Search This Blog

Showing posts with label Darknet. Show all posts

179 Dark Net Vendors Arrested in a Massive International Sting; 500 kg Drugs Seized


Global police agencies have confiscated over $6.5m both in cash and virtual currencies, 64 firearms, and 1,100 pounds of drugs - arresting 179 vendors across 6 countries including the U.S and Europe in one of the biggest raid on dark web marketplaces. The international sting operation saw considerable co-operation from Law enforcement agencies all over the world including the US, UK, Germany, Europe, Canada, Europe, Sweden, Austria, and the Netherlands.

The 500kg of drugs recovered by investigators during the operation included fentanyl, methamphetamine, oxycodone, ecstasy, cocaine, hydrocodone, MDMA, and several other medicines containing addictive substances, as per the findings.

The authorities dubbed the global sting operation as 'DisrupTor' and while announcing it, they claimed in a press release that the "golden age of the dark web marketplace is over." The roots of the operation go back to May 3, 2019; the day German authorities seized the dark web drug market, "Wallstreet market" and arrested its operators.

"Operations such as these highlight the capability of law enforcement to counter encryption and anonymity of dark web market places. Police no longer only take down such illegal marketplaces – they also chase down the criminals buying and selling illegal goods through such sites." The press release further read.

According to the Justice Department, it was the largest international law enforcement operation that targeted opioid traffickers on the dark web. The investigation witnessed an extensive range of investigators ranging from the FBI, ICE, DEA, Customs and Border Protection (CBP), to the Defense Department.

Commenting on the success of the operation, the head of Europol’s European Cybercrime Centre (EC3), Edvardas Šileris said, “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

“With the spike in opioid-related overdose deaths during the Covid-19 pandemic, we recognize that today’s announcement is important and timely,” said Christopher Wray, FBI director. “The FBI wants to assure the American public, and the world, that we are committed to identifying dark net drug dealers and bringing them to justice.” He further added.

The data of clients of the Russian bank Alfa-Bank leaked to the Network


On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.

One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

A newspaper managed to reach up to six clients using these numbers. Two of them confirmed that they have an account with Alfa-Bank and confirmed the relevance of the balance.

Alfa-Bank confirmed that they know about the data leak of several dozen clients.
The seller of Alfa-Bank's database said that he also has confidential information of clients of other credit organizations.

"I can sell a database of VTB clients with a balance of 500 thousand rubles or more with an update from July 17 for 100 rubles per entry," claimed the seller. However, the Russian newspaper was not able to get test fragments of these databases.

The newspaper also contacted two other sellers who offered information about users of Gazprombank, VTB, Pochta Bank, Promsvyazbank, and Home Credit Bank.
Information about the account balance is classified as a Bank secret. Knowing such confidential details makes it easier for attackers to steal money using social engineering techniques.

"There are two ways to get bases on the black market. One of them is the leak of data by an insider from a Bank or company. The second option is through remote banking vulnerabilities," said Ashot Hovhannisyan, founder of the DLBI leak intelligence service.
According to him, the reason for the ongoing leaks is inefficient investments in security. Companies often protect their systems from hacking from outside, but not from insiders.

IM Platforms Increasingly Used by Threat Actors in Place of Dark Web Marketplaces


Researchers at IntSight have discovered that IM platforms such as WhatsApp, Telegram, Discord, IRC, and Jabber are being used by cybercriminals for advertising and putting their goods and services on sale. One of the major reason as to why cybercriminals are switching to these IM platforms from the conventional ones is 'law enforcement practices'; law enforcement operations have been targeting online darknet markets one after another. Earlier in 2017, the world's largest dark web market, AlphaBay was taken offline, sending darknet users into chaos. Immediately after, the cyberspace witnesses the shut down of Hansa, another major darknet market. As more and more major dark web markets went offline due to the law enforcement penetrations, cybercriminals are wisely migrating to new platforms.

Although threat actors are loving IM platforms, the regular cybercrime sources such as dark web markets, credit card shops, and forums are still witnessing their web usual traffic. These platforms have more advantages such as chatbots, fewer rules, and automated replies due to their core nature, unlike IM platforms that are majorly meant for communication.

While giving insights, Etay Maor, IntSights CSO, said, "Telegram appears to be experiencing the most growth, with more than 56,800 Telegram invite links shared across cybercrime forums and over 223,000 general mentions of the application across forums. Telegram is also the platform most often discussed in foreign language forums."

"Financial threat actors and fraudsters exchange stolen carding information, selling or trading all kinds of credit card dumps, and publishing methods or techniques relevant for the fraud community. In addition, there is also a trade of physical items stolen or counterfeited from organizations in the retail industry.” He added.

“While the data itself is fully encrypted and law enforcement needs sophisticated algorithms in order to decrypt it, some countries have authorized law enforcement agencies to access the private information of their citizens if sanctioned by courts or other judicial authorities – including information that lives in IM platforms. Threat actors are worried about the cooperation between technology companies and law enforcement agencies, especially in the United States.” Maor further explained.

