paint-brush
Darkweb Community MagBO Sells Data Stolen From Over 20k Websitesby@ali-mirus
535 reads
535 reads

Darkweb Community MagBO Sells Data Stolen From Over 20k Websites

by Breach ReportMarch 4th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Russian-speaking dark web marketplace for trading in backdoored websites continues to grow. In less than two years, the collection of leaks grew from around 3,000 in September 2018 to 26,605 in February 2020. Hacked data on the marketplace is being offered for sale at prices as low as $0.20 USD to as high as $1,000 USD. The data in question ranges from website access credentials, court documents, to full identity documentation and credit card information of over 300 Russian citizens.
featured image - Darkweb Community MagBO Sells Data Stolen From Over 20k Websites
Breach Report HackerNoon profile picture

MagBO, the Russian-speaking dark web marketplace for trading in backdoored websites, continues to grow exponentially. In less than two years, the collection of leaks grew from around 3,000 in September 2018 to 26,605 in February 2020.

Hacked data on the marketplace is being offered for sale at prices as low as $0.20 USD to as high as $1,000 USD, depending on the nature and scope of the information. The data in question ranges from website access credentials, court documents, to full identity documentation and credit card information of over 300 Russian citizens.

Those interested in buying someone else’s identity for various activities might find it isn’t as hard as they might think. Although MagBO is an invitation-only community, asking around on the dark web could get you an easy invite for a relatively small amount of money.

Unraveling the MagBO scheme

MagBO’s existence was discovered in September 2018, when security experts found that the hackers on this Russian-speaking forum were selling access to over 3,000 compromised or backdoored websites and databases. The people behind it had been doing this for several months, with the earliest ads posted on another Russian-language hacking forum in March 2018.

The marketplace has a single interface, reviews and ratings for sellers and buyers, online chat for personal correspondence, as well as an English language version. The “items” for sale are accompanied by helpful comments like: ‘site gives access to 30 other e-stores’ or ‘comes with MySQL database’ or ‘site is injected with a virus’ or ‘has credit card info’ and so on. 

The marketplace also supports buying and selling in bulk, bargaining, wholesale, buying one product from several hosts, and you can pay not just with Bitcoin, but with payment services WebMoney and Qiwi as well. 

The only difference from thousands of other online marketplaces is that it’s completely illegal. However, the most concerning fact is that the number of ‘shells’ - the websites and packages of website data for sale - has grown exponentially, from around 3,000 in 2018 to 26,605 over less than two years.

Screenshot of the MagBO’s about page, Feb 6,2020

Based on its filter list, customers at MagBO can get their hands on websites’ data via File Transfer Protocol (FTP) access, PHP shell access, Admin panel access, Domain control access, Hosting control access, Secure Socket Shell (SSH) access, as well as Database or Structured Query Language (SQL) access. These are all tools, protocols, and access points used in managing a website.

The range of victimized websites covers just about every type of website out there - blogs, WordPress sites, artisan jewelry stores, small fashion brands, breweries, restaurants, adult sites, and architectural agencies. Buyers can also gain access to large e-commerce sites, digital marketing companies, law firms, and software development agencies, as well as hosting providers that unlock access to a wide range of website domains.

The prices depend on Alexa ranking, permission levels, ability to edit or add content, and more, allowing buyers to purchase whatever specific breach they want, be it for the goal of stealing credit card information, mining cryptocurrency, or delivering spam.

To illustrate, access to the lifestyle retail website wellphora.com at this moment will cost you $1,000 USD. Considering the company sells its products online, it means all of its customers’ credit card details are at risk (among other information). On the other end of the price list is one of the cheapest websites - duegirappresentanze.it, available at only $1.20 USD (with 20% discount!).

The hackers haven’t just exposed websites’ access credentials and emails, but other extremely sensitive private information such as: 

  • full Russian national and international passport scans, 
  • personal taxpayer identification numbers, 
  • social security numbers, 
  • pension insurance cards, 
  • bank statements, 
  • drivers licenses, 
  • court documents,

and more. 

All this information is filtered out by the place of residence of the individuals whose identity has been stolen.

If someone wanted to use the identity of a person from a desired region for, say, betting site registration, he/she could choose among hundreds of identities with full documentation. The implications could be much worse if the buyer wanted to use it for more than just their betting activities. The image above shows a person’s identity being sold for as little as $8.00 USD.

Is there anything you can do?

The emergence of places like MagBO, dedicated solely to trading in stolen information, is hardly new. In fact, it is just one of the many players in the field that includes the likes of HackForum, Nulled, Mal4All, Empire Market, and others. Most of us will never see this hidden yet large portion of the digital world, and this is what makes it even more dangerous - the lack of knowledge of its inner workings.

We have contacted over 100 domains up for sale on MagBO but, sadly, none of them acknowledged the potential threat this has on their operations. This behavior supports the notion that the only thing necessary for the triumph of evil is for the good men to do nothing.

Simply visit our catalogue, type in and search for your domain(s) through the database. If you do find your site on the list and want (free) assistance with the investigation, contact our support.