Deep Dot Web https://www.deepdotweb.com Surfacing The News From The DeepWeb Sun, 15 Oct 2017 21:15:35 -0200 en-US hourly 1 https://wordpress.org/?v=4.8.2 TradeRoute Went Down Following a Major Security Leak https://www.deepdotweb.com/2017/10/15/traderoutesecurityleak/ https://www.deepdotweb.com/2017/10/15/traderoutesecurityleak/#comments Sun, 15 Oct 2017 17:31:04 +0000 https://www.deepdotweb.com/?p=23094 Weeks before the darknet market DDoS attacks began, TradeRoute Market arranged weekly payments with an infamous darknet marketplace phisher known as “Phishkingz.” In a conversation with DeepDotWeb about two days before Traderoute went down, Phishkingz revealed that he had found a way to access code from the marketplace’s admin backend. Shortly after Phishkingz revealed his ...

The post TradeRoute Went Down Following a Major Security Leak appeared first on Deep Dot Web.

]]>
Weeks before the darknet market DDoS attacks began, TradeRoute Market arranged weekly payments with an infamous darknet marketplace phisher known as “Phishkingz.” In a conversation with DeepDotWeb about two days before Traderoute went down, Phishkingz revealed that he had found a way to access code from the marketplace’s admin backend. Shortly after Phishkingz revealed his findings, TradeRoute exit scammed.

The marketplace went down during the most recent DDoS wave, alongside the majority of the “top markets.” As the downtime increased, market users posted on Reddit with increasingly credible concern. Phishkingz (PK) voiced his concern in a post titled “Dear TradeRoute Its [Phishkingz] aka BillyIsOnTheNet1 Either Post A Message Or I Leak The Source.”

DeepDotWeb also heard the phisher’s thoughts during a conversation with on jabber phishkingz@xmpp.jp (Jabber included at his request), PK’s official Jabber address. In a July interview with DeepDotWeb, PK explained that he “dominated the phishing scene on the darkweb.” And it was through his phishing schemes that he stumbled upon a critical TradeRoute bug. Under the BillyIsOnTheNet1 alias, PK messaged a TradeRoute technical admin about a vulnerability he (and another phisher) had discovered while creating a transparent proxy for TradeRoute credential phishing.

PK’s proxy—one of his phishing sites that, like any phishing site, looked almost identical to the real thing—granted access to TradeRoute’s “whole database.” The time between the discovery and disclosure is unknown. But, at some point following PK’s discovery, he used Dirbuster to scan TradeRoute directories and filenames. He then “channeled them through a transparent proxy.” And then building the database was fairly straightforward. TradeRoute handed PK $2,000 per week for the disclosure. PK sent DeepDotWeb copies of the scripts and clone sites for verification.

Note: All this, including the source code of the script which compromised TR, TR leaked source code, the full conversation with the admins and wallet addresses related to TR were provided to deepdotweb BEFORE Trade route went missing:

In a later message, PK revealed he had found more valuable bugs. “I have found several big bugs within the code [and] i am willing to work with you guys keeping this place safe and secure,” he said in the conversation with TradeRoute staff. The Technical admin denied that one of the bugs could exist and asked for the remaining two bugs mentioned by PK.

The phisher then announced, on September 11, that he would leak the full source code of the site unless the market admins paid him one bitcoin. That never happened. Instead, the staff decided to pay PK 0.375 BTC every Friday.

On September 12, the conversation thread between PK and the Technical admin had drawn to an end. The payments would arrive every Friday and required no user interaction as a script automatically deposited the payments into PK’s account. The TradeRoute deal required PK to keep silent about the vulnerabilities.

Payments would continue “as long as no leak is ever seen on the internet,” the admin wrote. “But if there’s any leak, or if you try to blackmail us again in the future you will automatically lose your privilege.” And all seemingly went well until roughly one month later. DeepDotWeb and Phishkingz had spoken throughout the month leading up to TradeRoute’s exit scam. Both suspected the marketplace had left for good before receiving confirmation from TradeRoute staff themselves.

On Reddit, as mentioned above, PK warned TradeRoute staff that if payment did not come his way on time, he would release the market’s source code. The absence of moderators on the TradeRoute subreddit allowed his posts to live on. PK revealed that he had messaged the TradeRoute staff who publicly used Reddit. He asked the moderators to relay the message to admins that they needed to pay him outside of the market. He asked them how they would be getting paid.

However, to TradeRoute Dispute and Support Admin “SamCulperTR,” the phisher pointed towards the evidence that the TradeRoute team had packed their bags. “No shit… And they barely paid you shit,” the admin wrote. (DeepDotWeb confirmed the authenticity of the messages by signing in to PK’s Reddit account.) PK said that he wished the market would come back and that he and “his partner” had not leaked any of the source code or sensitive files. “So I take it this is an exit scam then,” PK added.

Culper responded with few words, but just enough to prove that TradeRoute had exit scammed: “You are the reason they took off.”

