fbpx

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

While the dark web offers a haven for criminals and serves as inspiration for Hollywood blockbusters, it’s much more mundane in real life. Still, many businesses feed into the fallacies surrounding the dark side of the Internet, ultimately delaying their ability to protect employees and consumers.

Our industry really needs to shed some light on the largest misconceptions associated with the dark web. Equipped with these new insights, we can empower security pros to explore the dark web and gain knowledge that will strengthen their security posture. But before we can debunk any misconceptions, companies must first understand the basics.

The dark web resides on a portion of the Internet where communications and transactions are carried out anonymously. Separate networks like TOR, Blockchain DNS, I2P, and ZeroNet make up the dark web and have different access requirements and resources. Cybercriminals and threat actors typically use these networks to securely and secretly coordinate crime functions, and openly discuss terrorist tactics, techniques and procedures (TTPs). The dark web also serves as a marketplace to buy or sell goods or services, such as credit card numbers, social security numbers, all manners of drugs, and stolen subscription credentials. It’s a long list.  

 

There’s also practical value for legitimate security organizations to access the dark web. Cybersecurity teams can track for evidence of attacks in various stages of execution. Today, companies are applying intelligence requirements processes to determine what they should do with the information they discover, like monitoring for vulnerabilities that are weaponized in malware families. To monitor the dark web successfully, organizations should carefully weigh options between people and technology. They must invest in both: people deliver context and expertise, while technology helps teams scale.  

Now that we understand a bit more about the dark web, let’s dive into the four biggest misconceptions:

Misconception: The dark web doesn’t have a good side.

Reality: Dissidents and civil rights advocates use the dark web to communicate in repressive governments around the world.

Understandably, the dark web gets a lot of bad press, which leads many to believe that it’s inhabited exclusively by nefarious types. However, it has many benign practices that organizations can partake in. For example, the Tor network was initially developed by the United States Naval Research Laboratory to protect U.S. intelligence communications from surveillance. Anonymity and protection from surveillance have made the Tor network and other parts of the dark web an invaluable tool for dissidents and civil rights advocates under repressive regimes, journalists, and whistle-blowers. The New York Times makes its website available as a Tor Onion Service for readers in countries that block access to the newspaper’s regular website, or who worry about their web activities being monitored.

Misconception: The dark web houses the majority of digital threats facing businesses.

Reality: Security pros find important communications tools on the dark web.

Contrary to popular belief, the dark web does not serve as a home to a majority of digital threats facing businesses. Although it includes a few thousand sites, it only makes up a relatively small portion of the deep web. People are often surprised to learn that more digital threats appear on the surface web than on the dark web. Communication, collaboration and transactional tools are all available on the dark web. These include forums and chat rooms, email and messaging applications, blogs and wikis, and peer-to-peer file-sharing networks.

Misconception: Organizations can’t mediate or anticipate dark web threats.

Reality: Security teams comb the dark web to prevent future attacks and takedown bad sites.

Although organizations can’t influence sites or marketplaces found on the dark web, the material found there can help discover sites and social media accounts on the surface web used for launching attacks, carrying out phishing campaigns, and selling counterfeit and stolen goods. By leveraging insights from the dark web, security pros can regularly “takedown” those websites and accounts from the surface web.

Misconception: Monitoring the dark web takes money – and it’s slow.

Reality: Doesn’t have to be that way with the right mix of people and technology.

Monitoring the dark web requires some skill, but it isn’t necessarily a slow and expensive process. Typically, organizations gravitate towards data loss protection (DLP) services, which ensure sensitive data doesn’t get lost, misused, or accessed by unauthorized users. Having the right technologies and people, and sometimes with outside DLP services, companies can prevent attacks and at a relatively modest cost.

Habitually categorized as an asylum for criminals of all stripes, the dark web holds an opportunity for organizations hoping to detect data breaches and anticipate and thwart attacks. While other companies are already profiting from monitoring and tracking certain areas of the dark web, others struggle to even understand and dispel its misconceptions. With some minimal investment, companies can establish comprehensive visibility across multiple digital networks. This will let them discover threats sooner and take action wherever attackers are vulnerable along their kill chain. With this level of visibility and understanding, companies can shed their fear of the dark web and have confidence in their digital risk protection program.

