The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks
Photon Research Team
Read More From Photon Research Team
August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard time learning new tricks, yet researchers have claimed that because adult dogs can focus longer, they adapt to a changing environment faster and can more easily learn new skills. While it may be tempting to discount the “old dog” English-language cybercriminal forum Nulled in terms of innovation, this site has recently displayed a whole range of new “tricks.” Since the beginning of the year, Nulled has recruited new staff, created–and then pulled–a forum app, organized a Counter-Strike: Global Offensive (CS:GO) tournament, and launched its own streaming service. Let’s take a look at these innovations and what they tell us about the evolution of Nulled. 

HISTORY OF NULLED

Nulled first appeared in January 2015, so named because, at that time, cybercriminals referred to cracked scripts and forum engine add-ons as “nulled” rather than “cracked.” Nulled has since expanded to cover a wide variety of topics, including databases, credentials, gaming, movies, pentesting, social engineering, and cryptocurrencies. Nulled has never attracted the same hype within the cybercriminal community as more prominent English-language platforms such as RaidForums. Keeping a low profile may have been an intentional strategy on the part of the Nulled administration team to avoid potentially damaging attention: In the past, Nulled has distanced itself from cybercrime reported in the media. In December 2019, for example, reports alleged that Nulled members had hacked RingCam devices, taped themselves harassing the device owners, and included the recordings in a podcast called NulledCast. Nulled’s administrator was quick to dismiss any affiliation with NulledCast and ban the involved users.

Nulled’s slow and steady, drama-free approach has resulted in a gradual increase in membership. Nulled had attracted 1 million members by 11 Aug 2017, reaching almost 2.9 million members in July 2020. Nulled’s traffic rank over the past 90 days shows that Nulled has experienced a significant increase in user traffic since the beginning of the COVID-19 (aka coronavirus) pandemic. Digital Shadows has observed other cybercriminal forums with similar coronavirus-related growth spurts. These huge increases may have been driven by those feeling the pinch turning to cybercrime as world economies suffer or individuals exploring the criminal underground during their lockdown-induced increased time at home.  Nulled’s slew of new updates may have been the administration team’s attempt to capitalize on the site’s current COVID-19-related traction. 

Alexa Rank

GROWING MEMBERSHIP LEADING TO RECRUITMENT DRIVE

In its early days, Nulled hired new forum staff when existing staff retired or decided to leave the forum. Usually, only one new staff member would be hired at any one time. On 16 Feb 2017, for instance, Nulled moderator “Oxide” announced that several staff members had decided to leave the forum due to “personal reasons,” leaving them as the only forum moderator. Oxide advertised for one new Trial Moderator to “help maintain peace on the forum.” 

However, in Nulled’s most recent job vacancy announcement on 19 Apr 2020, forum administrator “Bleach” called for two new Trials Moderators to help the forum cope with the rapid growth experienced during COVID-19. Almost two months later, when the names of the new staff members were announced, it was revealed that the site had hired three new moderators rather than two, indicating the forum’s commitment to Bleach’s assertion that the new staff members would help the site “grow even more.”  

Nulled forum administrator’s post calling for new trials moderators

MORE SOCIAL ACTIVITIES

On 20 Mar 2020, Bleach announced that a trusted forum member would host an official Nulled CS:GO tournament, where 80 forum members with VIP accounts would be able to participate. This ostensibly run-of-the-mill gaming tournament held a more profound significance, though: This was the forum’s first gaming competition and the first time a trusted member–rather than forum staff–had organized a contest.

On 03 Jun 2020, a respected forum member announced the launch of a free, non-profit, self-developed streaming service called “NulledFlix”. This is the first time Digital Shadows has recorded an exclusive streaming service created by and for forum members in the English-language cybercriminal scene. According to NulledFlix’s creator, the service would stream movies and TV shows and offer a live-chat function so users could converse during the live streams. They added that while initially, only Nulled staff would organize streams, other trusted members would be able to create live-streams in the near future. 

The CS:GO tournament and NulledFlix streaming service may represent additional strategies for maintaining the forum’s growth. Allowing non-staff members to organize social activities and services for the rest of the forum likely creates a more engaging, interactive platform that will, in turn, attract more users. Organizing fun activities that do not require advanced hacking skills may indicate Nulled’s awareness that many of its new members, especially those who joined during the pandemic, are likely to be young individuals with low-level skills. These users may be more likely to participate in forums that actively provide a platform for such “easy-going” activities.

CSGO

NULLED, IS THERE AN APP FOR THAT?

