Cyber Threat Actor: Rubber
| Actor Type | Location | Known Incidents |
Sensationalist
|
—
|
0 incidents |
|---|
Profile
The threat actor known by the alias Smitt3nz, also referred to as 'Rubber', gained attention for posting a series of data dumps on the Twitter account @smitt3nz. The actor’s activity was highlighted in a December 2015 DataBreaches.net article that compiled multiple hacks attributed to this handle. Each dump consisted of user credentials harvested from various online services and was made publicly available via tweets that included links to the leaked data. The actor’s moniker appears in the article as the source of the disclosed breaches.
Targeted services spanned a range of sectors, including UK‑based cycling, art, PC gaming, and library websites such as chickencycles.co.uk, artrookie.co.uk, pccongress.org.uk, igcd.net, killersites.com, lexpublib.org, the-athenaeum.com, and wesnoth.gamingladder.info. In addition, the actor compromised numerous dating and marriage‑oriented domains, including malapelli.com, thotamarriagelines.com, mudirajpelli.com, madigapelli.com, svmarriageslinks.com, ssamb.com, srirasthu.in, vivahamytri.com, and goudpelli.com. The harvested data typically contained usernames, email addresses, and passwords, with some passwords stored in plain text and others encrypted using MD5. For several of the dating sites, the administrator’s login credentials were also included in the dump in plain text.
The actor’s tactics involved credential harvesting followed by public disclosure of the stolen data on Twitter, sometimes accompanied by notes that passwords had been cracked using MD5 decryption tools. No specific malware families, exploit kits, or initial‑access vectors were described in the source material; the emphasis was on the acquisition and redistribution of user databases. Public attribution to a state sponsor, criminal consortium, or other affiliations has not been established in the reporting. Representative campaigns cited in the article include the leaks of 784 accounts from chickencycles.co.uk, 1,710 accounts from artrookie.co.uk, and 9,723 accounts from chromeplay.com, illustrating the scale of the actor’s data‑exfiltration activity.
