Admin of Forum Where Users Trade Stolen Instagrams: Hacking Is ‘Not Our Problem’
Members of a forum where people trade stolen Instagram and other social media accounts react to Motherboard’s investigation.
Tuesday, Motherboard published a months-long investigation into SIM hijacking, a type of fraud where criminals take over people’s phone numbers and then use them to hack Instagram accounts, or steal their money and cryptocurrency.
Some of the people involved in these hacks trade the stolen social media accounts—especially those with unique handles—for hundreds or even thousands of dollars on a forum called OGUSERS. Our article became a topic of discussion on the forum itself. Some users were amused by the media attention, but others were angered or freaked out.
“It was fun while it lasted,” wrote a user called Poop.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
“Don't let this distract you from the fact there are some snitches among us,” wrote a user in a thread, apparently angry at people laughing about the article.
Several users seemed worried that the article and the subsequent attention the forum will likely attract will get people in trouble, or perhaps make it harder for them to hack accounts. A few weeks ago, a hacker who steals social media usernames showed me that he had access to a T-Mobile internal system by showing me my own data on an internal web portal.
“Whoever told them about outsiders having access to carriers tools - fuck you,” wrote the user CR.
One member who claimed to use SIM swapping showed me they had access to a T-Mobile portal to look up victims' information, say their Social Security Number or date of birth. Hackers can use this information to pretend to be the victims and trick the phone companies’ technicians into porting out the victim’s phone numbers to a SIM card they control. At that point, the hackers can use the victim’s number to reset their passwords and break into their online accounts.
In response to the internal chatter, the administrator and founder of OGUSERS, a individual who goes by the name Ace, made an announcement claiming that users shouldn’t be worried.
“We banned the discussion of ‘sim swapping’ on OGUsers a long time ago and have rules against any discussion of blackhat/illegal activities,” Ace wrote. “The site will not and should not be shutting down. What members do in their free time is their own problem. They come to our site to sell the usernames, thats it. How they obtain them is not our problem.”
Ace did not respond to a request for comment Wednesday. Shortly after the article was published on Tuesday, they asked me to remove mentions of their nickname. Hours later, Ace posted the announcement and claimed to have never spoken to me, but in reporting the original story I spoke to someone who proved to me that they had control of Ace’s forum account.
A longtime member, who identified to me as Thug, told me on Wednesday that several “relevant” forum members are deleting their accounts to “keep a low profile” after Motherboard’s investigation.
“Many users known for their illegal behaviors are having their post/thread history wiped,” a member told me.
Another member, who asked to remain anonymous, said that “staff are tighter” in enforcing the rule against discussing illegal activities.
Still, according to Thug, life on OGUSERS and within the community of SIM hijackers will go on as nothing happened.
“It’ll blow over in a few weeks and everything will be fine,” Thug told me today. “Everything will be back to normal and people will still be SIM swapping.”
Correction: This story originally misidentified and included a screenshot of a thread on OGUSERS dedicated to SIM swapping. The thread was actually advertising a service that allows someone who just bought or traded for a username to secure it and make sure it doesn’t get claimed back by the original owner. Motherboard regrets the error.
Solve Motherboard’s weekly, internet-themed crossword puzzle: Solve the Internet.