28 Feb Dark Web Diary
Q3 2017
DarkWebDiary.com provides a quarterly list of noteworthy dark web criminal activity occurring globally.
SECOND EDITION
Dark web: The Wal-Mart of cybercrime?
Bulk sales of cheap personally identifiable information (PII) is on the rise.
Menlo Park, Calif. – Oct. 3, 2017
As we shared in our first edition of the Dark Web Diary — the word ‘web’ conjures up images of identity theft, hacktivism, malware, and ransomware, but the dark web is rife with a growing universe of perpetrators engaged in child abuse, child pornography, drug dealing, firearms, fraud, human trafficking, money laundering, terrorism, and vigilantism.
Identity theft looms large on the dark web. Illegal trade of stolen personally identifiable information (PII) is an explosive market. “The dark web has become the Wal-mart of cybercrime” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures. “PII from the Yahoo, Equifax, and other major hacks is for-sale at increasingly discounted prices.”
Our most recent dateline covers all aspects of cybercriminal activity on the dark web.
September
Sep. 18. A man in Birmingham, UK was sentenced after being arrested for illegally attempting to purchase a grenade on the dark web. Apparently, Umair Khan was a rather prolific dark web arms dealer.
Sep. 15. Contrary to popular belief, one’s high-limit credit card information may not be worth as one thinks. According to one study, personal information may be sold on the dark web for as little as $9, which is why many dark web criminals attempt to sell information in bulk.
Sep. 15. According to some security researchers, the much talked about Equifax breach will no doubt lead to massive amounts of personal identities sold on the dark web.
Sep. 14. According to fraud expert, Andrew Richards, most people’s identities are already on the dark web, as identity selling is a booming industry.
Sep. 12. An 18-year-old student who ran the dark web enterprise known as vDos-s.com is due to be sentenced in Manchester. This enterprising young man even went so far as to offer help desk services to hackers who were having trouble getting their malware to work.
Sep. 11. According to one researcher, many identities of Irish citizens can be sold for as little as €40 on the dark web.
Sep. 6. One researcher warns against some of the legal pitfalls of policing the dark web. Concepts such as poisoned waterholes should be utilized with great care.
Sep. 6. Seemingly out of options, the Australian Tax Office suspends the use of Medicare cards after learning that many of the identities associated with the cards were being sold on the dark web.
Sep. 5. According to Interpol, the dark web is the mother’s milk of malware development.
Sep. 5. The Bell County Sheriff’s Office busts up a prostitution ring in Killeen and Salado, as law enforcement spokesperson indicates that the ring was run through the dark web predominately by members of the armed forces.
Sep. 2. Fake season passes for the British train system are bought in large amounts on the dark. According to some, this new black market for season passes has created a drain on the system in the amount of £200 million.
Sep. 1. SurWatch Labs takes a deep dive into the dark web and reports on just how prevalent identity theft is within the deep recesses of the dark web.
August
Aug. 31. According to some in law enforcement, many are exposing their home networks to dark web criminals simply by venturing out into the dark web out of curiosity.
Aug. 29. An official from Blockchain Intelligence Group estimates that utilization of Bitcoin within the dark web is down by 20 percent in comparison to last year. The alleged reason for the drop in utilization is due to newly discovered deficiencies within Bitcoin regarding attribution.
Aug. 27. Move over prostitution and petty theft as fraud is the new king of commonly perpetrated crimes in the UK due to the rapid proliferation of the dark web.
Aug. 25. As a means of widening the tent within the cybercriminal community, hacking professionals are reportedly selling a new ransomware development kit for Android phones. Apparently, the new kit is so user friendly, that no coding experience is required.
Aug. 23. Not to be outdone by the dark web, the surface web, according to one researcher, is a cesspool of cyber crime activity thanks to a concept known as transaction laundering.
Aug. 16. In a peculiar case of irony, researchers at Ohio State University discover that one way to shut down a dark website is to call into question the character of the retailer running said site.
Aug. 14. VP of Strategy at Digital Shadows contends that the take down of dark web sites is merely a game of whack-a-mole, as other nefarious websites pop up shortly after these high profile takedowns.
Aug. 12. The value of Bitcoin appears to be skyrocketing as American intelligence services posit that this is a precursor to a surge in terrorism and drug related crime.