The post TradeRoute Went Down Following a Major Security Leak appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/15/traderoutesecurityleak/feed/ 41
Bitcoin news roundup, October 15 2017 https://www.deepdotweb.com/2017/10/15/bitcoin-news-roundup-october-15-2017/ https://www.deepdotweb.com/2017/10/15/bitcoin-news-roundup-october-15-2017/#respond Sun, 15 Oct 2017 13:16:53 +0000 https://www.deepdotweb.com/?p=23074 This week’s summary of various cryptocurrency news and developments: New developments: Various companies are announcing their position on the SegWit2x hard fork Last week, DeepDotWeb covered Bitcoin.org’s plans to denounce SegWit2x supporting companies, who could be putting users at risk. Bitcoin.org’s list has been published, and it includes several well-known companies such as Blockchain.info, Xapo, ...

The post Bitcoin news roundup, October 15 2017 appeared first on Deep Dot Web.

]]>
This week’s summary of various cryptocurrency news and developments:

New developments:

Various companies are announcing their position on the SegWit2x hard fork

Last week, DeepDotWeb covered Bitcoin.org’s plans to denounce SegWit2x supporting companies, who could be putting users at risk. Bitcoin.org’s list has been published, and it includes several well-known companies such as Blockchain.info, Xapo, Jaxx, Coinbase, and Circle. Now, several organizations, including some of those on the list, have started announcing their position on the upcoming hard fork.

One of the first companies to announce its position was Coinbase, who stated that it operates by the principle that its customers should benefit as much as possible from events such as these, and as such would support both blockchains, although it didn’t elaborate on how each will be named.

While Chilean bitcoin exchange SurBTC stated that it would not support the hard fork, but could eventually list both assets on it, bitcoin wallet Xapo stated that it would support the chain with the most difficulty, which led to a lot of criticism from influential figures in the industry, including Monero creator Riccardo Spagni, who sarcastically stated:

If you’re looking for a guide on the upcoming hard forks, Bitcoin Magazine wrote a great one.

Hong-Kong based exchange Gatecoin to remove ICO tokens deemed “securities”

Hong-Kong based cryptocurrency exchange Gatecoin recently announced it plans to delist tokens deemed securities, according to a blog post that cites a warning from Hong Kong’s Securities and Futures Commission (SFC) that states companies trading or minting cryptocurrencies need to abide by its regulations, if the tokens represent shares, equity, or ownerships rights in the issuing organization.

The exchange is currently determining which tokens it currently lists feature security-like characteristics, and whether the firms issuing them have taken steps to comply with the SFC. Once Gatecoin does this, it will give clients a week to exchange their holdings on tokens that are going to be delisted for Bitcoin or Ether. According to a Gatecoin spokesperson who responded to ETHNews, tokens who qualify but are SFC-compliant will need to provide the exchange with certain licenses. He added that Gatecoin will relist tokens once compliance is verified. Additionally, if clients fail to trade their tokens, Gatecoin will do so on their behalf.

Jamie Dimon says he’s done talking bitcoin, but quickly breaks his promise

Last month, JP Morgan’s chief executive, Jamie Dimon, stated that bitcoin was a “fraud,” and that anyone trading the cryptocurrency would be fired because it was both against the rules, and because it was “stupid.” His comments were met with a lot of controversy, so much so that a market abuse compliant was filed against him, and that various other Wall Street titans publicly disagreed with him. This week, he reportedly stated that he isn’t going to talk about bitcoin again, but quickly broke his promise.

Just one day after saying he wouldn’t talk about bitcoin anymore, Jamie Dimon went against bitcoin again, reiterating that blockchain technology is useful, but that to him non-fiat currencies have “no value.” He notably stated that he doesn’t care what bitcoin is trading at, or who is trading it, when confronted with the cryptocurrency’s new all-time high. Dimon added that those “stupid enough to buy it” will pay the price for it one day, as “governments are going to crush it.”

World affairs:

Russia to legalize cryptocurrencies after Putin turns down potential ban on exchanges

This week, Russia’s central bank was reportedly planning on banning cryptocurrency-related websites, in order to protect its citizens and businesses from the volatility they could face if they were to invest. Then, President Putin called a meeting with top Russian regulators to discuss cryptocurrencies and, in it, the decision to officially regulate them was reached. According to Reuters, Finance Minister Anton Siluanov stated that a draft will be ready by the end of the year. Reportedly, Siluanov stated:

  • “The president has spoken of the problems related to crypto-currencies. These are difficulties regarding … money laundering and cases that are related to identification issues. That’s why we have agreed that the state should regulate the issuing of crypto-currencies, their mining and turnover. The state should take all this under control.”

Reuters’ report also suggests that Siluanov’s deputy, Alexei Moiseev, stated that Russia’s Federal Tax Service could be involved, as the country will want to collect taxes from cryptocurrency miners.

Swedish government holding a week-long auction of seized bitcoin

According to CoinDesk, a government agency in Sweden dedicated to debt collection, Kronofodgen (Enforcement Authority), will be selling roughly 0.6 BTC, worth over $3,000, through an auction that will last until next Thursday. The debt, according to reports, was assessed against a local company, although the source of the funds isn’t clear. The agency’s operations developer, Johannes Paulson, stated:

  • “Assets are not just the car on the driveway or the money [in a] bank account. We live in a digital world, and now we are looking for assets in computers and hard drives as well as in telephones and web services.”

