Hell Forum was a Tor site that facilitated dumps and leaks from various sources with a heavy focus on cyber crime. The site itself had guides on carding, hacks, exploits, and dumps. In the last few days of the forum being online there was a number of releases for sites as recent as May 31st 2015.
Didnt have the skills to be a script kiddie? Hell was also a hub for users to exchange shells and databases the users have collected. This added to the community that had a known reputation among Tor users.
Why am I writing about this?
The main reason is exposure I have only seen one article about this online so far. It seems that the ability collective for users to aggregate and then sell this data seems to be on the rise and Hell forums was the place to go. I also had some observations that were not covered by ThreatStreams post regarding the encryption keys used on the .rar files. And wanted to touch base on the importance of security even over Tor. I highly recommend you read their article once done here.
In brief, Hell ( https://hell2bjhfxm77htq.onion ) administrator ‘ping’ a 33 year old Calgary resident was charged for card skimming today after a extensive six month investigation. This created an issue for Hell forum users since he was the administrator of the site. During the last month he has been active on the site and still publishing data leaks even after the inital arrest and after the seizure. This would be problematic for users of an underground forum seeing as it could be possible he might have worked with law enforcement in order to attain a reduce the sentence. A daily reminder that even if you use Tor services you need to be security conscious about who you contact, what you do, and the implications it may have just for being associated (or even having an account) with these sites.
After the fourms went down yesterday the repo where the leaks were stored also dissapred into the depths of the deep web. The site ‘ http://agcv47dxxqxqkmw3.onion/Hacked_Data/ ‘ is also gone; as noted by ThreatStream it had a number of data leaks on it some of them encrypted some not. What was overlooked by the article was that a number of the archives that were recently posted were the very public HackingTeam leaks, Wildstar Online (online MMO), Cheap Ass Gamer, and MajorGeeks.com with data as new as March 31st 2015.
Another item that has not yet been reported is that the keys to the archives were actually lines of his PGP Block.
A small collection of the leaks utilize the passwords: `mQINBFUiprYBEADKX+oGpwzjjQ7bUr7XUjfP5C/xCR3dQfdcmflkBf3HdK7ARZ3p`, `58iY0pmkQa6EMlNFXcBt75QW3wUFxSFrfy2aN2D/+UTCz/H08Q6wMNITyvtXy5uc`,
When looking at this I noticed that they are in line with what the current PGP key that ‘ ping ‘ used posted below:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2.0.22 (GNU/Linux)
—–END PGP PUBLIC KEY BLOCK—–
Its probable that other lines could be the key to unlocking the now gone archives.
Seeing as ‘ ping ‘ is not going to be releasing the keys any time soon for the remaining archives this is the best lead existing Hell users would have had to open the files, one the locked archives was suspected of being the second batch of the federal leak in 2013.
In closing, there will always be more “Hell” forums that spring up as long as there is a demand for it. Users should always keep in mind that when using Tor you are only as secure the service you use. Once you put identifying data into the service you have removed any barriers it has put up for you.