Feeds

Romanian hacking group downs tools

HackersBlog crew weary of the road

Internet Security Threat Report 2014

A controversial Romanian hacker group famous for exposing security shortcomings on corporate and anti-virus websites has disbanded.

The HackersBlog collective said it was calling it a day because their unpaid work in exposing SQL injection vulnerabilities was eating up the members' free time and had become boring.

Well then, we’ve gotten to that point where most of the team members had "enough" of it. Dont wacko on this. We are not pulling the plug because of any external factors or of fear. We simply dont have the time and desire to continue. Contrary to many opinions, we do have a private life.

Recent disclosures by HackersBlog on website security have been contested by the firms involved, including BT, the Daily Telegraph and Camelot. In signing off, HackersBlog fired back at what it claims is a culture of "corporate spin" in responding to the disclosure of website security flaws. An update, posted on Tuesday by 2fingers and entitled This is the end, in an apparent Doors/Jim Morrison tribute, explains.

Large companies will never admit to the problems they have, no matter how large they are. This is common practice in the business and it serves maintaining their public image clean. Don’t swallow the bait. Official notes are only meant to disinform and mislead you from the truth about the dangers you were exposed to

HackersBlog thanked media outlets that have reported fairly on its work, singling out local radio station RadioLynx, IT news website Softpedia and El Reg for special mention. The group added that it hoped other security researchers and hackers would pick up the baton of website in-security disclosure it has carried over recent weeks.

The Romanian hacker group came to prominence in early February after posting about website security vulnerabilities on the websites of security vendors, such as Kaspersky Lab and BitDefender, posting obfuscated screenshots to back up their concerns. More recently the group, whose most famous member is a hacker called Unu, moved onto scouring for database flaws involving the websites of large UK businesses.

HackersBlog applied scruples to its work that meant it avoided revealing website problems that had a high risk of exploitation, or distributing data obtained from vulnerable websites.

An interview with the group, by security researcher Rik Ferguson of Trend Micro, that goes into its motivation and methods in greater depth can be found here. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.