Category Archives: dark web

How to Get on the Dark Web: A Step-by-Step Guide

Dark web, deep web, clear web – just words or more? Well, in seeing just how many of you are interested in hearing all about the dark wonders of the internet, I’ve decided to make this small dark web guide. So, if you want to learn all about Tor Onion, Silk Road, secret, hush-hush Governmental ops, and how to get on the dark web, of course, you came to the right place. Welcome to the shadows, my friends! I will be your guide.

WTH is the dark web anyway?

Now, before we dig into it, we’ll need to stage a little show-and-tell about the differences between the deep web, dark web, and clear net. I’ll start with the later because writer’s privilege. So, the clear web is the very first and very visible layer of the Internet. Basically, it’s what we see when we do a Google or Bing search for things like cat videos or popular YouTube songs.

From a technical standpoint, clear web defines the content that it’s indexed, crawled, and displayed by the various search engines. Unfortunately, the clear web accounts for approximately 4 percent of the Internet. So, if the clear web is only a very tiny portion of the Internet, what happened to the rest?

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

Deep web vs. dark web

Welcome to the deep web, the part of the Internet that’s not indexed by search engines. There’s nothing spooky about the deep web; it contains stuff like scientific white papers, medical records, tax-related info, PayPal subscriptions, army communique, and much more. Although the deep web’s hiding behind HTTPS forms, its contents can be accessed if you know what you’re looking for.

Most of the websites hosted on the dark web can be access on a credential basis. For instance, if your health provider has a website capable of displaying bloodwork tests online, that particular section will be hosted on the deep web – it will not be indexed by Google or Bing and can only be accessed via password.

Oh, nearly forgot to mention that the deep web accounts for about 90 percent of all Internet.

That’s about it about the clear web and the deep web.

Remember: Clear, Deep, and Dark.

What’s the dark web then? Well, if the clear web is Google’s BFF and the deep web, its secret lover, then the dark web can only be the evil twin or the oddball.

Accounting for 6 percent of the Internet, the dark web is a most peculiar blend – on the one hand, it’s a cesspool, a rendezvous place for drug dealers, black hat hackers, hitmen, and human traffickers. On the other hand, due to its covert nature (I’ll get to that in a sec), this Internet fold acts like a liaison between  political outcasts and people the free world. It’s also used by people who want to submit anonymous tips (whistleblowers).

The dark web is favored by both groups because of its ability to render anyone and anything invisible. Privacy and anonymity are what you might consider the core values of the darknet. There’s no such thing as a mother-server that hosts the entire dark web, but rather a swarm of servers and nodes that can only be accessed through onion-type links. So, what are those?

More on Tor Onions

Since everything’s decentralized on the dark web, there are no crawlers to bring together the information. Even the URLs, if we can call them that, are infinitely different from what we’re used to.

For instance, if you want to access a site like YouTube, all you need to do is to write the URL in the address bar (i.e. https://youtube.com) or search for the website using google.com. Now, on the dark web, you’ll have to know the URL right to the last decimal and character to access it. All dark web addresses contain seemingly random strings comprised of numbers and letters, followed by a .onion extension.

Again, we shouldn’t lose sight of the fact that the dark web’s the place where the bulk of criminal activities take place. Everything little sordid detail you heard over the news about the dark web is painfully true.

This is the place where hackers come to purchase data stolen from users or companies or offer their services in exchange for Bitcoins or other forms of cryptocurrency. More than that, if you dare to dig deep enough, you can uncover other hair-raising activities such as human trafficking, child pornography, torture, or murder on demand.

Charming little spot, isn’t it? Well, that’s where we’re heading. Now, before you can access the dark web, there a couple of things you must do, security-wise. Ready? Set? Go!

Preparing to set sail

Source: WikiHow

#1. Install a VPN

VPNs are a must when you’re attempting to access the dark web. Why? Because of the long arm of the law, of course. Technically, you are free to surf on this Internet layer, provided that you don’t engage in any illegal activities. However, a recent ruling by the US Supreme Court deemed that even casually browsing the darknet can get you in a lot of hot water.

This means that if the authorities would intercept your darknet connection request, they would have had enough reason to search your house and confiscate the machine used for browsing. So, do yourself a favor and download a VPN before messing about on the dark web. Need a hand picking one? Check out this article written by one of my colleagues to narrow down your search.

#2. Install an adequate browser

The first rule of the dark web – never, ever use your default browser to search for stuff on the darknet. Popular browsers like Chrome, Opera, or Firefox have tracking technologies that make you very visible on the authorities’ radar. So, if you’re still willing to do this, I would recommend you download Tor, which is, by far, the safest and easy-to-use onion browser.

Of course, there are others who would argue that Tor being made by the military for covert communication makes it unreliable, privacy-wise since it’s believed to be watched. I wouldn’t take that one for granted, but, then again, there’s no smoke without fire. It’s all up to you.

Of Tor, VPNs and other demons

Anyway, going back to Tor – why use this particular browser over a regular one? Well, that’s a rather long story, but worth telling nonetheless. As you know, a regular browser mediates between the user’s search request and the site about to be accessed. Normally, your query will go through the ISP’s DNS, which in turn consults other resources to help you get the answer you were looking for.

