[This article is originally published in theconversation.com written by Misha Ketchell - Uploaded by the Association Member: Jennifer Levin] 

With more than half of its 1.4 billion people online, the world’s most populous country is home to a slew of cyberspies and hackers. Indeed, China has likely stolen more secrets from businesses and governments than any other country.

Covert espionage is the main Chinese cyber threat to the U.S. While disruptive cyber attacks occasionally come from China, those that cause overt damage, like destroying data or causing power outages, are more common from the other top state threats, namely Russia, Iran, and North Korea.

But Chinese cyberaggression toward the U.S. has been evolving. Before their espionage became a serious threat, Chinese hackers were conducting disruptive cyber attacks against the U.S. and other countries.

Hackers unite

Chinese hackers were among the first to come together in defense of their country. Their first operation against the U.S. occurred in 1999 during the Kosovo conflict, when the U.S. inadvertently bombed the Chinese embassy in Belgrade, killing three Chinese reporters. The patriotic hackers planted messages denouncing “NATO’s brutal action” on several U.S. government websites.

Chinese hackers struck the U.S. again in 2001 after a Chinese fighter plane collided with a U.S. reconnaissance aircraft. The midair collision killed the Chinese pilot and led to the forced landing and detention of the American crew. Both Chinese and American hackers responded with disruptive cyberattacks, with the Chinese hackers defacing thousands of U.S.-based websites, including the White House site.

What is especially important about this incident, though, is what happened next. The People’s Daily, China’s Communist Party newspaper, issued an editorial decrying the attack against the White House. The paper called it, and the other attacks, “web terrorism” and “unforgivable acts violating the law.” On the anniversary of the incident in 2002, the government asked Chinese hackers to forgo further attacks against U.S.-based sites. They complied.

That was the last big cyber attack from Chinese patriotic hackers against the U.S. While Russia seems to condone, if not outright encourage or even sponsor, its patriotic hackers, China has taken a stance against that sort of activity, at least with respect to U.S.-based sites.

Targets at home

In addition to reining in its patriotic hackers, China appears to have refrained from conducting cyber attacks that cause overt damage to critical infrastructure in other countries, like the Russians did to Ukraine’s power grid. However, it has used disruptive cyber attacks to help enforce censorship policies within its own borders.

The Chinese government’s “Great Firewall” keeps internet users in China from accessing censored foreign sites such as those that advocate Tibetan autonomy. Users’ traffic is filtered based on domain names, internet addresses, and keywords in web addresses.

Chinese hackers have also used denial-of-service attacks to temporarily take out sites whose activity the government wants to block. These attacks overwhelm target servers with large amounts of activity, preventing others from using the sites and often knocking the servers offline.

Back in 1999, the government launched DoS attacks against foreign websites associated with Falun Gong, a spiritual movement banned in China. Then in 2011, a Chinese military TV program showed software tools being used in possible cyber attacks against Falun Gong sites in the U.S. The tools were developed by the Electrical Engineering University of China’s armed forces, the People’s Liberation Army.

More recently, in 2015, U.S. and other foreign users visiting sites running analytics software from the Chinese search engine provider Baidu unwittingly picked up malware. The malicious code was injected into traffic going back to the users by a device collocated with the Great Firewall. The malware then launched DDoS attacks against GreatFire.org, a site that helps Chinese users evade censorship, and the Chinese language edition of The New York Times.

Espionage at the forefront

By 2003, China’s interest in cyberespionage was apparent: A series of cyberintrusions that U.S. investigators code-named “Titan Rain” was traced back to computers in southern China. The hackers, believed by some to be from the Chinese army, had invaded and stolen sensitive data from computers belonging to the U.S. Department of Defense, defense contractors, and other government agencies.

Titan Rain was followed by a rash of espionage incidents that originated in China and were given code names like “Byzantine Hades,” “GhostNet” and “Aurora.” The thieves were after a wide range of data.

They stole intellectual property, including Google’s source code and designs for weapons systems. They took government secrets, including user names and passwords. And they compromised data associated with Chinese human rights activists, including their email messages. Typically, the intrusions started with spear-phishing.

In 2013, the American cyberintelligence firm Mandiant, now part of FireEye, issued a landmark report on a Chinese espionage group it named “Advanced Persistent Threat 1.” According to the report, APT1 had stolen hundreds of terabytes of data from at least 141 organizations since 2006.

The Mandiant report gave details of the operations and provided evidence linking those thefts to Unit 61398 of the People’s Liberation Army – and named five officers of the unit. This was the first time any security firm had publicly disclosed data tying a cyber operation against the U.S. to a foreign government. In 2014, the U.S. indicted the five Chinese officers for computer hacking and economic espionage.

