM Hacked, Message Database Leaked

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://securityerrata.org/errata/charlatan/gregory_evans/ligatt26/

Sun Jul 15 23:44:29 CDT 2012

Earlier today, a Twitter account named @ligatthacker tweeted that the
web site owned by Gregory D. Evans and High Tech Crime Solutions was
compromised (DatalossDB entry). The tweet included a link to a
Pastebin dump as a sample of the SPOOFEM sent message database. It
also included a second link to a download of the entire database,
32,167 messages in total, PGP signed by RSA key ID 7F5AF73C. Each
message includes the following fields: email_to, time, date,
email_msg, email_subject, spoof_name, sms_to, email_your_name,
sms_msg, user, and id. In short, every spoofed SMS or email message
that has been sent through the service is now public. The following is
an example of a message:

{"email_to":"","time":"06:36:39","date":"2012-03-17","email_msg":"","email_subject":"","spoof_name":"2069632789","sms_to":"2062401665","email_your_name":"","sms_msg":"I
am going to kill you. I have killed people before and will do it
again.","user":"dakman33","id":"32230"},

As this message demonstrates, the service has been used for unethical
purposes. In addition, many personal and sensitive messages were
included in this dump. According to @ligatthacker, the attack was
carried out via SQL injection. This is not the first time Evans has
been compromised, and not the first time Evans' has run into SQL
injection problems.

A quick processing of the raw data suggests thare are approximately
8,900 unique user IDs. While there were 32,167 messages included in
the dump, they appear to have been sent between 2008-06-27 and
2012-03-22. That suggests this data was not taken recently, but rather
just leaked today.

If this does represent every message ever sent through the service, it
calls into question Evans' claim that "since 2007, over 2 million
calls have been made using our service." At the time of this article,
SPOOFEM.com has not been responding. According to archive.org, the
last time a copy was obtained was February 10, 2011. Searching Google
for "spoofem.com" does not give the site as the first hit, as is
customary, so we cannot verify it has been up recently via Google's
cache. The last tweet from @SPOOFEM was done on March 8, 2012. All of
this suggests that the data may have been taken shortly before the
site / service was shut down.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.