Wednesday, March 13, 2013

Celebrities Hacked and Doxed ! (Exclusive:Hack analysis)

The private details of many Celebrity's have  been leaked on a website :" (Currently Going in and out of service)"

This is the list of celebrities exposed: Michelle Obama, Kim KardashianJoe BidenRobert Mueller (FBI Director)Hillary ClintonEric Holder (U.S. Attorney General)Charlie Beck (LAPD Chief)Mel GibsonAshton KutcherJay ZBeyonceParis Hilton,Britney SpearsSarah PalinHulk HoganDonald TrumpArnold SchwarzeneggerAl GoreKanye WestKris JennerStacia Hylton (U.S. Marshals Director)Mitt RomneyTiger Woods

When this site went viral online and gained lots of media attention the FBI got involved and is now investigating.

Data seems to be from credit reporting agency's TransUnion, Experian and Equifax. All of them admitted they were compromised.

TransUnion, Equifax and Experian have a common website called, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.

“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.

Here is an exclusive analysis of the site:

The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .

  • It hides the actual IP address of the site thus it will slow down attempts to trace and take down the original server.
  • Keeps the site content on cache even if it is taken down by DDOS etc.  
  • Even a small server will be able to handle lots of traffic.
Note: Cloudflare was also used by the infamous "Lulzsec" before they were shutdown

The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .

First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"

It is from the same TV show (Episode 12: "The British Invasion")

Second the background music embedded in the site links to : (Music from the TV show)

The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.

The use of  .su domain seems be an diversion to try to shift the attention to Russian hackers.

Whois data:

domain:        EXPOSED.SU
person:        Private Person
registrar:     REGTIME-REG-FID
created:       2013.03.06
paid-till:      2014.03.06
free-date:     2014.04.08
source:        TCI

The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)

Michelle Obama --

Robert Mueller --

Charles Beck    --

Paris Hilton      --

Britney Spears  --

Donald Trump  --

Arnold Schwarzenegger -- (Broken Link in site) 

Mitt Romey -- (Broken Link in site) (recovered)

Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.

Note: Will update this post if I find anything else.

No comments:

Post a Comment