Mandiant described APT1 as “one of more than 20 APT groups with origins in China.” Many of these are believed to be associated with the government. A report from the nonprofit Institute for Critical Infrastructure Technology describes 15 state-sponsored advanced persistent threat groups, including APT1 and two others associated with PLA units. The report does not identify sponsors for the remaining groups.

The Five-Year Plan

According to the institute, China’s espionage supports the country’s 13th Five-Year Plan (covering the years 2016 to 2020), which calls for technology innovations and socioeconomic reforms. The goal is “innovative, coordinated, green, open and inclusive growth.” The ICIT report said most of the technology needed to realize the plan will likely be acquired by stealing trade secrets from companies in other countries.

In its 2015 Global Threat Report, the American cyberintelligence firm CrowdStrike identified dozens of Chinese adversaries targeting business sectors that are key to the Five-Year Plan. It found 28 groups going after defense and law enforcement systems alone. Other sectors victimized worldwide included energy, transportation, government, technology, health care, finance, telecommunications, media, manufacturing, and agriculture.

China’s theft of military and trade secrets has been so rampant that editorial cartoonists Jeff Parker and Dave Granlund depicted it as “Chinese takeout.”

US-China agreement

In September 2015, President Obama met with China’s President Xi Jinping to address a range of issues affecting the two countries. With respect to economic espionage, they agreed that their governments would not conduct or knowingly support cyber-enabled theft of business secrets that would provide a competitive advantage to their commercial sectors. They did not agree to restrict government espionage, a practice that countries generally consider to be fair game.

In June 2016, FireEye reported that since 2014 there had been a dramatic drop in cyberespionage from 72 suspected China-based groups. FireEye attributed the reduction to several “factors including President Xi’s military and political initiatives, the widespread exposure of Chinese cyberoperations, and mounting pressure from the U.S. Government.” The ICIT believes China may also be asserting greater control over its operatives and focusing on unspecified high-priority targets.

The U.S.-China agreement also calls for the two countries to cooperate in fighting cybercrime. Just weeks after the deal was signed, China announced it had arrested hackers connected with the 2015 intrusions into the Office of Personnel Management’s database. Those had exposed highly sensitive personal and financial data of about 22 million federal employees seeking security clearances. The Washington Post observed that the arrests could “mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history.”

The cyber threat to the U.S. from China is mostly one of espionage, and even that threat seems to be declining. Nevertheless, companies need to be wary of losing their data, not just to China, but to any country or group seeking to profit from U.S. trade secrets and other sensitive data. That calls for staying ahead of the cybersecurity curve.

Categorized in Internet Privacy

[This article is originally published in purdue.edu written By Chris Adam - Uploaded by AIRS Member: Grace Irwin]

New technology makes it easier to follow a criminal’s digital footprint

WEST LAFAYETTE, Ind. – Cybercriminals can run, but they cannot hide from their digital fingerprints.

Still, cybercrimes reached a six-year high in 2017, when more than 300,000 people in the United States fell victim to such crimes. Losses topped $1.2 billion.

Now, Purdue University cybersecurity experts have come up with an all-in-one toolkit to help detectives solve these crimes. Purdue has a reputation in this area – it is ranked among the top institutions for cybersecurity.

“The current network forensic investigative tools have limited capabilities – they cannot communicate with each other and their cost can be immense,” said Kathryn Seigfried-Spellar, an assistant professor of computer and information technology in the Purdue Polytechnic Institute, who helps lead the research team. “This toolkit has everything criminal investigators will need to complete their work without having to rely on different network forensic tools.”

The toolkit was presented in December 2018 during the IEEE International Conference on Big Data.

The Purdue team developed its Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR) by collaborating with law enforcement agencies from around the country, including the High Tech Crime Unit of Tippecanoe County, Indiana. The HTCU is housed in Purdue’s Discovery Park.

FileTSAR is available free to law enforcement

FileTSAR is available free to law enforcement. The project was funded by the National Institute of Justice.

The Purdue toolkit brings together in one complete package the top open source investigative tools used by digital forensic law enforcement teams at the local, state, national and global levels.

“Our new toolkit allows investigators to retrieve network traffic, maintain its integrity throughout the investigation, and store the evidence for future use,” said Seunghee Lee, a graduate research assistant who has worked on the project from the beginning. “We have online videos available so law enforcement agents can learn the system remotely.”