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Data of Bank customers in Russia are becoming more expensive on the Darknet


In the first half of 2019, the price of banking customer data has rapidly increased on the Darknet. Thus, the cost of obtaining data on cards or statements of operations increased by 3-7 times. At the beginning of the year, the client's account statement could be purchased for 2 thousand rubles ($ 32), now its cost can reach 15 thousand rubles ($ 238).

According to the Positive Technologies analyst Vadim Solovyov, data on ATMs used by the client appeared on many sites, their price is from 8 thousand ($ 127) to 15 thousand rubles ($ 238). He noted, rather, this information can be used in traditional criminal schemes, for example, so that the fraudster's call to the client sounded more reliable.

"If the cost has increased, it means that the methods of countering leaks in banks have significantly complicated the business of attackers", the Central Bank believes.

The Head of the Information Security Department of the Open-Bank Vladimir Zhuravlev associated the price increase with a change in the type of attacks on customers. According to him, earlier fraudsters often used technical means, such as Trojans, phishing links or skimming. Now 90% of the theft occurs using social engineering methods, where the availability of personal customer data is very helpful to the fraudster.

The Central Bank does not disclose official statistics on the theft of funds of individuals in the first half of the year. However, law enforcement officers recorded an increase in successful thefts from bank accounts. For example, in the Kurgan region, the number of crimes has doubled, in the Smolensk region has grown five times.

According to Stanislav Pavlunin, the Vice-President of Post-Bank, the Bank uses different approaches and methods to combat internal fraud, for example, photo and video shooting of monitor screens, as well as official documents, presentations containing confidential information is prohibited.

It is interesting to note that Sixgill analysts have prepared a report, according to which Russia took the last place in the number of stolen bank cards. The researchers see two reasons for such low rates: the first is a large percentage of Russian cybercriminals, and the second is the economic situation in Russia.

Darknet: The digital underground



The arrest of two Delhi youths for the import and sale of illegal marijuana through the darknet in December last year sparked widespread discussion on the rising prominence of the darknet in India. With dark net being the new market for drug peddlers and illegal traders, it is slowly becoming one of the most challenging problems to be tackled in this cyber age.

What is the darknet?

The world wide web can be divided into three categories- the surface web, the deep web and the dark web. While pages on the surface web(visible web ) are indexed and can be easily accessed by the public, pages on the deep web are not indexed and hence cannot be readily accessed. The content of the deep web is hidden behind HTTP forms and includes many common uses such as webmail, online banking, and services that users must pay for, and which is protected by a paywall, such as a video on demand, some online magazines and newspapers, and many more. Content of the deep web can be located and accessed by a direct URL or IP address and may require a password or other security access past the public website page. The dark web is that part of the internet which can be accessed only by ‘overlay networks ‘ and needs special browsers like TOR to access. Browsers like TOR ensure anonymity to the host as well as the user, by protecting the IP address with its ‘overlay network’ structure.

Illicit drugs, weapons and online fraud : the endless dangers of darknet

The promise of anonymity the darknet offers has led to an alarming increase in its use in the last 4 years. A 2015 study showed that drugs are the most traded commodity on the dark web and 26 per cent of its content can be classified as ‘child exploitation’. A December 2014 study by Gareth Owen from the University of Portsmouth found that the most commonly hosted type of content on Tor was child pornography, followed by black markets. Stolen credit card details, forged documents, counterfeit currency and weapons are the other types of content. Reports of crowdfunded assassinations, hitmen and live streamed murders are believed to be available on the darknet.

How does it work?

Cryptocurrencies such as bitcoin are used for transactions on the darknet. Purchases on the darknet come with reviews and ratings just like on Amazon and Flipkart and are delivered to the customer’s doorstep just like any other order. Service providers like ‘escrow’ ensure that the transaction is made to the seller only after the customer receives the package. Often disguised, these illegal products mostly make their way through customs to the customers' doorstep.

Cracking the whip :

Though highly evasive, browsers like Tor aren’t completely untraceable. In early November, a coordinated action by the FBI and Europol known as Operation Onymous seized dozens of Tor hidden services, including three of the six most popular drug markets on the Dark Web. For now, just how the feds located those sites remains a mystery.

“ The Interpol, Europol and the FBI are the ones striving hard to keep the darknet dangers in check”, says J.Prasanna, Director of Cyber Security and Privacy Foundation, Singapore.

” The first step towards net safety comes down to parental supervision”, says J .Prasanna who provides dark web monitoring for banks.

“ The Indian government should ensure stringent punishment for the offenders using darknet for illegal trade and activities. The police department too should be technologically advanced to handle such crimes”, says V.Rajendran, Chairman, Digital Security Association of India.


The bright side :

It would be safe to say not everything is dark about the darknet. The privacy it provides is a major attraction to many who are looking to escape the watchful eyes of service providers and federal agencies. Anonymous messenger services and access to tonnes of resources (data, books, documents) argues the use of darknet for good.

Author:
Yamuna Chandran