And the Hackers Get Hacked

Recently a hacker's site that I monitor had the tables turned on them. This site contains phishing kits and techniques, Exploits and tools, mischievous (at best) tutorials, and even forums where users can brag about the recent defacements and conquests. Well, over the past week the site has been mostly unreachable thanks to someone who obviously doesn't believe in what's going on over there. This user who calls themselves "Catch Them If You Can" set out to dole out a little vigilante justice to these practicing cybercriminals by not only launching a DDoS attack against the site, but also hacked into the site's database in order to obtain the sites user list, email addresses and passwords which they passed on to Insecure.org's Full Disclosure List with the quote
"As you may know these are mostly based in Pakistan involved in illegal activities which include carding, hacking, cracking etc.

I am including this list of their users for law enforcement agencies to investigate and take action where neccessary. Currently their site is hosted in pacificrack.com's server.

WAR Against Cyber Crime
Catch Them If you can."

On the website one of the moderators posted a brief explanation as to why the site had been down, I found this little exchange to be quite humorous.

The admin was obviously trying to avoid mentioning anything about their users list being obtained until Codeslayer1 pointed it out to him. To which Zombie_KsA immediately places blame and bans the user. Good stuff, he also calls these people n00bs which is kinda funny as they were the ones that were pwned in this case. It's also kind of funny to think that Catch Them if You Can may even have been coached by tutorials on their site, some are pretty detailed.

As is the case with most of these sites, the "tools" are often trojans themselves, and the users are comprised of probably 5% security professionals monitoring these guys and 95% criminals. It's not a good place to hang out. Luckily the lifespan of many of these sites is usually short, and incidents like these will often force the users to evacuate, and admins to pack up shop and wait for things to cool down.