Now, with Tor, the search request kind of bounces around multiple Tor relays before completing your search request. You’re probably wondering about what the heck are Tor relays. Well, what we call the clear web is, in fact, a conglomerate of servers, which are managed either by companies or on volunteer-basis.

The same principle applies more or less to what we call the dark web. Since it’s the dark side of the Internet we’re dealing with here, secrecy and untraceability become inherent. Thus, the info’s stored on Tor relays which are managed by volunteers.

So, what happens when you want to access a dark web onion? First of all, if you followed my advice and installed a VPN, the tunneling signal will be encrypted. This means that your ISP won’t have a clue about what you’re about to search for. Sure, it can still see that you want to access a Tor node, but other than it’s blinder than a mole.

From there, it will be redirected to another node and then another one. Why does it do that? For anonymity reasons, of course; no breadcrumbs means that there’s no way for someone to trace the signal back to you.

VPN Only? Unlikely.

Congrats! You just took the first steps of your dark web journey. Still, there are a couple of more precautions you must take before you can pop open Pandora’s box of dark Internet wonders. Getting back to Tor and VPN.  There’s no broad consensus on dark web safety.

However, everyone tends to agree that using only Tor is not enough. The two of them (Tor and VPN) work in tandem and, as it happens, there are several ways of tunneling your way all the way through the dark web using this dynamic duo. Here’s what you need to know.

Method I – Tor over VPN

Sounds very techie, doesn’t it? Well, it’s really not that complicated – using the Tor over VPN method means connecting to a VPN service before using the Tor browser. Have to say that this is the most popular and safest method to access onion links, and, on my part, a marriage made in Heaven: Tor’s an excellent ‘anonymizer’, while VPN safeguards your privacy.

When using this method, Tor will encrypt your request, which will pass through your ISP unhindered. From there, it will go through a VPN server which conceals your IP and wipes geo-locations tags and other elements your Government or ISP might use to track the request.

Next step – your request will be transferred to Tor entry nod which in turn transfers to one or more Tor relays. From there, it gets slingshot to several Tor exit nodes. Afterwards,  your request will be matched with the appropriate website. Tricky, but effective; that’s why it’s, by far, the best method to access dark web content.

Source: NordVPN

Pros of using Tor over VPN:
  • Session logs are not stored (metadata, IP address).
  • Traffic’s completely encrypted.
Con(s):
  • Doesn’t offer protection against malicious Tor exit nodes.

Method II – VPN over Tor

Not very safe, but it’s still useable. Recall how Tor oven VPN works? Well, VPN over Tor is basically its opposite – instead of going through the VPN first, the signal passes through the Tor network, before going through the VPN. Why is this method so unpopular? Because it’s not as safe as Tor over VPN.

If the signal goes through the Tor network first, your ISP will be able to see that you are attempting to connect to a Tor node. Though no one should bat an eye just because you’re attempting to access the dark web, keep in mind that in some countries, like the United States, even a simple foray can get you in trouble.

Pro(s) of using VPN over Tor:
  • Great if you trust your ISP, but not the VPN provider.
  • Can bypass blocked Tor nodes.
Con(s):
  • ISP can see you trying to access onion content.
  • Susceptible to end-to-end timing attacks.

Now, if you want to see what lurks in the dark corners of the Internet but don’t really trust Tor, there are alternatives. Here is a couple of them:

  1. I2P – great privacy protection and can access hidden onion links.
  2. Matrix.org – an open-source project just like Tor. Great for IoT data transfers, chats, and WebRTC signaling.
  3. Orbot – basically a Tor for Android.
  4. Globus Secure Browser – paid Tor alternative. VPN-powered. Allows the users to select preferred geolocation. If you want to take it for a spin, Globus features a five-day trial period.
  5. Comodo Ice Dragon – Firefox offspin. Employs multiple malware safeguards. Open-source project.
  6. FreeNet – open-source project. Sports the Darknet and OpenNet anonymous browsing technologies.

#3. Install a VM or disposable OS

I strongly recommend surfing on the dark web using virtual machine software instead of your locally installed Windows. Why? Because it’s easier to contain malware in a virtual environment, which can be fully controlled.

It’s like in those movies where the doctors are experimenting on deadly viral strains from behind the safety of a glass enclosure. And, as it happens, there are plenty of VMs to choose from:  Oracle VM Virtualbox, VMware Fusion and Workstations, QEMU, Red Hat Virtualization, Microsoft Hyper-V, Citrix XenServer, and Xen Project, just to name a few.

Now, if you really want to take the physical storage devices out of the equation, you can use what I like to call a disposable operating system – easy to deploy and to get rid of if you by chance you run into any trouble. All you’ll need is an 8GB thumb drive, an installation package, and a couple of minutes to get things up and running.

Let’s dig in.

How to install Tails OS

Source: TechSpot

Step 1. Get yourself a thumb drive; 8GB will do, but you can buy one with more space if you plan on using it for anything else. Nothing will happen to the stick (probably).

Step 2. Hop on the web and download the installation package for Tails OS.

