Hacking Back: Why security is important, even for hackers committing felonies (from XyliBox)

If you are going to steal credit card numbers and offer them on your site, try and at least secure admin panel (and the overall site itself) sufficiently that so the email addresses and passwords of your users are not easily accessed. The excerpt below is from Xylibox; the full post can be found here re: VMAdumps - a huge hat tip to XyliBox.

Also, note that Cybercrime Review is merely reporting what has already been published; we in no way condoned this illegal activity, participated in it, supported it, or encouraged it. However, this is the epitome of "hacking back" and why a lot of people have recently argued for it. Our summation post on hacking back can be found here: Hacking Back - are you authorized?

Definitions:
Dumps = credit card dumps
Track1/Track2 = different types of CC information - Track 1 contains more information
Dumps can be written to credit cards via black market devices, and then used to commit fraud in-store
Fullz - CC data + full biographical data - can be used to complete full ID theft (filing fraudulent taxes, opening up additional credit card accounts, etc.)

********************************************************************************
The Details:

Another carder shop, similar to dumpslogs, they sell track2.
vmadumps.cc - 80.82.64.21
Registrant Contact:
none
onofrio castaldi ()
Fax:
via DOMENICO CUCCHIARI nr.60
rome, rome 00159
IT
Creation date: 20 Sep 2012 10:20:00
Expiration date: 20 Sep 2013 07:20:00

And the goods offered on the site vmadumps.cc:

Noticing lax security:

Some weird urls: 

vmadumps.cc/Mail.php
vmadumps.cc/activ.php
vmadumps.cc/PEAR.php
lol:

Fruits of the hack back:

Credit cards being offered:

admins:

Clients:

And the kicker:

3k clients, i've broke ~55% of passwords with a simple brute force and a basic dictionary.You want a copy ? oh... ok.(link excluded)
PHP+SQL, tracks2 and credit cards are not included of courseHappy hunting.