Dark Web Digest – September 2024 Edition

Dark Web Digest - September 2024

This month’s report has some shocking and exciting news. Last month, a number of significant incidents occurred on the dark web. The Columbus data breach and the AMD data breach both made people very aware of how important it is to strictly follow safety measures. There are ways to stay safe from malware and dark web threats, which we already know. But this is getting more and more scary!

Below is a list of the startling revelations from the dark web iThese news stories about attacks and vulnerabilities help us remain vigilant against dark web threats. dark web threats.

Undercover police found some names during the Columbus data breach

The city of Columbus has uncovered sensitive data from its databases, including the names and personal information of undercover police and child rape victims. Cybersecurity expert Connor Goodwolf claims that the city attorney’s office’s “matrix crime database” includes every incident report and arrest record written by officers since the mid-2010s. This includes names of officers and victims, personal information like addresses and social security numbers, names of undercover police officers, summaries of incidents, and evidence such as witness and victim statements.

Columbus Ohio

Goodwolf alleges that all of this sensitive data wasn’t properly protected with encryption or basic cybersecurity techniques. He claims that so far, the only data he has found online with such protections are city payroll data and health records. In the latest batch of records, Mayor Andrew J. Ginther expressed his opinion that the dark web may have posted more personally identifiable information.

Cybercrime group Rhysida, who attempted to deploy ransomware after the city claimed an employee had downloaded an infected file, is responsible for the online data leak. The group leaked an unknown amount of city data to the dark web, despite the city’s claim that it prevented the ransomware from encrypting its files. State, city, and federal law enforcement authorities are still investigating the matter.

The city already faces class action lawsuits from multiple plaintiffs, alleging that the city did not do enough to protect their personal information online. Fraternal Order of Police Capital City Lodge No. 9 President Brian Steel expressed concern about the safety of undercover officers in particular, and the fact that the personal information of child rape victims is being released on the dark web is even more concerning for him.

Goodwolf believes that trust in the city after this hack has “completely eroded.”

AMD internal data was allegedly offered for sale.

Digital data thieves have breached AMD’s internal communications and are offering the stolen goods for sale. Criminal groups IntelBroker and EnergyWeaponUser Credited the break-in, which they claimed took place the same day and is separate from IntelBroker’s earlier theft and sale of AMD source code and other internal data from June. The BreachForums post promised buyers compromised communications from “a mix of sources,” including “idmprod.xilinx.com” and “amdsso.okta.com,” which reportedly contained user credentials, case numbers and descriptions, and internal resolutions. The attackers also provided a sample of the stolen data, which purports to be sensitive information, including user names and assignment groups. AMD did not immediately respond to The Register’s inquiries about the alleged intrusion. If this turns out to be true, it will be the second breach of AMD’s sensitive internal documents in three months. According to reports, IntelBroker is behind both, with an apparent assist this time around from a newbie. IntelBroker is also a site admin for the resurrected BreachForums. Over the past months, the group has claimed several high-profile intrusions and data sales, including Europol, the Pentagon, Korea’s Ministry of Defense, the US Army, and Home Depot, all of which have put a large target on the cybercriminals’ backs, with international cops all gunning for the gang.

Stolen credentials on the Dark Web got a Russian hacker 3+ years in prison

Georgy Kavzharadze, a 27-year-old Russian national, received a sentence of over three years in prison in the U.S. for selling financial information, login credentials, and other personal identifying information on the now-defunct dark web marketplace Slilpp. Kavjaradze, known by online monikers TeRorPP, Torque, and PlutuS, listed over 626,100 stolen login credentials for sale on Slilpp and sold over 297,300 of them between July 2016 and May 2021. We linked the stolen credentials to $1.2 million in fraudulent transactions. Estimates suggest that Kavzharadze illegally profited at least $200,000 from the sale of stolen credentials. Until June 2021, an international law enforcement operation dismantled Slilpp’s infrastructure, making it one of the largest marketplaces for selling login credentials.

Interviewing the ghost, who took down 20% of the dark web

Seven years ago, a large-scale cyber attack took over 10,000 dark web sites hosted by Freedom Hosting II (FHII) offline, resulting in the unceremoniously unplugged hosting service. The first hacker, Vanerak, discovered that over half of the websites hosted by FHII contained CSAM and scam sites, despite the company’s claim of having a zero-tolerance policy. Vanerak discovered that FHII was a clone of the original Freedom Hosting, which faced downtime in 2011 due to an exposure by LulzSec for hosting child pornography during “Operation Darknet.”

Freedom Hosting Admin Arrest

Eric Eoin Marques, the admin of Freedom Hosting, faced arrest two years later for hosting one of the largest facilitators of child sexual abuse material (CSAM). Four years later, a young female hacker weaponized the media to hold the hosting provider accountable for the same relevant conduct as its predecessor. Vanerak contacted VICE News nearly a year ago, finding her story intriguing but highly unlikely. She eventually convinced the journalist, using insider knowledge, that she was the original hacker who unceremoniously took down 20% of the dark web.

