Dark Web Digest – October 2023 Edition

dark web digest - October 2023

Welcome to the October edition of Dark Web Digest, your go-to source for the latest news and updates from the dark web. The dark web is a breeding ground for cybercriminals, with several associated threats. In addition, it is constantly evolving, and new developments are always emerging.

This edition contains the most recent developments in cybersecurity, hacking, and the dark web. Let’s look at the latest news and incidents that occurred last month!

Cyberattack exposes donor data from Australia-based telemarketing firm

The Pareto Phone ransomware group, LockBit, has been reported as taking donor data and publishing it on the dark web (including here and here). Among the charities involved, the Australian Conservation Foundation said 13,500 supporters. According to a statement, the data accessed by ChildFund NZ included titles, names, and postal and phone numbers.

There was also the revelation that Pareto Phone hid data from charities for many years without their knowledge. This was with the Baker Heart and Diabetes Institute not working with Pareto Phone for more than eight years and the Stroke Foundation not since 2017. Children’s Fund NZ has collaborated with Pareto Phone since 2014. MSF Australia said it had not used the company for almost five years and was unaware it had retained historical records.

According to a report last October, one in eight charities in the UK suffered cybercrime within the past year due to cyberattacks. An advanced cyber security attack in 2022 on the International Committee of the Red Cross (ICRC) compromised the sensitive personal information of more than 515,000 highly vulnerable people from more than 60 Red Cross and Red Crescent National Societies worldwide.

Loyalty’s third-party research partner, Kokoro, was recently targeted in the UK. According to Kokoro’s forensic investigation, the group responsible may have accessed some client data. In this case, no postal addresses, financial details, or identity documentation were available on Kokoro’s systems. The charity clients affected were informed, with Shelter and Friends of the Earth acting to reassure and inform.

Finland, Europol take down PIILOPUOTI dark web marketplace

The Finnish law enforcement forces worked with Europol and a cybersecurity firm to shut down PIILOPUOTI. Finnish Customs said that the platform had operated on the Tor Network since May 2022 for smuggling drugs and paraphernalia into Finland.

Due to an ongoing criminal investigation, Finn Customs and its international cooperation partners won’t provide any further information. The Finnish authorities refused to comment on arrests or other illegal activities conducted on the platform. It said the investigation was born with the assistance of German and Lithuanian authorities, Europol, Eurojust, other countries’ authorities, and various Finnish police units.

PIILOPUOTI - Marketplace

Bitdefender helped law enforcement agencies investigate the platform in its investigation and participated in the takedown. Alexandru Catalin Cosoi, Bitdefender’s senior director of investigation and forensics, did not elaborate on the company’s involvement but said it “provided technical consulting to the entire investigation group.” Earlier this month, US and Polish law enforcement agencies partnered to dismantle the bulletproof hosting platform Lolek.

In April, more than a dozen international partners were involved in an FBI-led operation that seized Genesis Market, a one-stop shop for criminals selling stolen credentials and the tools to weaponize them.

Dark Web hacker threatens to sell US and European military intelligence

US Department of Defense hacker “USDoD” has warned that he intends to sell military intelligence to the dark web. The hacker entered the Airbus website by exploiting Turkish Airlines employee access.

According to USDoD, its targets are American defense contractors, NATO, Europol, and Interpol. In a lengthy interview with databreaches.net, USDoD disclosed that its next targets are American defense contractors, NATO, and Europol.

While he threatened to set up a private company to trade classified military information between the US and Europe, the Department of Defense claimed that he was not pro-Russian despite cyberattacking Russia’s adversaries. He also worked for some Russians, but he has no racial biases or political motives.

As part of the hacker’s denials, he denied receiving financial compensation for his attacks on United States and European entities. He avoids attacking China, Russia, North Korea, South Korea, Israel, and Iran exemplifies one of his strategies.

The Pentagon continues to work on cybersecurity as the Pentagon threatens to sell US military intel. The United States Air Force recently awarded Raft LLC a contract to develop a software factory for cyber operations. Cyber deterrence is also strengthened through training and drills, such as the recent “defensive hunt operation” in Lithuania.

The dark web leaks the Personal information of Dymock customers

Earlier this week, Dymocks announced that some of its customers’ information may have been compromised and leaked onto the dark web. A small group of unauthorized individuals may have accessed Dymocks’ customer records on 6 September. Customers’ information, including addresses, e-mails, phone numbers, and membership information, may have been compromised. Dymocks said an investigation is underway to determine how this happened.

Dymock

The issue was notified to customers via an e-mail sent on Friday afternoon, asking them to be “vigilant” and change their passwords. Dymocks’ customers’ postal addresses, birthdates, e-mail addresses, mobile phone numbers, gender, and membership details may have been compromised.

According to a company statement, an unauthorized party may have accessed certain customer records at Dymocks as of 6 September 2023. Neither Dymocks nor its customers know who or how many customers have been affected by the breach.