 

[Source: This article was published in scmagazine.com By Zack Allen - Uploaded by the Association Member: Alex Gray] 

Categorized in Deep Web

Introduction to dark web fraud

Dark web fraud constitutes a global information security problem. The widespread availability of how-to guides providing instructions on how to commit such fraud exacerbates the problem even further.

Before examining these how-to guides in detail, we need to explain the meaning of “dark web.” The web includes two main layers: the surface web, which consists of any content indexed by search engines, and the deep web, which comprises all content that is not indexed by search engines. Content in the deep web can be hidden behind paywalls, firewalls and other types of protection.

 

The dark web constitutes a small portion of the deep web and appeared as a result of the development by the United States of software known as Tor. It allowed internet users to encrypt their location and information they sent and received. This, in turn, ensured their anonymity and privacy. The dark web is often used by criminals for various malicious purposes, such as sales of guns, drugs and other illegal materials. It is estimated that the content available on the dark web constitutes less than 0.005% of the content available on the surface web.

Large volumes of content exchanged through the dark web include how-to guides. According to a Terbium Labs study that covers three major dark web exchanges, 49% of the data sold through those exchanges consists of how-to guides. 

In this article, we will examine the types of how-to guides sold through the dark web. Afterwards, we will discuss their reliability. Finally, we will provide concluding remarks.

Typology of how-to guides

How-to guides can, depending on their purpose, be divided into five categories: account takeover, phishing, doxing, cashing out and synthetic identity fraud. 

1. Account takeover

The term “account takeover” refers to a situation where a fraudster gets unauthorized access to a genuine customer’s account, such as online banking accounts, email accounts and accounts providing access to subscription services. Once the fraudster gets access to a customer account, he or she may use it for various purposes, including but not limited to purchasing goods or services, acquiring more sensitive information which can be used to blackmail the victim and spreading malware to the contacts of the victim.

How-to guides may include detailed instructions on how to use software for automatic detection of vulnerabilities in corporate computer systems. It is believed that such software was used to conduct the British Airways cyberattacks, which enabled hackers to access tens of thousands of frequent-flyer accounts.

2. Phishing

How-to guides may also teach criminals how to conduct phishing attacks. Research conducted by Cyren revealed that 5,335 new phishing how-to guides were made available in 2019 alone. The same research indicated that 87% of the phishing how-to guides included at least one evasive technique, such as content injection, HTML character encoding, and the inclusion of URLs in attachments.Let’s look at those a little more closely. Content injection refers to changing the content of a page on a legitimate website in such a way as to redirect users of that website to a phishing page. HTML character encoding means the inclusion of phishing code in a webpage in such a way as to prevent security crawlers from detecting keywords associated with phishing (e.g., “credit card” and “password”). The inclusion of URLs in attachments is a technique allowing fraudsters to hide links to phishing websites in files.

 

3. Doxing

Doxing is the practice of finding out sensitive information about an individual or organization and making it publicly available with the aim to harass, shame or extort the victim. Doxing how-to guides contain instructions on how to find sensitive information, how to post it in such a way as to prevent the removal of the information and how to obtain monetary gain through extortion.

4. Cashing out

Cashing-out how-to guides contain instructions on how to cash out voucher codes, bank accounts, credit cards, gift cards and other payment methods. In some cases, such guides may provide links to e-commerce websites that can accept stolen financial data purchased through the dark web. In other cases, they describe the steps one needs to take to clone payment instruments, such as debit and credit cards.

5. Synthetic identity fraud

To commit a synthetic identity fraud, one needs to combine stolen information from unsuspecting individuals and combine it with false information, such as dates of births, addresses and names. The resulting synthetic identities are less likely to be detected because of the lack of a clearly identified victim.A report from the US Federal Reserve indicates that synthetic identity theft constitutes the fastest growing type of identity fraud. In 2016 alone, the losses caused by this type of fraud exceeded USD 6 billion. Many how-to guides contain detailed descriptions of methods used to combine actual and fake data in such a way as to mislead the relevant financial institutions into believing that the synthetic identities are genuine.

The reliability of the how-to guides

How-to guides are highly unreliable. In many cases, they provide no useful information and the buyer cannot demand his or her money back. In this regard, Tyler Carbone, a CEO at Terbium Labs, noted: “Ironically, many fraud guides are themselves fraudulent. Bad actors create fake guides, and try to make a profit selling them before buyers catch on.” Of course, this is not surprising as people who teach others on how to commit fraud should not be expected to be honest and ethical. 

