No one knows about the dark web, but hackers, drug dealers, and other types of cybercrime use it often. Every month, new things are happening the dark web. This June month’s digest will cover some of the most important and interesting news highlighted on the news and social media in May 2024.
Indian Election Hit by Cyberattacks, Dark Web Data Leaks
Security researchers have reported a surge in cyber activity targeting the upcoming Indian general election, driven by hacktivist groups. The election, which will determine all 543 members of the Lok Sabha, is set to occur in seven phases from April 19 to June 1, 2024. The cyber-attacks intensified since the launch of the #OpIndia campaign last year, with a 300% spike following the #OpIsrael campaign.
The surge is linked to heightened online protests amid the Israel-Gaza crisis. India, with its population of over 1.4 billion and GDP of $3.41T, has become a prime target for foreign threat actors and nation-state groups. Security has alerted Indian authorities about leaked voter ID cards and other sensitive data, aiming to undermine trust in India’s election systems. The firm urged Indian citizens to remain cautious of unreliable sources and emphasized the necessity of robust digital identity protection measures.
Dell customer order database of ’49M records’ stolen, sold on black web
Dell has confirmed that 49 million customer information records and orders have been stolen from a Dell portal. The stolen data includes names, addresses, and details about Dell equipment but does not include sensitive information like payment details. Dell’s portal was compromised, and the stolen data included columns such as service tag, items, date, country, warranty, organization name, address, city, province, postal code, customer code, and order number.
Dell has taken steps to contain the damage, notified law enforcement, and hired a third-party forensic firm. A spokesperson for Dell said the company is taking proactive steps to protect customers’ information and monitoring the situation.
Dell also downplayed the significance of the data exposure, stating that they take privacy and confidentiality seriously and are currently investigating an incident involving a Dell portal. The company also warned people to be alert for scammers using the stolen data to impersonate Dell staff and defraud victims.
A data breach at Ticketmaster may have affected 560 million customers.
Ticketmaster has been targeted in a cyber-attack by ShinyHunters, demanding £400,000 in ransom to prevent the sale of customer data. The group claims to have access to 560 million customers’ names, addresses, phone numbers, and partial payment details.
Live Nation, the parent company of Ticketmaster, has launched an investigation into the incident and is cooperating with law enforcement.
Authorities in Australia and the US are working with Ticketmaster to understand and respond to the incident.
Bank Santander confirmed that it had been hacked about two weeks ago. ShinyHunters is also reported to be behind the cyber-attack, posting an advert on a hacker forum for the data, which it claims to have 30 million customers, 6 million account numbers and balances, and 28 million credit card numbers.
The alleged $100 million dark-web drug kingpin, 23, arrested
A 23-year-old Taiwanese man, Rui-Siang Lin, has been arrested in New York for allegedly running the $100 million global dark web narcotics e-commerce operation Incognito Market.
The dark website was formed in October 2020 and ran until March of this year, serving as a forum to buy and sell commodities, including heroin, cocaine, LSD, MDMA, oxycodone, methamphetamines, ketamine, and alprazolam. Lin is accused of running the entire business, supervising all operations, employees, vendors, and customers, and holding “ultimate decision-making authority over every aspect of the multimillion-dollar operation.”
Incognito Market provided a user experience that matched those offered by modern e-commerce sites, with vetting and registration of sellers, advertising, customer service facilities, and a slick UX. It distinguished itself from other e-commerce sites by requiring access through the Tor web browser and accepting only cryptocurrency. The DoJ noted that Lin had great IT skills, evidenced by his GitHub account, which described him as a “Backend and Blockchain Engineer, Monero Enthusiast,” he held approximately 35 publicly available software coding projects.
Lin also collected enemies, such as the spread of fentanyl due to the platform’s non-pure or authentic listings.
The platform’s final days were allegedly spent extorting users between $100 and $20,000, under threat of revealing they had participated in the purchase and sale of illegal drugs. If convicted, Lin faces a mandatory minimum penalty of life in prison for engaging in a continuing criminal enterprise, a maximum penalty of life in prison for narcotics conspiracy, a maximum penalty of 20 years for money laundering, and a maximum of five years for conspiracy to sell adulterated and misbranded medication.
A man was jailed for selling 76 kg of drugs on the dark web.
A man, Donatas Kasputis, has been jailed for nine years for selling 76kg of drugs on the dark web. He used the username “Goodgear” to sell cocaine, ecstasy, and mephedrone to 550 buyers across the UK and abroad. Kasputis was arrested in July carrying 16 packages of drugs and pleaded guilty to eight offenses at Norwich Crown Court.
