Giveaway at 1000 Viewers – PlayersUnknown’s BattleGrounds

Source: https://www.youtube.com/watch?v=SHh-GlJ7HUQ

Advertisements

iPhone 7 Screen Replacement – A Step By Step Guide

Mobile phone screen replacements are the most common repair at iMend.com. The easiest way of breaking your screen is by accidentally dropping the device onto a hard floor but here at iMend, we’ve heard some weird and wonderful stories, from leaving your phone on the roof of your car to breaking it while your asleep.

We always recommend that you seek help from a mobile repairs professional, as replacing your screen, LCD and digitzer can be extremely risky…

The Risks Of Doing It Yourself

Attempting your own repairs can be very risky business. Without a professional hand in mobile repairs, it’s very easy to ruin your device with one little slip up.

A screen replacement, particularly the iPhone 7, is extremely challenging. In comparison to the iPhone 6, it is much more complicated with extra parts having to be removed and much more tricky tasks throughout the repair.

One of our top technicians, Karol, recently explained some of the dangers of DIY repairs and the trouble it can cause your device. Click here to find out some of Karol’s top tips when repairing your mobile.

A Step-By-Step Guide On Replacing An iPhone 7 Screen

 

Step 1. Book In Your Repair

 

When repairing your iPhone with iMend.com, you have two options. You can either mail-in your phone to one of our repair centre of get your device fixed at the comfort of your own home by one of our nationwide technicians.
When booking an iPhone 7 screen replacement, you will receive a brand new AAA screen made up of Glass (digitizer), LCD and touchscreen.

Step 2. Initial iPhone Inspection

 

First things first, the technician will need to establish the level of damage the screen has gained. The frame is also inspected, making sure there are no dents or bends. If you were to try and replace the screen without checking this important procedure, the new screen may not sit flush.

Step 3. Removing Bottom Screws and Screen

Slowly and carefully remove the two bottom screws either side of the charging port, loosening the screen.

Once the screen has started to loosen, the tech will use a suction cup on the lower part of the screen (near the home button) or an iSesamo tool to ease open the gap between the screen and the case.

Insert the spludger in between the gap, gently splitting the adhesive. Ease around the left side of the phone separating the case and the screen, then repeat on the right hand side.

Slightly lift the bottom of the screen, this will pop the clips holding in the rear case.

Finally, Open up the iPhone by lifting the left side of the assembly. Similar to opening a book.

Step 4. Disconnecting The Battery

 

Once you have lifted the screen of the iPhone 7, it’s time to disconnect the battery. Start by removing the four screws holding on the lower connector bracket. This bracket should now be removed. One of the screws will be longer then the others.

Lay your screws in order. Putting the wrong screws back in the wrong holes will lead to long screw damage essentially piercing and inevitably breaking the motherboard.

Use your plastic spludger to disconnect any FPC connectors. This removes all power from the phone. Be gentle, you can remove the socket from the motherboard, breaking your battery connector.

Step 5. Removing Display Assembly

There are two 1.3mm screws at the top of the device. Slowly remove these screws and remove the front panel bracket, revealing the front panel sensor assembly.

Disconnect the front panel sensor assembly from the logic board with a plastic spludger. You should now be able to remove the display assembly. Once again, be gentle when trying to disconnect the sensor assembly as with too much force you could remove the socket to the logic board.

Step 6. Removing Home Button/Touch I.D

 

Remove three 1.3mm screws and 1.1mm screw behind the home button. Ensure all of the screws are in order to prevent long screw damage when assembling the mobile back together. Remove the bracket that secures the home button.

IMG_0533

Use your plastic spludger to lift the home button connector to disconnect it from it’s socket. Once again, be very gentle when lifting the connector. Too much force will disable the touch sensor.

IMG_0535

Once again use your spludger but this time move the underlying connector away from the home/touch ID button. To prevent damage apply heat allowing the component to become supple.

