- Page 6

  • when researchers analyze the 400 downed TORsites, it seems a small operation

    only a few like silk Road really matter, all the rest are scam sites or criminal clones

    but that is understandable as the operation didn't really take down tor sites, it took down servers in Bulgary hosting tor sites (9 in total was mentioned somewhere)


    • Out of a total of 276 seized onion addresses found, we identified 153 of the addresses as belonging to either clone, scam or phishing sites.

    • Of the 153 clone or scam sites, 133 were clones and 20 were scam or phishing sites.
    • In a number of cases the FBI has seized the clone or scam version of a site while leaving up the real site.
    • In May of 2014 a bot known as the “Onion Cloner” was discovered and became known to Tor hidden service operators. This bot would find Tor hidden sites and clone them on its own address in an effort to steal passwords or intercept Bitcoin transactions. Of the 133 clone sites that the FBI seized, a large number of them were clone sites produced by the Onion Cloner that were mistaken for the real copy.
    • Of the 32 onion addresses mentioned in the DOJ seizure notice filed in US court, 3 are scam sites and 9 are clone websites.
    • Of the 8 websites mentioned in the FBI press release, 2 are clones and 1 is a scam site.
    • As far as our survey has revealed and based on prior data about the Onion Cloner, every single Onion Cloner clone site has been seized.
    • Pink Meth, a revenge porn site and one of the most popular Tor hidden services was seized and not mentioned in any seizure notice.
    • There are almost 200 sites that have been seized that are not mentioned in any seizure notice or press release.
    • A number of websites were taken down with little or no legal justification, including personal websites and community forums.
    • Scam or phishing versions of Silk Road 2.0, Agora, Real Cards Team, Evolution and many other sites were seized.
    • For some of the onion addresses, being mentioned in the FBI press release or the seizure notice is the first and only ever public web mention of the address
    • The seized website “GreenPaper Counterfeiters”, cited in the seizure notice as “Super Notes”, is a scam website.
    • The website “Executive Outcomes”, which the FBI claims in seizure notices and press releases was a retailer of firearms was a well known scam site – it never shipped any weapons but took users funds.
    • The website “Fake ID” is mentioned in the FBI seizure notice and press release as a shop that sold high quality passports and identifications. The FBI seized a clone copy of this website, not the real website.

  • 3000 emailadresses and passwords (also belgians)

    if you aren't stupid you know how to find it

  • examples of Belgian websites still asking for your Rijksregisternummer

    so if they get hacked you lose it and if you lose it together with the number of your EID than you are really busted

    all the forms which have NO HTTPS have no certificate and no encryption at all and if they get attacked by an sql injection because they didn't check their code as their should have done, than all your data is gone inclusief the data that you will never be able to change again

    you can not be prosecuted to give fake RRN numbers or EID numbers as long as the rest of the info is correct

    http://belsec.skynetblogs.be/apps/search/?s=rijksregisternummer  our previous actions

    privacycommission, where are you ?

    if you belong to these organisations you can ask them to change it in a form





    https://www.mechelen.be/loket_files/605/contactformulier-vrijwilligers.html  (bad certificate)





    https://informatie.santander.be/BE_CONS_OFT_WEB/pages/nl/form2.jsp?sid=c0b19acb0fa71b511c0b18ae10c4886d  (bad certificate)

  • mensura.be the media has it all wrong and forget the priorities

    1  Mensura was not hacked, they had an sql injection in a form which is a vulnerability that is known since the year 2000 and which could have been found out if they had checked the code or did a securitycontrol before they launched the site or the form

    but they didn't

    2  The biggest problem is that there are thousands of rijksregisternumbers linked to a name and linked to indications about the health situation of the people or the reason the employer wants a check of his medical leave

    these Unique identifiers can't be changed and the fact that these numbers were obligatory in the form just showed how little they were interested in privacy because if you are privacyconscious you only ask the information you really need and nothing more and you absolutely never ask Unique Identifiers likes the Rijksregisternumber because they are used throughout your life (like the social securitynumber in the US)

    we should take those rijksregisternumbers of the internet - or stop using them as Unique Identifiers - but you can't have it both ways