New bill proposes cryptocurrency regulations in Ukraine

A draft of a bill that would completely legalize cryptocurrency transactions in Ukraine has been summited to the country’s parliament. The bill has been drafted by a group of deputies in cooperation with the Ukrainian Blockchain Association, trading platforms, and miners, in order to define bitcoin and other cryptocurrencies as legal property that can be exchanged for goods and services. The bill points to the National Bank of Ukraine (NBU) as a regulator to the cryptocurrency market, and to the country’s central bank to develop operating procedures. Moreover, it proposes that cryptocurrency owners have the right to pick how they wish to use their cryptocurrencies, according to Bitcoin.com. Local publication Ain.ua news wrote:

  • “The document is small and most likely will require further work. Nevertheless, it proposes legislative definitions for the main terms of this market, as well as some rules on which in Ukraine it will be possible to lawfully mine [cryptocurrencies]. The main thing [is that] cryptocurrency is not considered a means of payment, but a property, which can be changed to other goods or services.”

Financial:

Bitcoin hit a new all-time high of $5,829.80, despite its upcoming hard forks

Bitcoin is about to experience two hard forks, that of Bitcoin Gold (BTG) on October 25, and that of the New York Agreement, SegWit2x (BT2/B2X/S2X) in mid-November. The currency may be about to face a roller-coaster ride when these events occur but, nevertheless, the cryptocurrency has been surging this week, so much so it hit a new all-time high of $5,829.80 before falling to $5,708.84 at press time. The cryptocurrency’s market cap is now at $94.89 billion, and its dominance is at 54.2%.

The post Bitcoin news roundup, October 15 2017 appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/15/bitcoin-news-roundup-october-15-2017/feed/ 0
India’s National Internet Registry Breach, Data Spotted On Darknet https://www.deepdotweb.com/2017/10/15/indias-national-internet-registry-breach-data-spotted-darknet/ https://www.deepdotweb.com/2017/10/15/indias-national-internet-registry-breach-data-spotted-darknet/#respond Sun, 15 Oct 2017 04:40:03 +0000 https://www.deepdotweb.com/?p=23068 Over 6,000 businesses in India have been reportedly breached by an unknown cyber criminal. The enterprise arm of IT security firm Quick Heal, Seqrite claimed they spotted over 6,000 sensitive information of organizations including service providers, banks and government put up on the Darknet for sale. According to the information, the nation’s internet registry was ...

The post India’s National Internet Registry Breach, Data Spotted On Darknet appeared first on Deep Dot Web.

]]>
Over 6,000 businesses in India have been reportedly breached by an unknown cyber criminal. The enterprise arm of IT security firm Quick Heal, Seqrite claimed they spotted over 6,000 sensitive information of organizations including service providers, banks and government put up on the Darknet for sale.

According to the information, the nation’s internet registry was also hit by the attack, but the organization says the information obtained was trivial.

The National Internet Exchange of India (NIXI) released a statement condemning the notice as announced by the Darknet hacker. The NIXI clarified that there was no serious breach of the Indian registry database. “There has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System,” said a NIXI spokesperson.

In a statement issued to the media by the NIXI, they said: “There was an attempt to penetrate the system and hackers were able to collect some basic profile information of the contact persons of some of the affiliates which were displayed by him on the darknet.”

The statement continues to read that: “existing security protocol of NIXI is robust and capable of countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated.”

The breached data spotted on the Darknet has been priced at 15 Bitcoins. Senior Director, Cyber Education, and Services at Quick Heal, Rohit Srivastwa, said to reporters that the government authorities have been alerted: “We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on the Darknet, the above-mentioned organizations and enterprises can get affected.”

The Seqrite has also informed the various government agencies to report any suspicion and potentially threatened organizations, or that they should change their passwords and make updates on their security protocols.

India was nearly affected by 3.2 million debit card breaches in 2016 after an attack which was labeled as India’s largest banking system data breach. Around 641 customers lost an amount worth Rs1.3 crore. The loopholes that enabled the attack to be launched in 2016 still seem to exist and have been exploited by the hackers once again. The government provided cyber safety to teens to prevent Darkweb activities, but data breach activities still reign.

Numerous agencies have been put at risk following the breach. The Idea Telecom, Flipkart, Aircel, TCS, ICICI Prudential Mutual Fund, Bombay Stock Exchange and many other Indian organizations have become “sitting ducks” to cyber attacks.

Reports have listed several other government official websites which face the risk of data leaks, and the names on top of the list are Unique Identification Authority of India (UIDAI), Defence Research and Development Organisation (DRDO), Indian Space Research Organisation (ISRO), Reserve Bank of India (RBI), Employees’ Provident Fund Organisation (EPFO), State Bank of India and some other websites not listed.

Is India prepared for Cyber Attacks?

India does not have a strict regulatory enforcement mechanism, and this has raised concerns about the readiness of the country to face data breaches in this era where there has seen the rise in Ransomware attacks. Privacy practitioners, however, do not agree that India is ready for any data protection against cyber attack.