Step 7. Remove Earpiece Speaker

IMG_0538

Remove the two 2.6mm screws and one 1.7mm screws and proceed to remove the bracket with your tweezers. Use the tweezers to lift the front camera out of the way allowing you to reach the earphone speaker.

You will see two screws either side of the silver panel. Both screws are different sizes so make sure that the 1.9mm screw goes back into the left hand side screw hole and the 2.5mm screw goes back into the right hand side, otherwise long screw damage can occur. Use your tweezers to remove the earphone speaker.

Step 8. Remove Front Camera and Sensory Cable

 

Start by using your plastic spludger to gently lift your ambient light out of the recess of the front panel. Place your iPhone back onto the heat plate. The adhesive will now be easier to break. Place your pick under the front camera housing and slowly slide towards the screw posts.

Once you get close to the screw posts, start to lift the cable with your pick popping the two plastic posts removing it from the last part of the adhesive. The front camera and sensory cable will now be safe to remove.

Step 9. Remove LCD Shield Plate

 

IMG_0552

There are three screws both sides of the display assembly. Make sure they are in a distinctive place away from other screws. Once again, use your heat tray to warm the adhesive.

 

IMG_0558

Use the pick and slowly slide and break the adhesive, starting at the corner near the home button and moving across. Once you have broke the adhesive, slowly lift the LCD shield plate. Be extremely careful as you can snag the display data cables if not done correctly.

Step 10. Reattaching LCD Shield

Once the device is cleaned, the LCD backplate should be reattached with the same six screws previously used.

Step 11. Re-Installing Home Button/Touch I.D.

 

IMG_0579

Re-installing the home button is one of the hardest parts of the repair. It takes a lot of care and precision. The technician then checks the feel of the home button ensure it is the best fit.

 

Step 12.  Transplanting the Earpiece Speaker, Front Camera, Sensory Cable and Flex Assemblies

 

The flex from the previous screen is transplanted onto the new screen. The flex helps the camera sit perfectly in the phone assembly. The flex for the sensory and front camera is first, placed in between the plastic gasket helping align up the sensory cable.

 

IMG_0590

Once the cable is fitted, the front camera should still be well out of the way of the earphone speaker.

 

Next, screw the earphone speaker back into place using the exact same screws. Once the earphone speaker is fitted, the camera can can now bend back into place.

Step 13.  Reattach Sensory panel

Carefully place the sensory connectors back onto the logic boards. Do not push from the centre as the can bend with ease, which can result in a black screen of strips on the LCD

Step 14.  Screen Test

 

The tech will then test to see if the screen is fully functioning. The screen is turned on, and test for blemishes such as dead pixels. This is usually tested by dragging an app around the screen to identify any issues with the screen.

Step 15.  Reconnect PCB Connectors

 

After all of screen test checks are complete, it is safe to connect the PCB connectors. Similar to the sensory connectors, you must be careful reconnecting the connectors as they are easy to bend and ultimately ruin.

IMG_0608

Fix the bracket back into place using the correct screws.

Step 16. Fix The New Screen

 

It’s now time to put back the screen into placing popping the screen into the location clips. Once this is completed, insert the two screws into the holes either side of the charging port.

As you can see, an iPhone 7 screen replacement is extremely difficult and should only be attempted by a professional. One mistake could cost you extra cash or possibly destroy your mobile.

Getting your iPhone 7 repaired by iMend.com ensures that the best quality parts and tools will be used by a mobile repairs expert. Each device comes with a 12-month warranty. We offer both a mail-in service where you can get your mobile fixed at our repair centre or get your device fixed at the comfort of your own home. Click here to book you iPhone 7 Screen Replacement.

The post iPhone 7 Screen Replacement – A Step By Step Guide appeared first on iMend Blog.

Source: https://www.imend.com/blog/iphone-7-screen-replacement-a-step-by-step-guide/

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

A brand new (and live) PayPal phishing page that uses SSL (https://) to appear more legitimate.