Note: Tails is a Linux-based live operating system which can be booted from a USB stick or DVD. I recommend using a stick since DVDs have a read-only function after you’re done burning well and accessing the dark web required a bit of writing.

Chill, because nobody will ever find a record of you ever fiddling around the darknet. Note that Tails’ installation package is the .img format, which means that you’ll need software capable of burning images on your thumb drive.

My recommendation is Universal USB Installer, which is very intuitive. You can also go along with Rufus. The choice is yours. For this tutorial, I’ve used Universal.

Step 3. Insert the stick and do a quick format. Be sure to use FAT32 to root out any compatibility issues. Shouldn’t take longer than a few seconds.

Step 4. Download and install Universal USB Installer or Rufus.

Step 5. Fire up Universal USB or Rufus.

Step 6. Under “Step 1: Select a Linux Distribution from the dropdown to put on your USB” select Tails.

Step 7. Under “Step 2: Select your ubuntu*desktop*.iso”, click on the browse button and select the downloaded Tails .img file.

Step 8. Under “Step 3: Select your USB Flash Drive Letter Only”, use the dropdown box to select your thumb drive’s letter. If it doesn’t show up, check the “now showing all drives” option.

Step 9. Review the info and hit Create when you’re done.

Note that the process can take anywhere from 5 to 30 minutes depending on your machine. Sit back, relax, and wait until the installation’s done. When you’re ready, hit the Close button and you’re all set.

Now what? Well, now it’s time to fire up Tails and do a little bit of tinkering.

How to boot from USB and configure Tails

Bogged about your first boot? No worries. It always hurts the first time. Just follow these steps.

  1. Keep the thumb drive in the USB.
  2. Restart your computer.
  3. After the splash screen appears, press the appropriate Boot Menu key. If you’re tired of randomly pressing keys each time you perform this action, check out this article on hotkeys for the boot menu.
  4. Use your keyboard to select the corresponding drive letter. When you’re done, hit Enter.
  5. Wait for Tails OS to boot. Since this is the first time, it may take a while. Just be patient.
  6. Configure Tails and deploy Tor + VPN. Yes, the latest version of The Onion Router has an in-built VPN.
  7. Get ready to discover the dark and sometimes creepy wonders of the dark web.

So how do you get on the dark web?

All done installing and configuring Tor? Great! Fire it up and let’s surf. At first glance, Tor doesn’t look that different from your regular browser – it has a search bar, lots of quick-launch icons, the peeled onion icon smack in the middle of the screen. So, now what? Well, let’s start small.

Although content on the dark web is not as ‘indexed’ compared to the one on the clear web, you can still use search engines to find stuff. The Hidden Wiki and Grams are the heavyweights here.

Yay, now I found everything my heart longs for. Not quite: since the dark web relies on privacy and anonymity, search engines like the Wiki and Grams frequently return false results. No matter – good or not, the Hidden Wiki is a great place to start exploring.

The Hidden Wiki & Co.

Think of the Hidden Wiki as Wikipedia’s evil twin – looks more or less the same, but contains links to various dark web categories: editor’s picks, volunteer, introduction points, financial services, commercial services, email\messaging, drugs (yes, it’s the real deal), blogs & essays, hosting providers, hacking services, darknet radio (nothing shady about that; just some weird electronic tunes and, occasionally, a bit of jazz), literature (mostly resources on hacking, both ethical and black hat).

You can also find quick links here to the stuff that makes the dark web pitch-black dark: contract killers, rape, torture, or murder on demand, child pornography.

Fortunately, in Hidden Wiki, every website is followed by a brief description so that the user knows what to expect (or not). My advice to you would be to stick with the editor’s pick. You can also take a look at the blogs & essays section if you want to find some nifty coding resources.

If you’re feeling chatty, you can always access a chat room. Services like Random Chat connects you with random people using the same service. What happens after that, it’s all to you.

You should stay away from everything labeled “porn”, “card skimming services”, “PayPal hacks”, “firearms”, “real fake IDs and passports”. Believe me – there plenty to go around and each and every one of them are being kept under surveillance, not to mention the fact that you’ll get exposed to some stuff that will definitely make you take several cold showers.

Hidden Wiki’s not the only search engine online. Here are a couple of alternatives in case you get bored with Wiki.

  • DuckDuckGo – also available on the clear web. The best thing about DuckDuckGo is that it doesn’t track your searches. One can say that it’s the Google of the dark web.
  • Torch – considered the first dark web search engine, Torch boasts a database of several million onions links. Works just like Yelp. It even comes with recommendations, although most of them append websites like the infamous Silk Road.
  • WWW Virtual Library – if Torch and Hidden Wiki are old, the triple-W Virtual Library is Cthulhu-old; as in the elder god of search engines. What’s even better is the fact the WWW Virtual Library contains info dating back to the beginning of the Internet: logs, documents, pictures, and everything in between.

Fun fact: The Virtual Library was founded and, for a very long time, curated by none other than Tim Berners-Lee, the George Washington of the Internet. So, if you’re looking for obscure Internet facts, very old documents, Berners-Lee’s brainchild is the way to go.