Aug. 9. Israeli American citizen, Michael Kadar, is arrested for running a Bomb-Threat-As-A-Service enterprise via the dark web. Victims were typically Jewish Community Centers.
Aug. 9. An Indianapolis night club manager has been sentenced to 188 months in prison after being arrested for taking part in a dark web drug trafficking ring that included the sale of heroin and cocaine.
Aug. 7. An infamous ‘sextortionist’ suspect is finally caught by authorities. Suspect allegedly utilized the dark web to contact underage girls, and threaten to reveal sexually explicit images of them unless more sexually explicit images were given to him.
Aug. 6. A Polish citizen is arrested after attempting to auction off a kidnapped British model via the dark web. The victim was held captive in a Milan apartment.
Aug. 4. A British cyber security researcher is scheduled to appear in federal court in Las Vegas. The accused is thought to be involved with the selling of Kronos malware in the dark web.
Aug. 4. Former head of the British GCHQ details how modern-day companies could improve efficiency by imitating the business model of various dark web forums.
Aug. 2. Due to a series of disturbing crimes facilitated by the dark web, cyber security companies begin assisting the FBI in the fight against cybercrime.
Aug. 2. An Israeli company known as Sixgill ventures into the dark web to search for and stop cyber attacks before they happen.
Aug. 1. One study suggests following the money trail as a means of combating cyber crime. Much of the money trail leads to the dark web.
July
Jul. 31. Police in the Netherlands turn the tables on dark web criminals as many are identified by their reuse of credentials along with their failure to utilize two-factor authentication.
Jul. 31. IBM Security gives researchers a tour of the dark web, and demonstrates just how easily accessible various dark web sites are.
Jul. 27. One researcher details just how prolific Cyber-Crime-As-a-Service is as a result of the dark web.
Jul. 26. Many security professionals scoff when told that a given cyber attack is ‘sophisticated.’ They say that most cyber attacks are merely the result of wily opportunists.
Jul. 25. Cybercriminals have reportedly stolen the personally identifying information of over 110,000 residents of Edinburgh, UK, and selling said information via the dark web. Due to the pride taken in customer service, many of these cybercriminals have allegedly offered a money-back-guarantee if the identities sold are not at least 80% accurate.
Jul. 24. According to one study, Britain is the third largest market in the world for the illicit firearms trade. Much of the commerce that occurs within the gun market occurs via the dark web.
Jul. 24. According to law enforcement, the identity theft business is booming as approximately 11 million items of personally identifying information of British citizens are currently being bought and sold via the dark web.
Jul. 23. After the death of his fiancé, an Idaho man shows investigators the dark web marketplace where he purchased the drugs that killed her.
Jul. 22. In a remarkable case of resourcefulness, one 14-year-old pays money on the dark web to commission a disruption of his school’s web portal as a means of avoiding homework.
Jul. 21. In a study conducted by Rand Corporation and Manchester University, a remarkable case of ingenuity is uncovered as researchers find that many firearms, explosives, and packages of ammunition purchased via the dark web are shipped covertly inside of printers and stereo equipment.
Jul. 20. Two of the largest dark web market places mysteriously shutdown. Considered go-to places in the Dark Web for illicit items such as drugs and weapons, AlphaBay and Hansa are rumored to have been shut down by the FBI.
Jul. 20. In some ways the dark web has sold out to The Man. Researchers take note of the robust free market capitalism that takes place within the dark web.
Jul. 19. While some take computer security courses via organizations such as the SANS Institute or Global Knowledge, others may aspire to take courses via the dark web such as Pay Pal Hackery or Identity Theft 101.
Jul. 18. The alleged founder of dark web site, AlphaBay, is found dead in a Thai jail cell following his arrest at the request of U.S. law enforcement.
Jul. 11. In a breach that may cause angst among various dark web lurkers, 91 dark web sites were hacked, and various files were exported that may contain the information of various dark web users.
Jul. 10. Russian hacker and dark web enthusiast, Alexander Tverdokhlebov, is sentenced in Los Angeles after being caught with $272,000 in $100 bills along with $5 million in Bitcoin.
Jul. 7. Authorities take down the infamous dark web site known as Elysium. Elysium was a site run by a German national that facilitated the exchange of child pornography along with the opportunity for certain individuals to meet and abuse children.
