fbpx

Identity theft is such a growing problem that it’s become almost routine—Marriott, MyFitness Pal, LinkedIn, Zynga, and even Equifax (of all places) have had high-profile online data breaches in recent years, affecting hundreds of millions of people. To help combat this problem, Experian and other companies are marketing “dark web scans” to prevent data breaches. But what is a dark web scan, and do you need it?

The dark web, explained 

The dark web is a large, hidden network of websites not indexed or found on typical search engines. It’s also a hub of illegal activity, including the buying and selling of stolen financial and personal information. If your information ends up on dark web sites after a data breach, an identity thief could use that data to open credit cards, take out loans, or withdraw money from your bank account.

How dark web scans work 

A dark scan will scan the dark web to see if medical identification info, bank account numbers, and Social Security numbers are being shared. If you get positive results, the dark scan service will suggest that you change your passwords, use stronger ones, or put a credit freeze on your credit profiles with the three major bureaus (Experian, Equifax, and TransUnion). A negative search result doesn’t necessarily mean you haven’t had a data breach, of course, as there’s no way for any company to search the entirety of the dark web.

Many of these services offer you a free scan, but that only covers certain information like phone numbers, passwords, and Social Security numbers. If you want to set up alerts, or search for other information like bank account numbers, passports, or your driver’s license, or have access to credit reports (which are already free) these services will typically charge a monthly fee (Experian offers this service for $9.99 per month after a 30-day free trial).

Is a dark web scan worth paying for?

In an interview for NBC News’ Better, Neal O’Farrell, executive director of the Identify Theft Council, called dark web scanning “a smoke and mirrors deal” that doesn’t “go to the cause of the problem, which is vigilance, awareness, taking care of your own personal information, freezing your credit.”

[Source: This article was published in twocents.lifehacker.com By Mike Winters - Uploaded by the Association Member: Eric Beaudoin]

Categorized in Internet Privacy

With the U.S. presidential race entering its final sprint, a new analysis of conversations on dark web forums shows hackers discussing potential ways to be disruptive with disinformation and attacks on voting infrastructure.

Data circulating on the dark web could give hackers the ammunition they need to target voters and voting infrastructure ahead of election day, a new report claims.

DarkOwl, a company that uses web crawlers to search darknets like Tor, Zeronet, and I2P, released a study Tuesday revealing how bad actors have discussed disrupting electoral processes via cyberattacks and disinformation.

In this digital underworld, some hackers discuss targeting vulnerabilities in ballot tallying machines; others trade voter registration data between themselves. One "prominent malware developer" boasts that his Remote Access Trojans (RATs) could be used to infect election systems using old security flaws.

The company also found ongoing discussions about potential ways to infiltrate three of the most prominent election administration vendors — Election Systems and Software (ES&S), Hart InterCivic, and Dominion Voting — which are responsible for producing a majority of the voting equipment in the country.

At the same time, the potential for bad actors to organize disinformation campaigns within this environment is high, the report shows. There is a "significant ecosystem" for disinformation services within darknets, wherein customers can procure campaigns from disinformation-as-a-service vendors.

These schemes are fueled by a glut of leaked or hacked data circulating online, according to the report. Some of this information comes from freely available sources online, while other information is the result of previous data breaches and leaks. 

In particular, the report makes note of the recent incident involving Tyler Technologies, provider of state and local government election results products, which was hit by ransomware hackers last month. DarkOwl collected some "2,000 corporate e-mail addresses" of Tyler Technologies that were discovered in darknets, the report says. 

Recent reports have also shown some longstanding vulnerabilities may exist in voter registration databases that are currently exploitable. 

The recent research has shown the way that leaked data sets can be valuable underworld capital, "how they're traded, sold, and how those seed disinformation campaigns," a company analyst told Government Technology. 

However, the discussions being had in these forums don't necessarily mean that discussed attacks would be successful. Some of the vulnerabilities that have been discussed are quite old and most companies and agencies would have issued patches by now.

"DarkOwl assesses election officials and technology vendors would very likely patch their systems accordingly well before the general election, thus the successful use of such a threat is highly improbable," the report says. 

Still, the findings troublingly show how aggregated data can be weaponized. Hackers "could leverage voter names, e-mail addresses and telephone numbers to connect with new audiences and market personalize advertisements according to their views on specific topics, propensity to vote and other factors."

Exactly what kind of threat actors are involved in these transactions? It's often impossible to say, but there are some usual suspects worth mentioning. 