  • Uncensored Hidden Wiki – think regular Hidden Wiki is bad? Wait till you see the uncensored version. As the name suggests, it emphasizes very illegal activities like human trafficking, drugs, pornography went wrong, and other things that fester in the dark corners of the human mind.
  • ParaZite – do you know the “want to get Lucky?” button in Google’s search engine? The one that takes you on a random clear web site? Well, ParaZite does the same thing. Sure, you can use it like any run-of-the-mill search engine, but if you’re feeling curious, you can also try the “feeling (un)lucky” feature. Proceed with caution and prepare to eject and torch the thumb drive.

Commercial Services

Believe it or not, the dark web even has online shops. And no, they don’t all sell drugs or firearms. Some of them are, reportedly, legit and have great bargains. For instance, if you want to buy a laptop or a smartphone, you can try your luck in one of these shops. Of course, all transactions are anonymous and Bitcoin-driven. Sure, you can use other cryptocurrencies if Bitcoin’s not your cup of tea.

The major issue with these websites is that a whopping 50 percent are fake, and there’s no way of telling for sure if they’ll deliver or not. By the way, most have shipping services.

Of course, you can’t use your home address for dark web drop-offs, but apparently, they can ship all over the world, minus some Middle Eastern countries and North Korea. To tell you the truth, I was tempted into purchasing a Samsung Galaxy S10 Plus; it was only 250 bucks. My advice: look, but don’t touch (buy).

Here are a couple of commercial services you can check out while you’re browsing the dark web:

  • CStore – any kind of electronics. You can make the purchases in cryptocurrency or gift cards. They even accept full escrow.
  • Apple Palace – everything Apple: laptops, desktops, phones, and accessories. All at ludicrously low prices.
  • EuroGuns – the name says it all: guns sold on the European market. The website even boasts that it’s the number one European arms dealer.
  • Kamagra for Bitcoins – if your boomstick ain’t working no more, you can try Kamagra, which is the dark web and cheap version of Viagra.
  • Gold & Diamonds – site offers ‘real’ diamonds and gold. (Un)fortunately, it only ships to Germany and the United States.
  • PirateSec – legit hackers, at your service!
  • Fake Passports – I think it’s self-explanatory.
  • SOL’s United States Citizenship – sells American citizenships; go figure.
  • Digital Gangster – the most gangsta way to hack someone’s computer. Apparently, these are Ronin hackers who can be hired for exploits, web hacking, password retrieval, and all-purpose espionage.
  • Onion Identity Services – summer discounts for IDs and passports. Bitcoins only.

Email clients

Always remember that the dark web is a people-centric community. So, it’s only natural to find ways to keep in touch with your darknet buddies and\or customers. There are several email and IM services which you can use, and it’s highly recommended to pick one if you want to step up your dark web game.

In terms of functionality, I don’t think there are too many differences between regular IMAP, POP3, and SMT services and the stuff you can use to communicate on the dark web. Let’s start with the email clients.

  • secMail – full-fledged email service. Pretty simplistic in design: you can compose, send, and receive emails. All the great things about an email client, minus the tracking, eavesdropping, and other privacy issues.
  • Lelantos- pay-to-use email service. Great security and privacy features, but it has one of the most unreliable and sidetrackable registration forms. Proceed at your own risk.
  • Bitmail.la – another pay-to-use email client. Has many features like IMAP, SMTP, and POP3 support, and a 500MB mailbox. Apparently, a lifetime membership costs $0.60.
  • Mail2Tor- a free email service which, reportedly, works on both dark and clear web.
  • Guerilla Mail – creates a disposable email address.
  • AnonInbox – pay-to-use email client. Supports IMAP, SMTP, and POP3; charges around 0.1 BTC per year.
  • Protonmail – has both paid and free subscriptions. Boasts the browser-encrypted email technology.

Chat\Social Media

Right. Let’s now talk about social media and instant messaging. Believe it or not, Zuckerberg’s Facebook has a darknet version. It’s mostly used for covert communication, anonymous tips submission, and stuff like that.

Sure, it’s not as secure as the clear web version, but it’s there and totally legal to use. Hidden Facebook is hardly the only social media client on the dark web. Check out the list below for the ‘hottest’ dark web clients.

  • BlackBook – works pretty much the same way as Facebook: you can chat, send pictures and friend requests, post status updates, and join groups. Though competing head-to-head with Facebook Onion, BlackBook’s prone to hacking. Reportedly, the client was disabled at least a couple of times in 2018.
  • Torbook – very similar to BlackBook. Some claim that both of them rose at around the same time, despite the creators not knowing each other.
  • The Campfire – gather around the campfire, folks to hear the tale of tales. The name’s rather suggestive – a big chatroom; everybody can join, and the topics can be anything from the latest trends in the music industry to how you can hide a human body.
  • Lucky Eddie’s Home – scripted chat room that sports one of the most efficient file-uploading system on the dark web. Just like any IM app, you can send or receive messages, join or create groups, and send files.
  • MadIRC Chat Server – if you’re over 30, you certainly remember the mIRC era. Surprisingly enough, IRC off-spins are still being used today, mostly for covert conversations or intranet communication. MadIRC Chat works just like a regular IRC – no or subscription required. Just pick a username and join in on the fun. I know sharing is caring, but in this case, I would advise you not to share any personal details because you may never know who’s on the other side of the line.
  • Chat with strangers – think Omegle, but on the dark web. Just fire up the client, connect to a chat room, and that’s it. You can’t send or receive files. Still, if you’re lucky, perhaps you can partake in a scintillating conversation.

