A hacker claims to have bent one of the internet’s grimiest cybercrime forums against itself – and they might be right.
Cybernews recently received an email from an attacker presenting themselves as "test55.” In the email, they claimed to have exploited the notorious cybercrime marketplace DarkForums.st.
The attacker said it exploited the platform via Server-side request forgery (SSRF), a web security flaw that allows an attacker to trick a server into sending requests to unintended destinations.
This could mean accessing internal systems that aren’t meant to be reached from the outside, or tricking the server into talking to external sites the attacker controls, potentially leaking sensitive info or giving them a way to dig even deeper into the network.
As proof of a successful exploit, the threat actor revealed a screenshot on another underground forum. “DarkForums is not safe for no one !!!!!” wrote the attacker in an email.
Cybernews researchers have checked the claims and confirmed that they might be legitimate. DarkForums has since launched a Tor service to protect its users from leaking their IP addresses, although the admins haven't commented on the alleged vulnerability.
“The attacker demonstrated a vulnerability that allowed him to gather the IP addresses of people who view his posts,” said the Cybernews research team.
“It is unclear if he managed to explore the vulnerability further and cause any damage to DarkForums,” the team added. Such vulnerabilities put underground forum users at risk. When IP leaks, anonymity is lost, especially if the VPN or Tor setup isn’t airtight.
Law enforcement is constantly watching these underground spaces, and a single exposed IP can be all they need to start knocking. Also, rival hackers, scammers, and opportunistic trolls can use that same data to dox and phish forum users.
Your email address will not be published. Required fields are markedmarked