This month’s August dark web digest will bring some exciting news. Google launched its first monitoring tool for the very first time in history. Other side research finds stolen data and also suggests how to stay strong against the dark web world and its attack. As we know, the dark web is a dangerous place; it is just like the internet we use on a daily basis but a place of illegal activities. From hacking to selling, there is everything that can be done on the dark web. Let’s explore this month’s digest and see what happened last and what might be happening in the future.
Google Rolls Out Free Dark Web Monitoring Tool for All Users
Google has announced that its Dark Web monitoring feature will be available to all Google account users for free, a significant change in a previously exclusive service for Google One’s premium users. The tool searches the dark web for users’ personal information, such as names, social security numbers, email addresses, and phone numbers, and advises them on how to protect their data. This move could help democratize cybersecurity and mitigate emerging threats of identity theft and personal data breaches.
The Dark Web monitoring tool scans various sites and forums on the dark web where stolen information is frequently traded. If a user’s data is found, Google will send an alert providing details about the data and recommendations for securing it. This seamless integration means users do not need to download additional software or manage multiple accounts to keep their information secure.
This initiative enhances individual user security and sets a new standard for tech companies in cybersecurity. By making advanced security tools accessible to a wider audience, Google is pushing the envelope in the fight against cybercrime. The move is likely to have ripple effects across the tech industry, encouraging other companies to enhance their security offerings.
Google’s expansion of free Dark Web monitoring to all Google users is a significant step forward in online security, as it is crucial in safeguarding user data against cybercrime.
Security Researchers Find Stolen SingPass Accounts on Dark Web
According to Singaporean security researchers, there has been a 23% increase in dark web activity related to stolen identity information from citizens. Cybercriminals are selling stolen documents, which are used for fraudulent activities, identity theft, impersonation scams, and bypassing Know Your Customer (KYC) protocols. The surge is largely due to data breaches affecting online platforms that store consumer information. In April 2024, there was a noticeable increase in data dumps on the dark web, with thousands of records becoming available for sale. These records often contain biometric data, which is used for illegal activities like creating fakes. Nation-state actors and foreign operatives are highly interested in this data for intelligence purposes. A significant portion of the stolen data was discovered on XSS, a prominent underground forum. SingPass accounts, which allow access to government and private sector services in Singapore, have also been found for sale on the dark web.
Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts
Ticketmaster has denied claims that hackers have access to working ticket barcodes for upcoming Taylor Swift concerts and other events. A hacker allegedly offered 170,000 barcodes for sale, with 20,000 available at each show. The hacker threatened Ticketmaster with more leaks if they weren’t paid $2 million, claiming to have 30 million more barcodes for NFL games and Sting concerts. Ticketmaster’s spokesperson denied the claims and stated that their SafeTix technology protects tickets by automatically refreshing a new barcode every few seconds. Ticketmaster’s parent company, Live Nation, confirmed last month that its account on data storage platform Snowflake had been breached. Hackers claimed to have a 1.3 terabyte database of information on about 560 million Ticketmaster users, including names, addresses, emails, phone numbers, event details, and specific orders.
Researchers predict seller success on dark web markets
Researchers from Leiden University have developed a method to predict successful sellers in illegal online marketplaces, which could help law enforcement track down big players on the dark web. These marketplaces, also known as cryptomarkets, are found on the dark web and cannot be accessed with regular internet browsers or search engines. Users are anonymous, and transactions are made with cryptocurrencies like bitcoin. The researchers, including Ph.D. candidate Hanjo Boekhout, Professor Frank Takes, and Professor Arjan Blokland, used data from Evolution, a popular data web market in 2014, to analyze communication patterns in the forum section. Topic engagement and betweenness centrality were identified as good predictors of seller success. Topic engagement was found to be a strong predictor, with users with many responses often becoming successful sellers. Betweenness centrality helped identify important players who were less active on the forum. The method could help law enforcement agencies prioritize investigations and identify emerging sellers before they become big.
Botnets are being sold on the dark web for as little as $99
Cyber criminals are offering ready-made botnets on the dark web for as little as $99, making cyber attacks cheaper and easier than ever. Botnets like Mirai target online consumer devices such as IP cameras and home routers, with individually tailored infection processes, malware types, infrastructure, and evasion techniques. Recent research from Cloudflare found that 4% of HTTP DDoS attacks and 2% of L3/4 DDoS attacks were launched by a Mirai-variant botnet during the first quarter of this year.
Since the beginning of 2024, Kaspersky researchers found more than 20 offers for botnets for hire or sale on dark web forums and Telegram channels. The lowest offers started at $99 and the highest reached $10,000. Botnets can be hired or acquired as leaked source code for between $30 and $4,800 per month, with custom botnet development also available in some cases. Access to leaked source code can be obtained for free or a fee of $10 to $50.
Botnet activity is on the rise, with researchers at NetScout discovering a sharp rise in global botnet activity, spiking at more than a million devices. A Trustwave report last year found that botnets were responsible for more than 95% of all malicious traffic on the internet, with Mirai, Mozi, and Kinsing botnets accounting for almost all exploit attempts that were run over HTTP or HTTPS protocols.