Jul. 4. An Australian Medicare website has a vulnerability that has been exploited to the detriment of some Medicare recipients, as some personally identifying information is being sold on the dark web.
Stay tuned for the Q4 edition of the Dark Web Diary.
– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.
Q2 2017
DarkWebDiary.com provides a quarterly list of noteworthy dark web criminal activity occurring globally.
Cybercriminals peddle humans, drugs, guns, and ransomware on the Dark Web
Rise of Dark Net sites selling opioids to teens
Menlo Park, Calif. – Jul. 3, 2017
As we shared in our first edition of the Dark Web Diary — the word ‘web’ conjures up images of identity theft, hacktivism, malware, and ransomware, but the dark web is rife with a growing universe of perpetrators engaged in child abuse, child pornography, drug dealing, firearms, fraud, human trafficking, money laundering, terrorism, and vigilantism.
Our most recent dateline paints an even scarier picture of the Dark Web.
June
Jun. 28. German police arrested a 30-year-old man believed to be the sole administrator of a dark web marketplace that sold a pistol used to carry out last year’s Munich massacre.
Jun. 27. Criminals are stealing customer data through payment systems and they are talking about it on the dark web.
Jun. 27. The Dark Web is an internet alleyway for Illegal drugs (including opioids) purchased through disposable credit cards, loaded with money coaxed from family and friends — or Bitcoin, a digital currency.
Jun. 22. New Mac Malware on the Dark Web shows that cyber criminals are slowly but surely turning their attention to the largely untapped Mac user base.
Jun. 13. A new federal task force involving the U.S. Postal service, the DEA, and the DHS has been created to search parcels for drugs such as Fentanyl. Much of their efforts are revolve around researching the dark web.
Jun. 13. Hackers stole customer data from the Qatar National Bank (QNB) and UAE InvestBank, and subsequently put the data up for sale on the dark web.
Jun. 13. Malware-as-a-Service and Ransomware-as-a-Service are the latest services available in the dark web as new Apple exploits are published.
Jun. 13. In Georgia, the FBI arrested dark web shopper, Clinton Scott Bass, for attempting to purchase a mail bomb.
Jun.12. The NY Times details the hunt for Ross Ulbricht, the Austin, TX man that created the online drug bazaar known as Silk Road.
Jun. 12. Ransomware for Mac computers have been made available on the dark web. The new brands of malicious software are known as MacSpy and MacRansom, respectively.
Jun. 10. Two 13-year-old kids from Utah die from an opioid overdose after another teenager purchases the drug from the dark web and subsequently gives it to them.
Jun. 8. Researchers from the private intelligence firm, DomainTools, will present at Annual Forum of Incident Response and Security Teams (FIRST) Conference where they will discuss the latest technology being used by nefarious individuals within the dark web.
Jun. 7. For those interested in getting the most up-to-date information regarding the latest malware, venture into the dark web. The latest exploits are often times published in the dark web several days prior to going public.
Jun. 7. In an effort to better educate users of the dark web, Wikipedians would like to create a Wikipedia for the dark web.
Jun. 5. In an effort to better engage with the free enterprise system, operators of the ransomware known as Jaff may have opened their own e-commerce site on the dark web where stolen consumer data is sold.
Jun. 3. In terms of value, some officials in the UK have determined that the dark web has deemed patient health records are more valuable than banking information.
May
May 31. According to researchers at TrendMicro, hackers within the dark web relentlessly attack each other with publicly known exploits.
May. 30. Researchers at TrendMicro discover that many of the services hosted on Tor are not as private or inaccessible as previously thought.
May. 26. A high court judge in the UK ordered a man who was jailed for the purchase of a Glock on the dark web to remain behind bars.
May. 23. Before Microsoft was able to push out a patch for the largest cyber attack to date, hackers were already plotting how to exploit the vulnerability within the dark web.
May. 22. The dark web site known as Outlaw was shuttered recently. The circumstances behind this is shrouded in mystery.
May. 19. India’s most highly regarded food-tech company is hacked. Hacker threatens to sell some of the 17 million stolen accounts on the dark web.
