Recorded Future, a US-based cyber-security firm, claims to have uncovered the real world identity of a notorious hacker who, back in 2016, had been behind the sale and proliferation of a slew of user databases from companies such as MySpace, Badoo, Dropbox, LinkedIn, and Twitter, just to name a few.
The hacker’s pseudonym is Tessa88, but Recorded Future claims that behind this acronym stands a 29-year-old named Maksim Vladimirovich Donakov (Донаков, Максим Владимирович), from the town of Penza, Russia.
Tessa88 is mostly known for being one of two hackers –together with Peace_of_Mind– behind the string of so-called “mega breaches” that came to light in 2016.
Some of the databases that Tessa88 advertised online contained user data –and sometimes even passwords– from companies such as MySpace, Twitter, LinkedIn, Dropbox, Badoo, QIP, Rambler, VKontakte, and Mobango. Peace_of_Mind also sold some of the same databases, but also others, unique to him.
But neither Tessa88, nor Peace_of_Mind, were the actual hackers who breached these companies. Both have said in multiple interviews given to news media outlets, including to this reporter, that they only acted as middlemen for a larger group of hackers who performed the actual hacks.
Both middlemen weren’t active for long. Researchers spotted the Tessa88 persona active and trying to sell the databases on underground hacking forums and Dark Web marketplaces only between February and May 2016.
But despite Tessa88’s limited activity, Recorded Future said today in a report that they’ve managed to interconnect several online identities to the Tessa88 moniker, and later to Maksim Donakov.
Researchers found YouTube videos, images uploaded on forums and Imgur, and three Odnoklassniki profiles (Russian social network service for classmates) that provided enough clues to identify Maksim Donakov as the person behind Tessa88. The two most important clues included:
Photos of Donakov’s face that were uploaded on multiple profiles, interlinking various of Tessa88’s alternative nicknames.
A YouTube video showing the car license plate for one of Tessa88’s alternate acronym’s, which was later linked to a traffic incident, revealing Donakov’s real name.
Below is an infographic shared by Recorded Future, detailing their findings.
As a side note, US prosecutors have already charged, arrested, and extradited to the US a Russian hacker, Yevgeniy Nikulin, who they accused of hacking into Dropbox and LinkedIn, two of the databases that Tessa88 had put up online for sale back in 2016.
Related cyber-security coverage:
- Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers
- Russia wants DNC hack lawsuit thrown out, citing international conventions
- Russian hacker arrested in Bulgaria for ad fraud of over $7 million
- Popular Dark Web hosting provider got hacked, 6,500 sites down
- Russian APT comes back to life with new US spear-phishing campaign
- Researchers find stolen military drone secrets for sale on the dark web CNET
- French police officer caught selling confidential police data on the dark web
- US has a cyberattack ready if Russia interferes with 2018 midterms TechRepublic
Source Article from https://www.zdnet.com/article/cyber-security-firm-doxxes-hacker-who-sold-myspace-and-dropbox-databases-in-2016/#ftag=RSSbaffb68
Cyber-security firm doxxes hacker who sold MySpace and Dropbox databases in 2016
Latest blogs for ZDNet
Latest blogs for ZDNet