DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

A joke gone too far: “thekilob” falsely accused of being responsible for DC Links breach

Posted on March 12, 2023September 26, 2024 by Dissent

On March 6, a forum post appeared on BreachForums that listed data for sale from the Health Benefit Exchange Authority, DC.gov

The seller, a respected forum user known as IntelBroker, claimed that the data had been hacked within the past hour and contained information on 170,000 users.

Forum posting by IntelBroker attributed the hack of the Health Benefit Exchange to a group with a name redacted because it contains a racist term.
DataBreaches has redacted the name of the group IntelBrokers attributed the breach to because the name is racist.

In less than a day, the data were listed as SOLD, and members of Congress, their staffs, and their family members were all dealing with the likelihood that their personal information and health insurance information was in the hands of ne’er-do-wells. The FBI would later state that they had bought data from the seller, but it is not clear if they bought all the data or only a sample for verification purposes.

On March 9, a new forum user, “Denfur,” listed the data again. This time, however, the data were not offered for private sale. Anyone paying 8 forum tokens/credits could acquire the data.  Denfur also provided samples of the data and described it as containing the personal information of fewer than 55,000 users. The difference between the 55,000 users in the Denfur post and the 170,000 users in the IntelBroker post was explained as being due to duplication of records in the earlier sample.

Denfur’s post boldly added “Слава России!”  (“Glory to Russia”).

A Joke Puts a Forum Member at Risk?

Because IntelBroker is a respected forum member, some people may have believed them when edited their sales post to claim that they were selling the data on behalf of another forum user known as “thekilob.”

Those who were regular users of the forum might have recognized that it was unlikely that IntelBroker would be a middleman for thekilob. As thekilob stated to DataBreaches in a chat, “I think it is public knowledge that me and intelbroker had certain disagreements on the forum.”

Unfortunately for thekilob, while forum regulars might be aware of that, journalists unfamiliar with the individuals or forum might not know that. Adding to the misattribution, Denfur also claimed thekilob was responsible for the hack in their post.

News outlets such as Associated Press repeated the attribution and it appeared on every news site that syndicated AP’s coverage. Other news media such as Gizmodo also repeated the attribution.

The joke didn’t stop there, even. IntelBroker subsequently appeared to be banned by a forum moderator  for being an “alt” (alternate user account or identity) of “thekilob.”

Given that this breach affected members of the U.S. Congress, one could realistically anticipate   law enforcement would be vigorously pursuing thekilob, someone who is believed to be in Italy and whose real identity may already be known to law enforcement.

From the very first instance of the joke, DataBreaches quietly advised contacts that they should not give any credence to thekilob attribution, but now it is time to say it louder.

Today, “Denfur” removed the attribution to thekilob from their post, writing:

On request of Breached Forum staff, we have removed “thekilob” from our post. To comply with their request, we must state that Kilob was not involved with the hack, and the references to them this far through have been jokes. We would also like to note that we were in no way forced to remove mention of this name, we were simply given the option. Because we support and appreciate the space that Breached has given us, we complied with the request.

And to complete the attempted undoing of the joke,  IntelBroker’s “ban” notice has been changed to reflect that it was really a self-ban (requested by IntelBroker). IntelBroker is not an “alt” of thekilob.

Hopefully, mainstream news outlets will issue corrections or updates and others will no longer repeat what was never a very funny joke.

 

 

 

Category: Government SectorHealth DataU.S.

Post navigation

← Company accuses former exec of data theft
What’s new in ransomware gang pressure tactics? Not as much as you might think. →

3 thoughts on “A joke gone too far: “thekilob” falsely accused of being responsible for DC Links breach”

  1. Denfur says:
    March 12, 2023 at 9:19 pm

    Contact me onsite, we must talk.

    http://breached65xqh64s7xbkvqgg7bmj4nj7656hcb7x4g42x753r7zmejqd.onion/User-Denfur

    1. Dissent says:
      March 13, 2023 at 7:26 am

      Can’t contact you on BF if you don’t have PM enabled, and it doesn’t look you have it enabled. Why don’t you enable it and PM me there or hmu on Telegram @DissentDoe.

  2. joke says:
    March 13, 2023 at 11:59 am

    but a nice joke!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.