Some how-to guides may even include malware to be used by their buyers to commit fraud. Quite often, such malware may actually infect the computers of the buyers. Thus, the buyers who pay for purchasing how-to guides may actually pay for infecting their own computers.

According to the researchers of Terbium Labs, about 11% of all how-to guides are fraudulent. Although the remaining 89% how-to guides contain genuine information about how to commit fraud, many of them contain obsolete data (more than a decade old) or duplicated data (e.g., publicly available data repackaged by the hackers as their own).

Irrespective of the reliability of how-to guides, these materials may provide people with weak computer skills with the opportunity to conduct serious cyberattacks. This is not only because they often contain detailed and simple instructions, but also because they may include ready-made malware that can be used during the attacks and databases of stolen sensitive information which can facilitate fraudulent operations. The average price of stolen sensitive information on the dark web is about $8.50, but one can find such information even at the price of $1.

Concluding remarks regarding how-to guides

How-to guides have the potential to increase the number of global cyberattacks because they reduce the financial and competence requirements required for conducting such attacks. Anyone who can pay about $4 for a how-to guide or about $16 for a collection of how-to guides under a single listing is now able to engage in account takeovers, phishing, doxing, fraudulent cashing-out, synthetic identity fraud and other malicious activities. 

This means that how-to guides can be regarded not only as an information security problem but also as a social problem because their use can lead to the paralysis of the functioning of various social organizations such as governments, hospitals and companies.

 

[Source: This article was published in resources.infosecinstitute.com By Daniel Dimov - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

The dark web is essentially pop-up markets packed with drugs, weapons, child pornography, passports, you name it. You can even find counterfeit money or grenades.

SAN DIEGO — You have probably heard about the dark web, in fact, the name itself sparks a lot of curiosity. It is a place where you can buy all sorts of things, from illegal drugs, to passports and even explosives.

Many people think it is not accessible to the average Joe, but that is not the case. Federal prosecutor Sherri Walker Hobson says, “the problem is, not only can anyone do it in America, it is the person next door.”

No one knows that better than 39-year-old San Diegan Sky Justin Gornik. The Clairemont resident was locked up earlier this year for 70 months for buying and selling drugs on the dark web from 2014-2017. Some of the drugs included the deadly carfentanil.

Sherri Walker Hobson told News 8, “In light if the volume of packages he was receiving, they suspected he was likely a dark web vendor here in San Diego.” She went on to say, “I have been a prosecutor for 30 years, and it is shocking to me, we now have the ability to order drugs over the dark web.”

Hobson says patrolling the dark web is not an easy task.

Lance Larson is the co-director of San Diego State University’s Graduate Program in Homeland Security and an expert in both cyber security and homeland security. He says there are three layers to the web.

  • The surface web which is the sites you use regularly. The dot-coms such as Google.
  • The deep web which has data with complex information, legal documents and medical records
  • The dark web

The dark web is essentially pop-up markets packed with drugs, weapons, child pornography, passports, you name it. You can even find counterfeit money or grenades.

Larson says, “we think there is a use by common criminals of the dark web to be able to gather new tactics, or new ways to be able to scam people and to commit fraud."

So how can we go about making sure our personal information is safe? Larson says it is really tough because we give up a lot of info to companies we trust and unfortunately some companies do not have great cyber security practices. He says it is OK to ask how they are protecting your information.

He says some things that are easy to do include locking down your credit report or lock your username and passwords for sites by using multi-factor authentication. This is a security feature that requires more than just a simple password. For example, you would need to receive a text message with a code in addition to a password.

Larson says the dark web can easily be accessed with the proper router. He says “like the onion router, also known as ‘TOR’ without the users browser or history being exposed.” The dark web can also be downloaded to a cell phone.

We asked, is there legitimacy to the dark web? Larson said, “There are some really good legitimate reasons for the dark web. For example, in countries that have a censorship, the dark web allows people in those countries like news reporters to be able to report out and share on what's going on in their country.”

The dark web is so large it is impossible to know how many pages are out there, but undercover agents around the nation are constantly on the lookout. Prosecutor Sherri Walker Hobson says, “people have to think twice before taking something, even if is from your own friend. You can’t be careless anymore. It is like Russian Roulette.”

And just like Hobson, Larson says we can’t arrest ourselves out of the problem. Education is key. 

