German underground forum carders.cc, where stolen credit card data and access data for online games are traded, has once again come under attack from hacker colleagues. Over Christmas, the attackers, who call themselves "silent onlooking insiders", temporarily managed, more or less, to get control of an exploit database (www.exploit-db.com) and the web site of the Backtrack live security CD.
Exploit-db and Backtrack are both part of Offensive Security (Offsec). At Exploit-db.com, the hackers publish a kind of eZine with logs of their hacks and compromised data. The operators of Exploit-db are taking the attack in their stride and expressed their "thanks" that their data were at least not irrevocably deleted. Apparently, the attackers did not have root access to the servers.
In their "Owned and Exposed" tutorial, which is still available at Exploit-db, the attackers referred to a report at Heise Security about the Carders hack in May 2010, saying that the attack was justified because the upload of SQL dumps of data from Rapidshare has an upside – the people affected can at least see that they have fallen victim to criminals.
In addition, the hackers claim in their eZine that the Ettercap project, a tool for sniffing in switched networks, has had a backdoor for several years.