"In that world you don't know who is who," said the analyst, though she added: "The Russians are infamous for tapping unaffiliated organizations and criminal groups to do their bidding."

[Source: This article was published in govtech.com By LUCAS ROPEK - Uploaded by the Association Member: Mercedes J. Steinman]

Categorized in Deep Web

Stop your data going dark

We’re living in a world with more focus on cybersecurity than ever before. With the shift to widespread working from home, the pandemic has shone the spotlight on security awareness. This is true in our professional lives in order to prevent corporate information from falling into the wrong hands, but also impacts our personal lives. As consumers began to spend even more time online, businesses across every industry rushed to supplement traditional sales methods and customer interactions with digital equivalents.

This forced pivot to focus on digital has created countless new opportunities for cybercriminals to attack. With news of data breaches and information for sale on the dark web seeming like a daily occurrence, consumers have become desensitized to the risks posed by hackers – but this is largely due to a lack of awareness.

During a time where much of the world is spending more time online and the risk of cyberthreats is at an all-time high, it’s critical that consumers know what they’re up against. Our recent research has revealed that 40% of people don’t know what the dark web is, let alone how their data could be compromised. So what actually is the dark web and how do we make sure we know if our information ends up there?

The unknown side of the internet

The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. This is alarming when 80% of data breaches are a result of weak passwords and we consider that 92% of Brits admit to password reuse despite being well aware of the consequences.

Most people don’t really understands the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a recent study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves.

 

Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.

Has your information been exposed?

Our research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web – and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think – since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.

Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. 

Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.

It starts with awareness

While detection is a fundamental part of the puzzle, keeping ahead of cybercriminals starts with awareness. The human element is often the weakest link in the security chain, with people failing to change default security settings or using the same password across different platforms in their professional and personal lives. But equally, not all employers have made it a priority to drive a culture of security awareness throughout their organisation.

Security is an ever-changing process rather than a one-time project, and people must work together to get their security practices into shape. Remote work will likely remain the norm for a large proportion of businesses, even as the world continues to reopen its doors. The associated security challenges won’t simply disappear, but will likely rise as the drive online continues. With so many exposed credentials available for sale on the dark web, we’d all do well to renew our focus on cybersecurity. Using unique, randomly generated passwords across different accounts, and investing in solutions with built-in privacy features are a good place to start.

[Source: This article was published in techradar.com By Barry McMahon - Uploaded by the Association Member: Dana W. Jimenez]

Categorized in Deep Web

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web
Although both the deep web and dark web are the hidden sections of the internet, they are not synonymous and should not be confused with each other

The terms ‘dark web’ and ‘deep web’ are often interchangeably used to describe the section of the internet that is home to criminal activities. To understand the difference between the dark web and the deep web, we must understand the different layers of the internet, as detailed below.

Surface web: The first layer of the World Wide Web is the surface web, which is also known as the visible web or the clear web. It comprises websites that are indexed by common search engines such as Google, Yahoo, Bing, and so on. These websites are available for public access without requiring permissions. It is believed that the surface web constitutes only 3-4% of the entire World Wide Web; however, according to Wikipedia, the figure stands at 10%. This means the millions of search results conducted every second are but a minuscule percentage of the overall internet!

Deep web: A step further below the surface web is the deep web. The deep web is estimated to be nearly 500 times the size of the surface web or 90% of the entire internet. This section of the internet comprises websites and data that are not indexed. They are protected from search engines and crawlers by way of encryption.

Any data behind a firewall, be it data servers, organizational intranets, or archives, belong to the deep web. A website in the deep web would require you to enter your unique username and password combination to access. Probably, the simplest examples of a website in the deep web can be web-based email, social media platform, online banking, or web-based subscription service. That brings us to the question – whether the deep web is illegal to foray into? The answer is No.

Dark web: The deepest layer of the World Wide Web is called the dark web. Although a part of the deep web, dark web goes further deep. It is a subset of the deep web and the key difference between the two is that the deep web can be home to both good and bad data, whereas the dark web is mostly illicit.

As per some estimates, the dark web probably constitutes only 0.1% of the entire internet but is the hotbed for many illegal activities. The dark web can be termed the underbelly of the internet, as it facilitates crimes such as sale/purchase of stolen data, fake identity proofs, porn, drug trafficking, contract killers, sale of arms and ammunition, and so forth.

It is the infamous part of the internet where data is intentionally hidden and criminal activities are rampant. It requires special software – such as The Onion Browser (Tor), Freenet, or I2P (Invisible Internet Project) – to access the dark web. This is because the dark web can be accessed only by anonymous users, which common browsers do not allow. Common browsers track the IP address of the users and hence enable identification of the user – something which is undesirable in the dark web.