Sunder Krishnan, a Mumbai based chief risk officer, at Reliance Life Insurance Company, believes that if the strict regulatory enforcement mechanism is employed, it will lead to an opportunity loss for India. “If enacted, it will lead to opportunity loss for the Indian IT/BPO industry, as it further increases the threshold for data transfer outside EU/EEA,” he said.

Krishna also said that the inexistence of legal framework makes it difficult for data protection and transparency to be established. “It’s tough, as there is no holistic legal framework/regulator in the form of data protection authority, data quality and proportionality, data transparency, etc., which addresses and covers data protection issues in accordance with the principles of the EU Directive, OECD Guidelines or Safe Harbor Principles.”

With all these factors in existence, the Indian authorities have been a bit skeptical in the implementation of the regulations and it has made it appear that they are not ready for cyber attacks.

The post India’s National Internet Registry Breach, Data Spotted On Darknet appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/15/indias-national-internet-registry-breach-data-spotted-darknet/feed/ 0
UK Firm Unites With Interpol to Fight Cybercrime https://www.deepdotweb.com/2017/10/14/uk-firm-unites-interpol-fight-cybercrime/ https://www.deepdotweb.com/2017/10/14/uk-firm-unites-interpol-fight-cybercrime/#comments Sat, 14 Oct 2017 23:44:59 +0000 https://www.deepdotweb.com/?p=23052   BT, UK’s biggest telecoms provider on the 4th of October announced that it had taken a step forward in combating cyber-crime by becoming partners with international police organization Interpol, in a data exchange agreement to fight cyber-crime. This makes BT the first telecommunications provider to sign an exchange data agreement with Interpol to combat ...

The post UK Firm Unites With Interpol to Fight Cybercrime appeared first on Deep Dot Web.

]]>
 

BT, UK’s biggest telecoms provider on the 4th of October announced that it had taken a step forward in combating cyber-crime by becoming partners with international police organization Interpol, in a data exchange agreement to fight cyber-crime.

This makes BT the first telecommunications provider to sign an exchange data agreement with Interpol to combat global cyber-crime by providing current data threat intelligence.

The agreement was signed at the Singapore based Interpol Global Complex for Innovation (IGCI). Threats intelligence experts from BT will send their data and knowledge over to the IGCI which will help locate cyber-criminals and also to monitor both existing and emerging cyber threats and attacks.

Interpol can now rely on BT’s threat intelligence expert for their special insight into the evolving global cyber threat terrain as well as global cyber-criminals around the globe at it seeks to strengthen its own Interpol Global Complex for Innovation facility (IGCI).

BT and Interpol after the data-sharing agreement stated that they can even take their cooperation to a much greater height which will provide protection for consumers, businesses, families, and governments against the ever-rising cybercrime threat.

“The scale and complexity of today’s cyber-threat landscape mean cooperation across all sectors is essential if we are to effectively combat this global phenomenon,” said the executive director of the IGCI, Noboru Nakatani.

He then moved further to state that: “Interpol’s agreement with BT is an important step in our continued efforts to ensure law enforcement worldwide has access to the information they need to combat these evolving cyber threats.”

BT and Interpol happen to be pals already having worked together many times, most recently in the South East Asian region.

“Threat intelligence sharing between law enforcement agencies and the private sector is essential in the fight against cybercrime, which is increasingly borderless in nature,” said the CEO of BT Security, Mark Hughes.

He continued to say that: “Tackling cyber-crime, therefore, requires a collective, global response where the public and private sectors work hand-in-hand. BT’s security experts will help Interpol to identify cyber-criminals and hold them to account, as we jointly develop our understanding of the challenges that we and other organizations face in the battle against cyber-attacks.”

Earlier this year, Interpol appointed BT as one of only seven international companies equipped with adequate security expertise to help in an operation to fight cybercrime in South East Asia.

BT’s threat intelligence and investigation team, based at the company’s security operations center in Singapore, gave out information on regional threats including data relating to local hacktivist groups and phishing sites.

The much greater operation discovered nearly 270 websites which were infected with a malware code which was too an advantage in the design application of the websites. Among them were many government websites containing sensitive data on its citizens. Several phishing operators were also uncovered with some even linking to Nigeria.

In addition, 8,800 C2 servers were also uncovered which at that time were active across eight nations. They were used to distribute a wide range of malware attacks, including those typically launched to target institutions, spread ransomware, launch Distributed Denial of Service (DDoS) attacks, and distribute spam.

Executive Director of IGCI, Noboru Nakatani afterward stated that the operation was a clear and perfect indication that, both the private and public sectors can come together and work efficiently together in the ongoing fight against cybercrime.

“With direct access to the information, expertise, and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” Mr. Nakatani said.

He continued with his comments, stating that: “Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long-term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime.”

Also, a few months back in this year, BT commissioned a KPMG cyber security report which was dubbed “The cybersecurity journey – from denial to opportunity,” in which it identified 5 stages that businesses should experience during their passage regarding leadership in cybersecurity.

The report came to a conclusion that, for businesses to attain the final stage, True Leadership, they must acknowledge that to make their defenses much stronger, they need to spread their wings to the wider community. And that can be done by exchanging their data and expertise with their colleagues and the organizations in the public sector.