“It doesn't look like we're going to solve this by taking down dark web websites, here and there. It really comes down to policing our own children and understanding what to look for. Does our neighbor -  are they receiving packages that have things they have purchased on the dark web and reselling in our San Diego communities?”

 

[Source: This article was published in cbs8.com By Stella Escobedo - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.

Researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

 

“The sheer number of credentials available is staggering,” said Rick Holland, CISO at Digital Shadows.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

Mr Holland said that his firm had alerted its customers to around 27 million credentials over the past one-and-a-half years that could directly affect them.

The number of stolen credentials has risen by more than 300 per cent since 2018, due to a surge in data breaches. An estimated 100,000 separate breaches have taken place over the last two years.

Among the credentials for sale were those that granted access to accounts within organisations, with usernames containing the word "invoice" or "invoices" among the most popular listings.

Digital Shadows said it was unable to confirm the validity of the data that the vendors purport to own without purchasing it. The researchers said that listings included those for large corporations and government organisations in multiple countries.

Security experts advise internet users to use individual passwords for each online service that they use, while also adopting measures like two-factor authentication where possible.

 

Online tools like HaveIBeenPwned can also indicate whether a person's email address has been compromised in a major data breach.

 [Source: This article was published in independent.co.uk By Brien Posey - Uploaded by the Association Member: Anthony Cuthbertson]

Categorized in Internet Privacy

For a beginner, it is almost impossible to find a website on the Tor browser or how it works and that’s where dark web search engines help.

To the layperson, their only exists one type of the Internet – the one we use for normal browsing every day. But, in reality, there are 3 main types of the Internet which are crucial to understanding to get an accurate picture of how it works:

1: The Surface Web
2: The Deep Web
3: The Dark Web

The Surface Web

The surface web consists of all the pages that can be indexed by a normal search engine like Google and are available for everyone to see.

The Deep Web

The deep web consists of all those pages that are protected and hence cannot be indexed by a search engine. This protection may come in the form of several security measures such as passwords. An example is a private Instagram profile whose content cannot be displayed in Google search results.

The Dark Web

The dark web consists of all those websites which cannot be accessed using a normal browser and require a special type of network known as The Onion Routing (TOR). All websites there use a .onion appended at the end instead of top-level domains such as “.com”.

 

Even though the first 2 are not consciously known by the vast majority of users to be distinct types, they are used every day by them. However, the real mystery lies in the third one, the dark web which only makes up a very tiny proportion of the internet containing about just over 65000 URLs.

Out of these too, only about 8000 are active with the majority of existing URLs not working due to various issues. Yet, this is only one part of the problem.

Dark web search engines

Another one is the difficulty in finding dark web websites. Unlike the normal surface web, the site URLs do not have easily rememberable names and hence memorization is not an option in most cases. This naturally poses a question, what dark web search engines are available to fill in for Google? Turns out, there are plenty, here are the top 8 dark web search engines:

1. DuckDuckGo – 3g2upl4pq6kufc4m.onion

 

Built with the unique selling point of not tracking users, DuckDuckGo has long been used as a replacement for Google by privacy-conscious users. On the other hand, many use it on the dark web as well for its anonymity features. Considering that it is the TOR browser’s default search engine, it says a lot about their reputation for being a good search engine in the community!

2. Torch – cnkj6nippubgycuj.onion

Also known as TorSearch, it claims to be the oldest search engine residing on the dark web along with indexing over a billion pages giving it considerable brownie points. Users are neither tracked nor is there any censorship allowing one to make full use of the information buried within the dark web.

3. Recon – reconponydonugup.onion

This particular search engine was built by Hugbunt3r, a prominent member of the popular Dread service on the dark web. It aims to serve as a database through which users can search for products from different vendors in different marketplaces on the dark web.

Individual profile viewing options for vendors & marketplaces are also available including details like ratings, mirror links, number of listings, and uptime percentage.

 

4. Ahmia.fi – msydqstlz2kzerdg.onion

An interesting part of Ahmia is that it lets you browse dark web links using a normal browser like Google Chrome. This is even though you would eventually need TOR to access those obtained links but it lets you at least see them this way. On the other hand, it also has an onion URL.

img class="aligncenter wp-image-77808 " src="https://www.hackread.com/wp-content/uploads/2020/05/Top-10-dark-web-search-engines-for-20202.png" alt="" width="738" height="374" srcset="https://www.hackread.com/wp-content/uploads/2020/05/Top-10-dark-web-search-engines-for-20202.png 960w, /

Usage statistics are also available on its site categorized by simple & unique search queries, and simple & unique search results on both the TOR and I2P network. A notable feature of this search engine is that it appears to be simplistic while highly functional at the same time.

