Cyber Incident Victim: w0rm hacking crew

In September 2015, the w0rm hacking crew breached the systems of rival hacking group Monopoly and offered Monopoly’s database for sale on their underground forum. The incident occurred without prior public conflict or rivalry between the two groups, as investigations into Twitter and Dark Web communications revealed no history of animosity. w0rm, known for high-profile attacks on BBC in 2013 and Vice, CNET, and the Washington Post in 2014, operated a forum specializing in selling corporate breach databases and zero-day exploits. Monopoly ran a competing forum focused on distributing user credentials for fraud, botnets, and spam operations. w0rm priced the stolen Monopoly data at $500, €450, or 2.15 Bitcoin—a higher rate than their 2014 sale of Vice and Washington Post databases, which they had listed for 1 Bitcoin total. The attackers displayed no remorse, framing the intrusion as routine business rather than a retaliatory act.

The compromised Monopoly database’s exact contents remained unverified, with potential scope ranging from forum login credentials to the group’s full inventory of exploit kits and botnet tools. No buyer disclosures, law enforcement reactions, or containment efforts by Monopoly were documented in available sources. The sale highlighted inter-group targeting within criminal ecosystems, undermining perceptions of solidarity among hacking collectives. w0rm’s operational transparency—publicizing the attack via their forum—demonstrated confidence in their anonymity and impunity. Monopoly’s operational impact from the breach was not quantified, though the exposure risked disrupting their revenue streams from credential sales. The incident exemplified competitive dynamics where hacking groups exploit rivals’ infrastructure for financial gain without ideological justification.