Dirty d33ds done for free: Hackers hack cyberthug selling hacks

Nasty break for a cyberthug selling admin access for government, military and educational sites as well as personally identifiable information (PII) from those sites.

Based off an amusing, but too rude to show, admin passphrase posted  on pastebin, perhaps turnabout is fair play? 

Or so it seemed to a hacking group called "d33ds" who announced, "The time has come for the idiots to get exposed," and then whacked hacker srblche's site which sells access to compromised sites like the Department of Defense and the U.S. Army. D33ds said, "Anyone willing to pay for this service must be as stupid as he is," then dumped the data on pastebin, including server, customer and admin info.

Srblche had dubbed himself a "security researcher" with a disclaimer on the site of: "Any information or services provided on this website are to be used under the agreement that they will not be used maliciously." Yeah, right. If you believe what this cyberthug is selling in an illegal marketplace, admin access and PII from .gov, .mil, .edu, is to be used for ethical purposes . . . then I could probably find you some "priced to move" swampland in Arizona to buy.

3thicalnoob posted a mirror of dirty d33ds done apparently for less than cheap, for free. The group's gripe, according to pastebin, seems to be that it now costs to get hold of the vulnerabilities posted on srblche's site. PC World added, "Members of the hacking community accused Srblche in the past of stealing other people's tools from underground forums and trying to profit from them, which might explain why d33ds targeted him."

The d33ds group is on an "Owned & Exposed" roll. Previously it hacked a site where hackers attack sites and submit them for ratings; RankMyHack allegedly measures "l33t skills" in order "to fix the problem of ranking in the hacking underground." Another attack by d33ds was on S3curity.net and asked, "If you can't even focus on the security on your own site, what makes you think you can go around the Internet promoting your pathetic 'Penetration Service'?" D33ds called S3curity's pentest training, "Taught by idiots to be an idiot." Ouch...

How was srblche exploited? Imperva Data Security suggested maybe "Srblche used shared hosting for his site and other hosted applications on the same server were vulnerable, thus allowing access to Srblche's application source files. This is how Rankmyhack was breached." 

Some security researchers and hackers might take exception to this caliber of cybercriminal, srblche, tarnishing the label of "security researcher" or "hacker," but there's nothing new about hackers at war and it's all in the shades of grey. Karim Toubbaof, of Juniper Networks, claimed on Forbes, that in this "cybercrime boom, it's a good time to be a hacker." 

Imperva noted:

The morale of the story? First, the obvious: there's no honor among thieves. Second, and more importantly, this episode shows that everyone can get hacked: the good, the bad and those using hysterical passphrases.

Meanwhile, and not nearly so amusing, the hacks continue. The Sophos team at Naked Security reported the sportswear manufacturer, Adidas, was "tripped up by cyber attack and takes down sites." According to a statement by Adidas, it has been the target of a "sophisticated, criminal cyber attack." Until forensics on the breach are completed, "We have taken down affected sites, including adidas.com, reebok.com, miCoach.com, adidas-group.com and various local eCommerce shops, in order to protect visitors to our sites."