May. 18. CIOs in Nigeria are called to better prepare their respective companies for the coming onslaught of exploits associated with the dark web. The Cyber Security Experts Association of Nigeria claims that Nigerian infrastructure is ill prepared.
May. 16. Popular dark web currency, Bitcoin, is perhaps not as anonymous as previously thought.
May. 15. Found of the Tor Project, Roger Dingledine, says that it’s unfair to associate Tor with the dark web.
May. 12. Education enthusiasts within the dark web have made information pertaining to 77 million Edmodo accounts available for sale on the dark web.
May. 11. Due to Tor’s slow routing of traffic, some pursuers of the dark web redirect themselves to file sharing services that are clandestinely run by U.S. law enforcement.
May. 10. Researcher, Matt Traudt, compiles a rather extensive onion index of every possible URL available within the dark web. Not all URLs are necessarily active.
May. 9. The company known as Comodo offers Company Threat Analysis to companies that are worried about their sensitive corporate data being for sale on the dark web.
May. 8. Up to 10,000 pedophiles signed up for the dark web site known as Paradise Village before it was shut down by UK law enforcement.
May. 7. In an effort to help cut through all of the red tape, enterprising individuals within the dark web have graciously put British passports up for sale for the bargain price of £750.
May. 5. A 59-year-old pedophile is arrested after law enforcement infiltrates the dark web site known as Website 19. The accused essentially fell victim to a phishing scam concocted by law enforcement that allowed authorities to track his true IP address.
May. 5. According to the FBI, Steven W. Chase was the creator of the largest child pornography site on the dark web, and has subsequently been sentenced to 30 years in federal prison where he’ll no doubt be popular with the other inmates.
May. 1. Dark web enthusiast, DarkOverLord, threatens to release the Netflix series known as Orange is the New Black on the dark web unless he’s paid a ransom.
April
Apr. 27. Researchers at the MIT Alliance for Research and Technology perform a crawl of the dark web, and they find that 87% of dark web sites don’t link to other dark web sites.
Apr. 26. The FBI released some rather depressing statistics as it relates to child pornography on the dark web. One site hosted 1.3 million images of children subjected to violent abuse.
Apr. 22. Just when it was thought humanity couldn’t get any worse, two men are arrested for live streaming the sexual assault of a 2-year-old girl on the dark web.
Apr. 21. A man from Godalming, UK is jailed after creating an illegal gun smuggling ring where weapons were exchanged via the postal service. Initial purchases were made via the dark web.
Apr. 20. A hacker from the dark web uses Zeus to make a fraudulent $1 million wire transfer to a bank in Romania.
Apr. 19. In an effort to diversify its product line, the dark web now makes explosives available as one 18-year-old in Kansas is charged by federal prosecutors for the illegal purchase of a hand grenade.
Apr. 13. The dark web has now made it into the motion picture industry, as the new thriller Dark/Web starring Robert Davi is set to open this year.
Apr. 13. A 20-year-old man in Louisiana dies of a heroin overdose after purchasing the drug on the dark web.
Apr. 13. The FBI teams up with various private sector intelligence firms to research the dark web, and assist law enforcement gain an upper hand against much of the crime that occurs there.
Apr. 12. In an unusual show of patriotism, the dark web makes nude photos of U.S. Marines available in the dark web market place known as AlphaBay.
Apr. 10. Australian law enforcement deploys officers into the dark web in an effort to combat the sell of the drug known as Fentanyl. Australian coroner’s offices are being overrun with Fentanyl overdose cases.
Apr. 8. A 14-year-old-boy was arrested in Northern Ireland for attempting to purchase a Soviet era submachine gun on the dark web.
Apr. 5. Accounting has become a thing on the dark web as IBM’s X-Force discovers numerous tax fraud schemes that are rooted in the dark web. IBM recommends filing taxes as soon as W2s are received in an effort to avoid fraud.
Apr. 5. A lecturer from Nottingham Trent University is jailed after purchasing drugs on the dark web. The accused gave the drugs to a friend after the purchase, and his friend subsequently died.
Apr. 5. Researchers at Digital Citizens Alliance find that 14 million email addresses and passwords from the .edu domain are for sale on the dark web.
Stay tuned for the Q3 edition of the Dark Web Diary.
– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.
Q1 2017
DarkWebDiary.com provides a quarterly list of noteworthy dark web criminal activity occurring globally.