FileTSAR captures data flows and provides a mechanism to selectively reconstruct multiple data types, including documents, images, email and VoIP sessions for large-scale computer networks. Seigfried-Spellar said the toolkit could be used to uncover any network traffic that may be relevant to a case, including employees who are sending out trade secrets or using their computers for workplace harassment.

“We aimed to create a tool that addressed the challenges faced by digital forensic examiners when investigating cases involving large-scale computer networks,” Seigfried-Spellar said.

The toolkit also uses hashing for each carved file to maintain the forensic integrity of the evidence, which helps it to hold up in court.

Their work aligns with Purdue's Giant Leaps celebration, celebrating the global advancements in artificial intelligence as part of Purdue’s 150th anniversary. This is one of the four themes of the yearlong celebration’s Ideas Festival, designed to showcase Purdue as an intellectual center solving real-world issues.

Categorized in Investigative Research

Many of the components required to commit cybercrime can be bought and sold online if you know the right part of the internet in which to look. These “dark markets” also enable cybercriminals to monetize the fruits of their larcenous labors, from botnet building to credential theft.

In the first part of our cybercrime update we noted more than a dozen arrests and other law enforcement actions against cybercriminals. In this, the second part of the update, we look at some of the “takedowns” that have hit the cyber-underworld this year, beginning with botnet bashing.

Down with malware spamming

One of the commodities that criminals buy and sell online is the ability to distribute malware using spam. This enables digital nastiness like password-stealers and fake antivirus software to be spread far and wide.

But because no self-respecting internet service providers will allow their systems to be used for spam operations, spammers use your systems instead: they secretly recruit them into “botnets”— networks of compromised computers. These bots can be laptops, workstations, even phones and servers. Botnet activity is coordinated through a form of software known as C2, short for Command and Control.

“BOTNETS CAN USE TENS OF THOUSANDS OF MACHINES AT ONCE TO SPEW OUT SPAM.”

Botnets can use tens of thousands of machines at once to spew out spam. In recent years one of the most notorious botnets was called Kelihos. ESET researchers have previously described some of the characteristics and campaigns wrought by the Kelihos botnet, and its predecessor – known as Storm – in a technical paper: Same botnet, same guys, new code.

Well, in April, the person responsible for Kelihos, a Russian programmer by the name of Pyotr Levashov, was arrested while on vacation in Spain. Levashow has long been on the radar of US cybercrime investigators, having been charged back in 2009 with operating the Storm botnet.

Shortly after the arrest, the authorities moved to disrupt and dismantle Kelihos, blocking malicious domains associated with the botnet to prohibit further infections.

While there are still shady characters who formerly were clients utilizing the services of the Kelihos botnet, the takedown is likely to reduce global spam volumes at least temporarily. Furthermore, a swift conclusion to the Levashov case and a strong sentence (prison time plus asset forfeiture) could encourage some criminal spammers to switch to more legitimate activities.

Deep dark terminology

For those to whom the dark side of the internet is terra incognita, a dark market is a place to buy and sell goods online that is not readily accessible to the public. The FBI uses the following terms to describe this phenomenon. First, there is the Clear Web, the one we’re most familiar with, searchable through Google and Bing, comprising everything from news sites to social media, streaming media, and traditional ecommerce like online banking and stores such as Amazon.

In addition to the Clear Web, there is a whole bunch of internet enabled activity that is not readily searchable and cannot be reached without special software or appropriate credentials. This is the Deep Web and it includes certain member-only sites and forums that are used solely to discuss and transact illegal activity. Markets in the Deep Web are referred to as dark markets.

A subset of the Deep Web can only be accessed with special networking software (for example, the Tor browser). This part of the Deep Web is known as the DarkNet and is a haven for cybercrime. Until recently, this was where you could find two of the largest dark markets, known as AlphaBay and Hansa. Despite the FBI’s efforts to stick to this terminology, it is quite common for people to refer generically to any illicit internet activity as Dark Web (and let’s face it, these are all terms that are evolving over time, without “official” definitions).

Big trouble in dark markets

In June, a combined law enforcement effort took down AlphaBay and Hansa. So, what were the websites doing that bothered law enforcement? They were enabling people to indulge in cybercrime as they tried to buy and sell goods and services that are illegal. For example, in many countries and US states, it is illegal for citizens to own completely automatic firearms with large capacity magazines, but you can buy them in dark markets (Screenshot A).

The sale and purchase of malicious code such as ransomware is also illegal in many jurisdictions, but dark markets make it possible (Screenshot B). Clearly, dark markets that traffic in these items, and others, like child pornography, banned substances, and hacking services, are crime-enabling institutions.

