Network News

X My Profile
View More Activity

Hacked File-Upload Accounts Prized by E-Jihadis

Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests.

Services like RapidShare, Ziddu, and MegaUpload allow users to share large files, yet each places certain restrictions on non-paying users, such as limiting the number, speed, and size of files that free users can upload and download.

But according to analysts at iDefense, a security intelligence firm owned by Verisign, hackers from various online jihadists forums have in recent months begun posting lengthy lists of hacked premium RapidShare account usernames and passwords to help fellow members avoid those limits.

The same forums have latched onto obscure programs that allow Rapidshare users to effectively circumvent file size limits by splicing up large files into smaller chunks that the programs then reassemble after the constituent parts are downloaded, iDefense reports.

Mohammad Hluchan, senior all-source threat analyst at iDefense, said the use of stolen file-trading accounts by online jihadists has generated a fair bit of chatter on more secular-oriented Arabic language forums about the morality of stealing to promote their beliefs.

This may seem like an odd discussion in forums that are used mainly to spread propaganda messages from al Qaeda leaders, as well as graphic videos of beheadings and suicide bombings.

But Hluchan said the debate over the practice hijacking paid file-sharing accounts has risen to the level of religious jurisprudence on some forums.

"Many of these jihadists, they consider themselves religiously motivated, and operate within strict, religiously defined laws," Hluchan said. "When you introduce certain tactics such as credit card theft or stealing Rapidshare accounts, it's not surprising to see a lot of members on the forums saying, 'Hey, we can't be doing this.'"

I've always wondered why these virtual jihadis don't simply share their videos on free peer-to-peer file trading services like Bittorrent and Limewire. But Hluchan said it is likely that a significant number of jihadist forum visitors do not own a computer, and instead frequently use Internet cafes.

"As a result, collectively, the jihadist community suffers from a lack of bandwidth, and it is therefore likely that for purposes of quick, easy and relatively anonymous file trading, e-jihadists will remain interested in online file-sharing services to facilitate their online activities," Hluchan said.


From my own reporting, it is clear that online file and image sharing services are tremendously popular among traditional cyber criminals as well. A source of mine has been secretly monitoring a network frequented by hackers who buy and sell stolen personal and financial data. Recently, he shared with me a large cache of images he collected that hackers were sharing with one another via RapidShare and other services, such as Sendspace and

Most often, the images are created by the seller of stolen goods or services. For example, in the image shown above, which was shared as a link in an instant message transmitted between two hackers not long ago, a guy selling access to a compromised Bank of America account shares a screen shot after having logged into the hacked account, which shows the date and available balance.

In other cases, criminals host images of physical goods they have for sale, such as bogus ATMs, compromised credit card readers, or -- in the case of the intercepted image below -- stacks of blank VISA credit cards ready to be imprinted with whatever card details a prospective buyer might have at his disposal.


By Brian Krebs  |  March 25, 2009; 5:39 PM ET
Categories:  From the Bunker , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Mac OS X Top Target in Browser Beatdown
Next: Conficker: Doomsday, or the World's Longest Rickroll?



shouldn't that be i-Jihadis ?

Posted by: james418 | March 26, 2009 3:10 AM | Report abuse

E-gads !!!


I-gads !!!

That $4,000 plus balance from BOA in the example IS STILL THERE ???

Posted by: | March 26, 2009 6:28 AM | Report abuse

E-gads !!!


I-gads !!!

That $4,000 plus balance from BOA in the example IS STILL THERE ???

Posted by: | March 26, 2009 6:28 AM

Well the $20,000+ balance was there when the screenshot was taken. I doubt it stayed there for long.

Posted by: lostinthemiddle | March 26, 2009 9:26 AM | Report abuse

tx lostinthemiddle. you beat me to it. ;)

Posted by: BTKrebs | March 26, 2009 9:32 AM | Report abuse

First of all (my thoughts may be all wrong to others), everything on the internet systems should be and is free. Wasn't the internet created for people to use?
Of course, we are forced to pay to have internet and pay even more for things in internet. We are Forced by the business entities and our government to use internet to do certain things. People who does not have internet, in the future, may be in violation of law by not having done certain required things through the internet.
Every household should be given free access to internet the internet ethernet air items should be used by people as if the people went to the library and borrowed books. Things in the satellite should be free to be had if anyone can get to it. It has been paid for by the people's money, Right??????

Posted by: SOCIETY1 | March 26, 2009 12:17 PM | Report abuse

In terms of Web 2 crime, the end topic of the article is very interesting. As I understood it, until now the main marketplaces for stolen data were dedicated sites hosted in former Soviet bloc countries, away from the reach of law enforcement in the US, EU, Japan, et al. With this development, the movement of stolen data just became MUCH easier.
Anyone else agree or disagree?

Posted by: featheredge9 | March 26, 2009 1:56 PM | Report abuse

holy updates, batman, I was just notified of a windows update in the middle of a Thursday afternoon!
what's up?

Posted by: frodo2you | March 26, 2009 2:47 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company