Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 03/28/22 in all areas

  1. Here’s a strong password: Mi7ki#Gi3na&Go1ld$ Do not use it anywhere. Read the following to understand how we came up with this password, and use a similar logic to make passwords from words you can remember, without telling anyone! This is for educational purposes only. Why is this a strong password? Based on the latest research from Carnegie Mellon University, strong passwords have at least 12 characters (the longer, the better), do not contain any dictionary words (the hackers use databases with common words), and have uppercase and special characters at non-obvious places (the hackers know if you put special characters in the obvious places, like replacing a 5 with an S). You can copy the password above and paste it in the Carnegie Mellon Password Strength Meter to see how strong it is, and tweak it to make it even more stronger. How can I remember this password? Here’s the logic we used to make this password from the three words you entered: First, we capitalized the words. That you can easily remember! It's better to capitalize random letters of each word, but this password does not include that because there is already enough complexity which makes it strong. Then, we inserted a number in the middle of each word, to make it unidentifiable as a dictionary word. For example, ca8ts is harder to guess than cats. You can insert any three numbers you like and remember that. Finally, we inserted special characters between the words. You can pick your own special characters. In combination, this password is long and complex enough that it is hard to guess, but is also based on three words you like, so it’s easy to remember. Why not just use "mikiginagold"? Because it’s too easy to guess, unless you chose three words that don’t exist in the dictionary. Even then, we recommend you insert some numbers and special characters somewhere in the middle so they increase in complexity. You can play around with the Carnegie Mellon Password Strength Meter tool. Why three words? Why not just two words and numbers and special characters? The longer the password, the harder it is to guess, and the stronger it is. It takes exponentially more effort for hackers to crack a longer password. This is really really important. Why not just "miki123" or "gina123" or "gold123"? Never ever use these! It’s very common for people to simply add 123 or 123! to their favorite words and use that string as a password, but such passwords are the weakest and can be guessed very easily. Millions of passwords have been breached and stored in hacker databases, and xxx123! are very common in them. Why are strong passwords important? Because passwords are stolen all the time, and if your password is weak, it can be guessed and your accounts can be breached. Did you know that you can actually find out if any of your existing passwords may have been breached? Go to https://monitor.firefox.com/ and enter your email address. It will show you all your passwords that may have been breached. What else can I do to keep my passwords safe? First, use strong passwords for all accounts with the logic explained above. If any of your online accounts support social logins via Google or Facebook, use that and avoid creating a password! Second, use unique passwords for each of your online accounts. Do not use the same password for multiple accounts. If one is breached, you don’t want the others to be exposed as well. Third, enable two-factor authentication when possible. Even if your account is breached, two-factor allows you to confirm when someone is trying to login to your accounts–that’s a good safety mechanism. Finally, keep an eye on password breaches by registering at https://monitor.firefox.com/ . It will email you if any of your passwords were found in a breach, and you can change them immediately. Link: https://makestrongpassword.com/ Source: Google
    1 point
  2. On February 25, Raid Forums—a popular illicit online community notorious for its high-profile large-scale database leaks—was allegedly seized by an unknown identity. As of this publishing, it is not clear why Raid Forums was taken down, or who was responsible. No official government agency in any country has claimed responsibility for seizing the Raid Forums domain, nor has any cyber threat group; Raid had been operating, more or less continuously, since 2015. Not enough information is available at this time to confirm what happened to Raid Forum. However, our intelligence related Raid’s takedown paints a complicated yet meaningful picture of what may have occurred, and serves as a picture of the current state of affairs for threat actors and the illicit communities in which they operate. Although the permanency of Raid’s takedown is yet to be determined, its closure puts it temporarily into a lineage of illicit communities that have ceased operations in recent memory. Furthermore, the timeline of Raid’s takedown coincides with numerous aspects of the Ukraine-Russia war, which may provide clues into its takedown, although Flashpoint cannot confirm this connection at this time. There are also a number of clues about Raid’s owner—who goes by the moniker “Omnipotent,” “Omni” or “terminal”— as well as within posts on the forum itself prior to closing, as well as other illicit communities thereafter, that tell a compelling story. Raiding Raid: A Timeline On February 7, the Raid Forums website began throwing database errors and users were unable to access the site until February 12. Immediately after the outage began, Raid users began speculating about whether or not Raid Forums had initially been compromised by authorities, as well as who was ultimately