    3. the victims themselves were not contacted only the firms or organisations for which they worked but I am not sure that anyone of these firms informed their members that there was medical information or some very negative comments about them online

    and it is  not the information of the companies that is compromised, it is the information of the persons, it is their rijksregisternumber, it is their reputations, it is their sickness which is in that file for some

    4. Mensura is not very clear about what was stolen. We have access to a file with about 1100 lines but the numbers of the lines go up to 10.000 and more and in the first reaction in De TIJD mensura itself talked about thousands of files and Rex mundi say that they have MORE

    5. Mensura has not communicated about the leak and the breach and there was no mention of it on the website and I reckon that if I didn't  mention it and write about it and send this information to the press nobody would have talked about it and everybody would have forgotten about it - like all the other cases

  • mensura.be and the other belgian leaks : what will the privacycommission do ?

    There are those guidelines from januari 2013 (nearly two years old but a bit hidden in the website and happily forgotten by most of the industry and services)  http://www.privacycommission.be/sites/privacycommission/files/documents/aanbeveling_01_2013.pdf

    and in french (they aren't translated) Recommandation d'initiative relative aux mesures de sécurité à respecter afin de prévenir les fuites de données

    based on this, any victim can go to court or place a formal complaint with the privacycommission (just send an email to commission@privacycommission.be) 

    and in those guidelines we also read the following 

    about the notification 

    "Meer in het bijzonder moeten in geval van openbaar incident de bevoegde autoriteiten (Privacycommissie) binnen de 48 u geïnformeerd worden over de oorzaken en de schade.

    27. Een openbare informatiecampagne zal opgestart worden 24 tot 48u na kennisgeving aan de autoriteiten."

    there was no public informationcampaign, there was nothing on the website about the hack - the news about the hack did the rounds because I have published it and NOT because the firm has published it. THe firm is in negotiation with the hacker since some time)

    about filing a complaint (about time that a message is send to the market)

    "Meer nog, in geval van niet-naleving ervan engageert de Commissie zich ertoe om alle wettelijk beschikbare middelen in te zetten waardoor de aansprakelijkheid van de verantwoordelijke voor de verwerking in het gedrang komt en deze het risico loopt te worden vervolgd. Immers, tenzij de wet anders bepaalt, doet de Commissie bij de procureur des Konings aangifte van de misdrijven waarvan zij kennis heeft (art. 32, §2 WVP).

    35. Dit geheel van regels vormt dus de door iedere verantwoordelijke voor een verwerking na te leven regels van de kunst teneinde een optimale informatieveiligheid te verzekeren en bijgevolg de beveiliging van de persoonsgegevens van de betrokkenen te waarborgen.

    36. De onderhavige aanbeveling zal de gerechtelijke autoriteiten, wanneer aanklachten bij hen aanhangig worden gemaakt of zij deze ambtshalve in behandeling nemen, toelaten ieder feit dat een inbreuk vormt op de WVP te beoordelen alsook de ernst ervan te evalueren.

    37. Ten slotte herinnert de Commissie er aan dat de verantwoordelijke voor de verwerking verantwoordelijk is voor de schade die voortvloeit uit een handeling die in strijd is met de bij of krachtens de WVP bepaalde voorschriften. Hij is van deze aansprakelijkheid ontheven indien hij bewijst dat het feit dat de schade heeft veroorzaakt hem niet kan worden toegerekend (art. 15bis van de WVP). "

    sql injection is known since.....2000 and can be tested and prevented with any terms

    keeping all that data online even if you don't need it online (but you can transfer it back to a secured server behind the firewall with unidirection traffic (everything in, nothing out), full encryption, limitations on data-use and so on..... these are all normal standard things to do when you have to protect data and which are written about and advocated since years and doesn't cost a lot of effort or money.