Access to the dark web is not illegal but is fraught with numerous risks. Therefore, it is recommended to stay away from the dark web, as it can be highly dangerous.

[Source: This article was published in dqindia.com By Neetu Katyal - Uploaded by the Association Member: Deborah Tannen]

Categorized in Deep Web

Law enforcement agencies working online benefit from machine learning (ML) and artificial intelligence (AI) , which lead to leading solutions. ML and AI work together, and automated methods can search the dark web, detect illegal activity and bring malicious actors to justice. 

The interface between AI and GIS has created enormous possibilities that were not possible before. The field of artificial intelligence (AI) is so advanced that it exceeds or exceeds human accuracy in many areas, such as speech recognition, reading and writing, and image recognition. Together, ML and AI are rapidly making their way into the world of law enforcement. 

AI, machine learning, and deep learning help make the world a better place, for example, by helping to increase crop yields through precision farming, fighting crime through predictive policing, or predicting when the next big storm will arrive, whether in the US or elsewhere.

As fraud detection programs are driven by artificial intelligence (AI), many of these chains turn to AI to ensure that they use various techniques to stop bad actors in advance. Broadly speaking, AI is the ability to perform tasks that typically require a certain level of human intelligence. 

 

Reward programs are particularly popular because they can store large amounts of valuable data, including payment information. Reward points are also valuable because bad actors can spend them or sell them on dark web marketplaces. 

Coffee giant Dunkin 'Donuts was the victim of a hacker attack in October 2018, and the fraudsters who initiated the program were able to sell users' loyalty credits on dark web marketplaces for a fraction of their value. Sixgill is a cyber threat intelligence service that analyses dark web activity to detect and prevent cyber attacks and sensitive data leaks before they occur. Using advanced algorithms, its cyber intelligence platform provides organisations with real-time alerts and actionable intelligence that priorities major threats such as cyber attacks, data breaches and cyber attacks. 

New York City-based Insight has developed a threat detection platform that uses artificial intelligence and machine learning to scan deep and dark networks for specific keywords to alert potential targets. Sixgill investigates the Dark Web, the Internet of Things, and other areas of human activity to identify and predict cybercrime and terrorist activity. While the darker web requires someone to use the Tor browser, it can also be accessed by someone who knows where to look. 

That's why AI and ML are used to bring light into the dark web, and they can sweep it away faster than a person could. The IntSights report primarily scans deep and dark nets for the latter, but it can also scan the darker net, though not as fast or as far as a person could do, the report said. 

The problem with using AI and ML for this job is that there is not enough clarity: 40% of the websites on the dark-net are completely legal. The remaining 60% are not, and this includes anonymous transactions that are legal, according to the IntSights report.

 

Good cybersecurity practices can reduce the risk of information being collected and sold on the dark-net. Reporting incidents to law enforcement can generally reduce the risk, and a quick response to incidents can help minimise the damage. According to IntSights, law enforcement agencies around the world seized more than $1.5 billion worth of malicious software in 2017. 

Cobwebs Technologies' confusing tool can also search for information about possible crimes before they happen. Cobwebs Technologies' involvement tools can also search for information about potential crimes before they happen, and they are available to law enforcement free of charge. 

Cobwebs Technologies "confusing tool scans the deep dark web to identify and find connections between people's different profiles, displays the information in graphs and maps, and presents it in a variety of formats. It uses artificial intelligence and machine learning to search for keywords that contain information about people, such as their social media profiles and social networks. Tangle can also generate alarms to alert officials to potential threats extremely quickly. Monitoring people's activities on the dark web and other social networks can help officials pinpoint their plans.

Criminals now routinely use the internet to keep their criminal businesses under wraps, and artificial intelligence could help catch paedophiles operating on the dark-net, the Home Office has announced. The company's co-founder and chief technology officer, Dr Michael O'Brien, said: "Our company has developed an AI-based web intelligence solution to make the web safer by enabling law enforcement and crime analysts to uncover the hidden profiles of criminals, drug dealers, money launderers and other criminals lurking in the deep darknet. 

Earlier this month, Chancellor Sajid Javid announced that £30million had been made available to tackle child sexual exploitation online, with the Home Office revealing details on Tuesday of how it will be spent. The government has promised to spend more money on a child abuse image database that, since 2014, has allowed police and other law enforcement agencies to search seized computers or other devices for indecent images of children to help identify victims. Some aspects of artificial intelligence, including language analysis and age assessment, have been used to determine whether they would help track down child molesters.