The crime enablement aspect of dark markets is enhanced by the fact that they use crypto-currencies like Bitcoin which make parties to the buying and selling activity hard to trace. So, it is not surprising that law enforcement agencies in many countries are keen to take down dark markets and punish their users and operators.

Dark times for the DarkNet?

You may recall the 2013 takedown of Silk Road, a DarkNet predecessor to AlphaBay and Hansa. Headlines were made when the court imposed a life sentence on its creator and operator, Ross Ulbricht (a sentence that was recently upheld by the US Court of Appeals for the Second Circuit).

You may also know that new iterations of Silk Road soon appeared to replace the one that was taken down. This was due in part to the fact that a dark market typically hosts a collection of sellers; in other words, it is more of a dark bazaar than a dark department store. If a seller loses a stall in one market, that stall can quickly migrate to a different market.

So it is unlikely that the takedown of AlphaBay and Hansa will end the practice of selling illegal goods on the internet. However, it might well deter some aspiring criminals, particularly if the persons responsible for AlphaBay and Hansa meet the same fate at the hands of the criminal justice system as Ross Ulbricht. (In a tragic twist, the alleged creator of AlphaBay, a Canadian citizen living in Thailand, appears to have committed suicide in prison not long after his arrest.)

The AlphaBay/Hansa takedown is also likely to discourage some dark market sellers, given the way it was carried out: a sort of one-two punch. From studying past takedowns it was clear that customers quickly migrate from the closed market to the next best market that is still open.

So, here’s how law enforcement played it: the Dutch police took full control of Hansa on June 20. However, they kept it open and monitored activity until AlphaBay was closed in early July.

“ACCORDING TO CNET, WHEN ALPHABAY WAS SHUTTERED, POLICE SAW AN EIGHT-FOLD SPIKE IN TRAFFIC HEADING TO HANSA.”

According to CNET, when AlphaBay was shuttered, police saw an eight-fold spike in traffic heading to Hansa. Here’s how Rob Wainwright, the Europol director put it: “We could identify and disrupt the regular criminal activity that was happening on Hansa market but also sweep up all of those new users that were displaced from AlphaBay and looking for a new trading platform for their criminal activities.”

In announcing the AlphaBay takedown the US authorities left no doubt as to how serious they are about prosecuting this type of criminal activity: “The seizure and shut-down of the AlphaBay criminal marketplace and the indictment and arrest of its founder should send a clear message. If you choose to become involved in administering a site like AlphaBay on the dark web, or decide to use it to engage in criminal transactions, you will have federal law enforcement and United States Attorney offices from every District and State across the nation pursuing you.”

Dark aftermath?

If you read what people familiar with dark markets are saying online, then it is seems that this one-two blow may have shaken what you could call “dark market confidence”. When people talk about taking an extended break from purchasing, you know there is an abundance of fear and suspicion, which was clearly one of the goals of the police action (Screenshot C).

It will be interesting to see what impact, if any, the takedowns have on malware campaigns. We know that dark markets have enabled crimeware-as-a-service operations, notably ransomware-as-a-service. Will there be a temporary reprieve? Will a significant percentage of would-be criminals decide to do something more legitimate with their time and resources? Will the more committed criminals simply move their operations to other parts of the Deep Web?

I tend to think some folks will continue to chance their hand in dark markets. A hallmark of predatory criminals is the belief that they will never be caught, and sadly only a small percentage of cybercriminals are being caught (although the list of arrests in the first part of this article was encouraging).

Unfortunately, if you look at how much dark markets have evolved in the last few years, offering “fast, client-facing support”, as well as escrow services and multilingual help (Screenshot D), you get the impression they are backed by some determined people.

The unanswered question is: how many of them are willing to risk a life sentence?

Source: This article was published welivesecurity By STEPHEN COBB

Categorized in Deep Web

With nothing more than a standard Web browser, cybercriminals can find personal, private information all over the public Internet. It isn't just legitimate services - from genealogy sites to public records and social media - that can be mined and exploited for nefarious purposes. Openly malicious criminal activities are also happening on the public Internet.

 

True, much of the cybercrime underground consists of private and established communities that don't appear in a normal search engine and are not accessible by regular users without special authorization.

 

However, according to the team at identity protection and fraud detection provider CSID, there are different levels of cybercriminal resources - and not all are so tightly protected. The quality and quantity of the more easily accessible forums are still high, say the CSID team, and anyone can access content such as stolen credit cards, cyberattack tools, and even advanced malware, which can be leveraged with minimal technical know-how required.