The East Midlands Special Operations Unit (EMSOU) cyber investigations team discovered Kasputis’s drug operation after examining his username, “Beatyhouse2015”.
The suspect was eventually identified through DNA profiling, and his home was searched, revealing 130g of cocaine, 1,300 ecstasy tablets, 6.4kg of mephedrone, and more than 1.4kg of cannabis. The information on the 550 people who were identified as buying drugs from “Goodyear” has been shared with the relevant police forces.
Fake Pegasus spyware source code floods the dark web
Cybersecurity firm CloudSEK has discovered that cybercriminals are exploiting the Pegasus spyware name to deceive victims on the dark web. Based on months of research on dark web sources, the report exposes a systematic effort to leverage the Pegasus name for financial gain. Threat actors bomb platforms like Telegram with posts claiming to sell genuine Pegasus source code. CloudSEK researchers analyzed approximately 25,000 posts on Telegram, many of which claimed to sell authentic Pegasus code. These posts often followed a common template offering illicit services, frequently mentioning Pegasus and NSO tools.
The report also identified six instances of fake Pegasus HVNC (Hidden Virtual Network Computing) samples distributed on the dark web between May 2022 and January 2024.
The same misuse was also observed on surface web code-sharing platforms, where scammers were disseminating their randomly generated source codes, falsely associating them with the Pegasus Spyware. After analyzing 15 samples and over 30 indicators from human intelligence (HUMINT), deep, and dark web sources, CloudSEK discovered that nearly all samples were fraudulent and ineffective. Threat actors created their own tools and scripts, distributing them under Pegasus’ name to capitalize on its notoriety for financial gain.
To combat the Pegasus scam, CloudSEK recommends employee awareness, regular updates, and alerts about scam tactics and trends involving Pegasus and similar high-profile names.
Network monitoring should be implemented to identify unusual activity that might indicate employees accessing the dark web or IRC platforms, and strict access controls should be implemented to limit and monitor employees’ ability to visit potentially dangerous sites or download unauthorized software.
Man arrested in Karachi Pakistan for creating vulgar wife videos for dark web
Women Police in Karachi’s Central District detained the man for reportedly abusing his wife and children and filming the incident on orders from an unknown source. A guy was arrested in Karachi, Pakistan, on Friday for reportedly producing filthy movies of his wife and sharing them on dark websites.
Cyber security organizations collect data from all web platforms, including Dark Web forums, to avoid real-time attacks on exposed data, provide actionable intelligence on illegal drug and pharmaceutical exchanges, and monitor insider threats.Cyber security organizations collect information from many web platforms, including Dark Web forums, to avoid real-time attacks on exposed data, provide actionable intelligence on illegal drug and pharmaceutical exchanges, and monitor insider threats.(Shutterstock)
During questioning, Tahir confirmed that website owners had approached him over WhatsApp, according to Pakistan’s Ary News. He continued, “I am unsure of how the website proprietor obtained my WhatsApp number.”
Women Police in Karachi’s Central District detained the man for reportedly abusing his wife and children and filming the incident on orders from an unknown source. According to SHO Women Iram Amjad, the man was apprehended during a raid while his wife and four children were saved.
According to Aaj TV, the individual claimed to have received instructions via email from an unknown source abroad. Amjad further stated that the suspect was instructed to film recordings of each task and send them back via email.
He had hurt and abused his wife and was going to tape his daughter for the next duty. He also stated that the man was involved in violence, sexual harassment, and other criminal actions.
The arrest was made in the case after the victim’s sister Huma Rizvi, who lives in the United States, filed a report.
According to authorities, Elia, the suspect’s wife, accused him of pushing her to have sexual intercourse with his buddies. She also said he attempted to create inappropriate videos with their daughter. According to Aaj TV, Elia said that Tahir took nude images of their 16-year-old daughter and was blackmailing her into sleeping with his pals.
Elia also said in her police statement that Tahir was suspicious and beat her and the children physically and emotionally. She claimed that throughout the last 12 years, she had fled the house multiple times, but her parents had always interfered and rectified the situation.
According to Khyber News, Tahir admitted to setting a camera in the bathroom to watch his wife but then removed it and did not upload any footage. He also admitted to physically assaulting his wife and apparently intending to record his daughter before being caught.
The cops confiscated his phone and laptop, which are currently being investigated.
Conclusion
In conclusion, the constantly shifting dark web in May 2024 will likely be a platform for criminal activity, with cybercrime illegal product trading. It attempts to elude law enforcement remaining common. Understanding this underground marketplace for educational purposes emphasizes the constant conflict between criminal elements and police in the digital age.