BreachExchange mailing list archives
High Tech Crime Solutions' SPOOFEM.COM Hacked, Message Database Leaked
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Mon, 16 Jul 2012 02:16:10 -0400
http://securityerrata.org/errata/charlatan/gregory_evans/ligatt26/ Sun Jul 15 23:44:29 CDT 2012 Earlier today, a Twitter account named @ligatthacker tweeted that the web site owned by Gregory D. Evans and High Tech Crime Solutions was compromised (DatalossDB entry). The tweet included a link to a Pastebin dump as a sample of the SPOOFEM sent message database. It also included a second link to a download of the entire database, 32,167 messages in total, PGP signed by RSA key ID 7F5AF73C. Each message includes the following fields: email_to, time, date, email_msg, email_subject, spoof_name, sms_to, email_your_name, sms_msg, user, and id. In short, every spoofed SMS or email message that has been sent through the service is now public. The following is an example of a message: {"email_to":"","time":"06:36:39","date":"2012-03-17","email_msg":"","email_subject":"","spoof_name":"2069632789","sms_to":"2062401665","email_your_name":"","sms_msg":"I am going to kill you. I have killed people before and will do it again.","user":"dakman33","id":"32230"}, As this message demonstrates, the service has been used for unethical purposes. In addition, many personal and sensitive messages were included in this dump. According to @ligatthacker, the attack was carried out via SQL injection. This is not the first time Evans has been compromised, and not the first time Evans' has run into SQL injection problems. A quick processing of the raw data suggests thare are approximately 8,900 unique user IDs. While there were 32,167 messages included in the dump, they appear to have been sent between 2008-06-27 and 2012-03-22. That suggests this data was not taken recently, but rather just leaked today. If this does represent every message ever sent through the service, it calls into question Evans' claim that "since 2007, over 2 million calls have been made using our service." At the time of this article, SPOOFEM.com has not been responding. According to archive.org, the last time a copy was obtained was February 10, 2011. Searching Google for "spoofem.com" does not give the site as the first hit, as is customary, so we cannot verify it has been up recently via Google's cache. The last tweet from @SPOOFEM was done on March 8, 2012. All of this suggests that the data may have been taken shortly before the site / service was shut down. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- High Tech Crime Solutions' SPOOFEM.COM Hacked, Message Database Leaked Jake Kouns (Jul 16)