The closure of a number of online hidden marketplaces over the course of the past few years has proven that the dark web does not perhaps offer the protection and anonymity that many once thought it did. From the capture of original Silk Road mastermind Ross Ulbricht back in 2015, to the closure of AlphaBay and Hansa earlier this year, some of the administrators of these illicit websites have discovered to their cost that law enforcement agencies across the world can and will deploy considerable resources towards bringing them to justice. For some traders, the perceived risks associated with using the dark web have become so high they have abandoned hidden marketplaces altogether, preferring instead to shift their dodgy online businesses to encrypted messaging apps such as WhatsApp and the lesser-known Discord. However, recent history has showed that as soon as one dark web marketplace is closed down, another pops up to take its place. Failing that, sellers simply move their operations to another illicit marketplace that is still in business, often taking their username and reputation with them. As a result, the demise of the dark web trade in illicit goods and services looks to be a long way off.
While most listings on hidden illicit marketplaces are dedicated to drugs, buyers can use the dark web to get hold of child sexual exploitation material, stolen credit card information, fake IDs and hacking services, among an array of other illegal items. More worryingly, all manner of lethal weapons can be purchased from dark web marketplaces by anybody who has the rudimentary technical knowhow to find them. Only last week, a British teenager was found guilty of attempting to buy powerful explosives on the dark web. Officers from the UK’s National Crime Agency (NCA) intercepted the vehicle-borne improvised explosive device (VBIED) and replaced it with a dummy bomb before allowing it to be delivered to Gurtej Randhawa. The 19 year-old is facing a lengthy jail term when he sentenced in January next year. The NCA said Randhawa had no links to terrorist groups or organised crime, but the ease with which he was able to procure such a destructive weapon, which police said could have killed many people if it had been detonated, was extremely concerning – not least in light of the heightened threat many countries across the world are facing from Islamist extremists and a resurgent far right.
In an example of how dangerous weapons being sold on the dark web can be if they fall into the wrong hands, the 9mm Glock used by Munich gunman Ali Sonboly, who killed nine people and then himself during a marauding firearms attack at a shopping mall in the city last summer, was discovered to have been bought from a hidden marketplace. Police examining Sonboly’s digital devices were able to establish that the pistol was most likely smuggled into Germany from Slovakia, which like many countries in Eastern Europe is awash with firearms left over from the Yugoslav Wars. Although the weapons used in the November 2015 Paris attacks were not proven to have been procured on the dark web, some hidden marketplaces removed their weapons listings in the wake of the atrocity, during which 130 people were killed by jihadi terrorists. In a message to its buyers after the assault, Nucleus said: “Dear users, in the light of recent events in France we have decided to remove our weapons section and we are going to disallow weapons on our market completely.” Unfortunately, not all dark web marketplace administrators are so troubled by their conscience.
It may well be the case that firearms and other weapons account for a small proportion of the illicit goods and services sold on the dark web, but the potential danger they pose is deeply troubling, regardless of whether that risk is associated with terrorism, organised crime or lone buyers. While guns currently account for a tiny percentage of dark web listings, a report published by think tank the RAND Corporation in July revealed that weapons dealers who sell their goods on hidden marketplaces are “increasing the availability of better performing, more recent firearms for the same, or lower, price, than what would be available on the street or the black market”. The study also found that dark web firearms sellers are dismantling the guns they sell and then sending components to customers separately in a bid to avoid detection. Researchers found that the sale of guns and related products generated 136 sales a month on the dark web, bringing dealers a monthly revenue of $80,000.
The recent closure of major dark web marketplaces seems to have done little to slow buyers’ demand for weapons on hidden marketplaces, with two teenagers being arrested in the Netherlands last month for attempting to order a gun online, and Australia’s Daily Telegraph warning that more people in the country are buying firearms from dark web dealers than ever before. If anything, the range of weapons available on the dark web is growing, with the UN warning that terrorists might soon be able to purchase 3D printing technology that would allow them to print their own guns from hidden marketplace dealers. As a consequence, it feels almost inevitable that it will not be long before another mass-casualty terror attack will be carried out with weapons purchased from the dark web.
Virgin Media customers could face sextortion scams after exposed database links them to porn
Security researchers have revealed that a database left unsecured by UK cable TV and telephone company Virgin Media contained information linking some of its customers to adult and gore-related websites.
Cyber security firm TurgenSec said earlier this month that the insecure database contained the details of some 900,000 of the firm’s customers, and that this had been accessed on at least one occasion by an unknown user.
Responding to TurgenSec’s findings, Virgin apologised to customers affected and said in a statement that the database contained only “limited contact information”.
“To reassure you, the database did NOT include any passwords or financial details, such as bank account number or credit card information,” the company said.
In a statement on its website, TurgenSec questioned Virgin’s description of the insecure database as containing only “limited contact information”, noting that it did in fact carry information linking customers to “[r]equests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses”.
The database is also said by TurgenSec to have contained IMEI numbers associated with stolen phones and information relating to subscriptions to Virgin’s services, including “premium” components.
If the database was accessed by hackers, customers whose names were linked to pornographic websites could be targeted by sextortion fraudsters.
TurgenSec said Virgin’s characterisation of the contents of the database as “limited contact information” was “disingenuous”.
“This breach is an important case study in the wider debate of responsible disclosure and how companies should behave to encourage a positive cyber security research culture,” TurgenSec said.
