Welcome to the Dark Web Digest for December 2023. This month, we are going to sее a concisе overview of the latest dеvеlopmеnts on thе dark side of thе internet. We bring some terrifying stories highlighting thе untiring threats posed by thе dark web from stolen university data appearing on illicit markets to thе exposure of a ransomware mastermind who shared too much.
In cybersecurity, partnerships bеtwееn Blackbird.AI and Dark Owl aim to combat narrative attacks, while thе NHRC chief calls for thе dеvеlopmеnt of digital forensic infrastructure to tackle dark web activities.
Legal actions include a life sеntеncе for an individual running dark web child exploitation sites and thе suspension of MyGov accounts linkеd to dark web fraud kits. A ‘wеll-dеsignеd scam’ targеting Booking.com customers underscores thе-evolving nature of dark web schemes, emphasizing thе ongoing nееd for vigilance.
There are not just these; this digest got more from above this. Stay tuned for some latest trends and news from the darkwеb novеrmеbr 2023 digest. Let us get started!
British Library hack: Customer data offered for sale on dark web
The first news is from the British Library. The British Library has confirmed that user data was hacked in a cyber-attack and offered for sale on the dark web. The attack on October 31 continues to affect the library’s website, online systems, and some onsite services. The ransomware group Rhys Ida, claims to be behind the attack and plans to auction off the stolen data.
The price for data, including passport scans, was set at 20 Bitcoin (£596,459). The library has warned users who use the same password elsewhere to change it as a precaution. The library will continue working with cybersecurity specialists to examine the material and advice users on practical steps.
The library has also confirmed that some employee data was leaked in the attack, but there was no evidence of compromised user data. The ransomware group shared an image on the dark web showing various documents, some of which appear to be HMRC employment contracts and passports. The cybercriminals announced an auction for “exclusive, unique and impressive data” that would end before 08:00 GMT on November 27.
Sensitive data stolen from Aegean University leaked to dark web
The University of the Aegean has published hundreds of files containing sensitive data stolen by the cybercriminal group Lockbit. The university’s electronic systems were targeted with Lockbit’s ransomware on March 2, and the attackers demanded payment or the release of the seized files. The University of the Aegean has informed the Data Protection Authority and is investigating the leaked files.
The files contain the personal data of university employees, process forms for tenders, building plans, internal university documents, and certificates of completion of studies. Lockbit infects an organization’s system with ransomware and coerces targets into paying, with a countdown displayed when the data will be released.
Blackbird.AI and DarkOwl Partner To Enable Organizations To Identify Plot Attacks Across The Dark Web
Blackbird.AI, a leader in AI-driven Narrative and Risk Intelligence, has partnered with DarkOwl, a leading provider of Darknet Data, to help organizations identify narrative attacks across the dark web. Darknet and messaging apps are complex, noisy, and opaque social platforms often used by bad actors to develop and deploy harmful narratives and cyber attacks.
Through this partnership, organizations gain valuable insights that have historically been difficult for cyber and communications professionals to see and protect themselves against. The Constellation Narrative Intelligence Platform is designed to detect narrative attacks and manipulation, including misinformation and disinformation.
DarkOwl offers the world’s largest commercially available database of information continuously collected from the darknet. It enables Blackbird.AI and its customers to turn this data into a powerful tool to identify narrative risks at scale and drive better decision-making. The darknet datasets are updated from thousands of sites across multiple darknets daily. They will be made available through Blackbird.AI’s Constellation Platform, allowing users to parse and analyze the data for specific narrative attack use cases.
Develop digital forensic infrastructure to deal with Dark Web: NHRC chief.
Justice Arun Kumar Mishra, chairperson of the National Human Rights Commission (NHRC), has expressed concern about the Dark Web and its potential threats to society. He emphasized the need for a digital forensic infrastructure to combat the Dark Web, which is 96% of cyberspace and is used for criminal purposes such as child exploitation, privacy destruction, modern slavery, trafficking, and ransom demands.
Mishra also emphasized the need to invest in a broad-based digital forensic infrastructure to combat cyberspace misuse and criminal commerce while ensuring the digital divide is nonexistent. He also insisted on the importance of violence-free elections and gender equality, stating that violence has no place in the democratic process.
Ransomware Mastermind Uncovered After Oversharing on Dark Web
Researchers were tasked with a ransomware-as-a-service (RaaS) operation by farnetwork, a cybercriminal known by various aliases. The Nokoyawa affiliate business’s affiliate was involved in the process, which involved at least five different ransomware strains. Farnetwork demonstrated its ability to execute privilege escalation, use ransomware to encrypt files and demand cash for an encryption key.
The Group-IB researcher learned that Farnetwork already had a foothold in various enterprise networks and needed someone to deploy the ransomware and collect money. The deal involved the Nokoyawa affiliate receiving 65% of the extortion money, the botnet owner receiving 20%, and the ransomware owner receiving 15%.
Farnetwork’s ransomware activities can be traced back to 2019, with details about past operations with Nefilim and Karma ransomware and payments as high as $1 million. The crook also mentioned past work with Hive and Nemty.
‘Scam-in-a-box’: MyGov suspends thousands of accounts linked to dark web fraud kits
Thousands of MyGov accounts are being suspended each month due to concerns that they have been breached via “scam-in-a-box” kits sold by criminals on the dark web. These products created fake websites and provided the specialist knowledge required to launch phishing attacks on Centrelink, the Australian Tax Office, and Medicare accounts. So far this year, more than 4,500 MyGov scams have been confirmed, with thousands of accounts suspended each month due to suspected fraud.