According to stats released this week by anti-phishing firm Phishlabs, nearly 25 percent of all phishing sites in the third quarter of this year were hosted on HTTPS domains — almost double the percentage seen in the previous quarter.

“A year ago, less than three percent of phish were hosted on websites using SSL certificates,” wrote Crane Hassold, the company’s threat intelligence manager. “Two years ago, this figure was less than one percent.”

A currently live Facebook phishing page that uses https.

As shown in the examples above (which KrebsOnSecurity found in just a few minutes of searching via phish site reporting service Phishtank.com), the most successful phishing sites tend to include not only their own SSL certificates but also a portion of the phished domain in the fake address.

Why are phishers more aggressively adopting HTTPS Web sites? Traditionally, many phishing pages are hosted on hacked, legitimate Web sites, in which case the attackers can leverage both the site’s good reputation and its SSL certificate.

Yet this, too, is changing, says Phishlabs’ Hassold.

“An analysis of Q3 HTTPS phishing attacks against PayPal and Apple, the two primary targets of these attacks, indicates that nearly three-quarters of HTTPS phishing sites targeting them were hosted on maliciously-registered domains rather than compromised websites, which is substantially higher than the overall global rate,” he wrote. “Based on data from 2016, slightly less than half of all phishing sites were hosted on domains registered by a threat actor.”

Hassold posits that more phishers are moving to HTTPS because it helps increase the likelihood that users will trust that the site is legitimate. After all, your average Internet user has been taught for years to simply “look for the lock icon” in the browser address bar as assurance that a site is safe.

Perhaps this once was useful advice, but if so its reliability has waned over the years. In November, Phishlabs conducted a poll to see how many people actually knew the meaning of the green padlock that is associated with HTTPS websites.

“More than 80% of the respondents believed the green lock indicated that a website was either legitimate and/or safe, neither of which is true,” he wrote.

What the green lock icon indicates is that the communication between your browser and the Web site in question is encrypted; it does little to ensure that you really are communicating with the site you believe you are visiting.

At a higher level, another reason phishers are more broadly adopting HTTPS is because more sites in general are using encryption: According to Let’s Encrypt, 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016.

Also, phishers no longer need to cough up a nominal fee each time they wish to obtain a new SSL certificate. Indeed, Let’s Encrypt now gives them away for free.

The major Web browser makers all work diligently to index and block known phishing sites, but you can’t count on the browser to save you:

So what can you do to make sure you’re not the next phishing victim?

Don’t take the bait: Most phishing attacks try to convince you that you need to act quickly to avoid some kind of loss, cost or pain, usually by clicking a link and “verifying” your account information, user name, password, etc. at a fake site. Emails that emphasize urgency should be always considered extremely suspect, and under no circumstances should you do anything suggested in the email.

Phishers count on spooking people into acting rashly because they know their scam sites have a finite lifetime; they may be shuttered at any moment. The best approach is to bookmark the sites that store your sensitive information; that way, if you receive an urgent communication that you’re unsure about, you can visit the site in question manually and log in that way. In general, it’s a bad idea to click on links in email.

Links Lie: You’re a sucker if you take links at face value. For example, this might look like a link to Bank of America, but I assure you it is not. To get an idea of where a link goes, hover over it with your mouse and then look in the bottom left corner of the browser window.

Yet, even this information often tells only part of the story, and some links can be trickier to decipher. For instance, many banks like to send links that include ridiculously long URLs which stretch far beyond the browser’s ability to show the entire thing when you hover over the link.

The most important part of a link is the “root” domain. To find that, look for the first slash (/) after the “http://” part, and then work backwards through the link until you reach the second dot; the part immediately to the right is the real domain to which that link will take you.

“From” Fields can be forged: Just because the message says in the “From:” field that it was sent by your bank doesn’t mean that it’s true. This information can be and frequently is forged.