The post UK Firm Unites With Interpol to Fight Cybercrime appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/14/uk-firm-unites-interpol-fight-cybercrime/feed/ 2
Tor Update Supports v3 Onion Services https://www.deepdotweb.com/2017/10/14/tor-update-supports-v3-onion-services/ https://www.deepdotweb.com/2017/10/14/tor-update-supports-v3-onion-services/#comments Sat, 14 Oct 2017 14:44:55 +0000 https://www.deepdotweb.com/?p=23051   The second latest alpha build of Tor, Tor 0.3.2.2-alpha, enabled the more secure “next-generation hidden services protocol” (aka v3 onion services). Tor Project President Roger Dingledine said that next generation hidden (onion) services fix security and design flaws found in the original or legacy hidden services. He explained that mistakes he had made in ...

The post Tor Update Supports v3 Onion Services appeared first on Deep Dot Web.

]]>
 

The second latest alpha build of Tor, Tor 0.3.2.2-alpha, enabled the more secure “next-generation hidden services protocol” (aka v3 onion services). Tor Project President Roger Dingledine said that next generation hidden (onion) services fix security and design flaws found in the original or legacy hidden services. He explained that mistakes he had made in the 2004 onion service protocol are being exploited by “fear-mongering ‘threat intelligence’ companies.” In this alpha build, some of the updates from proposal 224 have been added to Tor, including several directory protocol improvements and updated cryptographic building blocks.

At Def Con 25, Dingledine presented v3 onion services and announced that a public build would likely be available in December 2017. Until then, the alpha build(s) will support prop224 onion services for both onion service operators and clients themselves and hopefully provide a testing platform for a stable build in December. Tor Browser 7.5a5 includes support for the new services, along with other significant changes to the way Tor functions.

 Screenshot from 2017-10-07 16-19-32.png

Some of the included updates in the 0.3.2.2-alpha are listed as follows:

  • The cryptographic building blocks use updated or more secure signature algorithms and hashing methods. For instance, the older SHA1/DH/RSA1024 was swapped with SHA3/ed25519/curve25519.
  • Directory protocol has been improved and now leaks less metadata to directory servers. This is, in part, to avoid attacks where a hidden service can be censored easily based on the descriptor. To prevent predictability Tor uses, different, pseudo random variables. Time period, public keys, shared random values, etc.
  • “Better onion address security against impersonation; more extensible introduction/rendezvous protocol; and a cleaner and more modular codebase.”

As time goes on and more users test v3 onion services, additional prop224 features will likely make their way to Tor and the Tor Browser. They announced that, in the future, some of the next updates will include advanced client authorization and improved guard algorithms.

Screenshot from 2017-10-07 16-29-07.png

“[M]istakes in the original protocol are now being actively exploited by fear-mongering ‘threat intelligence’ companies to build lists of onion services even when the service operators thought they would stay under the radar,” the Tor Co-founder said at Def Con 25. “These design flaws are a problem because people rely on onion services for many cool use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook.”

One can recognize the new onion service addresses by the length of the address: 56 characters. They are noticeably longer than v2 onion service addresses. One current example is Riseup’s v3 onion address: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd[dot]onion.

Instructions on setting up a prop224 service can be found on the Tor Blog.

The post Tor Update Supports v3 Onion Services appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/14/tor-update-supports-v3-onion-services/feed/ 2
Sheep Marketplace Owner Gets Nine Years in Prison https://www.deepdotweb.com/2017/10/14/sheep-marketplace-owner-gets-nine-years-prison/ https://www.deepdotweb.com/2017/10/14/sheep-marketplace-owner-gets-nine-years-prison/#comments Sat, 14 Oct 2017 05:44:53 +0000 https://www.deepdotweb.com/?p=23050   A court in the Czech Republic sentenced Tomáš Jiříkovský, the creator of the Sheep darknet marketplace, to serve nine years in prison for stealing bitcoins from the market’s users. According to the court, Jiříkovský stole bitcoin worth roughly 16 million crowns—the equivalent of $731,600 US dollars. The sentence also applies to his role as ...

The post Sheep Marketplace Owner Gets Nine Years in Prison appeared first on Deep Dot Web.

]]>
 

A court in the Czech Republic sentenced Tomáš Jiříkovský, the creator of the Sheep darknet marketplace, to serve nine years in prison for stealing bitcoins from the market’s users. According to the court, Jiříkovský stole bitcoin worth roughly 16 million crowns—the equivalent of $731,600 US dollars. The sentence also applies to his role as the owner of Sheep Marketplace and for illegal weapons found in his possession during his arrest.

According to court spokeswoman Eva Sigmund, the judgement is not yet final and Jiříkovský still has time to appeal the sentence. During an interview after the market owner exit scammed, Jiříkovský denied any role in Sheep Marketplace administration. At most, he claimed, the market’s staff had hired him for software development.

Two Florida men hacked the marketplace in late 2013. They stole 5,400 bitcoins from the market, prompting the market’s owner to run one of the first major exit scams. “We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found [a] bug in system and stole 5,400 BTC – your money,” the admin wrote. The two Floridians made off with far more money than Jiříkovský managed to steal. But if the narrative given to the public was accurate, Jiříkovský initiated his exit scam after the hackers had already stolen a large percentage of the market’s holdings.