Sextortion fraud involves online scammers contacting victims claiming to be in possession of compromising sexual imagery or film of them, or information linking them to pornographic websites or material.
The scammers then threaten to post the content or information online or send it to friends, relatives and associates of the victim.
Back in January, online security firm vpnMentor revealed that porn cam network PussyCash had exposed the details of thousands of “models” across the globe.
The leak exposed more than 875,000 files, which included photographs of models in which their faces were visible accompanied by personal information including full name, date of birth and passport information.
vpnMentor noted that some of the images that had been exposed in the leak were up to 20 years old, suggesting that some of the models might have left the adult web cam world behind.
ASEAN nations hit by data breaches, ransomware attacks and cryptojacking last year, Interpol says
Southeast Asia experienced “significant” levels of cyber crime in 2019, including major data breaches, crippling ransomware attacks and a huge rise in cryptojacking, according to a new report from Interpol.
In its ASEAN Cyberthreat Assessment 2020, the International law enforcement agency revealed that the region saw an increase in botnet detections and the hosting of Command and Control (C2) servers in the first half of last year.
Interpol also said phishing campaigns increased in both quantity and sophistication, using advanced social engineering techniques.
Data obtained by Interpol’s private partners for the report showed that the region suffered 5% of global business email compromise (BEC) attacks, with Singapore and Malaysia recording the highest BEC cases of all ASEAN countries (54% and 20%, respectively).
Over the first half of last year, Southeast Asia saw a 50% rise in banking malware attacks compared to the whole of 2018, with prominent malware families such as the Emotet16 banking Trojan shifting from banking credential theft to the distribution business.
Elsewhere, the increasing popularity of cryptocurrencies such as Bitcoin resulted in the rise of crypto-ransomware and cryptojacking, the latter of which involves hackers exploiting unsuspecting computer users’ processing power and bandwidth to mine virtual currency after infiltrating their systems using purpose-built malware.
The Interpol ASEAN Cybercrime Operations Desk concluded its report by vowing to enhance cyber crime intelligence for effective responses to cyber crime in the region, strengthen cooperation for joint operations against cyber crime, and develop regional capacity and capabilities to combat cyber crime.
Commenting on the contents of the report, Interpol’s Director of Cyber Crime Craig Jones said: “In today’s highly digitalised world, the sooner countries are aware of a threat, the sooner they can take steps to mitigate the risk and minimise the cyber threats coming from all directions.
“To this end, we encourage law enforcement in all countries to be actively engaged in collective efforts against these threats, particularly through sharing intelligence and the formulation of a joint operation framework to effectively reduce the global impact of cybercrime.”
They used intelligence obtained from police and partners in the cyber security industry to identify a global cryptojacking campaign facilitated by hackers in the region through the exploitation of a vulnerability in MikroTik routers.
Interpol’s Operation Goldfish Alpha also sought to raise awareness of what is a relatively unknown crime in the region, and teach local law enforcement agencies how to deal with it effectively.
Irish researchers use network analysis to help Brazilian police identify dark web paedophiles
A team of researchers from Ireland’s University of Limerick is helping police in Brazil disrupt the distribution of indecent images and videos of children on the dark web.
The group of mathematicians led by Dr Bruno da Cunha used network analysis to assess the effectiveness of Operation Darknet, a Brazilian Federal Police operation that targeted one of the largest dark web paedophile networks ever discovered.
The crackdown, which took place between 2014 and 2016, resulted in the identification and arrest of 182 users of the forum, 170 of whom were distributors, and the rescue of six children.
In research published in Nature’s Scientific Reports journal, Da Cunha and his team explain how effective the police operation was at identifying offenders.
While examining this, the researchers identified patterns that could help investigators determine which paedophile offenders to go after when probing similar dark web forums in the future.
In a statement, Dr Pádraig MacCarron, a postdoctoral researcher who worked on the analysis, commented: “Network analysis has previously been applied to drug trafficking networks and terrorist networks to identify structural weaknesses and key figures in these illicit networks.
“The dark web network in this study, however, was much more dense – as in there were more connections between users than normal – making it more difficult to breakdown using traditional network methods. It was found that the 60% of those core 766 distributors would need to be removed to completely fragment the network. This makes the network highly robust.”
The collaboration is believed to have been the first between a Brazilian law enforcement agency and Irish mathematicians.
Operation Darknet, which was launched simultaneously across 18 Brazilian states and the federal district of Brasilia, marked the first time investigators outside of the UK and America had been able to crack a dark web paedophile forum.
Suspects detained during the operation were reported at the time to include retired police officers, civil servants, prison guards and youth football club managers.
The indecent material posted on the site by users in Brazil was shared with paedophiles in countries including Portugal, Italy, Colombia, Mexico and Venezuela.
Speaking with Vice News when news of the site takedown first emerged, Rafael França, Coordinator of Operation Darknet, said: “This is the first time that the Brazilian police has done an operation like this, seeking targets in the darknet.”
- Crooked vendors exploiting flaw in eBay’s feedback system to con buyers into purchasing bogus and dangerous items
- Major ‘lover boy’ prostitution gang broken up by coalition of European law enforcement agencies
- Taking cocaine will not cure people struck down with the coronavirus, French government warns public
- US politicians call for state action against Pornhub over allegations it hosted rape and child abuse videos
- Californian border officers catch Mexican man with enough fentanyl to kill 1.2 million people