 

Adam Tyler, chief innovation officer at CSID, describes how black-market organizations are becoming more like traditional online businesses we visit and buy from every day. “For example," he says, "many sites now have their own Facebook, Twitter and even YouTube pages to advise their member base on new attacks and tools that are available.”

 

 

 

 

Data sold on criminal marketplaces “age quickly, meaning that once the information is stolen, it has to be used for fraudulent purposes quickly,” says Christopher Doman, consulting analyst at Vectra Networks. “The more times the information is abused for fraud, the more the information will be devalued.”

 

“Companies should have these marketplaces monitored, looking for trends in data breaches and attacks as well as to see if any of their data has been compromised,” says Carefree Solutions’s CEO Paul San Soucie. “One point that I’m not sure is evident is that there is more public and Dark Web research than any one IT person can handle. Researching and absorbing this information requires significant training and experience. Even large US banks that have dedicated security staff are not able to do some of the research and analysis that specialized reconnaissance teams can perform.”

 

San Soucie nevertheless suggests treading carefully when doing this research. "While you can get to most of these sites using standard https, I still consider them dark and strongly recommend accessing them via a VPN as both criminal and government sources track access in some cases.”

 

Read on for a collection of some of the popular sites where private data, credentials, and attack tools are up for sale, or even for free download.

 

Bonus Source: Novice Cybercrime Communities

Social sites, communities, marketplaces and other places for people new to the cybercrime underground to learn their craft have become increasingly available, easy to find, and easy to use, even for the most novice user.

'The introduction of low cost-domains, the availability of cheap shared web hosting, and the large number of free-to-use open-source community platforms has enabled fraudsters to easily set up and run dark web communities in a matter of a few minutes,' says Tyler. 'This has led to a huge explosion in the number of communities that are accessible and available, even for those hunting for information via a search engine.'

Image Source: CSID

 

Bonus Source: Novice Cybercrime Communities

 

Social sites, communities, marketplaces and other places for people new to the cybercrime underground to learn their craft have become increasingly available, easy to find, and easy to use, even for the most novice user.

 

“The introduction of low cost-domains, the availability of cheap shared web hosting, and the large number of free-to-use open-source community platforms has enabled fraudsters to easily set up and run dark web communities in a matter of a few minutes,” says Tyler. “This has led to a huge explosion in the number of communities that are accessible and available, even for those hunting for information via a search engine.”

 

AlphaBay Market and Forum

AlphaBay, founded in 2014 by alpha02 (a well-known carder) and DeSnake, has become the most popular cybercrime market in 2016, since some competitive sites have shut down. This market emulates popular e-commerce sites like eBay or Amazon in appearance, navigation, and features, and accept digital currency like Bitcoin. 

Yet, these customers aren't shopping for best-selling books, vintage watches, groceries or diapers; rather they are browsing the selection of tens of thousands of items offered by AlphaBay for items related to drugs, malware, exploits, hacked accounts, stolen credentials, and other illicit goods and services - including hacking services.

AlphaBay is better concealed and harder to access than some of the sites on this list; much of it cannot be found through a Google search. It is located on the unindexed, encrypted segment of Internet, the 'Dark Web,' and therefore must be accessed via the Tor network, which anonymizes all the traffic going to and from the site. 

That isn't so difficult to do, though.

'Thanks to Tor proxies, AlphaBay can be easily accessed through your normal web browser,' says Christopher Doman, consulting analyst at Vectra Networks. The Tor Browser with a pre-configured browser can be run off of a USB flash drive, for example.

'Because the information [on AlphaBay] is personally identifiable,' says Doman, 'it can be used in many ways, which include using the information as 'leads' to enable other scams and activities.'

These 'leads' may be used, for example, by:

- Craigslist sellers - to give themselves high ratings for past service
- Betting agencies - to manipulate audience voting in 'Dancing With the Stars'
- Lobbyists - to support their own causes by posting fake 'citizen' feedback


'Since AlphaBay can be easily accessed by criminals with tools such as the Tor browser, it also means that legitimate companies and researchers can also use the Tor browser to see what is for sale,' says Adam Meyer, chief security officer at SurfWatch Labs. 'Companies should be monitoring the listings for any threats that may impact their organization or those in their supply chain.'

Image Source: Carefree Solutions, SurfWatch Labs, Vectra Networks

 

AlphaBay Market and Forum

 

AlphaBay, founded in 2014 by alpha02 (a well-known carder) and DeSnake, has become the most popular cybercrime market in 2016, since some competitive sites have shut down. This market emulates popular e-commerce sites like eBay or Amazon in appearance, navigation, and features, and accept digital currency like Bitcoin.

