Dark Web Digest – November 2023 Edition

Deep Web Digest - November 2023

Darkweb is part of the internet that is not indexed by search engines. It is accessible only through specialized software, such as Tor. It is used for illegal activities such as drug trafficking, money laundering, and child pornography. There is no doubt that the dark web is becoming more and more dangerous, and many people are becoming its victims every month. The dark web is filled with many incidents and trends every month, some horrifying. This month, let’s look back at what happened.

This month, the dark Web has seen a rise in attacks, data breaches, cryptocurrency, sexual harassment, and child abuse scams. Additionally, the dark web is used for illegal goods and services, including drugs and weapons.

McLaren’s ransomware attack may have leaked patient data to the dark web.

McLaren Health Care has acknowledged that a ransomware attack on its 14 Michigan hospitals in late August and early September may have leaked patient data onto the dark web. BlackCat/AlphV, a ransomware gang with ties to Russia, claimed responsibility for the cyberattack, stealing six terabytes of McLaren’s data, including the personal information of 2.5 million patients. 

McLaren's ransomware attack may have leaked patient data to the dark web

The cybercriminals threatened to extort patients by leaking mammograms for people potentially having breast cancer. They began targeting patients directly, saying they had the mammograms and would leak them if the clinic didn’t pay the ransom.

Healthcare providers are required to report any breach of protected health information to the U.S. Department of Health and Human Services and the Federal Trade Commission. The federal HIPAA Breach Notification Rule offers some protection by requiring healthcare providers to disclose details about the type of information compromised; steps people should take to protect themselves, what is being done to investigate the breach, and contact information within 60 days of discovering the breach. If the cyberattack involves 500 people or more, a prominent media outlet must also be notified within 60 days.

Trustwave, a Chicago-based cybersecurity company, released a report in July that found nationally, 24% of all cyberattacks in the U.S. in 2022 targeted the healthcare industry. The average cost of a healthcare data breach in 2023 is about $11 million.

US Charge Man with Running Stolen Credentials Marketplace

Sandu Diaconu, a 31-year-old Moldovan man, has been extradited from the UK to the US for allegedly operating a website that sold access to compromised computer credentials. 

The US charges Diaconu with conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy, access device fraud, and computer fraud. 

US Charge Man with Running Stolen Credentials Marketplace

If found guilty, he faces up to 20 years in federal prison. The charges relate to his alleged administration of the E-Root marketplace, which sold access to compromised computer credentials for years. Authorities believe over 350,000 credentials were listed for sale on E-Root.

The E-Root marketplace used various methods to hide the identities of its administrators, buyers, and sellers, including using Perfect Money to conceal payments and offering its illicit cryptocurrency exchange service for converting Bitcoin to Perfect Money. 

Buyers could search for compromised computer credentials through various criteria, including price, geographic location, internet service provider, and operating system. Many victims, including at least one government agency in Tampa, Florida, were subjected to ransomware attacks, and some stolen credentials were linked to stolen identity tax schemes.

The E-Root marketplace was taken down in 2020, and Diaconu was arrested in the UK in May 2021. In September 2023, Westminster Magistrates’ Court ordered his extradition to the US.

 The takedown of the E-Root marketplace is part of a growing crackdown on cybercrime websites, similar to the recent German police shutdown of Russian darknet marketplace Hydra and the Europol arrest of nearly 300 individuals on the underground marketplace Monopoly Market.

FBI exposes million-dollar crypto scam orchestrated by six Indians in New York

The US FBI has charged six Indians in a $30 million cryptocurrency scam. The six Indians, Shaileshkumar Goyani, Brijeshkumar Patel, Hirenkumar Patel, Naineshkumar Patel, Nileshkumar Patel, and Raju Patel, allegedly operated an illegal $30 million money-transmitting business using cryptocurrencies between July 2021 and September 2023. 

FBI exposes million-dollar crypto scam orchestrated by six Indians in New York

The FBI began an investigation in April 2021 when they identified a vendor on multiple dark web marketplaces who offered a service to ship cash via the US Postal Service in exchange for Bitcoin or other cryptocurrency. 

An individual was arrested for mailing packages of cash from a post office in Westchester County, New York, where the informant obtained money by meeting people three times a week and receiving amounts ranging between $100,000 and $300,000 each time. 

The FBI investigation revealed that one of the men made frequent trips outside of New York, including to New Jersey, Massachusetts, Georgia, and Pennsylvania. One of the arrested men claimed that his wealthiest clients were hackers and some made money selling drugs.

Dark web usage, paranoia detail by London, Ont. family accused of killing

Nathaniel Veltman, a man accused of killing four members of a London, Ontario, Muslim family in a terrorist attack, took three grams of psychedelic mushrooms to escape his delusional paranoia.

Dark web usage, paranoia detail by London, Ont. family accused of killing

Veltman testified in his defense in a Windsor, Ontario, courtroom, stating that he needed to escape the hell he was living in in his mind. 

On June 6, 2021, the Afzaal family was out for a walk when they were struck by a black pickup truck driven by Veltman. The family was killed, and a nine-year-old boy survived.

Veltman was arrested in the hours following the attack and has pleaded not guilty to four counts of first-degree murder and one count of attempted murder, as well as associated terrorism charges. 

Defence and prosecution lawyers agree that he drove the truck at full speed four seconds before impact and never touched the brake pedal.

