Nexus hacking

[morrowindboy]

"No email address was stolen, they were just added them to a spam list"

 

Unfortunately I've been silly enough to use the same email/password combo to log into this site as I do with an old email account I have. Turns out for the first time in many years this email account has now been compromised and used to forward my contacts spam mail.

[Blake81]

After reading all the comments here,and as a former Hacker myself I have to say some things...

 

-About Dark0ne and other site staff:

 

You have my respect,few staff members have the guts to admit that their site got hacked,be it by a script kiddy or some elite Hacker group.It shows you value the people here by telling them the truth and telling them to be careful.Also,the speed of your reaction and how fast it all was fixed shows that you are prepared for this sort of stuff,I've seen sites that got hacked the same way and didn't noticed in a month.You've earned a praise.

 

-About the ``script kiddy´´:

 

Judging by his actions,his carelessness and the spams I can't tell you what he is but I can tell you what he isn't and what he might be.

 

+He isn't a butt hurt banned member seeking revenge:

 

I have been a Moderator more than once in many sites and I've dealt with enough avengers to know their style.They're always carefull with their data(specialy their IP) and they like takeovers;They hijack the root admin's account,ban all the other staff and change the root passwords to be at ease while they destroy the site,and once they're done spring the passwords back to normal so the staff and everybody can see their damage.

 

+He isn't some ``inoccent n00b´´who just learned how to hack:

 

This hack was done for mainly for stealing E-Mails and Passwords,and you need a certain level of drive to do that,no one does that``without knowing´´.

 

+He might be a Hackpprentice:

 

A soon-to-be-Hacker,probably from some online Hackademy* who needed a ``test´´ to prove he's already a Hacker...If I was his teacher I would give him E++ for EPIC FAIL SUPER SPECIAL.What a n00b would not protect his IP!

 

+He might be just a HACK4HIRE:

 

A merc using a Mirror Cross Netcard** to collect E-Mails for some ads company is an easy explanation.

 

+He might be just another zombie:

 

A poor idiot who downloaded porn from the wrong site and got his PC hijacked and wont even know until the cops are busting down hs door.

 

+He might be part of a swarm:

 

If there have been so many hack to so many different sites in such a little time they migh have been all done by the same group,be them just pranksters or HACK4HIRE.

 

 

-About reporting him:

 

A Hacker must be careful or face the consequences,if he made an error he must suffer it.The term ``Hacker´´ is not white or black,there are good hackers and there are bad hackers,just as with people.The difference between an Ethical Hacker and a Cyberterrorist is just how each uses their talent,and it takes responsability to use it.He should be reported to the authority you see fit,that will teach him not to missuse his talents.

 

It makes me sick how it take just one bothersome n00b to tarnish the name of all the True and Ethical Hackers in the net.

 

 

 

*Hackademy:In the dephts of the Undernet there are sites(Mostly mixed up with latin warez sites)who freely distribute hacking tools and give cookbook lessons to the would-be-Darkies.These places are often run by high level Hacker Commus,Piracy Centers or simply by some fat-Darkie who's in need of some easy pawns(zombies).

 

**Mirror Cross Netcard:A MCNC is a specialy modified netcard that ``reflects´´ the identificators(IP,ISP,MAC,etc)of some random PC(And before you ask,yes,some random PC from anywere in the world,could be one on the house next door,one on the other side of the world,or the President's PC on the White House),of course you don't find these at any PC store,these are custom-made by Hacker Techies and only high level Hackers can commission one.That's the downside of this theory.

 

EDIT:Whoa!This could be the longest post in my life!

Edited January 14, 2011 by Blake81

[lowenp]

I know that I shouldn't make light of these events, but I laughed upon reading the OP. Does that make me a bad person?

[DragonSlayer667]

....

you guys are lucky this guy did not decide to hack from brazil!

here's the land of impunishment, especially hacking, if you are not hacking rich folks bank accounts then it's not a crime!

believe me, it's true, the only thing usable as a punishment would be sending back a deadly virus, reverse spamming or blocking him forever,cause if you wait for the law you'll never get the guy punished by hacking, and he would simply continue!

i admit, i hack, but only for good, bad things can happen to me if i do bad things to others, so i avoid it...

oh and i'm from brazil, but don't worry if i were a (bad)hacker i wouldn't be posting anithing and there would probably be a lot of spam instead of a friendly message...

like the last hacker that came here...

i think he didn't knew he was hacking,it's impossible to someone be so dumb to hack without even masking the ip address...

except, as i said, on brazil...

bad hackers only change their ip's to make new accounts on forums like this one!

hehe, to think i already took 8 bad hackers totally out of comission with their own crap, hehehehehehe

not counting the others i took out with some of my own home made crap!:biggrin:

i bet they are all bashing their heads to the wall right now,with a useless pc that got its BIOS flashed empty mhuhuhuhuhahaha!!!:wallbash:

Morons, these will never hack again i assure you all!:thumbsup:

 

and again don't worry i'm NOT a bad hacker so don't think it's a good idea to ban me ok?

i may get sad if i get banned :sad:

 

oh and blake81 i'm looking forward to beating your humungously big post record, it won't last long i assure you, this post i wrote here is a small one,there is still the tiny, medium, large and LBP(Legendary Big Post)

believe me,it's bigger than anyone can expect,unless there are um... 60000 words limit like some forums...

then it will be the max, nothing more than it...