If you want to discover who (or what) sent a message, you’ll need to examine the email’s “headers,” important data included in all email.  The headers contain a lot of information that can be overwhelming for the untrained eye, so they are often hidden by your email client or service provider, each of which may have different methods for letting users view or enable headers.

Describing succinctly how to read email headers with an eye toward thwarting spammers would require a separate tutorial, so I will link to a decent one already written at About.com. Just know that taking the time to learn how to read headers is a useful skill that is well worth the effort.

Keep in mind that phishing can take many forms: Why steal one set of login credentials for a single brand when you can steal them all? Increasingly, attackers are opting for approaches that allow them to install a password-snarfing Trojan that steals all of the sensitive data on victim PCs.

So be careful about clicking links, and don’t open attachments in emails you weren’t expecting, even if they appear to come from someone you know. Send a note back to the sender to verify the contents and that they really meant to send it. This step can be a pain, but I’m a stickler for it; I’ve been known to lecture people who send me press releases and other items as unrequested attachments.

If you didn’t go looking for it, don’t install it: Password stealing malware doesn’t only come via email; quite often, it is distributed as a Facebook video that claims you need a special “codec” to view the embedded content. There are tons of variations of this scam. The point to remember is: If it wasn’t your idea to install something from the get-go, don’t do it.

Lay traps: When you’ve mastered the basics above, consider setting traps for phishers, scammers and unscrupulous marketers. Some email providers — most notably Gmail — make this especially easy.

When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that with a “+” sign just to the left of the “@” sign in your email address. For example, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to Gmail and create a folder called “Example,” along with a new filter that sends any email addressed to that variation of my address to the Example folder.

That way, if anyone other than the company I gave this custom address to starts spamming or phishing it, that may be a clue that example.com shared my address with others (or that it got hacked!). I should note two caveats here. First, although this functionality is part of the email standard, not all email providers will recognize address variations like these. Also, many commercial Web sites freak out if they see anything other than numerals or letters, and may not permit the inclusion of a “+” sign in the email address field.

Source: https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/

iMend.com Provide Mobile Phone Training to Fire Service

iMend.com offer leading training programmes for mobiles and tablets, providing both standard and bespoke courses for businesses and public services across the UK. Each programme is taught by a training expert, ensuring that every trainee will complete the course with a solid understanding and the practical skills to perform their own repairs to a professional standard.

 

 

Oxfordshire Fire & Rescue Service contacted iMend Training to look at offering a Training Course at their premises to 9 of their Technical Communications Team across the three different counties making up the Thames Valley – Oxfordshire, Buckinghamshire & Royal Berkshire.  Mobile phone devices are a lifeline to the Emergency Services and there is a need for team members to get any broken devices back in action very quickly.  With this in mind, iMend.com worked with Oxfordshire Fire & Rescue Service to design a training programme delivered at their HQ site in Kidlington to teach a mixture of new and intermediate trainees how to repair iPhone & Samsung devices.

Sarah McConomy, Director of iMend.com, stated; ” iMend have cornered the market with training for consumer and corporate customers including new technicians, high street retailers, police forces, government bodies.  As one of the largest repair companies in the UK, they are perfectly placed to offer the best practice, professional and real-world training courses.”

Sarah McConomy and Sarah Mackay of the Oxfordshire Fire & Rescue Service worked in collaboration to create a bespoke training programme to cater for the service’s mobile repair requirements during an intense one day training programme.

Due to the fast nature of emergency services, the Fire Service teams wanted to learn how to repair mobile devices to ensure a speedy and efficient solution to any of the ‘wider teams’ mobile issues ensuring they are back in action promptly.

During the training programme, each member performed a range of the most common repairs on the iPhone 6S and Samsung J5 (2016 and 2017 models) including best practice repair guidance across screen replacements, charging port repairs, battery replacements and pre/post device tests and diagnostics.