Veltman’s obsessions shifted from religion and sometimes pornography to conspiracy websites and satirical shock-humor sites. He watched far-right sites “constantly” from September to December 2020, watching them during 10-minute breaks at work, lunch, as soon as he got up, and before going to bed. 

From January to March 2021, Veltman didn’t work, thinking he could focus on school. Instead, he said his internet use spiraled even further out of control. At one point, he ripped his television off the wall to try to avoid streaming videos on it.

After two suicide attempts in March, Veltman decided he had “nothing left to lose” and started purposely seeking out extreme content that he’d in the past avoided because he thought they would trigger too much rage. 

He felt this unspeakable rage rising inside himself and felt like he had nothing to lose. He watched a mass shooting video and was repulsed by it “like any normal person” but then got desensitized to it after watching it over and over.

Veltman testified that he had dabbled with magic mushrooms in high school but took a large dose with a friend in April 2020. He described collapsing, writhing on the floor, yelling, and being in agony. He triggered a psychotic event, which he couldn’t fight or control, eventually forgetting everything.

After the April incident, Veltman didn’t use psychedelics again until June 5, 2021, when he got three grams from a friend and drank them in a tea, distraught over the death of his grandmother on June 4, 2021.

Ransomware Gang Moves to Release Sabre Leak Data

The Dunghill Leak group, responsible for a cyberattack on travel booking giant Sabre Corporation, has announced plans to release 1.3 terabytes of stolen data in eight batches. The data includes sensitive databases on ticket sales and client data. 

The breach occurred after Sabre acknowledged the breach on September 6, 2023, after a series of files purportedly stolen from them surfaced on the group’s dark website. The Australian travel industry is on high alert, as Sabre’s software and data underpin many airline and hotel bookings, check-ins, and apps. 

The expansive data cache now looms with the potential to release databases on ticket sales, client data, personal information of Sabre employees, detailed financial information, and files associated with the airline-client application. The breach is believed to have occurred around mid-2023. Dunghill Leak, believed to have evolved from the Dark Angels and Babuk ransomware groups, has previously targeted other high-profile companies. 

Australia and most developed nations have advised against paying ransoms to hacker gangs. Sabre faced a security incident in 2017, which cost them $2.4 million in settlements after a breach in their hotel reservation system.

Child sex abuse images generated by AI risk flooding the internet 

The Internet Watch Foundation (IWF) has warned governments and technology providers to prevent the proliferation of child sexual abuse images on the internet. The IWF warns that a flood of AI-generated images could overwhelm law enforcement investigators and expand the pool of potential victims. 

Child sex abuse images generated by AI risk flooding the internet 

The report exposes a dark side of the race to build generative AI systems that enable users to describe in words what they want to produce, from emails to novel artwork or videos, and have the system spit it out. 

If not stopped, the flood of deepfake child sexual abuse images could bog investigators down trying to rescue children who turn out to be virtual characters. Perpetrators could also use the images to groom and coerce new victims.

The IWF analysts discovered faces of famous children online and a “massive demand for the creation of more images of children who’ve already been abused, possibly years ago.” They are taking existing real content and using that to create new content for these victims. 

The IWF’s report is meant to flag a growing problem more than offer prescriptions, but it urges governments to strengthen laws to make it easier to combat AI-generated abuse. It mainly targets the European Union, where there’s a debate over surveillance measures that could automatically scan messaging apps for suspected images of child sexual abuse even if the image is not previously known to law enforcement.


Sony Interactive Entertainment (Sony) confirmed a data breach on May 28, 2023, affecting thousands of current and former staff and their families in the United States. The breach was discovered on June 2, 2023, and the platform was immediately offline. 


Sony launched an investigation with the help of external cybersecurity experts and notified law enforcement. The incident was limited to the MOVEit vendor software and did not impact Sony’s other systems.

The breach was caused by a flaw in the MOVEit vendor software, discovered by Sony in early June 2023. The vulnerability tracking number is CVE-2023-34362, a high-risk SQL injection vulnerability that can remotely execute arbitrary code. 

The malicious hackers had illegal access to data from the platform. After discovering the breach, Sony took immediate action, and the compromised data included personal information such as names, addresses, Social Security numbers, and dates of birth.

Sony launched a probe with the help of external cybersecurity experts and notified law enforcement. The incident did not impact any other of Sony’s systems apart from the MOVEit vendor software. However, all current and former staff have emails from Sony informing them of the breach.

Sony has suffered several data breaches in the past, including a major breach in 2011 that exposed the personal information of millions of users. In August 2017, a hacker group accessed Sony’s social media accounts and deleted data from Sony systems using a variant of the Shamoon virus. In July this year, the Clop ransomware group used the MOVEit vulnerability to launch large-scale attacks. Sony discovered the attack three days later and found unauthorized downloads.

The breach has potentially exposed the personal information of over 6,000 people, precisely 6,791 Americans. Hackers can use this data to steal the identity of the owners and for other malicious purposes.


These are some of the most significant trends and news on the dark web in October 2023. They illustrate the diverse and dynamic nature of the dark web, as well as its challenges and opportunities for law enforcement, security, and society. The dark web is not only a source of crime and danger but also a platform for innovation and resistance. As such, it deserves our attention and understanding. We will keep you updated with upcoming trends and incidents happening in the dark web world. So stay in touch with us

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top