 

 

 

 

Yet, these customers aren’t shopping for best-selling books, vintage watches, groceries or diapers; rather they are browsing the selection of tens of thousands of items offered by AlphaBay for items related to drugs, malware, exploits, hacked accounts, stolen credentials, and other illicit goods and services — including hacking services.

 

AlphaBay is better concealed and harder to access than some of the sites on this list; much of it cannot be found through a Google search. It is located on the unindexed, encrypted segment of Internet, the "Dark Web," and therefore must be accessed via the Tor network, which anonymizes all the traffic going to and from the site.

 

That isn't so difficult to do, though.

 

“Thanks to Tor proxies, AlphaBay can be easily accessed through your normal web browser,” says Christopher Doman, consulting analyst at Vectra Networks. The Tor Browser with a pre-configured browser can be run off of a USB flash drive, for example.

 

“Because the information [on AlphaBay] is personally identifiable," says Doman, "it can be used in many ways, which include using the information as ‘leads’ to enable other scams and activities.”

 

These "leads" may be used, for example, by:
  • Craigslist sellers – to give themselves high ratings for past service
  • Betting agencies – to manipulate audience voting in “Dancing With the Stars”
  • Lobbyists – to support their own causes by posting fake “citizen” feedback

 

“Since AlphaBay can be easily accessed by criminals with tools such as the Tor browser, it also means that legitimate companies and researchers can also use the Tor browser to see what is for sale,” says Adam Meyer, chief security officer at SurfWatch Labs. “Companies should be monitoring the listings for any threats that may impact their organization or those in their supply chain.”

 

Source: CardingMafia.ws

CardingMafia.ws is a carding community that provides tutorials and other information that's quite useful and valuable for fraudsters. According to the CSID team, customers can find tutorials on how to scam users, crack software, and steal credit cards.

'Visitors will also see advertisements and find direct-to-third-party suppliers of illegally obtained data, such as credit card data and PayPal account data,' says Adam Tyler, chief innovation officer at CSID. 'This is a global community that allows for collaboration on illegal tasks, giving the community the power to fully extract monetary value from its targets.'

'Malware and Trojan attacks are no longer an exclusive or technically advanced threat,' adds Tyler. 'The tools used to conduct these attacks are available to anyone with a modicum of knowledge and the ability to search online.'

(Image Source: CSID)

 

Source: CardingMafia.ws

 

CardingMafia.ws is a carding community that provides tutorials and other information that’s quite useful and valuable for fraudsters. According to the CSID team, customers can find tutorials on how to scam users, crack software, and steal credit cards.

 

"Visitors will also see advertisements and find direct-to-third-party suppliers of illegally obtained data, such as credit card data and PayPal account data,” says Adam Tyler, chief innovation officer at CSID. “This is a global community that allows for collaboration on illegal tasks, giving the community the power to fully extract monetary value from its targets.”

 

“Malware and Trojan attacks are no longer an exclusive or technically advanced threat,” adds Tyler. “The tools used to conduct these attacks are available to anyone with a modicum of knowledge and the ability to search online.”

 

DeepDotWeb

DeepDotWeb is essentially a central source for news, information, and search engine capabilities for the deep Web and its collection of criminal markets.

'While it is unclear who the owners are for this website, what is clear is that they are a group of people who want to educate people on the issues surrounding the dark Web,' says San Soucie.

The site reports on dark Web and marketplace issues. The information found on this site can be used to keep people safe while surfing or purchasing items on the dark Web. It can also be used for evil by people who are looking for illegal items or sites.

'Business should keep up with the news articles if they have concerns about their reputation or employees on the dark Web,' adds San Soucie.

(Image Source: Carefree Solutions)

 

DeepDotWeb

 

DeepDotWeb is essentially a central source for news, information, and search engine capabilities for the deep Web and its collection of criminal markets.

 

“While it is unclear who the owners are for this website, what is clear is that they are a group of people who want to educate people on the issues surrounding the dark Web,” says San Soucie.

 

 

 

 

The site reports on dark Web and marketplace issues. The information found on this site can be used to keep people safe while surfing or purchasing items on the dark Web. It can also be used for evil by people who are looking for illegal items or sites.

 

“Business should keep up with the news articles if they have concerns about their reputation or employees on the dark Web,” adds San Soucie.

 

freetrojanbotnet.com

Freetrojanbotnet.com is effectively an advanced malware distribution service that gives users access to various malware and other malicious tools for free download and use. The tools range from simple bot/rat Trojans to advanced MitB (man in the browser) variants like Zeus, Citadel, and SpyEye.