FIRST EDITION
Street crimes are shifting to a deep web that is no longer just for hackers
Dark web criminal activity is a global epidemic
Menlo Park, Calif. – Apr. 6, 2017
Identity fraud is arguably the leading crime committed on the dark web. There’s numerous reports of large scale identities-for-sale, with some criminals offering millions of stolen credentials.
The word ‘web’ conjures up images of identity theft, hacktivism, malware, and ransomware, but the dark web is rife with a growing universe of perpetrators engaged in child abuse, child pornography, drug dealing, firearms, fraud, human trafficking, money laundering, terrorism, and vigilantism.
The first edition of the Dark Web Diary provides a composite view of the various types of criminal activities being carried out on the dark web.
March
Mar. 30. Apparently, the dark web is dangerous, as cyber experts report entire networks engaging in cyber fraud, child abuse, and other crime.
Mar. 29. Millions of .edu email addresses are for sale on the Dark Web. Security experts claim that these email addresses can be used to further a variety of nefarious purposes.
Mar. 28. One of Australia’s police commissioners slams Facebook for harboring child pornographers, drug dealers, and fraudsters as he seems to equate Facebook with the dark web.
Mar. 24. Enterprising individuals in the dark web utilize Amazon-like marketplaces to sell items such as credit card information, drugs, and firearms. All one needs is a special browser and a Bitcoin account.
Mar. 22. Twenty-two-year-old arrested in New York area as federal authorities say that the accused bought massive amounts of drugs in the dark web, and then attempted to move the drugs via various U.S. Post Offices.
Mar. 22. A Russian hacker that went by the name ‘Kolypto’ pled guilty in Atlanta for selling the banking trojan known as ‘Citadel’ via dark web forums. The malware resulted in criminals stealing approximately $500 million.
Mar. 21. Millions of Bitcoin accounts are for sale in the dark web via a vendor named ‘DoubleFlag’. The vendor is selling the databases of 11 Bitcoin forums that were stolen between 2011 and 2017.
Mar. 21. A former Australian attorney is arrested for producing and selling child pornography on the dark web.
Mar. 16. Twenty-year-old body builder in the U.K. dies after taking a cocktail of drugs purchased from the dark web. Some of the drugs found in his system were morphine, sleeping tables, and steroids.
Mar. 15. According to Cifas, UK identity fraud is at an all-time high. In the year 2016, 172,919 identity thefts were recorded by Cifas.
Mar. 10. A Michigan man is sentenced to 30 months in prison after being arrested for purchasing amphetamines, LSD, and mescaline via the dark web. The currency utilized for the purchase was Bitcoing.
Mar. 09. The system administrator of the dark web marketplace known as ‘Silk Road’ is to be extradited to the U.S. despite his Asperger’s Syndrome condition.
Mar. 09. 640,000 Playstation accounts are currently for sale via the dark web. The vendor selling the accounts goes by the handle ‘SunTzu583’.
Mar. 09. Anonymous takes down approximately 85% of the dark web as it goes after Freedom Hosting II. Apparently, Anonymous has a problem with this hosting service providing child pornography content.
Mar. 07. Due to fears that investigative tactics and techniques could be compromised in court, the U.S. Justice Department decides to drop all charges against a known pedophile.
Mar. 07. Two suspected terrorists are arrested in The Netherlands after they are caught attempting to purchase Semtex from a dealer in the dark web. Suspects were first noticed by the FBI, and later reported to the Dutch authorities.
Mar. 07. Police in Germany are hunting for a 19-year-old child killer after the suspect posted a video on the dark web where he openly bragged about the murder.
Mar. 06. Ransomware being given away on the dark web for free. The only catch is that criminals who utilize the malware agree to a 50/50 split with the developer – just to keep everything ethical.
Mar. 06. Over 1 million Gmail and Yahoo usernames and passwords are for sale on the dark web. The hacker known as SunTzu583 is reportedly the person who put the items up for sale.
February
Feb. 28. A Virginia man is sentenced to 7 years in prison for running a credit card forgery lab in his home. He would create the credit cards using information purchased via the dark web.
Feb. 27. Hundreds of MySQL databases have been hit by ransomware that resembles the MongoDB attack from earlier this year. Victims are told to issue Bitcoin payments to a site within the dark web.