Journalism and advocacy groups

As I’ve mentioned, the dark web isn’t just a place of eternal torment, teeming with drug dealers, human traffickers, and a hitman. It’s also used by journalists, advocacy group members, and political refugees in hiding. Reuters, Fox, NBC, CNN – all of them keep open dark web channels to receive anonymous tips from whistleblowers.

Advocacy groups are also reaping the advantages of the darknet because, here, the term of censorship is as popular as HTTPS. And finally, we have political outcasts, refugees, and people who want to get in touch with the outside world, being from a totalitarian country that suppresses all means of communication and information.

Of course, there are your run-of-the-mill congregations, which will worship anything from Lucifer to the flying spaghetti monster.

If you’re interested in subversive journalist, here are a couple of sites you can try visiting:

  • Soylent News – a trans spectrum darknet news aggregator. Features webmaster-moderated forums on which you can submit comments. You can also get involved by either submitting tips or writing news.
  • ProPublica – historically, ProPublica’s the first major news outlet to feature well, a darknet outlet. With an activity spanning almost four years, ProPublica managed to expose power abuses and blow the lid on covert activities conducted by governmental institutions. Although quite young compared to other darknet news outlets, ProPublica’s work was rewarded with five Pulitzer Prizes for Feature Writing, the last one being awarded to Hannah Dreier, the investigative journalist who covered the gangs of Los Angeles.

More on how to stay safe on the dark web

Already went through VPNs, anonymizing web browsers, and disposable operating systems, so I won’t bother reminding you about those. Here some other things you can try to bolster your security.

1. Minimize or rescale your Tor browsing window

Sounds rather off, doesn’t it? Well, there’s a reason why it’s recommended to browse with a minimized or rescaled window – you can be tracked based on your active window’s dimensions (yeah, they really can do that). So, do yourself a favor and rescale that Tor window as much as you can before proceeding.

2. Tweak the security settings

Tor has an in-build slider which lets you adjust the level of security. Just click on the onion icon and choose Security Settings. Adjust the slider until the cursor points to safest. This means that the JavaScript will be disabled by default on every website and some symbols and images will not be displayed.

3. Never use your credit and debit card for purchases

I’ll go farther than that and say stay away from darknet shops. Maybe some of them are legit, but are you really willing to take that chance? Still, if you’re really itching to purchase a new phone or God knows whatever, I would advise you to stick with Bitcoins or your favorite crypto coin. Using credit or debit cards for this sort of things is like painting a big bullseye on your bank account while yelling: “come here and take my money.”

4. Close Tails after finishing your session

When you’re done surfing or shopping on the dark web, don’t forget to shut down Tails. The major advantage of using a live OS such as Tails is that, on shut down, the OS wipes itself from the thumb drive you’ve installed it. That’s why it’s never a good idea to burn Tails on DVD.

5. Don’t stick your nose where it doesn’t belong

Great life advice, but it’s even more valuable where the darknet is concerned. Keep in mind that many criminal organizations are using the dark web to communicate or sell merchandise. Some of these channels are under watch. You may very well end up in the middle of a stakeout that could turn ugly. So, if the website looks fishy, close the tab, and forget about it.

Wrap-up

This is where I get off – been a long journey and I hope I’ve managed to at least change your perspective on the dark web. So, to wrap it up nice and tight, remember to take all the necessary precautions, refrain from using your debit or credit card, stay away from dubious groups, and have fun while you’re at it. As always, for comments, rants, ad-libs, or beer donations, shoot me a comment. Cheers!

The post How to Get on the Dark Web: A Step-by-Step Guide appeared first on Heimdal Security Blog.

A Team Of Law Enforcers Took Down Major Illegal Merchandise Site

A team of law enforcers from Romania, Netherlands, the United States, Germany, and Europol have taken down the servers linked to Wall Street Market (WSM), a Dark Web website specifically designed for transacting weapons, stolen passwords, drugs, and other illegal substances. This comes right after an alleged theft done by Wall Street Market admins which cost their customers to loss over $14.2 million in Bitcoins and other cryptocurrencies. One of the vocal site admins under the account named Med3l1n blackmailed some users of the site that they need to pay $280 worth of Bitcoins, if not the said admin will disclose illegal transactions to authorities upon discovery that the affected users made a support request unencrypted.

“One of Europol’s initiatives is to create a coordinated law enforcement approach to tackle crime on the dark web with the participation of law enforcement agencies from across EU Member States, operational third parties and other relevant partners, such as Eurojust. To achieve this goal, Europol has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy. The team also aims to enhance joint technical and investigative actions, organise training and capacity-building initiatives, together with prevention and awareness-raising campaigns – a 360° strategy against criminality on the dark web,” said the Europol’s Press Release.

Med3l1n then proceeded with disclosing the IP addresses and username/passwords (including his) of users connected with Dread, an affiliate community site used for communication between dark web netizens. At that moment the real world location of the servers which host WSM was exposed publicly, all types of users with varying goals were able to extract as much information from the site. This “data breach” escalated to a point that WSM users lost contents of their cryptocurrency wallet.

