A place on the dark web where cybercriminals “can share, learn and make money.”
At the entrance of this Hell, there's no sign that says, "abandon all hope, ye who enter here." Instead, there's an actual logo that reads "HELL." There is a slogan that says, "fuck heaven, hell is hot," and an image of a sports car on a highway to an infernal looking city, a thinly-veiled reference to the classic rock song "Highway to Hell" by AC/DC. There is also a login form.
This is not the actual, biblical Hell, but a place where there are criminal hackers, wannabe criminal hackers, scammers, and perhaps federal agents, rather than demons and damned souls. It's a new, little known, hacking forum actually called Hell.
Hell, which can only be reached on the dark web, is "a community where criminals can share, learn and make money," the forum's founder and administrator, who only goes by the name "Ping," told me in an encrypted chat.
The forum gained notoriety in early March, when a hacker only known as "ROR[RG]" dumped fifteen spreadsheets on a message board called "Hacked Data," whose motto is "sharing is caring."
The files contained highly personal information about almost four million people, including their names, ages, email addresses, locations, and what kind of sexual partner they were looking for. A one night stand, a swinger, a fuck buddy, someone looking for BDSM, webcam sex, or just somebody interested in regular 'ol dating?
ROR[RG] claimed he was posting the database, which had apparently been stripped of credit card information, because Adult Friend Finder had a debt with a friend of his. "This is for owing my guy $247,938.28 BITCH!!!!!!!!!!!" ROR[RG] wrote in the thread where he announced the breach, which has since been deleted.
"Pay up or be fucked," the hacker wrote, demanding a ransom of $100,000.
The hacker also said he wasn't worried about authorities hunting him down, as he lived in Thailand. He justified his actions because the site "is a pervo website," and "had it coming"—no pun intended, maybe.
For more than a month, almost no one outside of the Hell forum really seemed to notice what was clearly a big data breach, with the potential of exposing the private lives of millions of people, some of whom were likely married or in a stable relationship—making them easy targets for extortion.
It wasn't until late May, almost three months later, when British TV station Channel 4 broke the story, that the rest of the world found out. Only then did Adult Friend Finder admit the breach on its website.
But Bev Robb, an independent security researcher, had known about it since the database was posted. In fact, she had even wrote about it on her blog in April. At the time she didn't say that Adult Friend Finder was the victim, but only said she had found a "treasure trove of hacked data" from an "adult social networking site" on an "excursion" through the dark web.
"The forum isn't really 'hell,'" because it doesn't allow drugs, violence or child pornography.
Being the place where the hacked Adult Friend Finder database was posted was a big break for the Hell forum, which was launched in February. Hell's members skyrocketed from 1,200 in May to 3,000 in June, growing at a rate of a hundred users everyday, according to Ping. And after the notoriety provided by the Adult Friend Finde breach, Ping added, "more experienced users came along to build a better community [and] also more database leaks," which is "more fun for me."
But "the forum isn't really 'hell,'" he argued, because it doesn't allow drugs, violence or child pornography. "Allowing drugs would put us higher up the list for [law enforcement] plus there is a lot of money to be made through financial crime as well."
Hell was founded by Ping and "friends that have been in the deep web for a while and knew what they were doing," after another hacking forum they controlled, this one called Olympus, went down due to the site's hosting provider being hacked earlier this year.
Ping wouldn't tell me anything about himself, other than he's from Canada, though he wasn't born there. He only said that he has been active in dark web hacking communities for three years and that Ping is a new alias that he created after another hacking forum, HackBB, went down in 2013.
HackBB disappeared as part of the FBI operation that took down Freedom Hosting, a large provider of deep web sites, which are technically called "hidden services," because they're hosted on the aonymizing Tor network. In 2013, the FBI seized all Freedom Hosting servers, and accused its alleged founder of being the "largest facilitator of child porn on the planet."
During his time at HackBB, Ping said he "learned the basics" of credit card hacking, commonly known as carding, which helped him sell "some" credit cards, and make "some friends."
Then, when the site went down, Ping said he created his new alias "for a fresh start," and created a "reputation" for himself. Other than being the founder of the hell forum, Ping is also an administrator of the TheRealDeal Market, a new online bazaar for computer exploits.