Former public prosecutor Marek Vagai explained that the two men from Florida had stolen $4,575,115 in bitcoin. Jiříkovsky made off with the remaining bitcoin—a relatively miniscule portion of the funds. Less than one million dollars. $731,600.

The internet identified Jiříkovský and his significant other, Eva Bartošová, in a surprisingly sorry amount of time. Little came of the dox. Initially, at least. Law enforcement later noticed suspicious financial activity coming from accounts belonging to Jiříkovský and Bartošová. Police arrested the duo in March 2015. Jiříkovský had illegal weapons in his possession that contributed to the nine year sentence. The court dropped Bartošová’s case, according to local media sources.

A so-called “cyber security expert” named Vlastimil Klima exams the data taken from the 25-year-old suspect’s phone and computer. He reported that the devices point towards Jiříkovský as the marketplace owner and the bitcoin scammer behind the exit scam. Kilma said that on the phone, he discovered a file that contained marketplace settings. He also found a database that contained information on transactions and other sensitive information.

The number of stolen bitcoins was lower than the initially reported number. However, between the thefts and exchanges, the couple’s $700k may have been the entirety of the remaining stolen bitcoin. Market owners frequently collect a commission on marketplace sales and Jiříkovský made money via the commission avenue—in addition to the scam that he still adamantly denies having any role in.

As appeals will likely be filed, the sentence may later change, but after several years of waiting, some vendors (and buyers) finally saw their wishes come to life.

The post Sheep Marketplace Owner Gets Nine Years in Prison appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/14/sheep-marketplace-owner-gets-nine-years-prison/feed/ 3
Hacker Advertises India National Internet Registry Database https://www.deepdotweb.com/2017/10/13/hacker-advertises-india-national-internet-registry-database/ https://www.deepdotweb.com/2017/10/13/hacker-advertises-india-national-internet-registry-database/#comments Fri, 13 Oct 2017 22:27:37 +0000 https://www.deepdotweb.com/?p=23040 Two security companies, Seqrite’s Cyber Intelligence Labs and seQtree InfoServices noticed an advertisement on a darknet forum for access to a database (a dump, not live access) that belonged to India’s National Internet Registry. The data breach impacted more than 6,000 internet service providers, government entities, and private companies. As of now, it looks as ...

The post Hacker Advertises India National Internet Registry Database appeared first on Deep Dot Web.

]]>
Two security companies, Seqrite’s Cyber Intelligence Labs and seQtree InfoServices noticed an advertisement on a darknet forum for access to a database (a dump, not live access) that belonged to India’s National Internet Registry. The data breach impacted more than 6,000 internet service providers, government entities, and private companies. As of now, it looks as if no damage has come from the incident.

Teams from seQtree and Seqrite immediately tracked down what information they could about the background of the threat actor. They found nothing of importance. The persona, they announced, was created recently. Seqrite wrote that new identities are being used by threat actors when data breaches are involved.

India’s National Internet Registry: IRINN aka Indian Registry for Internet Names and Numbers is responsible for “coordinating IP Address allocation with other Internet resource management function at national level in the country.” The vendor actually choose not to name the internet registry service that he had breached; in a small email address “sample list,” the seQtree and Seqrite spotted information that led to that discovery.

The advertisement on a darknet forum:

As mentioned in the title, selling database of one of the biggest Internet Protocol controller.

In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.

Selling it for 15 BTC”

In the sample list that the teams talked the vendor into sharing, the teams noticed email addresses belonging to an Indian technology company and at least one email address from the Indian government. So, they pushed the vendor for more information. In return, the unidentified entity shared a text file with roughly 6,000 email addresses from the organizations affected by the breach.

The hacker, in addition to having access to IRINN and APNIC databases, can access documents uploaded by IRINN users. The screenshots provided by the hacker revealed that he can access login details. And, possibly the most terrifying: the access obtained by the hacker likely allows for IP/ASN allocation. Potential fallout from this breach could be massive.

Some of the affected organizations or companies include the Unique Identification Authority of India, Defence Research and Development Organisation, Idea Telecom, Mastercard/Visa, State Bank of India, among many others. The teams reached out to IRINN and the breach was acknowledged, but they have not made a notice available to the public.

The post Hacker Advertises India National Internet Registry Database appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/13/hacker-advertises-india-national-internet-registry-database/feed/ 3
Drug Dealer Bought a Gun on the Darknet “for Protection” https://www.deepdotweb.com/2017/10/13/drug-dealer-bought-gun-darknet-protection/ https://www.deepdotweb.com/2017/10/13/drug-dealer-bought-gun-darknet-protection/#comments Fri, 13 Oct 2017 14:27:34 +0000 https://www.deepdotweb.com/?p=23039 In early October, the Chilly-Mazarin Criminal Court heard the case of a formerly convicted drug dealer who had stepped up in the world of crime. In addition to cocaine and marijuana, police found a semi automatic in the suspect’s home. The gun, he said, came from the darknet. Local news outlets reported that the 31-year-old ...