'Users can easily and freely download these packages and utilize them to conduct their own attacks,' says Tyler. 'Previously, some of the tools offered on the site were licensed for thousands of dollars every month. Now anyone can download them for free with no initial outlay or cost required.'

(Image Source: CSID)

 

freetrojanbotnet.com

 

Freetrojanbotnet.com is effectively an advanced malware distribution service that gives users access to various malware and other malicious tools for free download and use. The tools range from simple bot/rat Trojans to advanced MitB (man in the browser) variants like Zeus, Citadel, and SpyEye.

 

“Users can easily and freely download these packages and utilize them to conduct their own attacks,” says Tyler. “Previously, some of the tools offered on the site were licensed for thousands of dollars every month. Now anyone can download them for free with no initial outlay or cost required.”

 

fprvtzone.ws

Fprvtzone.ws provides both public (i.e., free) and private (paid-for) sections, where fraudsters can find tutorials on how to access data without authorization and how to use the stolen information. It is also a marketplace for individuals to sell, buy, and distribute illegally obtained data.

'Visitors can find tutorials on how to scam users, crack software, steal credit cards, and engage in various other illegal services,' says Tyler. 

Sites like fprvtzone confirm that valuable data is easily and freely accessible to nearly anyone who wants it. 'Companies need to be aware of the risks and ensure that they take steps to protect not only their personal information and accounts, but also their personal devices used to store and hold this data,' adds Tyler. 

Image Source: CSID

 

fprvtzone.ws

 

Fprvtzone.ws provides both public (i.e., free) and private (paid-for) sections, where fraudsters can find tutorials on how to access data without authorization and how to use the stolen information. It is also a marketplace for individuals to sell, buy, and distribute illegally obtained data.

 

“Visitors can find tutorials on how to scam users, crack software, steal credit cards, and engage in various other illegal services,” says Tyler.

 

 

 

 

Sites like fprvtzone confirm that valuable data is easily and freely accessible to nearly anyone who wants it. “Companies need to be aware of the risks and ensure that they take steps to protect not only their personal information and accounts, but also their personal devices used to store and hold this data,” adds Tyler.

 

HANSA Market

Created in response to the many exit scams cybercriminals have conducted over the past few years - where admins have shut down their sites, taking the hefty escrow accounts with them - HANSA is a Dark Web marketplace focused on the security of its users. 

'HANSA is claiming to side more with users in any dispute which is another attempt to get more 'buyers' to use the site,' says Meyer of SurfWatch Labs.

'The market boasts that its multi-signature escrow payment process ensures that theft from either party is impossible,' says Meyer, 'although they are not the only marketplace to offer those payment options.' 

Although HANSA vendors sell a variety of tools and information, pirated products appear most often. This includes software, video games, movies, books and other media as well as credentials to access related accounts, like online gaming platforms or Netflix.

Image Source: SurfWatch Labs

 

HANSA Market

 

Created in response to the many exit scams cybercriminals have conducted over the past few years – where admins have shut down their sites, taking the hefty escrow accounts with them – HANSA is a Dark Web marketplace focused on the security of its users.

 

“HANSA is claiming to side more with users in any dispute which is another attempt to get more 'buyers' to use the site,” says Meyer of SurfWatch Labs.

 

“The market boasts that its multi-signature escrow payment process ensures that theft from either party is impossible," says Meyer, "although they are not the only marketplace to offer those payment options."

 

Although HANSA vendors sell a variety of tools and information, pirated products appear most often. This includes software, video games, movies, books and other media as well as credentials to access related accounts, like online gaming platforms or Netflix.

 

TheRealDeal Market

TheRealDeal Market, which was launched in early 2015 by four founders, focuses on selling malicious code and exploits.

'Law enforcement operations against the cybercrime forums Hell and Darkode in July 2015 led to arrests that tied up several members of TheRealDeal team,' says Adam Meyer, chief security officer at SurfWatch Labs. 'This caused the site to shut down for a few months last year until it relaunched in December 2015 under the management of the main admin, identified as S.P., and an old vendor.'

According to Meyer, the TheRealDeal recently made headlines for the sale of massive databases of user credentials stolen from LinkedIn, MySpace, and Yahoo, as well as a number of stolen healthcare databases.

'TheRealDeal was my previous go-to site to look for data breaches and zero-day exploits,' says San Soucie. 'I found hacked federal accounts and even a state DMV database for sale.'

'Cybercriminals can also find zero-day vulnerabilities, source code, and other stolen items for sale,' adds Meyer. 'For legitimate companies and researchers, these listings provide insight into the types of information and tools that cybercriminals find valuable.'

