Cyber Incident Victim: w0rm

On or around October 2, 2016, the website of the hacker known as w0rm was breached and defaced by a rival threat actor using the alias Peace (also identified as Peace_of_Mind). The attack occurred over a weekend, with visitors to w0rm's site encountering a defacement message on Sunday morning claiming responsibility from "Peace of Mind and prometheus" for "[expletive] with Hell Forum." The defacement included personal details purportedly belonging to w0rm, though the accuracy of this information could not be independently verified. This marked at least the third time w0rm had been doxed, following similar incidents in October 2014 and September 2015. Peace confirmed the attack to Softpedia, citing w0rm's actions in reporting vulnerabilities of websites Peace had compromised, which caused Peace to lose access to those systems. Additional motivations included allegations that w0rm had scammed associates of Peace and had stolen restricted content from Hell Forum—a private community for high-level hackers—by republishing it on his publicly accessible website.

The compromise extended beyond defacement, as Peace exfiltrated and leaked w0rm's entire website database. The dump contained forum user credentials, private messages, and account details. Notably, it also included the source code for Hunter, an active but lesser-known exploit kit operating in 2016. w0rm's site served as a repository for proof-of-concept vulnerability code and stolen database dumps from various cybercrime forums, a practice that had previously drawn retaliation. No response or containment actions from w0rm were documented in available sources following the breach. The incident exposed operational details of both actors' activities, including w0rm's forum community and Peace's retaliatory tactics within the competitive underground hacking ecosystem.