The post Drug Dealer Bought a Gun on the Darknet “for Protection” appeared first on Deep Dot Web.

]]>
In early October, the Chilly-Mazarin Criminal Court heard the case of a formerly convicted drug dealer who had stepped up in the world of crime. In addition to cocaine and marijuana, police found a semi automatic in the suspect’s home. The gun, he said, came from the darknet.

Local news outlets reported that the 31-year-old suspect had not “escaped a prison sentence.” In a way, he came close during his Chilly-Mazarin case; the judge had ordered a two year prison sentence, but with a suspended year.

7303698_b6743728-a799-11e7-be37-b0593f78b9f4-1_1000x625.jpg

On numerous occasions in the recent past, leparisien wrote, that the suspect had caught drug trafficking charges for the purpose of reselling the drugs in face to face transactions. Outside of the scope of the 31-year-old’s case, darknet news spilled out of many French publications. And in one case, even Europol. One of the most recent incidents included the story of the former Dream Market vendor and moderator, OxyMonster aka Gal Vallerius.

Additionally, France recently offered a list of translations for the “darknet.” They raised some complaints as the definitions provided by the Journal Officiel (of the French republic) left open ends. The difference between the deepweb and darknet were ignored, according to critics.

In the recently closed case in the Chilly-Mazarin Criminal Court, no new definitions were needed nor did they matter. The court heard how the 31-year-old found himself in police custody yet again for drug trafficking, this time with a weapon. Drug trafficking itself was not unusual for the man. Nor was the actual drug party of the crime.

The defendant had, in the past, distributed drugs that he had ordered from darknet marketplaces. A fairly normal activity. Law enforcement caught the man, this time, after he made an illegal U-turn with hidden license plates. A police car pulled him over and discovered five containers of cocaine. Soon after, police searched the defendant’s Chilly-Mazarin home.

They found more than 40 grams of cocaine in the refrigerator. And under the sink, they found nearly 300 grams of marijuana. Include a semi-automatic weapon and ammunition to match. When questioned about the gun, he told police that he needed it for self-defense. “I bought it on the Darknet to protect me. Two months ago, I was assaulted,” he said. A notable period in history where someone had successfully ordered a gun from the darknet. And later got arrested for traffic violations.

The post Drug Dealer Bought a Gun on the Darknet “for Protection” appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/13/drug-dealer-bought-gun-darknet-protection/feed/ 3
Europol and Interpol Upholds Fight against Cyber Crime https://www.deepdotweb.com/2017/10/13/europol-interpol-upholds-fight-cyber-crime/ https://www.deepdotweb.com/2017/10/13/europol-interpol-upholds-fight-cyber-crime/#respond Fri, 13 Oct 2017 05:40:58 +0000 https://www.deepdotweb.com/?p=23035 At the 5th annual Europol-Interpol Cybercrime Conference held in The Hague, Netherlands, two familiar faces in the cybercrime world reaffirmed their strong commitment to continue their partnership in the war against cybercrime. Europol and Interpol, the two law enforcement organizations pledged to continue their good work and to build on successful examples of their partnership. ...

The post Europol and Interpol Upholds Fight against Cyber Crime appeared first on Deep Dot Web.

]]>
At the 5th annual Europol-Interpol Cybercrime Conference held in The Hague, Netherlands, two familiar faces in the cybercrime world reaffirmed their strong commitment to continue their partnership in the war against cybercrime.

Europol and Interpol, the two law enforcement organizations pledged to continue their good work and to build on successful examples of their partnership.

Cyber specialists from across the globe came together in The Hague to address the challenges regarding the provision of effective cybersecurity provided in an interconnected world.

Among them included ‘No More Ransom’, an anti-ransomware cross-industry seeking to help victims of ransomware get back their lost data without any hassle such as the payment of ransoms.

During the past few years, ransomware managed to be the stand-out threat amongst the vast cyber threats. Globally orchestrated ransomware attacks have haphazardly affected millions of victims both in the public and private sectors.

This year has been full of ransomware attacks, costing firms and companies millions of dollars with some attacks even crippling these same businesses.

In Europol’s latest annual report on internet organized crime, it stated that “Ransomware attacks have eclipsed most other global cybercrime threats, with the first half of 2017 witnessing ransomware attacks on a scale previously unseen.”

At the launch of the 80 page-report, Rob Wainright, Europol’s chief said “The global impact of huge cybersecurity events such as the WannaCry ransomware epidemic has taken the threat of cybercrime to another level.”

Earlier this year, the “Petya” ransomware attack crushed many organizations in Europe and the United States. The malicious software spread through large firms and organizations such as the advertiser WPP, legal firm DLA Piper and Danish shipping and transport firm Maersk. It then locked up their PCs and data demanding a ransom to release them.

It was described as the second major global ransomware attack in a space of just two months with the biggest one being the WannaCry ransomware epidemic.

With the theme of ‘Actively united for a safer cyberspace,’ the conference had over 420 delegates from 68 countries to highlight the importance of creating a universal global response which incorporates all stakeholders including the private sector, international organizations, governments and the police.