Further, it places the comfort of its users at heart with an example being that with one click, it allows you to add your own dark web hidden service to its database.

5. notEvil – hss3uro2hsxfogfq.onion

Putting up an aura of simplicity, notEvil is believed to have been modeled after Google. It is also reported that it took its name from Google’s motto back in the day of “don’t be evil”. For searching, users have multiple options to select their results from which are titles, URLs, or both of them combined.

6. Candle – gjobqjj7wyczbqie.onion

Built just about 3 years ago, where the design inspirations came for this site are obvious – Google. Attempting to imitate the kind of simplicity the tech giant has on the dark web has yielded its good traffic with the number of sites indexed growing every day.

7. Haystak – haystakvxad7wbk5.onion

Advertising itself as having indexed over 1.5 billion pages, it sure does deserve a place on the list. However, it should be noted that many of these may not work considering that only a small portion of the sites created on the dark web ever remain online constantly with most being wiped away.It also offers a premium version that can be ordered using a contact form.

8. Kilos – dnmugu4755642434.onion

Kilos is one of the dark web search engines that’s primarily been designed for the Dark Web. It was launched in November 2019 and provides cybercriminals a platform to find answers to their dark queries, search for services on the Dark Web and find the right person to deal with for all the wrong tasks. Such as, if someone wants to deal with Bitcoin secretly, they only have to type the relevant keywords and the deed will be done.

The only drawback is that researchers who have investigated the use of Kilos believe that the search engine helps cyber criminals more than someone eager to learn about dark web markets.

To conclude, you may also find the links of other dark web search engines but these happen to be the ones that stand out the most. Furthermore, as mentioned earlier, many sites don’t survive the stain of time in this strange land so it could be that some of these don’t exist tomorrow.

To remain safe, be sure to steer clear from search results that may lead you to illegal sites such as those offering child abuse content, illegal drugs, or weapons as some of these search engines do not censor such results.

 

[Source: This article was published in hackread.com By Sudais Asif - Uploaded by the Association Member: Robert]

Categorized in Deep Web

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

 

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’ deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data, and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web, in general, is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

 

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

 

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Alex]

Categorized in Deep Web

New search engine Kilos is rapidly gaining traction on the dark web for its extensive index that allows users access to numerous dark web marketplaces.

A new search engine for the dark webKilos, has quickly become a favorite among cybercriminals and here’s why.

It all began when the dark web search engine, Grams, launched in April 2014. Grams was an instant hit, proving useful not only to researchers but cybercriminals too.

The search engine used custom APIs to scrape some of the most prominent cybercriminal markets at the time. These include AlphaBayDream Market, and Hansa.

In addition to helping searchers find an illicit product using simple search terms, Grams also provided Helix, a Bitcoin mixer service. That way, users can conveniently hide their transactions on the platform.

 

Yes, Grams was a revolutionary tool for cybercriminals on the dark web. But, it’s index was still relatively limited.

In a Wired interview, an administrator stated that the team behind Grams didn’t have the capabilities to crawl the whole darknet yet. So, they had to create an automated site submitter for publishers to submit their site and get listed on the search engine.

Despite Grams’ success, it would not remain for long. In 2017, the administrators shut down the search engine’s indexing ability and took the site down.

However, a new search engine would eventually rise to take Grams’ place two years later.

Kilos Became the Favorite Search Engine on the Dark Web

In November 2019, talks of a new dark web-based search engine called Kilos started making rounds on cybercriminal forums.

According to Digital Shadows, it’s uncertain whether Kilos has pivoted directly from Grams or if the same administrator is behind both projects. However, the initial similarities are uncanny.

For example, they both share a similar search engine-like aesthetics. Also, the naming convention remained the same, following the unit for weight or mass measurement.

Expectedly, Kilos pack more weight than Grams ever did.

Thanks to the new search engine, searchers can now perform more specific searches from a more extensive index. Kilos enable users to search across six of the top dark web marketplaces for vendors and listings.

These include CryptoniaSamsaraVersusCannaHomeCannazon, and Empire.