Since passwords might be available on the dark web, Dymocks suggests its customers change their online passwords, including their Dymocks accounts and social media accounts. Furthermore, the company cautioned customers against telephone, postal, and e-mail phishing scams.

Cornwall dealers used Bitcoin to buy cocaine and cannabis on the dark web

A pair of drug traffickers accused of buying cocaine and cannabis on the dark web to sell on the streets of West Cornwall have been jailed. Jason Pierce, 56, and Callum Payne, 28, both from Porthleven, were sentenced to ten years in prison.

They denied conspiracy to supply cocaine and cannabis, but a jury at Truro Crown Court found them guilty of conspiracy to supply cocaine and cannabis after a trial in June. 

The sentence for Pierce was six years and eight months, and that for Payne was three and four months in prison at Plymouth Crown Court on Friday, 15 September.

A court heard about the drugs’ purchase from the Netherlands on the dark web through Bitcoin and their distribution to locations throughout West Cornwall.

Officers uncovered the drug trafficking operation in January 2018 when they found £5,000 worth of cannabis in the car being driven by Payne.

The defendants’ computers had sophisticated privacy software that needed to be cracked to unlock evidence of their criminal activities.

As Detector Inspector Steven Moorcroft of Devon and Cornwall Police’s Serious and Organised Crime Branch explained: “This investigation began in 2018 after a chase in Porthleven led to Callum Payne fleeing a vehicle containing cannabis imported from the Netherlands through the dark web.

Dozens of Mullvad VPN accounts discovered on the dark web

According to security researcher Damien Bancal, one of the major Swedish VPN providers, Mullvad VPN, has recently been accused of leaking user data.

A ZATAZ Monitoring client discovered an astonishing data leak targeting Mullvad during an investigation. Several websites leading to Mullvad API provided access to user connection data, such as IP addresses [IPv4 and IPv6 addresses], connection dates, and other information that was not personally identifiable, the post says.

A hacker discussion led Bancal to learn about Mullvad VPN’s plans to sell data on the dark market. Among the data shared were Mullvad clients’ 16-digit IDs and expiration dates.

Researchers shared several links to a cache of Mullvad VPN forums where threat actors were trading them off. Despite an ID number, not much information can be retrieved about those accounts since no names, e-mail addresses, or other personal information are available.

The researcher said that a malicious actor can do much damage even with very little information.

According to Jan Jonsson, CEO of Mullvad VPN, the publicly revealed accounts are unsurprising. He has seen over 100 Mullvad VPN accounts personally.

Many Mullvad forums and websites list “leaked” Mullvad accounts. Mullvad donates millions of Mullvad accounts to charities each year for various reasons. Cybernews contacted him via e-mail to learn about several sources for “leaked accounts.”

There was no leak. “Firstly, we have an API with minimal functions. Secondly, we do not use passwords. We only use 16-digit account numbers.” He believes people are brute-forcing account numbers to get free accounts. 

Customer data was seized from the Swedish-owned company’s Gothenburg office in April during a police raid. Since the company had a ‘no logs’ policy, such customer data was not even available to them. If they had taken something, they couldn’t access any customer data.”

The industry has been under scrutiny because VPNs essentially allow users to remain anonymous on the internet.

VPN IDs may contain private user information, such as billing, and may collect personal information so that exposure could have serious consequences. If a VPN ID is exposed, users should change their password, enable multi-factor authentication, and notify their VPN provider.

Senate is concerned about Pakistani public data sales on the dark web.

Pakistan faces a growing challenge concerning protecting its public data, with the Senate Standing Committee on Information Technology and Telecommunication recently convening to address these concerns. The Senate greenlights Army Act amendments: 5-year jail term for revealing sensitive information. The gathering boasted a diverse composition, underlining the gravity of the situation.

A Cyber Response Team was established to combat cyber threats effectively. It was also decided to enhance public awareness regarding cybersecurity in Pakistan. The committee received an update on the National Cyber Security Policy, which outlines the government’s strategic approach to safeguarding the nation’s cyberspace. The committee heard from the CEO of Ignite, an organization that has established eight National Incubation Centers across Pakistan and generated Rs15 billion in revenue.

Senator Kauda Babar urged the establishment of more NICs in various cities, with a particular focus on Balochistan. The committee also delved into the National Telecommunication Corporation (NTC) operations, Pakistan’s official telecom and ICT service provider, and called for improvements.

The Senate Standing Committee on Information Technology and Telecommunication highlighted the need to strengthen Pakistan’s data protection measures and bolster cybersecurity efforts to promote innovation and economic growth.

Conclusion

The dark web is a dangerous place that poses several threats to individuals and businesses. However, staying informed and taking the necessary precautions can help you stay safe online. In this edition of Dark Web Digest, we have provided the latest news and updates from the dark web, as well as tips and advice on staying safe online. 

Thank you for reading Dark Web Digest, and we hope to see you again in the next edition.

I'm Chester Li, a cybersecurity and cryptography specialist based in Beijing, China with over a decade of experience. I focus on securing digital infrastructures and protecting sensitive information worldwide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top