Dark Web: Hacker breaches Basetools and threatens to leak database, demanding $50,000 ransom

An unknown hacker appears to have breached a dark web marketplace called Basetools and leaked samples of its database online. The hacker has threatened to leak the dark web market operator's identity as well as Basetools' data to US authorities, including the FBI, DHS, DoJ and others, unless a ransom of $50,000 (£38,112) is paid.

Basetools is an underground marketplace often advertised in Russian-speaking cybercrime forums and markets, which allows dark web vendors to sell spamming tools, credit card data, hacked customer accounts, among other things. Basetools boasts of having over 150,000 users and offers over 20,000 tools for sale, along with 24/7 support.

According to security experts at Digital Shadows, who uncovered the attack on Basetools, the hacker claims to have access to the dark web site's administrator accounts and customer details.

The site went offline shortly after the hacker dumped a sample of Basetools' database and posted the ransom demand. The hacker reportedly dumped tools that were being sold on the site, including backdoors, login credentials for shells and C-Panel accounts, spambots hosted on hacked servers, user data from various data breaches and more.

The leaked tools could potentially be used by other cybercriminals to launch malicious attacks.

Security researcher Dylan Katz told Bleeping Computer that he spotted some user data leaked by the hacker from Basetools which appears to have come from previously unannounced data breaches. In other words, the site was selling user data that was likely to have been hacked from organisations that have yet to either discover and/or inform the public about a breach having affected the firm. The leaked data is currently being analysed by Katz, who intends to alert those affected.

Although cybercriminals and rival dark web marketplaces attacking each other is not a new phenomenon, in most cases such attacks are financially-motivated. However, in this case of the extortion attack against Basetools, the hacker may have more than just a financial motive.

"One motivation behind the threat is clearly financial, but that does not tell the entire story. The actor claims that the administrator of the site has been manipulating the vendors, creating false personas and falsely elevating those vendor profiles to the top of listings," Digital Shadows researchers said in a blog.

According to the researchers, the fallout from the shutdown of AlphaBay and Hansa – two of the largest and most popular dark web marketplaces – may have resulted in the cybercrime underworld to further slip into chaos and decentralisation.

Earlier this month, four prominent dark web markets went mysteriously offline simultaneously, sparking concerns over yet another possible law enforcement crackdown.