“Of much greater concern to users: The same mod has posted his login credentials to Dread. This gives anyone the ability to sign in to WSM as the mod and access all information pertaining to users and their orders that isn’t encrypted. He also gave the server IP address up,” explained Patrick Shortis, a security researcher.

The law enforcement agencies began their operation since April 30, 2019, and complete shutdown of the site occurred May 2, 2019. The exact URL of WSM was wallstyizjhkrvmj.onion in the Dark Web, which can only be reached through the use of dark web navigation web browser like TOR browser (The Onion Router). Aside from the takedown, the German police members of the team claimed that they were able to place three persons of interest under arrest and confiscated €550,000 in-cash. Apparently, they were drug traffickers who were using WSM to sell their “products”. Aside from that, a similar site named Silkkietie was also taken down, the dark web site was operating for at least 6 years.

“These two investigations show the importance of law enforcement cooperation at an international level and demonstrate that illegal activity on the dark web is not as anonymous as criminals may think,” emphasized Catherine De Bolle, Europol Executive Director.

The post A Team Of Law Enforcers Took Down Major Illegal Merchandise Site appeared first on .

Feds Bust Up Dark Web Hub Wall Street Market

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — in exchange for not publishing details of the transactions.

The now-defunct Wall Street Market (WSM). Image: Dark Web Reviews.

A complaint filed Wednesday in Los Angeles alleges that the three defendants, who currently are in custody in Germany, were the administrators of WSM, a sophisticated online marketplace available in six languages that allowed approximately 5,400 vendors to sell illegal goods to about 1.15 million customers around the world.

“Like other dark web marketplaces previously shut down by authorities – Silk Road and AlphaBay, for example – WSM functioned like a conventional e-commerce website, but it was a hidden service located beyond the reach of traditional internet browsers, accessible only through the use of networks designed to conceal user identities, such as the Tor network,” reads a Justice Department release issued Friday morning.

The complaint alleges that for nearly three years, WSM was operated on the dark web by three men who engineered an “exit scam” last month, absconding with all of the virtual currency held in marketplace escrow and user accounts. Prosecutors say they believe approximately $11 million worth of virtual currencies was then diverted into the three men’s own accounts.

The defendants charged in the United States and arrested Germany on April 23 and 24 include 23-year-old resident of Kleve, Germany; a 31-year-old resident of Wurzburg, Germany; and a 29-year-old resident of Stuttgart, Germany. The complaint charges the men with two felony counts – conspiracy to launder monetary instruments, and distribution and conspiracy to distribute controlled substances. These three defendants also face charges in Germany.

Signs of the dark market seizure first appeared Thursday when WSM’s site was replaced by a banner saying it had been seized by the German Federal Criminal Police Office (BKA).

The seizure message that replaced the homepage of the Wall Street Market on on May 2.

Writing for ZDNet’s Zero Day blog, Catalin Cimpanu noted that “in this midst of all of this, one of the site’s moderators –named Med3l1n— began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.

In a direct message sent to my Twitter account this morning, a Twitter user named @FerucciFrances who claimed to be part of the exit scam demanded 0.05 bitcoin (~$286) to keep quiet about a transaction or transactions allegedly made in my name on the dark web market.

“Make it public and things gonna be worse,” the message warned. “Investigations goes further once the whole site was crawled and saved and if you pay, include the order id on the dispute message so you can be removed. You know what I am talking about krebs.”

A direct message from someone trying to extort money from me.

I did have at least one user account on WSM, although I don’t recall ever communicating on the forum with any other users, and I certainly never purchased or sold anything there. Like most other accounts on dark web shops and forums, it was created merely for lurking. I asked @FerucciFrances to supply more evidence of my alleged wrongdoing, but he has not yet responded.

The Justice Department said the MED3LIN moniker belongs to a fourth defendant linked to Wall Street Market — Marcos Paulo De Oliveira-Annibale, 29, of Sao Paulo, Brazil — who was charged Thursday in a criminal complaint filed in the U.S. District Court in Sacramento, California.

Oliviera-Annibale also faces federal drug distribution and money laundering charges for allegedly acting as a moderator on WSM, who, according to the charges, mediated disputes between vendors and their customers, and acted as a public relations representative for WSM by promoting it on various sites.

Prosecutors say they connected MED3LIN to his offline identity thanks to photos and other clues he left behind online years ago, suggesting once again that many alleged cybercriminals are not terribly good at airgapping their online and offline selves.

“We are on the hunt for even the tiniest of breadcrumbs to identify criminals on the dark web,” said McGregor W. Scott, United States Attorney for the Eastern District of California. “The prosecution of these defendants shows that even the smallest mistake will allow us to figure out a cybercriminal’s true identity. As with defendant Marcos Annibale, forum posts and pictures of him online from years ago allowed us to connect the dots between him and his online persona ‘Med3l1n.’ No matter where they live, we will investigative and prosecute criminals who create, maintain, and promote dark web marketplaces to sell illegal drugs and other contraband.”

