Interview with NoSQLBandit: The Marketplace for Account Creds

Interview with NoSQLBandit: The Marketplace for Account Creds
Photo by Mika Baumeister / Unsplash

Since the 2020 COVID-19 lockdowns, a growing number of teenagers from even the age of 13 are paying for access to government emails via credential vendors to gain official account access. This has enabled them to register for emergency data request panels, such as Kodex and Meta's custom panel for Instagram, Facebook, and WhatsApp; or even login to panels that they had paid access for initially.

Looking into FedCreds

FedCreds, a government email & EDR/Subpoena vendor that has appeared more than a few times in large news sources for selling FBI LEEP access.

FedCreds first appeared around September 25th 2023. They started off as a vendor for government email credentials, EDRs for multiple different large corporations, and stayed as just that- but grew over the following months. FedCreds is the place where most of these known "hackers" purchase their panel access or email access.

FedCreds is selling account credentials (username/password) for the FBI's Law Enforcement Enterprise Portal (LEEP). #SiegedSec

-Cyber Omniscience on X

FedCreds had operated with SiegedSec, a group of gay furry hackers, to compromise NATO during 2023, most likely giving them access to servers which had private documents hidden.

We had a chance to interview the owner of FedCreds, known as NoSQLBandit/MYSQLBandit, here's how it went:

Q: What motivated you to create and maintain a marketplace like this, and did you consider the consequences before-hand?

I saw the opportunity to take on a small, niche marketplace made up of gov emails, some company credentials and data requests, and simply decided to take the opportunity

Q: On average (per month) how many customers/buyers do you have for each product you sell?

On a per month basis, probably around 20-40 different product sales

Q: How much do you make from this per month?

Well, month over month, changes a lot, its not my main source of income and its a pretty good and fun side project, but for obvious OPSEC reasons can't give a said number. Based on the high ticket items, you guys can know that it can get quite substantial for some

Q: What product would you say brings in the most buyers?

I'd say that gov email sales and some special tools sales, some gov emails can sell for 12k, some tools for 6k, it adds up pretty quickly

Q: Is there anything you think you would like to change about the direction of FedCreds, or the communities that surround it?

Id like to keep adding more product, especifically more first world emails are those are the bread and butter of the business

Q: When you say "first world emails" are you referring to the U.S., UK, etc?

Yes, mainly US, UK, AUS, CA

Q: Are you able to disclose with us your biggest sale since the opening of FedCreds in September? If so, please do.

From the products that has been posted, the LEEP panel by far, 25k sale, we've done and worked on some other projects for bigger pay days but those haven't been disclosed

Q: Last question, about the FBI LEEP- the FedCreds team was being investigated heavily since the surrounding communities like BlackForums, SiegedSec, and other large groups had paid notice to FedCreds, actually pushing the Telegram channel too. Had anybody been arrested or disappeared due to this?

Well, no one directly involved with FedCreds has disappeared under suspicious circumstances so far, some have decided to quit com and retire, nothing abrupt

Q: Okay, thank you very much. Would you mind in a few months if we reach out to you again and have another interview?

Yeah, that would be perfect

The interview went smoothly and we had some insight into one of the largest vendors for purchase of access to emails and panels.

NoSQLBandit says that "some gov emails can sell for 12k, some tools for 6k, it adds up pretty quickly". This proves that even with just a couple dozen customers/buyers that the business is booming and that it's just that easy to access unauthorized emails and panels.

Protecting Yourself

  1. Check if you've been in a data breach using data search engines like HIBP
    1. Thousands, nearly millions, of data breaches happen every year and it is on you to protect yourself from getting hacked as data is sold all over the globe. Check if you've been in a data breach today.
  2. Frequently change passwords with a set reminder
    1. Not all data breaches make it to the public eye, and are still being sold online in private chats on places like Telegram, or forums like BreachForums and SecretForums. Learn to frequently change your password so you don't recieve an email about a suspicious login to your account.
  3. Make sure you are not linked to any incriminating sources of information
    1. Emergency Data Requests are usually managed by a parent system, for example Kodex, but even Kodex can take out EDRs on random people. Make sure that you are able to report a wrongful and false data request on you if it does happen.

The Conclusion

I reached out to one of the biggest sellers of illegal emails in the hacking community and they expressed that selling things illegally makes a lot of money because "it adds up quickly". It's also important to understand that hacking and fraudsters honestly don't have to do much work in comparison to a lot of real jobs, and yet they still make more money.

This is NOT an invitation to follow in their footsteps as compromission of a computer system when unauthorized is extremely illegal and can land you decades in prison. I am just highlighting the amount of money that is made and how easy it really can be to "hack" something, including governments.

Do you like what you're reading from the CoderOasis Technology Blog? We recommend reading our Implementing RSA in Python from Scratch as your next choice.
Implementing RSA in Python from Scratch
This is a guide to implementing RSA encryption in python from scratch. The article goes over the math and has code examples.

The CoderOasis Community

Did you know we have a Community Forums and Discord Server? which we invite everyone to join us? Want to discuss this article with other members of our community? Want to join a laid back place to chill and discuss topics like programming, cybersecurity, web development, and Linux? Consider joining us today!
Join the Discord Server!
CoderOasis offers technology news articles about programming, security, web development, Linux, systems admin, and more. | 112 members
CoderOasis Forums
CoderOasis Community Forums where our members can have a place to discuss technology together and share resources with each other.