IntelBroker, a shadowy figure in the cybersecurity world, has gained notoriety for a string of high-profile cyberattacks and subsequent data leaks targeting a diverse range of organizations, spanning critical infrastructure, tech giants, and government contractors.
Despite their reputation and online presence, IntelBroker remains shrouded in mystery, with their whereabouts, intentions, and technical expertise remaining undisclosed.
The motive driving IntelBroker’s attacks remains uncertain. His diverse selection of targets suggests potential motivations: either seeking financial gain by selling stolen data on the dark web or aiming to sow disruption and chaos across multiple sectors.
Speculation surrounding IntelBroker’s actions hinted at the involvement of a skilled, coordinated team adept at exploiting vulnerabilities. However, an exclusive interview with The Cyber Express debunked this notion, revealing that the hacker operates solo.
During the IntelBroker interview, the hacker offered insights into his hacking journey, addressed common misconceptions, delved into his affiliation with the group CyberNiggers, detailed their financial gains in 2023, and expressed admiration for fellow hackers who serve as sources of inspiration.
We believe, before proceeding with the IntelBroker interview, it’s crucial to understand the hacker’s background, cyber incidents linked to the hacker and their modus operandi. This understanding will illuminate their motivations and actions, enriching our dialogue with valuable context.
A Trail of Breaches Linked to IntelBroker
IntelBroker’s activities first emerged in October 2022. In early 2023, their notoriety grew as they began leaking sensitive customer information from Weee, exposing data from nearly 11 million customers.
The hacker has also claimed responsibility for various high-profile cyberattacks, including breaches at the Los Angeles International Airport and Acuity, a U.S. federal technology consulting firm.
Via the Los Angeles International Airport data breach, IntelBroker accessed a database containing 2.5 million records, including personal information such as full names, CPA numbers, company names, plane model numbers, and aircraft tail numbers, as well as 1.9 million emails. This breach occurred through an attack on the airport’s vulnerable customer relationship management system.
In the case of Acuity, IntelBroker obtained data from the U.S. Immigration and Customs Enforcement and U.S. Citizenship and Immigration Services. The breach, facilitated by exploiting a critical GitHub zero-day, resulted in the compromise of personal information from over 100,000 U.S. citizens. Additionally, sensitive documents related to the Five Eyes alliance’s investigative methods and the ongoing Russia-Ukraine war were accessed.
Other breaches attributed to IntelBroker include those at General Electric, DC Health Link, Volvo Cars, Hewlett Packard Enterprise (HPE), Autotrader, AT&T, Verizon, and numerous other entities. Moreover, they have admitted to breaching multiple US government agencies and have advertised the sale of over 2 GB of stolen files on underground hacking forums.
Here are the excerpts from the interview:
TCE: Can you recall your first hacking experience and how it unfolded?
IB: Reflecting on the beginning of my hacking journey, it’s challenging to pinpoint the exact moment that marked my entry into this field. My first hacking attempt is just a small part of the many operations I have done since then. Each experience, whether it was exploring vulnerabilities or understanding the intricate dance of digital security, contributed to my growth in this field. Hacking isn’t just about breaking in; it’s about constantly learning and adapting to the challenges it presents.
TCE: What’s the most outrageous misconception about you that you’ve come across?
IB: One of the most preposterous rumors I have encountered was an allegation connecting me to Iranian Advanced Persistent Threat (APT) groups. This claim, seemingly originating from certain law enforcement narratives, suggested that my techniques resembled to those historically attributed to Iranian operatives. Drawing comparisons like that oversimplifies the intricate domain of cybersecurity. It also highlights a tendency to quickly assign national affiliations to independent actors, often based on surface-level similarities.
TCE: If you were to choose only one tool for your computer-related activities henceforth, what would it be and why?
IB: In a whimsical departure from the usual digital tools, I’d go for something decidedly old-school: a bottle opener. Aside from its practical purpose of helping us unwind and enjoy moments of leisure, a bottle opener also symbolizes a break from the digital world that often ties us to screens and keyboards. It’s a reminder that sometimes, the most valuable moments stem from stepping away and savoring the simpler aspects of life.
TCE: Could you shed light on your involvement with the group CyberNiggers?