 

 

Sarah Mackay,  who organised the training commented  ” The team members from the three Fire & Rescue Services found the course fantastic. The training was enjoyable, useful and practical which all of the members benefited from.  I will be looking into more iMend.com courses for additional team members in the future.”

Other members of the course were also thoroughly delighted with the training given by our expert. Denis Lenihan stated,” An insightful course with a friendly and patient trainer, thanks Rob!”

iMend.com are the industry leading mobile and tablet repair trainers. As one of the largest repair companies in the UK, iMend have the ability to deliver superior training requirements delivering all of you practical needs in environments conductive to the clients.

If your business is interested in one of our standard or bespoke training programmes, click here to enquire today.

The post iMend.com Provide Mobile Phone Training to Fire Service appeared first on iMend Blog.

Source: https://www.imend.com/blog/imend-com-provide-mobile-phone-training-to-fire-service/

Anti-Skimmer Detector for Skimmer Scammers

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology.

A well-known skimmer thief is marketing a product called “Smart Shield Detector” that claims to be able to detect a variety of electronic methods used by banks to foil ATM skimmers.

The device, which sells for $200, is called a “Smart Shield Detector,” and promises to detect “all kinds of noise shields, hidden shields, delayed shields and others!”

It appears to be a relatively simple machine that gives a digital numeric indicator of whether an ATM uses any of a variety of anti-skimming methods. One of the most common is known as “frequency jamming,” which uses electronic signals to scramble both the clock (timing) and the card data itself in a bid to confuse skimming devices.

“You will see current level within seconds!,” the seller enthuses in an online ad for the product, a snippet of which is shown above. “Available for sale after November 1st, market price 200usd. Preorders available at price 150usd/device. 2+ devices for your team – will give discounts.”

According to the individual selling the Smart Shield Detector, a readout of 15 or higher indicates the presence of some type of electronic shield or jamming technology — warning the skimmer thief to consider leaving that ATM alone and to find a less protected machine. In contrast, a score between 3-5 is meant to indicate “no shield,” i.e., that the ATM is ripe for compromise.

KrebsOnSecurity shared this video with Charlie Harrow, solutions manager for ATM maker NCR Corp. Harrow called the device “very interesting” but said NCR doesn’t try to hide which of is ATM include anti-skimming technologies — such as those that claim to be detectable by the Smart Shield Detector.

“We don’t hide the fact that our ATMs are protected against this type of external skimming attack,” Harrow said. “Our Anti-Skimming product uses a uniquely shaped bezel so you can tell just by looking at the ATM that it is protected (if you know what you are looking for).”

Harrow added that NCR doesn’t rely on secrecy of design to protect its ATMs.

“The bad guys are skilled, resourced and determined enough that sooner or later they will figure out exactly what we have done, so the ATM has to be safe against a knowledgeable attacker,” he said. “That said, a little secret sauce doesn’t hurt, and can often be very effective in stopping specific attack [methods] in the short term, but it can’t be relied on to provide any long term protection.”

The best method for protecting yourself against ATM skimmers doesn’t require any fancy gadgets or technology at all: It involves merely covering the PIN pad with your hand while you enter your PIN!

That’s because the vast majority of skimming attacks involve two components: A device that fits over or inside the card reader and steals data from the card’s magnetic stripe, and a tiny hidden camera aimed at the PIN pad. While thieves who have compromised an ATM you used can still replicate your ATM card, the real value rests in your PIN, without which the thieves cannot easily drain your checking or savings account of cash.

Also, be aware of your physical surroundings while using an ATM; you’re probably more apt to get mugged physically than virtually at a cash machine. Finally, try to stick to cash machines that are physically installed inside of banks, as these tend to be much more challenging for thieves to compromise than stand-alone machines like those commonly found at convenience stores.

KrebsOnSecurity would like to thank Alex Holden, founder of Milwaukee, Wisc. based Hold Security, for sharing the above video.