[Source: This article was published in aidaily.co.uk By Manahil Zahra - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

LastPass' new Security Dashboard gives users a complete picture of their online security

Knowing if your passwords have been leaked online is an important step to protecting your online accounts which is why LastPass has unveiled a new Security Dashboard which provides end users with a complete overview of the security of their online accounts.

The company's new Security Dashboard builds on last year's LastPass Security Challenge, which analyzed users' stored passwords and provided a score based on how secure they were, by adding dark web monitoring. The new feature is available to LastPass Premium, Families and Business customers and it proactively watches for breach activity and alerts users when they need to take action.

 

In addition to showing users their weak and reused passwords, the new Security Dashboard now gives all LastPass users a complete picture of their online security to help them regain control over their digital life and know that their accounts are protected.

Dark web monitoring

According to a recent survey of more than 3,000 global consumers conducted by LastPass, 40 percent of users don't know what the dark web is. The majority (86%) of those surveyed claimed they have no way of even knowing if their information is on the dark web.

LastPass' new dark web monitoring feature proactively checks email addresses and usernames against Enzoic’s database of breached credentials. If an email address is found in this 3rd party database, users will be notified immediately via email and by a message in their LastPass Security Dashboard. Users will then be prompted to update the password for that compromised account.

Vice president of product management, IAM at LogMeIn, Dan DeMichele explained why LastPass decided to add dark web monitoring to its password manager in a press release, saying:

“It’s extremely important to be informed of ways to protect your identity if your login, financial or personal information is compromised. Adding dark web monitoring and alerting into our Security Dashboard was a no brainer for us. LastPass already takes care of your passwords, and now you can extend that protection to more parts of your digital life. LastPass is now equipped to truly be your home for managing your online security – making it simple to take action and stay safe in an increasingly digital world. With LastPass all your critical information is safe so you can access it whenever and wherever you need to.”

[Source: This article was published in techradar.com By Anthony Spadafora - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Internet Privacy

 Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text.

The usernames and passwords, as well as IP addresses, from more than 900 Pulse Secure Virtual Private Network enterprise servers were posted in plain text on the dark web by a Russian-speaking hacker, first reported by ZDNet.com, which obtained the list with help from threat intelligence firm KELA. 

The list contained Pulse Secure VPN server firmware version, SSH server keys, all local users and password hashes, administrator account details, previous VPN logins with cleartext credentials, and session cookies.  

The authenticity of the list was verified by multiple cybersecurity sources. Further, the list was published on a forum frequented by popular ransomware threat actors, such as REvil and NetWalker. 

 

The leak was first discovered by researchers from Bank Security, which observed that the VPN servers listed by the hacker were operating with the firmware version that contained the CVE-2019-11510 vulnerability patched by Pulse Secure in early 2019. 

The Department of Homeland Security and other security researchers have repeatedly urged organizations to patch this critical vulnerability, as hackers continued to target the flawThose targeted attacks continued through January 2020. 

And in April, DHS warned that hackers were using stolen credentials to crack into enterprise networks through the Pulse Secure VPN, even if the vulnerability was patched. 

To find vulnerable VPNs, it appears that the hacker who compiled the list scanned the internet IPv4 address between June 24 and July 8, 2020 and leveraged the known vulnerability to access servers. Then, the threat actor gathered the server details and credentials, collecting the data into a central repository. 

Reviewing the list, it appears that 677 companies failed to patch the Pulse Secure VPN vulnerability. 

VPNs are one of the most common, secure methods used to remotely connect to the network. But as remote connections and telehealth use expanded amid the COVID-19 pandemic, the threat landscape has become much more complex. 

Pulse Secure CMO Scott Gordon told HealthITSecurity.com in March, that in healthcare, providers need to be employing endpoint protection and modern VPN solutions “where you’re encrypting communication session between the device and the data between the practitioner’s devices and application.” 

Since you are now expanding VPN use to more sets of employees contracts and affiliates you should for sure that the VPN software is up to date and current to eliminate the potential VPN vulnerabilities,” Gordon said, at the time. “They’ve essentially broadened the attack surface. Every end user accessing information and resources are now part of their attack surface, and they want to do everything they can now that they've added greater accessibility.” 

To Laurence Pitt, Global Security Strategy Director, Juniper Networks, its unacceptable that organizations failed to patch the vulnerability more than a year after a fix was provided, which allowed for cleartext data dump to occur. 