    so guilty as charged..... I rest my case 

  • next rumored online Belgian HR firm victim of Rex Mundi : encryption that is no encryption

    of his next victim of which we know the name but for the moment it is only shared with FCCU.be and CERT.be and there is no confirmation yet 

    we know the following

    Rex Mundi said that the encryption of the login was very bad, it was cleartext (or nearly) 

    but they have https so they have encryption and they have a certificate so they are safe - aren't they 




  • lesson from Mensura.be hack : Never fill in your Rijksregisternumber online

    these should be deleted from all forms and should never be asked

    don't trust them when they say it is safe, because you have no idea if it is safe and they probably don't either 

    the risk of losing your Unique ID linked to your emailaddress and other information about you is just too great and it ain't worth it

    the Privacycommission is even totally against using the Rijksregisternumber online for identification or as data - that is what they said

    Belsec has even launched actions together with the Privacycommission to get that number out of some registrationservices 

    So if you find forms or identificationprocesses that use the rijksregisternumber complain to the privacycommission, mail to the site owner, refuse to fill it or fill bogus information in

    NEVER fill in your own real Rijksregisternumber in online 


    as long as there are no standards in Belgium for security, you don't known shit about security of your information in Belgium

  • Mensura.be and their announcements in the press : not telling the most obvious

    First we know now that if Rex Mundi says that they have more data from Mensura than that is maybe only from that form (which we thought in the beginning) but that except for the thousand of lines that we have there are THOUSANDS more (so now I will have to inform my employer)

    Secondly they have informed all their clients they said. But hey, those are NOT the victims. The victims are WE - because our emailaddress, our employment, and the suspicions of our employer, our sickleave or sickness may be in these files and they are coupled with our UNIQUE IDENTIFIER (NATIONAAL RIJKSREGISTERNUMBER)

    Third - this doesn't give an answer to the most direct question 

    what is happening now ? 

    Everybody says that they shouldn't pay the blackmailer - I don't like blackmailers either and I have no link whatsoever to this guy or group 




  • Mensura.be and there is much more in the hands of Rexmundi (they say)

    tonight he will be releasing more information they claim of another online Human Resource Firm (we know the name and will be contacting the different agencies) 

    We know that logins at least are totally compromised for this firm

    they also claim that they have much more information from Thomas Cook and Mensura but we didn't see it yet - but if we have to count on our experience with this group - they do have information if they say they have (but sometimes it is only much older - but that doesn't make it less damaging) 

    sorry, we have now backoffice work to do :)

    by the way mail the privacycommission, call your political representatives, the only way to stop this is to get real responsabilities for these firms

    if they want to use our data online, they have to secure our data online 

    even if there are no hackers online or sending threats or having breached them and published information

    For Thomas COOK : it seems that all the contact and administrative information for all of your partners and travel companies has been leaked and some of it may be used (if sold online) to make fake payments or to breach your networks with that kind of administrative and contactinformation 

    changing the name of your emaildomain wouldn't be a bad idea for example :) upgrading your defenses with anti-APt and upgrade your antispam and to stop downloads of attachments neither 

  • mensura.be this is the kind of information about people with rijksregisternumber on the internet

    we have about 64 pages of information that was leaked (about 1100 people) so this information is from a totally different page than the one we have extracted the emailadresses from 

    "betrokkene wil niet meer komen werken en heeft aangekondigd zich op ziekenkas te zetten. "

    "Heel veel ziek thuis.Werkt deeltijds met toestemming adviseur."

    "est malade depuis 2 semaines et veut se faire virer (avec indemnite"

    "Betrokkene is de afgelopen periode meermaals ziek geweest:"

    "Werknemer heeft te hoge bloeddruk"

    "Werkt in de nacht en is deze nacht om 1 uur naar huis gegaan" 

    "Nous avons un doute sur les absences" 

    there are many others that are just neutral

    but remember, this information is forever linked with their UNIQUE NUMBER (rijksregisternumber) somewhere in 300 places (and where-ever it may be backed up or distributed) 

  • mensura.be lost the recent medical absent control complaints for these companies (for example - not exhaustive)

    based upon the file that we have in our hands delivered to us by another activist anti-breach portal 

    there are 1100 recent complaints with names, email addresses, rijksregisternumbers and medical information and a complaint if the person is faking or abusing it 

    these have been downloaded more than 300 times before it was taken offline (this information may be in some 'dark' databases nobody knows that exist but are used by some 'headhunters' or 'insurance companies' rumours that those are collecting that kind of data have been online) 

    this is just a small sample - just to give an idea










































      BVBA Desirest  







    @elior.com MORREALE       




























    and there is lots lots more ........ 