Are you fascinated by skimming devices? Then check out my series, All About Skimmers, which looks at all manner of skimming scams, from fake ATMs and cash claws to PIN pad overlays and gas pump skimmers.

Source: https://krebsonsecurity.com/2017/12/anti-skimmer-detector-for-skimmer-scammers/

iPhone Battery Replacement – A Step-By-Step Guide

Attempting to repair your own mobile can be extremely risky. Tampering with your device can lead to further damages and ultimately costing you more money.

But there is a particular repair you must not attempt unless you are a qualified technician. Attempting to replace your battery is one of the most dangerous repairs in the industry. But an iPhone battery replacement sounds simple, right? Removing the battery from the device is extremely tricky and if not done correctly can lead to the battery smoking, setting fire or even exploding.

 

 

Our most recent example, a customer attempted to replace the battery in their iPhone 6. After removing the screen, they tried to remove the battery out of the device accidentally puncturing it.  The battery started to smoke and caught fire, leading to a fried battery and an obsolete phone. Without experience, skill and knowledge this procedure became hazardous. Although, the customer has now destroyed their mobile the consequence could have been a lot worse…
 
 

Watch Our Top Technician Safely Remove An iPhone 6 Battery

 

 
 

Step-By-Step Guide on how to complete an iPhone Battery Replacement (iPhone 6):

 
Step 1: Ensure your work space is neat and tidy. You will be removing lots of tiny screws and can be easily lost on a messy work top.

Step 2: Start to remove the two screws at the bottom of the device either side of the charging port. Make sure there is a designated space for these particular screws.

Step 3: Use your iSesamo tool to ease open the screen. Make sure you start at the bottom of the screen near the charging port as this is where you have loosened the device’s structure. You should then be able to lift up the screen.

Step 4: Always disconnect the battery before trying to replace it. Remove the bracket over the FPC connectors. Ensure you put the two screws in a distinctive place.

Step 5: Use your plastic spludger to disconnect the FPC connectors. Be extremely gentle, you can easily remove the socket on the logic board which will inevitably break the battery connector completely.

Step 6: Move onto removing the screen. Unscrew bracket over the logic board.

Step 7: Again, use your plastic spludger to remove the front-camera connectors and sensor cable connector. Move onto the home button connector, then the display data connector and finally the digitizer cable connector. Once again, be careful not to dislodge the sockets on the logic board. The screen should now be removable.

Step 8:  You will need to remove the vibrating motor. This is essential for the iPhone 6 model as when you try to remove the adhesive strips in the later steps, there is a possibility of tearing them when the motor is still connected.  After removing the screws, carefully use tweezers to grip a remove the motor.

Step 9: There are two flaps at the bottom of the battery. Gently peel back the first adhesive flap with your tweezers. Be careful to to pierce the battery in the process.

Step 10: Use your tweezers to grip the flap and twist to gain a tighter grip. Slowly pull the adhesive strip until it is completely removed. Repeat steps with the opposite strip.

Step 11: Hey presto, your battery should now be removable.
 

When putting the mobile back together there are three golden rules you must follow:

 
– Ensure all of the screws are placed back into the correct holes. Many of the screws are different lengths. If you were to put the wrong screw in the wrong hole, you could screw into the mobile’s motherboard. Ultimately, destroying the phone.

– When reconnecting the display data cable, make sure it is securely connected. If this connector was to separate from the logic board, your screen would go blank or develop white lines.

– Do not press down in the centre of the digitizer cable when reconnecting to the logic board. If not connected correctly, you could corrupt and damage the digitizer.

As you can see, an iPhone battery replacement is one of the most hazardous repairs in the industry. This type of repair should always be conducted by a technician. Our technicians are intensely trained on this particular repair, ensuring they are able to complete this repair to an exceptional standard.

If you are looking to replace your iPhone 6 battery, look no further than iMend.com. Click here to view the different type of repairs we offer.