CSAM Pedophiles Identified via Dark Web Malware
Information-stealing malware logs on the dark web have identified numerous individuals who download and share child sexual abuse material (CSAM), highlighting a new law enforcement technique. Recorded Future’s Insikt Group used stolen data to trace these identities across platforms, obtaining usernames, IP addresses, and system characteristics. Law enforcement uses this information to identify perpetrators and make arrests. Infostealer logs like Redline, Raccoon, and Vidar include critical data, including passwords, browsing history, cryptocurrency information, and more.
Researchers may use info stealer data to link CSAM account users to email, banking, and social networking accounts. This development demonstrates its potential to improve child sexual exploitation tracking and convictions. As child predators increasingly use artificial intelligence (AI) to create sexually graphic photographs of children, hampering law enforcement attempts to prevent internet sexual exploitation. Stanford University’s Internet Observatory found that AI-powered technologies have allowed criminals to create fake images and videos based on actual children’s photos, increasing child sexual abuse content.
As of 2023, the National Center for Missing and Exploited Children’s CyberTipline recorded over 36 million suspected child sexual abuse incidents. The proposed Kids Online Safety Act in the United States and the Online Harms Act in Canada attempt to hold social media companies accountable for harmful AI-generated material. However, social media companies using AI for content moderation are making child sexual abuse detection and reporting harder, possibly allowing offenders to escape prison.
Man convicted for encouraging child sexual abuse on the dark web
A man from Peterborough, Colin Thackeray, has been convicted of promoting child sexual abuse on a dark web site. Thackeray, a 62-year-old moderator, shared advice on grooming children with the intention of sexually abusing them. The sites involved the sexual abuse of boys and linked to indecent imagery. Thackeray had over 2,000 indecent images of children on his devices, with 350 in Category A, 655 in Category B, and 1,459 in Category C. When arrested in September 2019, NCA officers found a laptop and chat logs where Thackeray was exchanging indecent images, discussing how to groom and abuse children, and role-playing sexual activity with children.
He was charged with making indecent images of children, possessing prohibited images, intentionally encouraging or assisting an offence, and attempting to cause or incite a boy under 13 to engage in sexual activity. Thackeray pleaded guilty to three counts of making indecent images and one count of possessing indecent images in July 2022 and was further convicted of two counts of intentionally encouraging the sexual assault of a child under 13 and one count of attempting to incite a child under 13 to engage in sexual activity.
Bitzlato founder won’t get more jail over $700M dark web clearing house
Anatoly Legkodymoc, founder of the defunct crypto exchange Bitzlato, has been sentenced to time served after pleading guilty to one charge of operating an unlicensed money-transmitting business. Legkodymov served 18 months at Brooklyn’s Metropolitan Detention Centre (MDC) and agreed to forgo any claim to the $23 million in crypto assets seized by French law enforcement during the global sting operation that shut down the exchange on Jan. 23, 2023. The prosecution alleged that Legkodymov aided in the exchange of over $700 million in cryptocurrency through the Russian dark web black market Hydra Market and failed to implement adequate measures to monitor who was using the exchange.
Bitzlato users regularly visited the exchange’s customer service portal to ask for help with transactions on Hydra Market and frequently admitted they were trading under false identities. Legkodymov was arrested in Miami on Jan. 17, 2023, following a coordinated international effort to shut down the exchange. Europol reported that roughly 46% of assets processed by Bitzlato were linked to illicit activities, with others linked to cyber scams, money laundering, ransomware, and child abuse material.
Stolen credentials could unmask thousands of darknet child abuse website users
Researchers at Recorded Future have discovered that thousands of people with accounts on darknet websites for sharing child sexual abuse material (CSAM) could be unmasked using information stolen by cybercriminals. The researchers identified these individuals from credentials harvested by infostealer malware, which typically steals log-in credentials for banking services, which are then exploited by financial fraudsters. The logs link these anonymous CSAM website users to accounts on clear web platforms, such as Facebook, where they have used their real names and sometimes even include autofill data stored in a web browser, such as a home address.
Infostealers steal data from infected devices, including login credentials, operating system information, cryptocurrency addresses, and other data that these actors then post or share or sell on dark web sources. Retailers involved in the ecosystem for trading these stolen credentials include Russia Market and 2Easy Shop, as well as the now-defunct Genesis Market, which was seized by law enforcement last year, leading to more than 120 arrests.
Recorded Future analyzes these records for domains used by corporate customers to protect compromised employee accounts or identify when customers are impacted to tackle consumer fraud. By querying this data alongside partners like the World Childhood Foundation and the Anti-Human Trafficking Intelligence Initiative, the researchers were able to identify approximately 3,300 unique users with accounts on at least one darknet site for the sharing of CSAM.
The researchers aim to share the methodology as a proof-of-concept of what can be done using the type of data that they have, and pass it on to those who can take more action.
