- Joined
- Jul 17, 2014
- Messages
- 64,645
Oct 21, 2019
CBS News
The gaming chat app Discord was created to let gamers have a space to talk. But illegal businesses can be found on some of the private servers. CNET senior producer Dan Patterson joined CBSN AM to discuss his investigation, including how stolen credit card numbers are being sold for big money on the app.
https://www.cbsnews.com/news/cybercr...t-app-discord/
Cybercriminals are doing big business in the gaming chat app Discord
BY DAN PATTERSON
UPDATED ON: OCTOBER 21, 2019 / 12:02 PM / CBS NEWS
Cybercriminals have set up shop on Discord, a popular chat application for gamers with more than 250 million active users. Hackers have modified many of the app's private groups to function like retail shops that sell illicit products, including stolen credit card numbers, cracked customer accounts for Delta Air Lines and Hilton Hotels, as well as malware that can be used to infect computer networks.
Discord, founded in 2012, does not have a home news feed like Facebook or Twitter. It is built around a network of private and semi-private groups, known as "servers," which are created by mostly anonymous users.
CBS News found more than three dozen groups that cybercriminals call "money servers" on Discord. Account cracking tools for sale on Discord
Stolen accounts are often compromised by using a relatively new tool called OpenBullet, according to Ryan Jackson, the security researcher who discovered the hacking codebeing sold on Discord.
Hackers use a tool called OpenBullet to crack accounts.
Released in May on Microsoft's GitHub code platform, OpenBullet was initially intended as a testing tool for security professionals. But it was quickly modified by hackers and proliferated rapidly because the code is relatively easy to configure and deploy.
Using OpenBullet to crack accounts, Jackson said, is "extremely illegal, but easy to do." OpenBullet automates a number of hacking tactics like credential stuffing and brute force attacks. Jackson said both of these techniques are common because they rely on weak and recycled passwords. "It still takes skill, but [OpenBullet] does the hard work," he said.
According to Jackson, a well-known hacker coded a configuration file that simplified the exploit process. "He sold his configuration file for only $10 on Discord, which allowed hackers to brute-force their way into accounts," Jackson explained. "The hacker only allowed Bitcoin payments for the config to ensure his personal safety."
CBS News
The gaming chat app Discord was created to let gamers have a space to talk. But illegal businesses can be found on some of the private servers. CNET senior producer Dan Patterson joined CBSN AM to discuss his investigation, including how stolen credit card numbers are being sold for big money on the app.
https://www.cbsnews.com/news/cybercr...t-app-discord/
Cybercriminals are doing big business in the gaming chat app Discord
BY DAN PATTERSON
UPDATED ON: OCTOBER 21, 2019 / 12:02 PM / CBS NEWS
Cybercriminals have set up shop on Discord, a popular chat application for gamers with more than 250 million active users. Hackers have modified many of the app's private groups to function like retail shops that sell illicit products, including stolen credit card numbers, cracked customer accounts for Delta Air Lines and Hilton Hotels, as well as malware that can be used to infect computer networks.
Discord, founded in 2012, does not have a home news feed like Facebook or Twitter. It is built around a network of private and semi-private groups, known as "servers," which are created by mostly anonymous users.
CBS News found more than three dozen groups that cybercriminals call "money servers" on Discord. Account cracking tools for sale on Discord
Stolen accounts are often compromised by using a relatively new tool called OpenBullet, according to Ryan Jackson, the security researcher who discovered the hacking codebeing sold on Discord.
Hackers use a tool called OpenBullet to crack accounts.
Released in May on Microsoft's GitHub code platform, OpenBullet was initially intended as a testing tool for security professionals. But it was quickly modified by hackers and proliferated rapidly because the code is relatively easy to configure and deploy.
Using OpenBullet to crack accounts, Jackson said, is "extremely illegal, but easy to do." OpenBullet automates a number of hacking tactics like credential stuffing and brute force attacks. Jackson said both of these techniques are common because they rely on weak and recycled passwords. "It still takes skill, but [OpenBullet] does the hard work," he said.
According to Jackson, a well-known hacker coded a configuration file that simplified the exploit process. "He sold his configuration file for only $10 on Discord, which allowed hackers to brute-force their way into accounts," Jackson explained. "The hacker only allowed Bitcoin payments for the config to ensure his personal safety."