responsible for bringing Raid back online. If government authorities seized the domain and were not able to also seize servers hosting the actual forum, it is plausible the login portal clone was put up in an effort to harvest user credentials in order to maximize their leverage over the domain and use it as an intelligence collection opportunity. Initial outage Prior to the alleged seizure, Omnipotent purportedly went on a vacation between January 31 and February 7, the day of the recent outage, according to his Telegram bio. After the site was back up on February 12, Omnipotent did not comment on the outage. Furthermore, the site’s owner was not apparently active on the site up until the alleged seizure on February 25. It’s not immediately clear if another admin outside of Omnipotent would have had the access necessary to fix the site. Furthermore, neither a Raid Forum admin nor a moderator provided an explanation for the outage. Notable developments before and after Russia invasion of Ukraine In the weeks leading up to its apparent seizure, Raid Forums saw an increasing amount of anti-Russian sentiment, and anti-Russian offerings in the form of potentially exploitive data, in the lead up to—and following—Russia’s invasion of Ukraine on February 24. January 19: An established Raid Forums actor, called “Kristina,” posted a thread containing a renewed download link for a data dump, alleged to contain documents, emails, and passwords of the Russian military. February 3: An offering to sell a 2TB array of Russian databases reportedly containing Russian personal information including full names, dates of birth, passport numbers, and tax information was posted to Raid Forums. February 15: A Raid Forums user posted a Russian database for sale allegedly containing 61 million Russian phone numbers. February 24: On the day of the Russian invasion of Ukraine, Raid Forums took an open stance in the conflict when the admin “moot” announced that the site would be banning all users found to be connecting to the site from Russia. February 25: Raid threat actor “Kozak888” leaked a database belonging to a Russian express delivery and logistics company, Flashpoint confirmed. Kozak888 claimed that the Russian company provides services for the Russian federal government and stated that the database leak was a consequence of Russia’s invasion of Ukraine. Kozak888 revealed that the database contained 800 million records including full names, email addresses, and phone numbers. February 25: A user posted a thread requesting assistance in creating fake identification documents, allegedly in order to assist a friend escape Ukraine and find refuge in neighboring Moldova. February 25: A user posted a thread encouraging users to begin collecting attackable ranges of Russian IP addresses. Given the growing animosity towards Russia on the site, plus Raid’s decision to block users coming to the site from Russian IP addresses, Flashpoint will continue to monitor the situation, including the potential role that the forum’s anti-Russian rhetoric and alleged offerings may have had in the forum’s takedown. Cloning to harvest Prior to the official announcement from the Raid Forums admin “Jaw” that the site had been seized on February 25, 2022, a clone of the Raid Forums login portal was put up in place of the homepage. It has remained up ever since. As of March 4 the cloned login portal was still active on raidforums[.]com. Raid’s seizure was first reported in a post in the official Raid Forums Telegram channel by a Raid Forum admin known as “Jaw.” The channel was subsequently locked and has stayed dark ever since. (Image: Flashpoint) However, when users enter their credentials into the portal, an error message appears for all users informing them that they have been banned from the site. This is an indication that whichever entity was responsible for seizing the site is potentially credential harvesting and logging visitor technical information such as IP addresses. In the Telegram post by Raid Forums admin “Jaw”, it was also revealed the backup domain for Raid Forums would be rf[.]to, however, as of this publishing, this domain is inactive and it is unclear when, or if, the backup domain will be live. Raid alternatives In response to threat actors actively seeking alternatives to Raid Forums on the site’s official Telegram channel during the site outage between February 7 and February 12, 2022, the Russian-language hacking forums XSS and Exploit were recommended alternatives to Raid Forums. On February 27, 2022, a thread was posted on XSS informing users of the alleged seizure of Raid Forums and warning XSS users with Raid Forums accounts to avoid attempting to log into the site due to the likelihood of the site being compromised. In the same thread, one user speculated whether or not XSS would become flooded with Raid Forums users. Based on the recommendations in the official Raid Forums Telegram channel, Flashpoint assesses that a significant number of former Raid Forums users may migrate to Exploit or XSS. However, due the anti-Russian sentiment felt by a large portion of Raid Forums users, these users may not be easily enticed to migrate to these Russian-language alternatives. Although it’s unclear when or if Raid Forums will come back online, the highly active Raid Forums threat actor “pompompurin” claimed on XSS on March 3, 2022, that they were in contact with Raid Forums admins who revealed to them that the site should be coming back online in the near future. Pompompurin reiterated that all that is known at this time is that “someone” seized the domain and it is still unclear who or whether or not they are affiliated with a government entity.
    1 point
×
×
  • Create New...