Aside from the few cases where such entities find themselves targeted by legal action or even the police, exposure is a rare event. However, a couple of years ago a new threat emerged after several IPTV providers were targeted by a hacker.
High Profile Attacks Against Helix and PrimeStreams
Late 2019, we reported on a pair of attacks against two of the more recognizable IPTV brands on the market. Warning signs first appeared on the homepage of Helix Hosting, when the alleged hacker revealed that the provider had been given the option to pay a “small amount” in order to prevent all of his customers’ details from being leaked online.
On top, the hacker threatened to leak the personal details of at least one owner or staff member, along with their names, addresses, phone numbers and IP addresses. There was no question that this was a serious problem for Helix. But the hacker wasn’t happy with just a single target.
Just days later, PrimeStreams was under attack by the same person, who again demanded that a ransom be paid to prevent customer details from being leaked online. The amount was significant – $70k payable in bitcoin – but that was not the full extent of the attacks. Several other providers were targeted too, always with the same modus operandi but differing amounts.
TF previously received information on extortion demands down to around a single bitcoin, with the hacker appearing to tailor the amount based on the size of the provider or reseller’s customer base. What was clear, however, is that many attacks were going unreported in public, most probably due to the sensitive nature of the businesses being targeted.
New Warnings: More Hacks, More Extortion
With so many hacks appearing in a short space of time, those under attack began to suspect that a common vector was being exploited by the hacker. Very early on, at least one provider publicly suggested that billing software (provided by WHMCS Smarters and used by hundreds perhaps thousands of providers/sellers) could’ve been part of the problem.
A new announcement by a moderator of Reddit’s /r/IPTV community is now putting more meat on the bones that supports that theory while putting more worrying information into the public domain.
“Over the last couple years numerous IPTV providers were hacked by someone exploiting the WHMCS billing module. Some major providers paid up to $70k USD to the hacker and some of these exploits were covered on Torrent Freak. The hacker has probably hit at least 50 smaller IPTV providers, maybe more, that’s only the ones we know of, always asking for Bitcoin as a ransom,” the moderator reveals.
Also of interest is that the hacker reportedly caused damage to the sites in order to pile on more pressure to pay. But of course, those targeted didn’t have the luxury of seeking legal support or even protection from the police, so the extortion scheme continued and the pressure mounted for a while, before eventually tailing off.
Unfortunately, the hacker appears to have resumed his activities in recent months and members of the IPTV community are now pooling their resources to gather information on the individual and sound the alarm. The allegations coming out now are a concern, to say the least.
“He knows the IPTV business and has inside info that most wouldn’t,” the warning continues. “But here is the most important thing you should be aware of. He knows Smarters better than many. Ask yourself why.”
This theme, that the hacker could have some connection to Smarters, however obscure, continues with additional allegations that seem to suggest more than just a casual relationship.
“The [Reddit /r/iptv/] mod team has seen substantial evidence that points to this hacker being someone involved with Smarters, possibly on their staff, or related in some way to their operation. Seems to be a strong connection.”
“We are NOT accusing Smarters, but we urge you to use CAUTION if dealing with them especially if it involves server access. Don’t ever provide them passwords to your servers for any reason. He will know,” the warning adds.
WHMCS Smarters Responds to Allegations
Given the potential severity of the allegations, TorrentFreak contacted WHMCS Smarters for a response and a statement on whether the company would be prepared to carry out a security audit to check for any issues of concern.
Company owner Amanpreet Singh responded quickly, thanked us for bringing the matter to his attention, and assured us that he had discussed the matter with his team and had come up with several security recommendations.
– Always use a strong password and keep changing it after a few months
– Use the SSL (HTTPS): Always on HTTPS
– If you have WordPress installed at the front then ensure there are no unknown plugins
– Change your server Access Passwords once Smarters has finished the installation.
– File permissions should be accurate
In our initial contact, Singh told us that he wasn’t sure what more he could say, since he has no idea whether the allegations raised by the Reddit moderation team are true. In response, we again asked whether he would commit to carrying out a security audit within the company as part of an investigation.
“There is no chance of the hacker being involved with Smarters,” Singh informs TF.
“I have already discussed this with my team and there is nothing to be worried about at our end. My real brother and cousin brother and my one sister are working as team leaders and they are responsible for the installation and updating of billing panels.
“The second major thing is if we change the passwords then there is nothing to be worried about. I told my team to force the clients to change the password when the installation is done.”
Paying a Ransom Doesn’t Guarantee The Hacker Will Withdraw
Considering the very nature of blackmail, paying a ransom to a hacker may seem like a good idea at the time but when easily duplicated digital information is involved or attack vectors remain available, there’s no guarantee that a hacker will honor his or her side of the bargain. Indeed, according to the Reddit moderator (who has good connections in the IPTV community), paying up may not be the end of the story.
“Don’t pay the hacker if he hacks your site cuz it won’t do you any good. He has hit many people several times. Comes back for more, too. It’s no guarantee that he won’t leak your info if you pay him,” he adds.
“Don’t pay this asshole if he hits you. [By the way] he can hack the newest WHMCS version if you give Smarters any server passwords. You were warned.”
Finally, it’s claimed that members of the IPTV community have additional evidence up their collective sleeves but are holding back from publishing now, in order to protect sensitive information. However, they aren’t ruling out revealing that in the future, if the hacker persists.
In response to the report of additional information being available, Singh is offering his help, should IPTV providers need it.
“If they have particular evidence then I would ask [them] to share it with me then I can help [them] with it more,” he concludes.
Many thanks to TorrentFreak for the breaking news.