DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

A joke gone too far: “thekilob” falsely accused of being responsible for DC Links breach

Posted on March 12, 2023September 26, 2024 by Dissent

On March 6, a forum post appeared on BreachForums that listed data for sale from the Health Benefit Exchange Authority, DC.gov

The seller, a respected forum user known as IntelBroker, claimed that the data had been hacked within the past hour and contained information on 170,000 users.

Forum posting by IntelBroker attributed the hack of the Health Benefit Exchange to a group with a name redacted because it contains a racist term.
DataBreaches has redacted the name of the group IntelBrokers attributed the breach to because the name is racist.

In less than a day, the data were listed as SOLD, and members of Congress, their staffs, and their family members were all dealing with the likelihood that their personal information and health insurance information was in the hands of ne’er-do-wells. The FBI would later state that they had bought data from the seller, but it is not clear if they bought all the data or only a sample for verification purposes.

On March 9, a new forum user, “Denfur,” listed the data again. This time, however, the data were not offered for private sale. Anyone paying 8 forum tokens/credits could acquire the data.  Denfur also provided samples of the data and described it as containing the personal information of fewer than 55,000 users. The difference between the 55,000 users in the Denfur post and the 170,000 users in the IntelBroker post was explained as being due to duplication of records in the earlier sample.

Denfur’s post boldly added “Слава России!”  (“Glory to Russia”).

A Joke Puts a Forum Member at Risk?

Because IntelBroker is a respected forum member, some people may have believed them when edited their sales post to claim that they were selling the data on behalf of another forum user known as “thekilob.”

Those who were regular users of the forum might have recognized that it was unlikely that IntelBroker would be a middleman for thekilob. As thekilob stated to DataBreaches in a chat, “I think it is public knowledge that me and intelbroker had certain disagreements on the forum.”

Unfortunately for thekilob, while forum regulars might be aware of that, journalists unfamiliar with the individuals or forum might not know that. Adding to the misattribution, Denfur also claimed thekilob was responsible for the hack in their post.

News outlets such as Associated Press repeated the attribution and it appeared on every news site that syndicated AP’s coverage. Other news media such as Gizmodo also repeated the attribution.

The joke didn’t stop there, even. IntelBroker subsequently appeared to be banned by a forum moderator  for being an “alt” (alternate user account or identity) of “thekilob.”

Given that this breach affected members of the U.S. Congress, one could realistically anticipate   law enforcement would be vigorously pursuing thekilob, someone who is believed to be in Italy and whose real identity may already be known to law enforcement.

From the very first instance of the joke, DataBreaches quietly advised contacts that they should not give any credence to thekilob attribution, but now it is time to say it louder.

Today, “Denfur” removed the attribution to thekilob from their post, writing:

On request of Breached Forum staff, we have removed “thekilob” from our post. To comply with their request, we must state that Kilob was not involved with the hack, and the references to them this far through have been jokes. We would also like to note that we were in no way forced to remove mention of this name, we were simply given the option. Because we support and appreciate the space that Breached has given us, we complied with the request.

And to complete the attempted undoing of the joke,  IntelBroker’s “ban” notice has been changed to reflect that it was really a self-ban (requested by IntelBroker). IntelBroker is not an “alt” of thekilob.

Hopefully, mainstream news outlets will issue corrections or updates and others will no longer repeat what was never a very funny joke.

 

 

 

Category: Government SectorHealth DataU.S.

Post navigation

← Company accuses former exec of data theft
What’s new in ransomware gang pressure tactics? Not as much as you might think. →

3 thoughts on “A joke gone too far: “thekilob” falsely accused of being responsible for DC Links breach”

  1. Denfur says:
    March 12, 2023 at 9:19 pm

    Contact me onsite, we must talk.

    http://breached65xqh64s7xbkvqgg7bmj4nj7656hcb7x4g42x753r7zmejqd.onion/User-Denfur

    1. Dissent says:
      March 13, 2023 at 7:26 am

      Can’t contact you on BF if you don’t have PM enabled, and it doesn’t look you have it enabled. Why don’t you enable it and PM me there or hmu on Telegram @DissentDoe.

  2. joke says:
    March 13, 2023 at 11:59 am

    but a nice joke!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.