While Ping claims to have a day job that is not in the world of information security "or anything like that," he said his activities on the dark web earn him a considerable amount of money.
In fact, he told me he made $5,000 in May, thanks to his work on Hell, which entails moderating the forum, posting content "and some other business which is confidential." He also made "a little cash" from TheRealDeal and "some more" with his "other business."
Of course, there's no way of verifying whether Ping is really telling the truth.
"Nobody knows who he is," Robb, who has been visiting Hell for months and has been in touch with Ping, told me. "He could potentially be a [federal agent]."
Robb herself believes that Ping "is a perfect example of generic pseudonymity concealed within the sleeve of anonymity," as she wrote in a recent blog post. "This is one character that will continue to elude the feds, that is—until the cows come home."
The whole site could be a sting operation too, according to Robb—there's just no way of knowing that right now.
There hasn't been another big splashy hack like the dump of the Adult Friend Finder database, but Hell is relatively active, with around 2,000 posts at the time of writing. Members can use the forum's private messaging system too, where they are encouraged to use PGP encryption to exchange messages.
"Just like fucking ratchet bitches, it's best to use protection," a forum moderator nicknamed "HA" wrote in a "Welcome to Hell" post.
Members offer stolen data for sale, trade in hacking tools, and share tips on how to commit various computer crimes, such as infecting people with malware that holds their data for ransom, or cracking PayPal accounts.
The majority of posts are in a general discussion forum, where users talk about anything from the sentencing of the Silk Road founder Ross Ulbricht, to requests for help hacking a database, to finding child pornography. (Some Hell users did not like the post about finding child porn. As one user told the original poster: "die a slow and painful death, make sure to record it and then have posted a link to it. [sic]")
But in the forum "Hacked Data," users have boasted of several breaches and hacking feats. Some appear legitimate, such as a breach that hit more than 30,000 users of a large Australian internet service provider. Others, not so much. For example, after the massive hack of the US government Office of Personnel Management, which affected at least 4 million people, a member of Hell called "Ebolabad" claimed to be the one behind it, and offered the stolen data for sale.
To verify that his claims were true, Ebolabad apparently passed some of the data to Ping, who dumped a database of 23,000 US government and military emails on the forum. But as it turned out, the database was from a previous undisclosed breach of another government agency.
"It's one of many places where cyber criminals buy and sell things," Mark Arena, the CEO of Intel 471, a security firm that's been monitoring the site, told me.
Some of Hell's cyber criminals try to sell fake data too. The forum even has two message boards on "potential" scams and "confirmed" scams. In theory, they are to help users avoid hoaxes.
"I see a lot of false claims as well as posts of old data [...] con jobs," said Scot Terban, a security researchers who's also been visiting the site.
"Any unvetted cyber criminal marketplace is bound to have some people trying to scam the criminals."
That, however, is normal, according to Arena, since "any unvetted cyber criminal marketplace is bound to have some people trying to scam the criminals."
Hell has apparently changed a lot since its birth, not just in the number of users. The forum has grown from being a simple collection of how-tos and guides, to an "interactive community" of hackers that share data, some for sale, and some for free, according to Robb, the security researcher who's been lurking on the forum.
But the popularity among some criminal hackers, and the publicity stemming from the Adult Friend Finder breach, has brought some unwanted, and unwelcome, attention to Hell. Because cops have been "lurking" the forums, Ping said that he was going to delete inactive accounts every first day of the month, starting in July, through an automatic "sweep" of users who have no posts.
"Some other new changes may be coming to the forum to prevent/slow down law enforcement or security firms from monitoring the forum and users activity," Ping announced in a post on Monday.
That was after he had published the database of 23,000 government emails, and Ping told me he was worried that law enforcement agents would go after him.
"I got [sic] stay low as the feds aren't to [sic] happy with me," he said, claiming he knew because he had "sources" and "you kind of know when you start leaking government emails."
"If I am gone for over a day it means that I have been arrested."
"If I am gone for over a day it means that I have been arrested," he said.
Ping promised he would talk to me on Thursday, June 18, and I was going to ask him about the new ways with which he planned to keep authorities out of Hell, as well as other breached data he claimed to have in his possession.
But on Thursday, he never logged in. Nor did he reply to my emails. His last post on Hell dates back to Tuesday, more than two days ago.