Anonymous hackers have reworked a defacement page, causing outrage among hacker Laura Vanerak. She claims that many sites may have redirected to off-site mirrors, turning her defacement and media coverage into advertisements for online predators. Vanerak did not leak emails or databases, but instead sent them to authorities. She advises hacktivists pursuing fame and recognition to question the worth of risking a heavy prison sentence and the potential unjustifiable long sentence for criminals they worked hard to take down. She warns OpChildSafety hunters about the trauma they face, as well as the importance of showing purpose and action in preventing online predators.

Hackers releasing stolen data from Columbus on the dark web

Rhysida, a hacker group, has begun releasing stolen data from the city of Columbus, claiming it was responsible for the July 18 attack. The group has listed the stolen data on the dark web and asked bidders to offer 30 bitcoins, or close to $2 million, for the data. Daniel Maldet, owner of the Columbus office of CMIT Solutions, said he is seeing 3.1 terabytes of the 6.5 terabytes the group said it stole from the city, or about 45% of the data. Secure Cyber Defense CEO Shawn Waldman, located near Dayton, is uncertain about the sale of any data. Columbus Mayor Andrew J. Ginther said that speculation by individuals external to the investigation may not benefit the objective of educating the public on the incident. Maldet said the information released appears to have come from a backup server and could be potentially damaging. If members of the Columbus police union suspect the hacking of their bank accounts or other private information, the union is directing them to a lawyer.

US company says dark web leaked 3B records

National Public Data (NPD), a company that specializes in the resale of personal information for background checks, has confirmed a significant data breach. involving the exposure of nearly 2.9 billion individuals’ names, social security numbers, and physical addresses. A third-party malicious actor orchestrated the breach, attempting to infiltrate the data in late December 2023. We identified potential leaks in April and summer of 2024. The compromised information included names, email addresses, phone numbers, social security numbers, and mailing addresses. NPD has collaborated with law enforcement and government investigators to conduct a review of potentially affected records. However, NPD has faced criticism for its handling of the situation, failing to disclose the number of affected individuals or offer compensation. Instead, NPD advises individuals to monitor their credit reports for any suspicious activity.

National Public Data

Ukrainian police arrest a darknet Russian intelligence agent

Ukrainian law enforcement has detained the leader of an organized group that set fire to Ukrainian enlistment officers‘ cars at the request of Russian intelligence and advertised other services to Russia on the darknet. The suspect posted his CV on the darknet, offering “services” for burning the cars of representatives of the Ukrainian military registration and enlistment office. Russian intelligence saw his post and tasked him with destroying military vehicles in his hometown, Khmelnytskyi. The suspect destroyed several cars with Molotov cocktails and filmed them catching fire, sending a “report” to Russian customers. During the searches, the police seized the suspect’s mobile phones and SIM cards, which he used to communicate with Russians. This is not the first time Ukrainian collaborators have used the darknet to locate or offer services to Russian intelligence.

A woman was jailed for a Bitcoin-funded Dark Web murder plot

Krista Renae Stone, a 23-year-old from Utah, received a 78-month sentence in federal prison for orchestrating a murder-for-hire through the dark web. She planned to pay $5,000 in bitcoin to a Hitman service website between March and September 2023. However, law enforcement uncovered the plot prior to its execution. The court also sentenced Stone to three years of supervised release.

AI model reaches 98% accuracy in collecting threats from dark web forums

Despite DarkWeb threats, there is good news. Researchers from the Université de Montréal and Flare Systems have found that large language models (LLMs) can extract critical cyber threat intelligence (CTI) from cybercrime forums with an impressive 98% accuracy. Vanessa Clairoux-Trépanier and Isa-May Beauchamp led the study, which developed an LLM system using OpenAI’s GPT-3.5-turbo model to analyze conversations from three prominent cybercrime forums: XSS, Exploit.in, and RAMP. We instructed the LLM system to summarize conversations and code 10 critical CTI variables, including identifying targeted organizations, critical infrastructure, and exploitable vulnerabilities. The system achieved an average accuracy score of 98%, ranging from 95% to 100% across the ten variables. This level of performance exceeded the researchers’ expectations and underscores the immense potential of LLMs in the field of cyber threat intelligence. The study also identified areas for further improvement, such as refining the FILM’s ability to distinguish between historical narratives and current events, as well as optimizing prompts and data chunking techniques. The researchers plan to continue refining the LLM system and exploring its applications in various cybersecurity domains, calling for further research into using state-of-the-art models to push the boundaries of AI-driven cyber threat intelligence.

 

I'm Chester Li, a cybersecurity and cryptography specialist based in Beijing, China with over a decade of experience. I focus on securing digital infrastructures and protecting sensitive information worldwide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top