Recently the website 1337day.com, a popular platform for exploit source code hosting, sharing and selling was hacked again. The last day any exploits were added to their databases was June 4th, as you can see by this tweet. On that same day is when they seemed to start having problems with their servers because @inj3ct0r usually tweets exploits anywhere from 5-10 times a day. However there was no activity on the account for four days until when they announced that “the CIA has seized our domain”.
They claim their domain was seized by the CIA in relation to them supposedly not sharing confidential user information with them. They even went as far as to say, “the CIA attempted to access Bitcoin funds but were unsuccessful”. No more than a couple hours after the initial tweets from the inj3ct0r’s account, the hackers promptly defaced his website laughing at his claims of CIA involvement.
With inj3ct0r making claims without proof and the deface calling him out, its made the 1337day users confused as to whats really happening. So what are the facts that we know? First of all, this is not the first time that 1337day.com has been compromised as you can see here. Secondly, the admin has given zero evidence to support such wild claims. Thirdly, the deface currently residing on the homepage is that of a troll face, some obscure hacker handles(RAB3OUN / X-GUN) and bad grammar; not quite CIA/FBI regulation for domain seizure.
Overall the actions of this intrusion are completely indicative of blackhat hackers driven either by profit or revenge, not a federal agency. A real CIA/FBI domain seizure looks more like this.
Whether the main back-end servers of 1337day.com were accessed or if it was just a DNS Hijacking attack is still unclear. We will keep you updated as new facts come to light about the 1337day.com intrusion and possible database leak.