Further, security researchers have repeatedly provided proof-of-concept data that showed just what could occur if the enterprise left the vulnerability exposed.   

“The lesson learned here? Patch, patch, patch,” Pitt said in an emailed statement. “The data published lists only 900 servers. What we do not know is how many more have not been released – or, which of these could be sensitive servers that are now being poked and prodded in planning for a bigger attack.  

If you are running an older version of code on a service as critical as the VPN is today, then find the latest version and get that upgrade planned, he added.

Healthcare organizations should review insights recently provided by the National Security Agency to better understand the risk and best practice methods to secure VPNs, telework, and other remote sites.

[Source: This article was published in healthitsecurity.com By Jessica Davis - Uploaded by the Association Member: Jeremy Frink]

Categorized in Deep Web

Welcome to TechTours, where we will delve a little deeper into the questions many are too afraid to ask, and dive into the pools that most would just like to dip their toes. Today, we tackle the dark web. 

The notorious dark web has been the subject of many IT discussions and curious minds in the last few years. With the rise of cryptocurrencies and hacking groups like Anonymous, many wonder what is behind the curtain, and how to take a peek. 

The difference between clear, deep and dark web

Clear web is what we use every day. Everything that can be indexed or “found easily” will be classified under clear web. The terms “deep web” and “dark web” however, are often mixed up but they could not be more different. 

The deep web refers to items that can be accessed via a search engine  but are blocked by paywalls or subscriptions and sign-in credentials. It also includes any content that its owners have blocked web crawlers (such as search engines) from indexing. The deep web is estimated to make up between 96 and 99% of the internet.

The dark web is a subset of the deep web that is a lot more difficult to access, and where most of the illicit activity can be found. This requires a specific type of browser to access and is estimated to make up about 5% of the internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name. 

What is the dark web? 

The dark web is the “underside” of the internet that isn't indexed by major search engines. By now, you have probably heard about the dark web being a proverbial dark alley of illegal activity and in many cases, it is. 

On the dark web you will find immeasurable amounts of ways to buy credit card numbers, lifetime Netflix accounts and even counterfeit currency. It goes without saying that it would not be a great idea to put in banking details or any personal information on there due to the dangerous nature of the anonymity of its users. It would also be illegal to purchase the aforementioned products.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor”.

How is the dark web accessed?

The thought of accessing a global marketplace where everyone is free to sell what they want, when they want, might sound enticing. I assure you, as can be expected with a platform where everyone is anonymous, accessing the dark web is not easy and it is incredibly easy to be scammed. 

Accessing the dark web requires the use of a browser called Tor. The Tor browser basically hides you from everyone else by routing your web page through a variety of servers making your IP address unidentifiable.  

Some positives of the dark web

Despite its “dark” reputation, the dark web also provides an access point for people in countries where digital restrictions are stifling them. People are turning to the dark web for freedom of speech and privacy. Just like the “clear” web, the dark web is filled with social media platforms, email services and even gaming websites. However, due to the use of browsers such as Tor, you are kept fully anonymous.

The dark web is also being used to expose corruption. News channels such as Fox, CNN and NBC have all got open sites on the dark web in order to receive anonymous tips from online users. In addition to this, due to the anonymity that the dark web provides, many users on the dark web use it to share personal stories. This ranges from advice on drug addiction, sexual abuse and many other personal stories people are afraid to share on the clear web. 

There are also a growing number of medical professionals using the dark web who consult with patients who would rather keep their medical conditions anonymous. 

Another reason people are moving to the dark web is to make anonymous purchases. We do not condone buying illegal items but recognise that there are legitimate reasons to buy products and services on the dark web such as buying specific security software and electronic devices. There are also tons of online communities where no matter what your passion is, you will probably find a forum for it. A note of caution is always avoid forum discussions pertaining to illegal activities. 

The dark web is an interesting place filled with a myriad of forums, marketplaces and illegal items but as mentioned previously, there is little to no policing. 

If your intention to use the dark web is to remain anonymous and find like-minded people then this is the place for you. One thing is for certain, like walking through a shady part of town, you will find lots of bargains and interesting things to see. Just don't go down the dark alley and check what people are selling from their trench coats. 

* Independent Media will not be responsible for person/s using the dark web irresponsibly. Please proceed with extreme caution when doing so and steer away from illegal activity. 

[Source: This article was published in iol.co.za By Faheem Khota - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web
Page 1 of 11

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media