Feb. 23. Eighteen-year-old male is killed after consuming a designer drug purchased via the dark web. The drug was sourced to a supplier in Thailand.
Feb. 20. A Kansas man is sentenced to 52 months in prison for gun running via the dark web. The primary destination of the weapons was Ireland, Scotland, and Australia.
Feb. 15. Due to research within the dark web, Recorded Future finds that criminal hacker ‘Rasputin’ has gained access to various university computer systems. Some universities include Cornell and NYU.
Feb. 10. In a rather disturbing development, Italian investigators reveal that ISIS is able to purchase U.K. passports via the dark web as they continue to thwart Brexit security.
Feb. 08. The U.N. warns that the Daesh terrorist group shifting their communications to the dark web. Much of the group’s recruitment efforts are being carried out via the dark web.
Feb. 07. Six people from the U.K. are hospitalized after they purchase prescription drugs from dealers within the dark web. Some of the drugs were alleged to be Oxycontin and Xanax.
Feb. 07. Vigilantism on the dark web appears to be alive and well, as a hacktivist associated with Anonymous takes down approximately 2,000 sites that provide child pornography content.
Feb. 03. A man who worked at a drug treatment center smelled opportunity by selling heroin over the dark web to current patients. He pled guilty in a Seattle courtroom.
Feb. 03. Investigators caution against writing down too much personal information in doctor’s office as much of this data ends up being sold on the dark web.
Feb. 01. A report released by RedOwl reveals that various sites within the dark web are actively recruiting individuals from various companies to provide insider information in exchange for pay.
January
Jan. 31. Research conducted by RedOwl and Intsights indicates that corporate insider trading via the dark web is on the rise. Several sites brazenly market themselves to those interested in such activity.
Jan. 31. Cyber security officials in the UK begin to worry as the BBC demonstrates how easy it is to purchase fraudulent rail tickets via the dark web.
Jan. 27. Digital Shadows organization discovers a new Rat-as-a-Service tool known as Ripper.cc. Apparently, the people at Ripper.cc provide a platform for people to ‘rat’ on other hackers.
Jan. 24. Indian government officials fear an uptick in live streaming of sexually abusive content as the dark web begins to incorporate live streaming into its nefarious tool belt.
Jan. 23. The infamous site for pirated movies known as ThePirateBay has gone down recently. However, the domain appears to be active within the dark web.
Jan. 20. A Milford, Conn. man is arrested after obtaining hundreds of child porn videos from the dark web. The accused was a custodian at a local elementary school.
Jan. 20. Just when it looked as though humanity couldn’t get any worse, dealers within some of the darkest crevices of the dark web begin to sell sex robots modeled after children. Some sites sell their product for as much as 1.9 bitcoin.
Jan. 19. Fraud is, by far, the most common crime committed in the cyber realm as the proliferation of dark web users continues at a rapid pace.
Jan. 18. An estranged husband finds it more convenient to kill rather than divorce his wife as he took bids in the dark web for contract murderers.
Jan. 18. The U.S. Postal Service decides to dip its toe into dark web investigations as it begins to hire intel analysts experienced in cyber investigation.
Jan. 16. A group that was engaging in cyber fraud is arrested in the UK for obtaining the credentials of various Next customers, and utilizing their information to make purchases. Purchase of credentials took place via the dark web.
Jan. 09. In an effort to index sites from the dark web in a manner more easily searchable, the U.S. Department of Defense launches project Memex. Tools such as Apache Tika are utilized for quicker indexing.
Jan. 09. A former prison librarian who referred to himself as ‘007’ is arrested for attempting to purchase a Glock 19 on the dark web, but the joke’s on him because James Bond’s weapon of choice was the Walther PPK/S.
Jan. 07. Dark web drug trading lands two UK men in jail. The accused would purchase narcotics from Holland, and then make offers via the dark web.
Jan. 06. A dark web drug dealer is handed a 7 year prison sentence after he is arrested for dealing drugs from his grandmother’s basement.
Jan. 03. A UK man is arrested and now faces 20 years in prison for posing as a financier for nefarious individuals via the dark web.
Stay tuned for the Q2 edition of the Dark Web Diary.
– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.