Hacker forums are some of the most prominent communities for hackers to interact and share their thoughts. However, in many cases, hacker forums turn to highly illicit activities and end up being taken down. In this blog, we’re understanding their point of view.
Preface
Many of you have heard of hacker forums – these are the avenues for hackers of all hats to come together, chat, interact, and have fun. Oh, in regards to “having fun”, we refer to both performing leisure activities like chatting between themselves, discussing anime, and also sharing your personal data in leaked data breaches. Sure, sounds like fun! But about everything from the beginning…
What are Hacker Forums?
Hacker forums are just what they sound like – they’re online communities of people who are interested in cyber security and hacking. For some, the saying “hacker forums” alone immediately has a bunch of negative connotations, and that’s not without a reason – in light of the (somewhat) recent RaidForums takedown, many people are apprehensive about visiting hacker forums in the first place. Contrary to popular belief, though, hacker forums also have people in them who are qualified cyber security, software engineers, or even law enforcement officers who want to learn more about cyber security and threats on the web and stay updated on the latest trends.
Takedowns of hacker forums don’t happen without a reason – hacker forums usually start off as something “innocent” and then gradually turn into hacking (a prime example of this would be RaidForums that was run by Diogo Santos Coelho – RaidForums started as a “raiding” forum but ended up being one of the biggest hacking forums in the world), and once hacker forums turn into the wrong side of hacking, they frequently end up on the wrong side of the law even though people inside of them very well know that they could share information helping people to protect themselves from cyber threats.
The Two-Sided Sword of Hacker Forums
That’s why hacker forums are often a two-sided sword: the community inside of them often has legitimate cyber security experts, but as people get a whiff of the money that could come in, they start sharing things that could harm other people. These things may include the sharing of leaked data (data taken from applications or websites), credit card details or Social Security Numbers (SSNs), or even porn.
Hackers share such things because of a couple of reasons:
- It’s a profitable niche – it’s alleged that some hacking forums may make millions doing so alone. Now account for other things such as paid membership options (this is one of the primary ways one of the prominent hacker forums – RaidForums – was monetized), and you will start to see things from a different perspective.
- It’s a way for hackers to showcase their “prowess” to those around them and “flex their hacker muscles” – who could deny that people doing such things on hacker forums aim to showcase their prowess to other hackers?
- It’s a way for hackers to gain respect and build their reputation – respect and reputation is important, especially in hacker circles. Sharing things like data breaches obtained from “reputable actors on dark web” helps hackers build their reputation amongst their peers.
As you can imagine, hacker forums being involved in such activities can become a rather big problem for the people they target (they frequently target everyone that they see and they don’t select their targets) as well as for the hackers themselves. Indeed, that’s a rather big problem, but it seems like it’s extremely profitable for those participating in such activities – some of such hacker forums (RaidForums is a good example of this again) even had sections for staff where they used to provide advice for staff to stay safe (source – BleepingComputer):
The fact that hacker forums similar to RaidForums, BreachForums, and the like even had sections for staff where they shared advice for account security shows us that the staff of hacker forums knows exactly what they are doing – they harm people in return for personal, often monetary, benefit.
Data Breach Search Engines
Data breach search engines aren’t all saints, too. The purpose of data breach search engines is often related to protecting people from identity theft and data breaches, but under the hood, things often work differently: remember LeakedSource? We Leak Info? Those two data breach search engines obtained data breaches and let people search through them to see if they’re at risk, but at the same time, they did facilitate access to data inside of those data breaches. In other words, if anyone searches for an email address, a username, an IP address, or even a password, they would be provided with a list of user accounts without their personal data being censored. See the problem? Such data breach search engines do more harm than good and with some of them being advertised on hacker forums, the audience is also clear: cyber security experts, software engineers, other people, and cybercriminals in the mix.
Such a combination of “interesting” people is unlikely to go unnoticed by law enforcement as time goes by: and who could deny that law enforcement is made aware of data breach search engines after their operators advertise them on hacker forums?
To save yourself from the trouble that may be brewing as you visit hacker forums and illicit data breach search engines, search for a reputable data breach search engine such as BreachDirectory. Our search engine looks like so:
Our data breach search engine won’t provide you with any information from the data breach, but rather, just let you know whether your account is at risk of identity theft or not. Our data breach search engine can be used for free and we do offer access to the BreachDirectory API for a fee – the BreachDirectory API will help your company implement the data existing in BreachDirectory into your own company and search if your employees, friends, or close ones are at risk of identity theft by using the data available in BreachDirectory on your terms.
It is an unfortunate reality that to obtain data, the operators of data breach search engines and other tools may visit hacker forums too – hacker forums are also frequented by security experts, software engineers, and law enforcement and as such, visiting hacker forums isn’t necessarily a bad thing as long as you know what you’re doing and don’t cross the line, but before doing so, weigh the ups and downs of your decision and choose wisely.
Summary
Hacker forums are the medium for hackers to chat, develop, download tools, and unfortunately, share data pertaining to innocent victims of data breaches. Some data is even sold and some hacker forums (RaidForums is a perfect example of this) even monetize themselves through tiered membership options.
Regardless, visiting hacker forums may not be a bad thing as long as you don’t do anything illegal – it’s widely known that security experts visit hacker forums to learn new things as well as to check what the evil guys – black-hat hackers – may be up to to thwart their techniques.
Regardless of what your use case of hacker forums may be, be wary of their existence – and make sure to use data breach search engines and the BreachDirectory API to better protect yourself from threats on the web.
Frequently Asked Questions
What are Hacker Forums?
Hacker forums are forums built on various Content Management Systems (CMS) such as MyBB, vBulletin, or others that act as a medium for hackers to come around and talk, and frequently, share personal information obtained by breaching data from applications, etc. Not all forums are like that though – some are on the good side!
What are Data Breach Search Engines?
Data breach search engines are search engines that are using leaked data derived from data breaches as a backbone for operations. Such search engines let people protect themselves from identity theft by informing them whether their account exists in a data breach thus letting them reset their passwords, etc. Many such data breach search engines have blogs that keep you updated in regards to latest cybersecurity trends.
Why Should I Use the BreachDirectory API?
You should use the BreachDirectory API because our API lets you implement the data existing inside of the BreachDirectory data breach search engine into your application or website. The BreachDirectory data breach search engine will let you evaluate your exposure to data breaches free of charge.