IB: My association with CyberNiggers began when I was invited to join the group on the original BreachForums. It was during this time that I engaged in the notable DC Health Link breach. Following the forum’s closure, the group transitioned, and under the leadership of Aegis and myself, we reestablished it on the new BreachForums platform. It’s important to clarify that while I contribute to the group, I am not synonymous with it. My individual identity as ‘Intelbrokers’ often gets conflated with group activities, but I maintain my distinct persona within this collaborative environment.
TCE: Comparing the old and new Breach Forums, have you noticed any significant changes?
IB: Transitioning from the old to the new Breach Forums, there’s a palpable shift in dynamics. The pace of growth appears more gradual, and there’s a noticeable decline in active engagement from the staff.
As a result, there’s been a shortage of top-notch content, with fewer posts and discussions that capture the essence of what made the original forum so lively, filled with groundbreaking revelations and vibrant discussions.
TCE: Are there aspects of the DARPA, Wee, or GE incidents that you feel were overlooked by mainstream media?
IB: The breaches involving GE and DARPA indeed garnered some acknowledgment from the entities themselves, a rare occurrence in such scenarios. However, the depth of coverage and the nuances of these incidents often remain unexplored, leaving a gap in the public’s understanding of their implications and the intricacies involved in such high-profile cyber incursions.
TCE: Do you have a personal favorite cyber incident that you believe deserved more attention?
Among the many operations I have been involved in, the breaches of AT&T and several ISPs stand out due to their massive scale and potential impact. These incidents, all traced back to SundaySky’s data repositories, were especially intriguing. Yet, despite their significance, they failed to capture the media’s attention, with the exception of a solitary report by The Cyber Express. The fact that these breaches haven’t received much coverage highlights a broader issue of selective attention within the cybersecurity narrative.
TCE: Have you ever experienced a moment in your hacking endeavors that initially seemed promising but turned out to be anticlimactic?
IB: There was an instance where I believed I had penetrated the defenses of a contractor associated with Google, anticipating a treasure trove of sensitive data. The reality, however, was a stark contrast—a discovery that the target was merely a former Indian service provider for Google, far removed from the tech giant’s current operations and lacking in any substantial value or intrigue.
TCE: Outside the digital world, do you engage in any hobbies that might surprise people?
IB: Contrary to the image of a hacker perpetually glued to computer screens, I find solace in the simple pleasure of drinking. This hobby, devoid of any digital footprint, offers a refreshing counterbalance to the high-stakes, fast-paced world of cybersecurity, allowing moments of introspection and relaxation.
TCE: Can you share a particularly memorable “facepalm” moment you’ve experienced during a hacking operation?
IB: The operation targeting Razer stands out for its sheer lack of security rigor, a situation that bordered on the absurd. The company’s protracted two-week investigation, which ultimately culminated in no substantive action, epitomized the often-lackadaisical approach organizations take towards cybersecurity, highlighting a pervasive underestimation of the threats lurking in the digital shadows.
TCE: Reflecting on your active period from late 2022, can you quantify your financial gains in 2023?
IB: Since stepping into the hacking arena in November 2022, the financial aspect of my journey has been noteworthy. I earned over $100,000 within the first year. While I can’t share specific details, this figure highlights the lucrative potential of exploiting digital vulnerabilities, all while operating within ethical and legal boundaries.
TCE: What is your stance on companies concealing cybersecurity incidents, and do you believe that reporting to regulatory bodies like the SEC is the optimal approach?
IB: The tendency of organizations to withhold information about cybersecurity breaches is a misguided strategy that ultimately jeopardizes their credibility. Transparency is crucial; failing to disclose or follow up on incidents only compounds the damage to a company’s reputation. The Razer breach serves as a case in point, where the lack of closure or accountability illustrates the detrimental effects of silence in the face of security lapses.
TCE: Having been a part of the cybersecurity community for some time, are there any fellow hackers you admire or draw inspiration from?
IB: In the vast expanse of the cybersecurity space, few individuals stand out with the clarity and brilliance of Sanggiero from BreachForums. His exceptional intellect and understated contributions to the field are deserving of far greater recognition and respect.
Disclaimer: The responses provided have been expanded and enhanced for better understanding and contextual clarity. Changes have been made compared to the original interview.