A copy of the Justice Department’s criminal complaint in the case is here (PDF).

Cyber Security Roundup for April 2019

The UK government controversially gave a green light to Huawei get involved with the building of the UK's 5G networks, although the Chinese tech giant role will be limited to non-sensitive areas of the network, such as providing antennas. This decision made by Theresa May came days after US intelligence announced Huawei was Chinese state funded, and amidst reports historical backdoors in Huawei products, stoking up the Huawei political and security row even further this month, and has resulted in the UK Defence Secretary, Gavin Williamson, being sacked. 
The National Cyber Security Centre (NCSC) launched a free online tool called "Exercise in a Box", designed by the UK cyber intelligence boffins to help organisations prepare in managing major cyber attacks.  The premise, is the tool will help UK organisations avoid scenarios such as the 2017’s Wannacry attacks, which devastated NHS IT systems and placed patient lives at risk.
 
German drug manufacturing giant, Beyer, found a malware infection, said to originate from a Chinese group called "Wicked Panda".  The malware in question was WINNIT, which is known in the security industry and allows remote access into networks, allowing hackers to deliver further malware and to conduct exploits. In my view, the presence of WINNIT is a sure sign a covert and sustained campaign by a sophisticated threat actor, likely focused on espionage given the company's sector.  Beyer stressed there was no evidence of data theft, but were are still investigating. 
 
Another manufacturing giant severely hit by a cyber attack this month was Aebi Schmidt. A ransomware outbreak impacted its business' operations globally, with most of the damage occurring at their European base. The ransomware wasn't named, but it left multiple Windows systems, on their presumably flat network infrastructure, paralyzed.
 
Facebook may have announced the dawn of their "privacy evolution" at the end of April, but their privacy woes still continue, after Upguard researchers found and reported 540 Million Facebook member records on an unsecured AWS S3 bucket. The "Cultura Colectiva" dataset contained 146GB of data with 540 million records showing comments, likes, reactions, account names, Facebook IDs and more. Looks like Facebook really have their work cut in restoring their consumer's faith in protecting their privacy.
 
UK businesses saw a significant increase in cyber attacks in 2019 according to a report by insurer Hiscox, with 55% of respondents reporting they had faced a cyber attack in 2019, up from 40% from last year.
 
A survey by the NCSC concluded most UK users are still using weak passwords. Released just before CyberUK 2019 conference in Glasgow, which I was unable attend due work commitments, said the most common password on breached accounts was"123456", used by 23.2 million accounts worldwide. Next on the list was "123456789" and "qwerty", "password" and "1111111".  Liverpool was the most common Premier League Football team used as a password, with Blink 182 the most common music act. The NCSC also published a separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. So password still remains the biggest Achilles' heel with our security.

The UK hacktivist threat came back to the fore this month, after the Anonymous Group took revenge on the UK government for arresting WikiLeaks founder Julian Assange, by attacking Yorkshire Councils. I am not sure what Yorkshire link with Assange actually is, but the website for Barnsley Council was taken down by a DDoS attack, a tweet from the group CyberGhost404 linked to the crashed Barnsley Council website and said "Free Assange or chaos is coming for you!". A tweet from an account called 'Anonymous Espana' with an image, suggested they had access to Bedale Council's confidential files, and were threatening to leak them. 
 
Microsoft Outlook.com, Hotmail and MSN users are reported as having their accounts compromised. TechCrunch revealed the breach was caused due to the hackers getting hold of a customer support tech's login credentials. Over two million WiFi passwords were found exposed on an open database by the developer of WiFi Finder. The WiFi Finder App helps to find and log into hotspots.  Two in every three hotel websites leak guest booking details and personal data according to a report. Over 1,500 hotels in 54 countries failed to protect user information.
 
Finally, but not lest, a great report by Recorded Future on the raise of the dark web business of credential stuffing, titled "The Economy of Credential Stuffing Attacks". The report explains how low-level criminals use automated 'checkers' tools to validate compromised credentials, before selling them on.

I am aware of school children getting sucked into this illicit world, typically starts with them seeking to take over better online game accounts after their own account is compromised, they quickly end up with more money than they can spend. Aside from keeping an eye on what your children are up to online as a parent, it goes to underline the importance of using unique complex passwords with every web account (use a password manager or vault to help you - see password security section on the Security Expert website). And always use Multi-Factor Authentication where available, and if you suspect or have are informed your account 'may' have compromised, change your password straight away.

BLOG
 NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

INPIVX hidden service, a new way to organize ransomware attacks

A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel.

A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and build a management panel.

Operators behind the service offer for sale the source code for the ransomware and for the management dashboard. The availability of the source code allows crooks to customize their ransomware.

Watch out, Inpivx is not a RaaS and for this reason, it does not supply hosting services.

The ransomware is written in C++ and supports almost any Windows OS version, from Windows XP through Windows 10, while the dashboard is coded in PHP.

The package goes for $500, it also includes the decryption tool, operators also provide a detailed tutorial.

“If the client has no skill, we provide a tutorial based on our own ransomware dashboard each line of code has an explanation,” an Inpivx member told BleepingComputer.