According to Digital Shadows, Kilos has already indexed 553,994 forum posts, 68,860 listings, 2,844 vendors, and 248,159 reviews from seven marketplace and six forums. That’s an unprecedented amount of dark web content.

What’s more, the dark web search engine appears to be improving, with the administrator introducing new updates and features. Some of these features include:

  • Direct communication between administrator and users
  • A new type of CAPTCHA to prevent automation
  • Advanced filtering system
  • Faster searches and a new advertising system
  • New Bitcoin mixer called Krumble

Kilos are gradually becoming the first stop for dark web users. From individuals looking to purchase illicit products to those searching for specific vendors, tons of users now depend on the search engine.

This could further increase the amount of data that’s available to security researchers as well as threat actors.

 

[Source: This article was published in edgy.app By Sumbo Bello - Uploaded by the Association Member: Jennifer Levin]

Categorized in Search Engine

Silk Road was an internet black market and the first modern-day darknet market. It was founded by Ross William Ulbricht (also known as Dread Pirate Roberts) born in Texas, the U.S. who had a different ideology.

He believed everyone should have the right to buy, sell whatever they want as long as they did not harm anyone.

If we summarise it, it made Ulbricht a millionaire, and later a convict.

It may sound like a Hollywood movie but it is true. Hollywood actor Keanu Reeves narrated a 2015 documentary on the Silk Road legend called Dark Web which chronicles the rise and fall of the black market and its founder.

 

Initial Days

SilkRoad was first launched in February 2011. Ulbricht started his dark web marketplace development in 2010. It was a side project to Good Wagon Books. The project was designed to use Tor and bitcoin. It was destined that his marketplace to become the catalyst for a revolution.

When it started, there were a limited number of new seller accounts available. So, every new seller has to purchase a merchant account in an auction. Later, each merchant has to give a fixed fee.

How did it work?

As it operated as a Tor hidden service, communications on Silk Road were considered by users to be entirely anonymous. Besides, transactions on Silk Road could only be made using bitcoins.

For customers, the main benefit it had over its rivals was that it was trustworthy.

Same like eBay, it would match consumers and dealers, allows both parties to rate each other, and provide products to be delivered directly to customers’ doors by the unsuspecting mail service.   

Silk Road 1.jpg

His website connected nearly 4,000 drug traders around the world to sell their drugs to more than 100,000 buyers, and could you get you anything you want from fake documents to top-quality heroin.

It is estimated that in its very short span, over $1 billion transferred through Silk Road, giving Ulbricht a secret fortune of an estimated $28 million at the time of his arrest.

 

Products in Silk Road

Initial listings on Silk Road were to be restricted to products that resulted in ‘victimless crimes’. On that foundation, products linked to the likes of stolen credit cards, assassinations, weapons of mass destruction and child pornography were banned.

Silk Road 2.jpg

Ulbricht became unwilling or unable to maintain the standards that he had initially set and indeed had relaxed the policy on banning the sale of weapons based on a view that increased firearm regulations were making it harder for people to purchase guns, in contrast with his libertarian values. Furthermore, as the site evolved, more and more ‘contraband’ products began to be listed.

There were also legal goods and services for sale, such as apparel, art, books, cigarettes, erotica, jewelry, and writing services. A sister site, called “The Armoury”, sold weapons (primarily firearms) during 2012, but was shut down, due to a lack of demand.

The End of the Silk Road

Although the authorities were aware of the existence of Silk Road within a few months of its launch, it took over two years from that time for Ulbricht’s identity to be revealed.

Ulbricht may have included a reference to Silk Road on his LinkedIn page, where he discussed his wish to “use economic theory as a means to abolish the use of coercion and aggression amongst mankind” and claimed, “I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force.” Ulbricht moved to San Francisco before his arrest.

Ulbricht was first connected to “Dread Pirate Roberts” by Gary Alford, an IRS investigator working with the DEA on the Silk Road case, in mid-2013.

The connection was made by linking the username “altoid”, used during Silk Road’s early days to announce the website and a forum post in which Ulbricht, posting under the nickname “altoid”, asked for programming help and gave his email address, which contained his full name.

 

On an October afternoon in a public library in San Francisco, Ross Ulbricht’s dream of an online libertarian paradise came to a sudden end. The FBI had finally caught up with Ulbricht having infiltrated the Silk Road.

