Secretforums, a data leaks forum, announced that it would bestow former BreachForums members with ranks similar to what they had previously held on the seized forums.
The BreachForums domain had recently been taken down in a joint-law enforcement operation, with its main admin Baphomet reportedly being arrested. After its seizure, several other individuals and groups have been vying for control and credibility over the displaced cybercriminal community.
Secretforums Admin Alleges Ex-BreachForums Admin Was Informer
While the veracity of these claims are unknown and doubted, the SecretForums and former owner of Blackforums stated his belief that Baphomet, the admin and owner of BreachForums following its previous take down, was an informer to law enforcement.
The Secretforums admin alleged that Baphomet expressed strong interest in being involved with the infrastucture management of Blackforums and had been attempting to influence him towards the set up of a bastion server to assist with logs and security issues.
The Secretforums admin claimed that that the requests had never been fulfilled with full access never being granted to anyone, including the other admins of Secretforums and that he was solely responsible for the forum’s infrastructure and security. Additionally, the admin alleged that no logs were ever saved from either site aside from email addresses, usernames and password hashes for essential site functionality.
The earlier allegations along with the offer to grant similar roles to ex-BreachForums members may be part of a concerted effort to gain traction among the seized forum’s former members and contributors. The admin also cast doubt on the new admin ShinyHunters and their efforts to rebuild BreachForums through the use of older backups.
The admin directed ex-members to reach out to a specified handle with proof of their previous ranks along with their Secretforums username to be receive similar ranks, through a message on the Secretforums Telegram channel.
USDoD Shares Updates on ‘Breach Nation’ Details
In addition to the Secretforums development, the threat actor USDoD shared further details about his attempts towards to build Breach Nation in a long post on X(Twitter). The threat actor claimed that neither he nor Breach Nation were affiliated with BreachForums’ staff.
USDoD attempted to differentiate Breach Nation from BreachForums in stating that the new forum would not feature a porn section, and restrict itself to upload of databases and leads as a primary focus while not allowing for the upload of files such as combos and stealer logs ‘to ensure the best quality content’.
Additionally the site would be organized into “High-Quality Leaks” for databases originating from First World countries, and “Secondary Leaks” for leaks stemming from other countries with the lead section separated into its own category.
The site would feature a threat intelligence section to facilitate discussions on the subject as the threat actor felt there was a range of opportunities within the scope of the topic. USDoD stated that he was working on obtaining the CDN records from the defunct BreachForums, and cited the presence of a market, functioning escrow system, credit system as similarities to the old forums.
However, he also mentioned additional changes that might occur such as the option to use the credit system to boost ranks within the forums and the absence of categories such as software and cracking in the initial stages of the forum where he would function as the sole administrator. The forum would initially be public with a clearnet domain, but would later shift to invite-only and also feature an alternate onion address.
These efforts made on both Secretforums and Breach Nation to bolster forum development and appeal to former BreachForums members highlights the competitiveness between various cybercriminal forums, underlying fears of forum compromise by law enforcement and the recognition of the rank/credit system as a way to gain additional engagement by allowing contributors to build a reputation within the community.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.