In late March 2020, one Nulled user announced that, with the blessing of both Nulled’s administrator and owner, they were developing an app for the forum. The user opined that “Nulled has always been lacking something for the mobile users. The mobile UI was hard to use as it was designed with desktop in mind. Nulled Mobile App is the solution to this.” 

Their most recent updates on the app project indicated that the developer had created the app’s user interface. These posts also discussed the possibility of adding an in-built VPN for increased security. However, the app adventure abruptly ended when the developer suddenly got banned from the forum for unknown reasons, and the project was abandoned entirely. Before this, other forum members had expressed doubts about the app, saying that Nulled could easily be accessed on mobile devices using a shortened URL link.

Android app

Despite the ultimate failure to launch an app for Nulled, the project suggests the Nulled administration team’s willingness to consider expanding the forum’s reach into other platforms and make the forum as accessible and easy to use as possible. 

WIDER SIGNIFICANCE

The English-language cybercriminal landscape has proven to be difficult for forums to conquer, as discussed in our recent blog on the demise of Torigon forum. In that blog, we established three critical factors for forum survival: 

  1. A forum needs to offer a platform that can differentiate itself from the crowd 
  2. A forum requires a knowledgeable and driven administration team
  3. A forum must have the ability to ensure the platform remains available and accessible, come what may 

Nulled’s historical changes and updates, as well as its recent “new tricks,” have meant that the site had met each of these requirements, ensuring its continued stability and relative longevity in the English-language scene. 

Differentiating itself from the crowd

Nulled’s administration team stated that Nulled “never was created for us or anyone else to make money, as it was and will always be for fun, and for people to share both knowledge and science.” This has been evident in the activities that have been organized on the forum over the years. In the beginning, when Nulled users focused more on straightforward “cracking” content, the site organized more skills-based competitions and awards, such as a SQLi challenge. In recent months and years, though, the site has offered “easier” challenges, such as Member of the Month awards, FIFA 2018 World Cup betting games, and the recent CS:GO tournament. This change suggests that Nulled has managed to read the audience it attracts and adapts its services and activities accordingly to differentiate itself from its competition.

A knowledgeable and driven administration team

Nulled’s administration team has consistently ensured that they have enough staff at any given time, and only sought trusted members to fill the vacant roles and help with the daily forum processes. 

This dedicated team likely helps Nulled’s staff quickly regulate malicious behavior on the forum. Twice during 2018, for instance, a forum administrator explicitly warned forum users against potential impersonators and an increase in triangulation scams on the forum, detailing how users could recognize and avoid such behavior. The administration team has also introduced numerous updates to improve user experience and increase user security, such as new features, new VIP upgrade options, and statistics on top-ranked users. 

Ensuring that the platform remains available and accessible

Nulled’s staff acknowledged the danger of being targeted by threat actors early on: They stated, “as we are a community that’s obviously not loved by everyone”, Nulled might be targeted with “daily DDoS attacks which require us to have substantial power to resist.” 

Although Nulled has not publicly announced protection measures other than those commonly used by many cybercriminal forums, Nulled’s existence has mostly been stable. Apart from the occasional, short-lived downtimes that most forums suffer from, it does not appear to have been offline for a significant amount of time or suffered from any larger, targeted attacks. Nulled’s low-profile strategy may have helped with this and mostly kept it away from the prying eyes of potential competitors and other threat actors.

Description of Nulled

EVEN NEWER TRICKS?

Nulled’s innovations have continued into July. At the beginning of the month, Nulled suddenly removed its Cracking section, implemented stricter rules for what users can share in its Combo-list section, and added a “reworked” Pentesting section. The reasoning behind these changes has not been publicly disclosed on the site. It might be a reaction to comments about Nulled being advertised as a place to “get free accounts.” There is also unconfirmed gossip circulating that Nulled’s owner recently sold the forum to an unnamed Chinese threat actor; these latest changes may represent the first steps in the new regime. At this rate, we will continue to witness Nulled’s speedy evolution into the second half of 2020, with at least as many changes on the forum as in the first half.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

SeachLight’s Exposed Document Alerts: Uncover the Critical, Faster

SeachLight’s Exposed Document Alerts: Uncover the Critical, Faster

November 23, 2020 | 5 Min Read

BACKING UP...INTO A DITCH I am a terrible...
Holiday Cybercrime: Retail Risks and Dark Web Kicks

Holiday Cybercrime: Retail Risks and Dark Web Kicks

November 19, 2020 | 7 Min Read

The holidays are right around the corner,...
ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

November 16, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Kim, Dylan, and...
To Code or Not to Code? Cybercriminals and the world of programming

To Code or Not to Code? Cybercriminals and the world of programming

November 12, 2020 | 9 Min Read

If you keep a pulse on the technology sector...