The post iPhone Battery Replacement – A Step-By-Step Guide appeared first on iMend Blog.

Source: https://www.imend.com/blog/iphone-battery-replacement/

Hacked Password Service Leakbase Goes Dark

Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.

Leakbase[dot]pw began selling memberships in September 2016, advertising more than two billion usernames and passwords that were stolen in high-profile breaches at sites like linkedin.com, myspace.com and dropbox.com.

But roughly two weeks ago KrebsOnSecurity began hearing from Leakbase users who were having trouble reaching the normally responsive and helpful support staff responsible for assisting customers with purchases and site issues.

Sometime this weekend, Leakbase began redirecting visitors to haveibeenpwned.com, a legitimate breach alerting service run by security researcher Troy Hunt (Hunt’s site lets visitors check if their email address has shown up in any public database leaks, but it does not store corresponding account passwords).

Leakbase reportedly came under new ownership after its hack in April. According to a source with knowledge of the matter but who asked to remain anonymous, the new owners of Leakbase dabbled in dealing illicit drugs at Hansa, a dark web marketplace that was dismantled in July by authorities in The Netherlands.

The Dutch police had secretly seized Hansa and operated it for a time in order to gather more information about and ultimately arrest many of Hansa’s top drug sellers and buyers. 

According to my source, information the Dutch cops gleaned from their Hansa takeover led authorities to identify and apprehend one of the owners of Leakbase. This information could not be confirmed, and the Dutch police have not yet responded to requests for comment. 

A message posted Dec. 2 to Leakbase’s Twitter account states that the service was being discontinued, and the final message posted to that account seems to offer paying customers some hope of recovering any unused balances stored with the site.

“We understand many of you may have lost some time, so in an effort to offer compensation please email, refund@leakbase.pw Send your LeakBase username and how much time you had left,” the message reads. “We will have a high influx of emails so be patient, this could take a while.”

My source noted that these last two messages are interesting because they are unlike every other update posted to the Leakbase Twitter account. Prior to the shutdown message on Dec. 2, all updates to that account were done via Twitter’s Web client; but the last two were sent via Mobile Web (M2).

Ironically, Leakbase was itself hacked back in April 2017 after a former administrator was found to be re-using a password from an account at x4b[dot]net, a service that Leakbase relied upon at the time to protect itself from distributed denial-of-service (DDoS) attacks intended to knock the site offline.

X4B[dot]net was hacked just days before the Leakbase intrusion, and soon after cleartext passwords and usernames from hundreds of Leakbase users were posted online by the hacker group calling itself the Money Team.

Many readers have questioned how it could be illegal to resell passwords that were leaked online in the wake of major data breaches. The argument here is generally that in most cases this information is already in the public domain and thus it can’t be a crime to index and resell it.

However, many legal experts see things differently. In February 2017, I wrote about clues that tied back to a real-life identity for one of the alleged administrators of Leakedsource, a very similar service (it’s worth noting that the subject of that story also was found out because he re-used the same credentials across multiple sites).

In the Leakedsource story, I interviewed Orin Kerr, director of the Cybersecurity Law Initiative at The George Washington University. Kerr told me that owners of services like Leakbase and Leakedsource could face criminal charges if prosecutors could show these services intended for the passwords that are for sale on the site to be used in the furtherance of a crime.

Kerr said trafficking in passwords is clearly a crime under the Computer Fraud and Abuse Act (CFAA).

Specifically, Section A6 of the CFAA, which makes it a crime to “knowingly and with intent to defraud traffic in any password or similar information through which a computer may be accessed without authorization, if…such trafficking affects interstate or foreign commerce.”

“CFAA quite clearly punishes password trafficking,” Kerr said. “The statute says the [accused] must be trafficking in passwords knowingly and with intent to defraud, or trying to further unauthorized access.”

Source: https://krebsonsecurity.com/2017/12/hacked-password-service-leakbase-goes-dark/