  • mensura.be hack by Rex Mundi what we know now (with the file before us)

    first we can confirm that the published data from Mensura has to do with its online form with which their tens of thousands of clients could ask the doctors of Mensura to control if some one is really sick

    about a thousand names with email adresse and medical information and their NATIONAAL RIJKSREGISTER were published

    the biggest problems is that if this recent data is published a 1000 persons will exist on the internet as if they had tried to defraud their employer with fake sickness leave or they publish medical information that shouldn't be on the internet anyway

    imagine that a message like this is published on the internet

    employer name and email asks to control you with your emailaddress and your national rijksregister and with a mention that they think you have taken a fake sickday leave or that you have some sickness or accident

    and that has been downloaded 300 times at least

  • exclusive : what data was on the destroyed pastebins from Rex Mundi with the Belgian leaks

    we have a copy of the pastebin of Rex Mundi with the samples of the data that has been published and has been destroyed now

    THIS HAS BEEN DOWNLOADED AT LEAST 300 times according to our information

    3. From this server, we stole personal records belonging to hundreds of customers who have recently applied for a car loan. Those records include the full financial history, employment details and personal data of the applicants. We will release the entire records
    3. From this website, we stole records related to this network of travel agencies' business partners, namely their affiliates and affiliated agencies. We will release the entire data in our possession at a later date. In the meantime, here are the contents of the company's affiliates listing:
    1. MENSURA
    3. This organization is in charge of handling absenteeism-related requests from employers. Here is a list of requests recently received by this organization:
    5. id      Info_InfoMed    Entreprise_Facture      Email01_QuiControle     LastName_QuiEstControle FirstName_QuiEstControle        RegNational_QuiEstControle
  • 2000 netflix accounts leaked (also belgians)

    there were effectively 2000 netflix accounts - of which Belgian leaked but Belgacom has asked me to suppress the image. 

    I don't think anybody else is trying to inform you that netflix accounts are being published on pastebin (you know how to search for that in the searchbox, don't you ?) 

    oh and the leaking goes on ..... 


  • how Google earth is used in #ukraine to find from where the shooting came

    source http://prior-magister.livejournal.com/4419.html

    these are the buildings and from where they were shot at

    this is the map

  • NAVO country Romania is now under threat of Russian missiles on Crimea

    i really begin to believe that some in Moscow have lost all their senses

    do they really think that they can go on and on and on and that we will never start to react and that at that time we won't start to throw all our resources so that it will become clear once and for all that this kind of stupid wargames makes no sense and brings no results at all for neither party

  • so take an example what do we know about the medical situation of

    well it is published in some posts below based upon the information that was leaked by Rex Mundi after a breach of mensura

    and it is not information that you would like to find back on the web

    because there is no way that you could destroy it from the web

    how many times was the pastebin document downloaded before it was deleted ?

    and what can do those people do with that data ?

    e-health is a horror story (but many people don't want to believe me for now)

    I am even not sure it is the same person, but any person googling her name will now find this information - even if they have thought that they have destroyed all the data, they didn't

  • Even Google forget procedure was used to destroy links to Rex Mundi data

    yep, they have used everything they have got to destroy the data that was placed online this time

  • this is what happens when your porn logons get leaked online .....

    it could be another person with the same name of course

    but even than , you will have to explain all the time that it isn't you but some-one else

    we found it because it was in a list of destroyed Belgian emailadresses with passwords not knowing it was for access to porn