Edited January 15, 2011 by DragonSlayer667

[Helena7t5]

It's a great pity you can't "name and shame",but I guess we should be grateful the little twit isn't out fixing firecrackers to cats tails, or kicking over bins.

 

Thanks for the info, and thanks for all your hard work, it must be a real headache at times like this!

[Blake81]

@DragonSlayer667

 

Heh,not only in Brazil,the land of impunishiment includes all south america except Venezuela and maybe Argentina,and since I live somewhere in there myself I know it well.To be specific,the law states that in order to have a Hacker arrested he must have stolen at least 3000$ from someone's bank account or caused the state some sort of loss or damage,if not they wont even look for him,cuz' is too expensive for them to sweep the Net just to find a prankster.

 

Still,not hiding your IP is reckless,even if the Hackers here don't fear the law they fear their equals.When a site down here is hacked they simply call another Hacker to track and thrash the attacker.In fact,some sites here have their own ``resident Hackers´´ who are part of the site's staff and take care of this.

 

Also because of the lack of any official software distributing companies and the overpricing of imported genuine software,piracy here develops to it's highest level.Because of that the Hacker here has some sort of ``Folk Hero´´ reputation.I know it must be weird for most of the people out there,but that's how things are here.Sadly most people in other countries have the fixed idea of that all Hackers are evil,this is not true,as I said before,the term ``Hacker´´ is not white or black,there are good hackers and there are bad hackers,just as with people.And since I didn't got banned or warned for my previous post I assume that this site's staff are not Hackerphobic,which is good.

 

Still,Hackers that cause harm aren't welcome anywere,that's why I'm in favor of turning that ``script kiddy´´ to the authorities,I just hope he isn't at south america...

 

EDIT:Some darn typo and some stuf I forgot to add....

 

EDIT by LHammonds: Yes, I saw your post right after you made it...and no, I'm not hacker-phobic. The others on staff do not seem to be either. hehehe.

Edited January 25, 2011 by LHammonds

[nb109]

If someone gained access to the accounts tables and are now logging into people's email accounts using the same username and password, that means that passwords are either stored in the Nexas databases in clear text or are poorly encrypted.

 

That is pretty awful. Yes, this stuff happens, which is why most forum software one-way transforms passwords with MD5 and adds password salts. I know MD5 has been cracked, but it would still take some douche with a brute forcing program forever to crack passwords that didn't use dictionary words/names/etc.

 

 

Edited January 24, 2011 by nb109

[Thandal]

If someone gained access to the accounts tables and are now logging into people's email accounts using the same username and password, that means that passwords are either stored in the Nexas databases in clear text or are poorly encrypted.

 

That is pretty awful. Yes, this stuff happens, which is why most forum software one-way transforms passwords with MD5 and adds password salts. I know MD5 has been cracked, but it would still take some douche with a brute forcing program forever to crack passwords that didn't use dictionary words/names/etc.

No one has reported any instance of an email account being hijacked (password obtained and account now experiencing unauthorized use.) The only reports are of email addresses receiving spam. Presumption is that the "hacker" (I hate to dignify the person with that title) forwarded the list of addresses to a spammer.

[nb109]

No one has reported any instance of an email account being hijacked (password obtained and account now experiencing unauthorized use.) The only reports are of email addresses receiving spam. Presumption is that the hacker (I hate to dignify the person with that title) forwarded the list of addresses to a spammer.

 

There's at least one comment below claiming otherwise.

[Thandal]

No one has reported any instance of an email account being hijacked (password obtained and account now experiencing unauthorized use.) The only reports are of email addresses receiving spam. Presumption is that the hacker (I hate to dignify the person with that title) forwarded the list of addresses to a spammer.

 

There's at least one comment below claiming otherwise.

Almost 2,000,000 accounts at the time of the attack, including those of a huge number of relatively sophisticated users, and only ONE report of a POSSIBLE pw compromise? I think we have a large enough statistical sample size to feel pretty confident that whatever may have been happening with the email account in question, (if it really was a compromise) this was not what caused it...