The dashboard provides infection data in real time, it includes the total number of encrypted files, number of infections, the operating systems of the infected machines and their geographical distribution.

It also implements a chat that allows operators to communicate with the victims.

A specific clients section includes information on infected machines, such as the victim IDs, the operating system, the ransom price, the decryption key, and the payment status.

“Inpivx approach is highly likely to attract to the ransomware game individuals with expertise in other areas of the crime business.” wrote Ionut Ilascu from BleepingComputer. “With access to the source code, they can alter the original ransomware product and create new strains that could evolve to something new by combining code from other malware.”

Pierluigi Paganini

(SecurityAffairs – Tor, Inpivx)

The post INPIVX hidden service, a new way to organize ransomware attacks appeared first on Security Affairs.

How to Safeguard Your Family Against A Medical Data Breach

Medical Data BreachThe risk to your family’s healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed.

That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From there, depending on the security measures your physician, healthcare facility, or healthcare provider has put in place, your data is either safely stored or up for grabs.

It’s a double-edged sword: We all need healthcare but to access it we have to hand over our most sensitive data armed only with the hope that the people on the other side of the glass window will do their part to protect it.

Breaches on the Rise

Feeling a tad vulnerable? You aren’t alone. The stats on medical breaches don’t do much to assuage consumer fears.

A recent study in the Journal of the American Medical Association reveals that the number of annual health data breaches increased 70% over the past seven years, with 75% of the breached, lost, or stolen records being breached by a hacking or IT incident at a cost close to consumers at nearly $6 billion.

The IoT Factor

Medical Data Breach

Not only are medical facilities vulnerable to hackers, but with the growth of the Internet of Things (IoT) consumer products — which, in short, means everything is digitally connected to everything else — also provide entry points for hackers. Wireless devices at risk include insulin pumps and monitors, Fitbits, scales, thermometers, heart and blood pressure monitors.

To protect yourself when using these devices, experts recommend staying on top of device updates and inputting as little personal information as possible when launching and maintaining the app or device.

The Dark Web

The engine driving healthcare attacks of all kinds is the Dark Web where criminals can buy, sell, and trade stolen consumer data without detection. Healthcare data is precious because it often includes a much more complete picture of a person including social security number, credit card/banking information, birthdate, address, health care card information, and patient history.

With this kind of data, many corrupt acts are possible including identity theft, fraudulent medical claims, tax fraud, credit card fraud, and the list goes on. Complete medical profiles garner higher prices on the Dark Web.

Some of the most valuable data to criminals are children’s health information (stolen from pediatrician offices) since a child’s credit records are clean and more useful tools in credit card fraud.

According to Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research, predictions for 2019 include criminals working even more diligently in the Dark Web marketplace to devise and launch more significant threats.

“The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” Says Samani.

Medical Data Breach

Healthcare professionals, hospitals, and health insurance companies, while giving criminals an entry point, though responsible, aren’t the bad guys. They are being fined by the government for breaches and lack of proper security, and targeted and extorted by cyber crooks, while simultaneously focusing on patient care and outcomes. Another factor working against them is the lack of qualified cybersecurity professionals equipped to protect healthcare practices and facilities.

Protecting ourselves and our families in the face of this kind of threat can feel overwhelming and even futile. It’s not. Every layer of protection you build between you and a hacker, matters. There are some things you can do to strengthen your family’s healthcare data practices.

Ways to Safeguard Medical Data

Don’t be quick to share your SSN. Your family’s patient information needs to be treated like financial data because it has that same power. For that reason, don’t give away your Social Security Number — even if a medical provider asks for it. The American Medical Association (AMA) discourages medical professionals from collecting patient SSNs nowadays in light of all the security breaches.

Keep your healthcare card close. Treat your healthcare card like a banking card. Know where it is, only offer it to physicians when checking in for an appointment, and report it immediately if it’s missing.

Monitor statements. The Federal Trade Commission recommends consumers keep a close eye on medical bills. If someone has compromised your data, you will notice bogus charges right away. Pay close attention to your “explanation of benefits,” and immediately contact your healthcare provider if anything appears suspicious.

Ask about security. While it’s not likely you can change your healthcare provider’s security practices on the spot, the more consumers inquire about security standards, the more accountable healthcare providers are to following strong data protection practices.

Pay attention to apps, wearables. Understand how app owners are using your data. Where is the data stored? Who is it shared with? If the app seems sketchy on privacy, find a better one.

How to Protect IoT Devices

Medical Data Breach

According to the Federal Bureau of Investigation (FBI), IoT devices, while improving medical care and outcomes, have their own set of safety precautions consumers need to follow.

  • Change default usernames and passwords
  • Isolate IoT devices on their protected networks
  • Configure network firewalls to inhibit traffic from unauthorized IP addresses
  • Implement security recommendations from the device manufacturer and, if appropriate, turn off devices when not in use
  • Visit reputable websites that specialize in cybersecurity analysis when purchasing an IoT device
  • Ensure devices and their associated security patches are up-to-date
  • Apply cybersecurity best practices when connecting devices to a wireless network
  • Invest in a secure router with appropriate security and authentication practices

The post How to Safeguard Your Family Against A Medical Data Breach appeared first on McAfee Blogs.