The government services minister, Bill Shorten, said Australians had already lost $3.1bn to scams this year, and authorities were taking the issue seriously. The problem with these hacks and the proliferation of phishing scams we now see is that increasing amounts of stolen identifying details end up on the dark web.
Scammers and hackers are targeting MyGov until the government overhauls its I.D. verification, which it is in the final stages of doing. The Albanese government is determined to disrupt malicious actors by bolstering online defences. It is working closely with Senator Katy Gallagher to establish a digital I.D. that will be a crucial line of defence against cybercrime when found. Last year, after the Optus breach, the government confirmed it was considering using myGov or its myGovID system to centralize digital identity authentication.
In August, the Australian Tax Office warned people against clicking on emails and text message scams directing people to fake MyGov websites. In 2019, Guardian Australia reported on dark vendors offering Medicare details for US$21 ($33) and other vendors charging up to US$340 for fake Medicare cards alongside other fake forms of identification, such as a New South Wales driver’s license.
Man Sentenced to Life in Prison for Running Four Dark Web Child Exploitation Websites
A Missouri man, Clint Robert Schram, has been sentenced to life in prison for running four websites dedicated to sharing images and videos of child sexual abuse. Schram, 55, of Kansas City, hosted, managed, and maintained these websites from his home, each operating over the dark web. Each website was devoted to advertising, distributing, and exchanging images and videos depicting the sexual abuse of children. Schram recruited, managed, and directed different tiers of staff members who helped run the websites.
On May 10, a federal jury convicted Schram of one count of engaging in a child exploitation enterprise and four counts each of advertisement of child pornography and conspiracy to advertise child pornography. The U.S. District Court for the Western District of Missouri has charged several defendants with Schram’s websites.
The FBI’s Child Exploitation Operational Unit and Kansas City Field Office investigated the case, with assistance provided by FBI field offices and resident agencies in Portland, Oregon; Chattanooga, Tennessee; Tulsa, Oklahoma; and Poulsbo, Washington; Homeland Security Investigations’ offices in Burlington, Vermont, and Boston; and the Criminal Division’s Child Exploitation and Obscenity Section’s (CEOS) High Technology Investigative Unit.
CEOS Trial Attorney Kyle P. Reynolds and Assistant U.S. Attorneys Alison D. Dunning and David Luna for the Western District of Missouri are prosecuting the cases, with valuable assistance from the U.S. Attorney’s Offices for the District of Oregon, District of Vermont, Northern District of Oklahoma, Western District of Washington, and Eastern District of Tennessee.
Project Safe Childhood, a nationwide initiative launched in May 2006 by the Justice Department, marshals federal, state, and local resources to better locate, apprehend, and prosecute individuals who exploit children via the internet, as well as to identify and rescue victims.
Booking.com customers warned of ‘well-designed scam’ putting details for sale on the dark web
Booking.com customers have been warned of a “well-designed scam” that has seen account details sold on the dark web. Cybersecurity firm Secureworks has found that criminals target the website’s partner hotels to steal user details and then send phishing emails to the customers, claiming their reservation will be cancelled if they do not provide payment information urgently. The tactic is seeing a “high success rate,” and Booking.com is aware of some of its partners having been affected in recent months.
The scam unfolds in two phases, starting with hotels targeted by scam emails. They often claim to be from a guest who has left valuable documents during their stay, who then sends a follow-up email directing the hotel to a Google Drive link purporting to show an image of the lost item. The link contains malware called Vidar Infostealer, allowing criminals to access the Booking.com account portal people use to make their reservations. From there, they can target the customers.
In one case involving a hotel in Scotland, a receptionist was duped by a scam caller who claimed to want to book a room for herself and her child with severe allergies. The attachment contained the malware. It gathered details of all the hotel’s Booking.com customers and sent them fraudulent emails saying they had 24 hours to pay.
Secureworks has found Booking.com credentials sold on dark web forums for up to $2,000 (£1,576). The company has recommended that hotels make staff aware and teach them how to identify such attacks, while customers should use multifactor authentication to protect their accounts. They should also question any emails or app messages requesting payment details and contact Booking.com or the hotel directly if they have concerns.
Booking.com has made significant investments to limit the impact of online fraud and has shared additional tips and updates with partners about protecting themselves and their businesses.
The doctor planned to have his girlfriend killed by hiring a hitman over the dark web, U.S. feds say
A Georgia doctor, Dr. James Wan, hired a hitman over the dark web and sent thousands of dollars in Bitcoin to have his girlfriend shot to death. In April 2022, Wan placed a murder-for-hire order through a “dark web marketplace” with instructions to kill his girlfriend. He instructed the hitman to “shoot and go” and sent a 50% down payment of about $8,000 (RM37,300) in Bitcoin to ensure the murder would be carried through.
Wan messaged the marketplace’s administrator two days after hiring a hitman to confirm his Bitcoin payment was received. After learning the amount wasn’t received, Wan sent another Bitcoin payment of about $8,000 (RM37,300) to ensure the hitman received the money. The marketplace administrator confirmed the second payment went through to Wan’s escrow account and asked if he wanted his girlfriend to die in an “accident or normal shooting”.
The FBI learned of Wan’s “cold-hearted” plot and extended protection to his girlfriend, whom agents informed of the hit Wan had put on her. On October 17, Wan pleaded guilty to one count of using a facility of interstate commerce in the commission of murder-for-hire.
Wan’s motives for wanting his girlfriend dead are unclear, as prosecutors did not specify possible reasons. He is scheduled to be sentenced in the case on January 18.
That is from last month’s dark web digest of December. Every month, we uncover something novel and intriguing on the dark web. We do our best to keep you updated on the latest events and trends in this mysterious space. Stay tuned for our next digest in January, where we will bring you even more dark web insights and stories!