Hacking Forum “w0rm” Breached and Defaced

Posted on Posted in Hacker News, Tor

Black hat hackers operating on dark web platforms have been a pain in the neck for tech world security for years now.

Although a considerable percentage of hacking attacks orchestrated by these parties are focused on innocent victims, they themselves are often not safe from each other.

Recently, reports of an interesting incident surfaced that perfectly highlight the underground cyber wars fought between rival hacking groups.

According to the reports, a darknet hacking group that calls themselves “Peace” or “Peace_of_Mind” executed a hack against the official website of w0rms.ws. W0rm.ws is a popular hacking and trading platform that deals in the sale of stolen data and exploits.

The forum operates under an “invite only” policy.

The attack was carried out leading to the w0rm.ws’s website being defaced and its database and exploit kits leaked online. They also disclosed the personal details of the alleged owner of the site via a message posted on the home page. This type of attack is not at all new and is referred to as doxing.



Peace_of_Mind hacked the hacking forum w0rm_ws and doxed its alleged owner.
Peace_of_Mind hacked the hacking forum w0rm_ws and doxed its alleged owner.

Doxing, also referred to as document tracing, is the internet practice of gathering or deducing an individual’s personal information using publicly all available resources and then making them available online often with malicious intent.

Peace_of_Mind doxed w0rm.ws by leaking key information about the Sarpovu Nikolai; mastermind responsible for the hacking forum.

The homepage of this site showed his father and mother’s names, nationality, picture, date of birth, twitter handle, residence permit as well as the operating system he uses.

Peace_of_Mind made no attempt of hiding the fact that they were behind the hacking attack. They left a clear message alongside Nikolai’s personal details and alluded a possible reason behind their actions. Apparently, it has something to do with a dispute between w0rm.ws and the Hell darknet forum.

This is a classic case of the aforementioned cyber war between different hacking groups. At the moment it is still uncertain whether Sarpovu Nikolai is actually the man behind w0rm.ws. It is important to note that this is not the first time w0rm.ws has been doxed. This has happened to the forum twice back in 2014 and 2015.


Both these hacking groups are well known and active on the darknet hacking platforms.

Actually, it is not conclusively known whether Peace_of_Mind is one person or a group of people working together. It is however clear that he has caused a lot of internet security concerns in recent years. Peace has been responsible for collecting data from major web firms and selling it on the dark web.

The data is often acquired from stolen user accounts and some of the affected websites include Tumblr, MySpace, Twitter, LinkedIn, Russia’s VK.com, Linux Mint and Fling.com.

The actions of Peace_of_Mind have had some notable implications such as the hacking compromise of the Twitter accounts of Mark Zuckerberg and Evan Williams, the respective founders of Facebook and Twitter.

Peace_of_Mind makes most of the sales on TheRealDeal and Hell Hacking Forum. Currently, it is not yet clear exactly what the dispute is between w0rm.ws and Hell Hacking Forum was.

However, Piece of Mind might have alluded to this as he claimed that the w0rm.ws administrator was posting exclusive content taken directly from Hell Hacking Forum and making it open-source.

It is difficult to refute Peace_of_Mind’s claims since this exact practice is what got w0rm.ws doxed in 2014 and 2015.

The forum has a known history of hosting databases of other darknet hacking forums and highlighting security vulnerabilities. The latter led to Peace_of_Mind loosing access to certain websites and is among the reasons behind the attack which seem to have a personal bearing.

The hacker leaked w0rm.ws’s entire website data. According to Hacked DB, this includes databases, files, history, forum user activities, encrypted passwords, PMs, administrator activities, and a number of exploit kits.

Analysis of the data also revealed how the hack was made possible.

The forum was using an outdated version (3.8.7) of Vbulletin CMS. This version is known to possess some exploitable weak points. These events only serve to highlight the uphill task faced with implementation of cyber security.

A Hacker hacking other hackers definitely shows that user safety cannot be guaranteed when it comes to the web.

Quelle: darkwebnews