“The current state of cybercrime, reaching all the corners of the world and threatening to undermine the benefits brought by the new technologies, requires a global response. INTERPOL supports law enforcement to tackle the emerging challenges through a number of channels, providing a global platform including not only communication tools but a wide range of services, from capacity building programmes to cyberthreat intelligence support,” stated INTERPOL’s Director of Cybercrime Silvino Schlickmann.

He continued by saying: “Cooperation with Europol is one of our highest priorities to combat cybercrime in the most effective way.”

Europol and Interpol stated that one of the most effective ways of fighting ransomware is to prevent it.

Over 1.4 million people have visited the website which is still expanding and improving its contributions, since the launch of the ‘No More Ransom’ platform in July 2016.

While Slovak and Persian have been the latest language additions, the number of languages available at the website now rises to 28, according to Europol adviser and chief scientist at security firm McAfee, Raj Samani.

These tools can be used to decrypt 84 ransomware families, with 52 free decryptions, Samani told reporters.

“I am proud of what we have achieved with No More Ransom, but I never expected it to be as popular as it has,” said Samani. “During WannaCry, we had eight million hits in a single day.”

In the joint closing statement, Europol and Interpol came to an agreement on specific steps in the collaborated fight against ransomware:

  • identifying approaches to tackling the threat of cybercrime in a more proactive and efficient manner
  • a coordinated law enforcement approach to addressing the threat from the dark web
  • to continue to focus on coordinated prevention and awareness initiatives to increase baseline cybersecurity
  • nurture the skills and expertise needed to ensure a safer cyberspace

The head of Europol’s European Cyber Crime Center, Steven Wilson, stated that this year’s conference recorded the highest participation since it began in 2013.

“In just a few years, this event has become a leading name within the global community of cyber crime fighters,” Mr. Wilson said.

“With the conference already behind us, it is now time to start working on fulfilling the objectives jointly agreed [upon] with Interpol. So, let’s get to work and remain actively united for a safer cyberspace.”

The post Europol and Interpol Upholds Fight against Cyber Crime appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/13/europol-interpol-upholds-fight-cyber-crime/feed/ 0
Logins for 37 Parliamentarians Sale on the Darknet https://www.deepdotweb.com/2017/10/12/logins-37-parliamentarians-sale-darknet/ https://www.deepdotweb.com/2017/10/12/logins-37-parliamentarians-sale-darknet/#respond Thu, 12 Oct 2017 22:34:36 +0000 https://www.deepdotweb.com/?p=23022 According to the “internationally active cybersecurity team,” Kaduu, the personal information, passwords, and other account data of 37 parliamentarians leaked online. Politicians from all parties are included in a database dump that Kaduu found on the darknet. Much of the information had originated from the Dropbox and LinkedIn dumps from years ago. Kaduu, like so ...

The post Logins for 37 Parliamentarians Sale on the Darknet appeared first on Deep Dot Web.

]]>
According to the “internationally active cybersecurity team,” Kaduu, the personal information, passwords, and other account data of 37 parliamentarians leaked online. Politicians from all parties are included in a database dump that Kaduu found on the darknet. Much of the information had originated from the Dropbox and LinkedIn dumps from years ago.

Kaduu, like so many similar firms, provides a “Deepweb” analysis service. The company searches for information on relevant parties (likely only for clients, save for the National Council). Given that much of the information pulled from the Dropbox or Yahoo database dumps grew stale, Kaduu reportedly found that information offered for free. For more valuable databases and leaks, the company often pays the fee charged by the darknet vendor.

The company claims that their darknet monitoring service—whatever that means anymore—examines a client’s “sensitive and business-relevant information” as it appears on the deepweb. Sources of information include “the darknet,” forums, IRC chats, “dump bots,” and cloud storage accounts. In this discovery the company sent “undercover” analysts to verify more valuable, recent data offered by data brokers and vendors.

Some individuals fared worse than others, For instance, the president of the Democratic Party of Switzerland, Christian Levrat, appeared in the database twice. Both times in connection with his Dropbox account and with two emails: his private Bluewin address and his official Parl.ch address. He explained that any data obtained using the password on that account was “rubbish data” and templates from his campaign posters. Levrat added that the breach had given him a good opportunity to catch up with his habitual password changing.

SVP National Councilor Heinz Brand never changed his passwords, but claimed that he would never email something sensitive. “When in doubt, letter mail it,” Brand said. Vaudländer GLP Isabelle Chevall denied even having a Dropbox account, but when confronted with the fact that she currently used the same username and password for other services, she admitted that she had created a Dropbox account, but she never used it for anything but personal data.

She added that if anyone wanted access to her Dropbox account, it was only to amuse themselves. She said that like Brand, she would never use email to exchange confidential information. If she did, it was only through her parl.ch email address.

This incident has encouraged officials to issue guidelines on parliamentary use of the internet. In an email to a journalist, an official said that the biggest problem was not with personal use of the government email, but instead with password reuse. Something that plagues Dream vendors and parliament members alike.

The post Logins for 37 Parliamentarians Sale on the Darknet appeared first on Deep Dot Web.

]]>
https://www.deepdotweb.com/2017/10/12/logins-37-parliamentarians-sale-darknet/feed/ 0