At the time of his arrest, he was logged into Silk Road as an administrator and using his Dread Pirate Roberts alias to unknowingly communicate with an undercover FBI agent. Agents found that Ulbricht’s laptop had tens of millions of dollars of bitcoin on it, with millions more stored on USB drives found in his apartment.

The computer also contained Ulbricht’s private journal, which contained damning evidence against him. Within hours of his arrest, Silk Road’s domain had been seized, the market was shut down and Ross Ulbricht’s grand plans to make the world a better place were in disarray.

Silk Road 3.jpg

Aftermath – Silk Road

As part of their investigation into Silk Road, the FBI had caught up with several other Silk Road users and administrators while hunting for Dread Pirate Robert. Prosecutors alleged that Ulbricht paid $730,000 to others to commit the murders, although none of the murders occurred.

The FBI initially seized 26,000 bitcoins from accounts on Silk Road, worth approximately $3.6 million at the time. An FBI spokesperson said that the agency would hold the bitcoins until Ulbricht’s trial finished, after which the bitcoins would be liquidated.

In October 2013, the FBI reported that it had seized 144,000 bitcoins, worth $28.5 million and that the bitcoins belonged to Ulbricht.

The complaint published when Ulbricht was arrested included information the FBI gained from a system image of the Silk Road server collected on 23 July 2013. It noted that “From February 6, 2011, to July 23, 2013, there were approximately 1,229,465 transactions completed on the site. The total revenue generated from these sales was 9,519,664 Bitcoins, and the total commissions collected by Silk Road from the sales amounted to 614,305 Bitcoins. These figures are equivalent to roughly $1.2 billion in revenue and $79.8 million in commissions, at current Bitcoin exchange rates…”, according to the September 2013 complaint, and involved 146,946 buyers and 3,877 vendors.

On 27 June 2014, the U.S. Marshals Service sold 29,657 bitcoins in 10 blocks in an online auction, estimated to be worth $18 million at contemporary rates and only about a quarter of the seized bitcoins. Another 144,342 bitcoins were kept which had been found on Ulbricht’s computer, roughly $87 million.

Trial

Ulbricht’s trial began on 13 January 2015 in federal court in Manhattan. At the start of the trial, Ulbricht admitted to founding the Silk Road website but claimed to have transferred control of the site to other people soon after he founded it.

In the second week of the trial, prosecutors presented documents and chat logs from Ulbricht’s computer that, they said, demonstrated how Ulbricht had administered the site for many months, which contradicted the defense’s claim that Ulbricht had relinquished control of Silk Road. Ulbricht’s attorney suggested that the documents and chat logs were planted there by way of BitTorrent, which was running on Ulbricht’s computer at the time of his arrest.

On 4 February 2015, the jury convicted Ulbricht of seven charges, including charges of engaging in a continuing criminal enterprise, narcotics trafficking, money laundering, and computer hacking. He faced 30 years to life in prison.

The government also accused Ulbricht of paying for the murders of at least five people, but there is no evidence that the murders were carried out, and the accusations never became formal charges against Ulbricht.

During the trial, Judge Forrest received death threats. Users of an underground site called The Hidden Wiki posted her personal information there, including her address and Social Security number. Ulbricht’s lawyer Joshua Dratel said that he and his client “obviously, and as strongly as possible, condemn” the anonymous postings against the judge.

 

In a letter to Judge Forrest before his sentencing, Ulbricht stated that his actions through Silk Road were committed through libertarian idealism and that “Silk Road was supposed to be about giving people the freedom to make their own choices” and admitted that he made a “terrible mistake” that “ruined his life”.

On 29 May 2015, Ulbricht was given five sentences to be served concurrently, including two for life imprisonment without the possibility of parole. He was also ordered to forfeit $183 million. Ulbricht’s lawyer Joshua Dratel said that he would appeal the sentencing and the original guilty verdict.

On 31 May 2017, the United States Court of Appeals for the Second Circuit denied Ulbricht’s appeal and affirmed the judgment of conviction and life sentence.

Ulbricht’s family continues to campaign to “free Ross Ulbricht from a barbaric, double life sentence for all non-violent charges”, with a website in place to accept donations towards lawyer fees.

 [Source: This article was published in darkweb.wiki - Uploaded by the Association Member: Anthony Frank]

Categorized in Search Engine

“Kilos." A new dark web search engine that has quickly become the “Google” for cybercriminal marketplaces, forums and illicit products. Why is this new cybercriminal engine quickly becoming popular and what are the threats that security researchers and operations team face with Kilos? 