(Image Source: SurfWatch Labs)

 

TheRealDeal Market

 

TheRealDeal Market, which was launched in early 2015 by four founders, focuses on selling malicious code and exploits.

 

“Law enforcement operations against the cybercrime forums Hell and Darkode in July 2015 led to arrests that tied up several members of TheRealDeal team,” says Adam Meyer, chief security officer at SurfWatch Labs. “This caused the site to shut down for a few months last year until it relaunched in December 2015 under the management of the main admin, identified as S.P., and an old vendor.”

 

 

 

 

According to Meyer, the TheRealDeal recently made headlines for the sale of massive databases of user credentials stolen from LinkedIn, MySpace, and Yahoo, as well as a number of stolen healthcare databases.

 

“TheRealDeal was my previous go-to site to look for data breaches and zero-day exploits,” says San Soucie. “I found hacked federal accounts and even a state DMV database for sale.”

 

“Cybercriminals can also find zero-day vulnerabilities, source code, and other stolen items for sale,” adds Meyer. “For legitimate companies and researchers, these listings provide insight into the types of information and tools that cybercriminals find valuable.”

 

Source: Siph0n

Visible on the open Internet to the general public, Siph0n - which is operated by a group that call themselves security researchers - is a source that offers web application exploits, database dumps (from LinkedIn), and malicious tools (botnet source code), among other things.

'While the group touts that it is publishing the data and tools for security awareness, many hackers follow this site to get information and source code to create exploits,' says San Soucie. 'In some cases, databases that were listed here at no cost, end up on Dark Web market places for sale.'

San Soucie suggests that business owners have their security staff or consultants monitor Siph0n closely to ensure their data does not appear. They should also watch for third-party partners' data. 

'While it may be tempting to download some of the data directly to determine if a business or individual account is listed in the data source, keep in mind that malware can be embedded in the files,' warns San Soucie.

Image Source: Carefree Solutions

 

Source: Siph0n

 

Visible on the open Internet to the general public, Siph0n – which is operated by a group that call themselves security researchers – is a source that offers web application exploits, database dumps (from LinkedIn), and malicious tools (botnet source code), among other things.

 

“While the group touts that it is publishing the data and tools for security awareness, many hackers follow this site to get information and source code to create exploits,” says San Soucie. “In some cases, databases that were listed here at no cost, end up on Dark Web market places for sale.”

 

San Soucie suggests that business owners have their security staff or consultants monitor Siph0n closely to ensure their data does not appear. They should also watch for third-party partners' data.

 

“While it may be tempting to download some of the data directly to determine if a business or individual account is listed in the data source, keep in mind that malware can be embedded in the files,” warns San Soucie.

 

 

Author:  Sean Martin

Source:  http://www.darkreading.com/

Categorized in News & Politics

A newly-released annual Norton Cyber Security Insights Report has found that global cyber crime cost a massive $126 billion during 2015, and affected 689 million people in 21 different countries.

The findings show a 10-percent increase in cyber crime from the previous year.

“The study found a number of factors responsible for the high numbers of affected people, including users’ habits, lack of awareness and a lackadaisical attitude to their online safety despite being aware of some of the threats, as well as the proliferation of connected devices and increasing instances of connecting to non-secure networks,” the International Business Times reported.

Additionally, the survey found that the United States was the most susceptible developed nation, with 39 percent of Americans falling victim to a cyber crime versus a 31-percent average for the rest of the world. The US was responsible for nearly one sixth of the cost, $20.3 billion, of cyber crime globally.

Parents in the US also believe, more than any other nation, that their children are more likely to be bullied online than in a playground or at school. In the US, 64 percent of parents believe online bullying is the bigger concern, versus 48 percent globally.

The Netherlands had the lowest rate of cyber crime, with 14 percent of their citizens falling victim, according to the study.

When looking at the age of those most affected, millennials displayed the highest vulnerability, with 40 percent of those surveyed having been the victims of cyber crime at least once in 2015.

Of those surveyed, over 40 percent could not tell the difference between a regular email and a phishing email. Out of those who had been targeted in phishing attempts, 13 percent fell for them, clicking on malicious links or sharing personal information. Approximately 80 percent of those who did ended up facing negative consequences, including identity theft, bank fraud, or credit cards being registered in their names.

With the widespread nature of cyber crime, 51 percent of those surveyed stated their belief that it is harder to protect themselves online than it is in the real world.

Author:  Tech

Source:  https://sputniknews.com

Categorized in Internet Privacy

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now