After the recent indictment of Larry Harmon, alleged operator of the Bitcoin tumbling service Helix and darknet search engine Grams, Digital Shadows decided to profile Kilos. According to the firm, in November 2019, "Kilos" emerged from the cybercriminal underground and has become one of the most sophisticated dark web search engines to date, having indexed more platforms and added more search functionalities than other search engines while introducing updates, new features, and services that ensure more security and anonymity for its users. Kilos also maintains a stronger human element not previously seen on other prominent dark web-based search engines, says a new Digital Shadows blog

"Kilos possibly evolved from the well-known dark web search engine “Grams”, which ceased operations in 2017. Both Grams and Kilos are dark web search engines that clearly imitate the well-known design and functionalities of the Google search engine and, in a clever play on words, both follow a naming convention inspired by units of measure," writes the firm. 

 

Grams was launched in early April 2014 and back in the day, says Digital Shadows, "Grams was a revolutionary tool that allowed users to explore the darker corners of the Internet with relative ease. However, its index was somewhat limited. According to its administrator—whom Wired interviewed anonymously in April 2014—the team behind Grams did not “have the capabilities yet to spider all of the darknet” and had instead resolved to work on “making an automated site submitter for people to submit their sites and get listed” on the search engine."

Now, Kilos enters the cybercriminal sphere. "Though it can’t be conclusively confirmed whether Kilos has pivoted directly from Grams or whether the same administrator is behind both projects, the initial similarities are uncanny. The same popular search engine-like aesthetics have been applied and the naming convention has remained," says the blog. 

Why is Kilos more threatening than Grams? It is allowing users to perform even more specific searches from a larger index than Grams did, enabling users to search across six of the top dark web marketplaces for vendors, listings and reviews. These marketplaces include CannaHome, Cannazon, Cryptonia, Empire, Samsara and Versus.

 According to Digital Shadows, Kilos has already indexed the following from a total of seven marketplaces and six forums:

  • 553,994 forum posts
  • 68,860 listings
  • 2,844 vendors
  • 248,159 reviews

Since the site's creation in November 2019, the Digital Shadows team writes that the unprecendented amount of dark web content found in Kilos appears to increase by the day, providing invaluable insight into the contents, products, and vendors of current prominent cybercriminal markets and forums - thus adding "a human element to the site not previously seen on dark web-based search engines, by allowing direct communication between the administrator and the users, and also between the users themselves," claims the blog. 

New updates to the site include:

  1. A new type of CAPTCHA that prompts users to rank randomized product and vendor feedback by their level of positive or negative sentiment for added security. 
  2. A new Bitcoin mixer service called “Krumble”, which is now available in Beta mode, to ensure user anonymity compared with other Bitcoin mixers.
  3. Added features that allow for more direct communication, both between the users themselves and between users and the administrator. 
  4. A live chat function to allow users to discuss a variety of topics with each other. 

Digital Shadows warns that Kilos’ growing index, new features and additional services combined could allow Kilos to continue to grow and position itself as a natural first stop for an increasingly large user base - further increasing the amount of data readily available for threat actors and security researchers alike.

Harrison Van Riper, Threat Research, Team Lead at Digital Shadows, tells Security Magazine that, "Dark web search engines bring more visibility to criminal platforms which, in turn, direct more traffic and lead to more sales from marketplaces or forums, which could increase the risk to organizations. Criminals looking to find sensitive documents or credentials for sale on the dark web can use Kilos to search across different marketplaces to find their goods, increasing the likelihood of account takeovers or the impact of a data leakage, for example."

Van Riper notes that search engines have "transformed the way everyday people use the internet when they were introduced, giving users freedom to search for the exact information they were looking for. That same innovation translates to cybercriminals as well, a topic Digital Shadows heavily covered in our blog detailing the similarities between the real world and cybercriminal underground https://www.digitalshadows.com/blog-and-research/how-the-cybercriminal-underground-mirrors-the-real-world.  These sites were made intentionally difficult to find unless you already had an idea of where you were going to begin with, however, a search engine with the ability to look across multiple sources could give more malicious actors opportunity to conduct more attacks," he says. 

 

[Source: This article was published in securitymagazine.com - Uploaded by the Association Member: Jennifer Levin]

Categorized in Search Engine
Page 1 of 11

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media