Connect with us

Cyber

The danger of dark web weapons dealers

Published

on

dark web weapons dealers

The closure of a number of online hidden marketplaces over the course of the past few years has proven that the dark web does not perhaps offer the protection and anonymity that many once thought it did. From the capture of original Silk Road mastermind Ross Ulbricht back in 2015, to the closure of AlphaBay and Hansa earlier this year, some of the administrators of these illicit websites have discovered to their cost that law enforcement agencies across the world can and will deploy considerable resources towards bringing them to justice. For some traders, the perceived risks associated with using the dark web have become so high they have abandoned hidden marketplaces altogether, preferring instead to shift their dodgy online businesses to encrypted messaging apps such as WhatsApp and the lesser-known Discord. However, recent history has showed that as soon as one dark web marketplace is closed down, another pops up to take its place. Failing that, sellers simply move their operations to another illicit marketplace that is still in business, often taking their username and reputation with them. As a result, the demise of the dark web trade in illicit goods and services looks to be a long way off.

While most listings on hidden illicit marketplaces are dedicated to drugs, buyers can use the dark web to get hold of child sexual exploitation material, stolen credit card information, fake IDs and hacking services, among an array of other illegal items. More worryingly, all manner of lethal weapons can be purchased from dark web marketplaces by anybody who has the rudimentary technical knowhow to find them. Only last week, a British teenager was found guilty of attempting to buy powerful explosives on the dark web. Officers from the UK’s National Crime Agency (NCA) intercepted the vehicle-borne improvised explosive device (VBIED) and replaced it with a dummy bomb before allowing it to be delivered to Gurtej Randhawa. The 19 year-old is facing a lengthy jail term when he sentenced in January next year. The NCA said Randhawa had no links to terrorist groups or organised crime, but the ease with which he was able to procure such a destructive weapon, which police said could have killed many people if it had been detonated, was extremely concerning – not least in light of the heightened threat many countries across the world are facing from Islamist extremists and a resurgent far right.

In an example of how dangerous weapons being sold on the dark web can be if they fall into the wrong hands, the 9mm Glock used by Munich gunman Ali Sonboly, who killed nine people and then himself during a marauding firearms attack at a shopping mall in the city last summer, was discovered to have been bought from a hidden marketplace. Police examining Sonboly’s digital devices were able to establish that the pistol was most likely smuggled into Germany from Slovakia, which like many countries in Eastern Europe is awash with firearms left over from the Yugoslav Wars. Although the weapons used in the November 2015 Paris attacks were not proven to have been procured on the dark web, some hidden marketplaces removed their weapons listings in the wake of the atrocity, during which 130 people were killed by jihadi terrorists. In a message to its buyers after the assault, Nucleus said: “Dear users, in the light of recent events in France we have decided to remove our weapons section and we are going to disallow weapons on our market completely.” Unfortunately, not all dark web marketplace administrators are so troubled by their conscience.

It may well be the case that firearms and other weapons account for a small proportion of the illicit goods and services sold on the dark web, but the potential danger they pose is deeply troubling, regardless of whether that risk is associated with terrorism, organised crime or lone buyers. While guns currently account for a tiny percentage of dark web listings, a report published by think tank the RAND Corporation in July revealed that weapons dealers who sell their goods on hidden marketplaces are “increasing the availability of better performing, more recent firearms for the same, or lower, price, than what would be available on the street or the black market”. The study also found that dark web firearms sellers are dismantling the guns they sell and then sending components to customers separately in a bid to avoid detection. Researchers found that the sale of guns and related products generated 136 sales a month on the dark web, bringing dealers a monthly revenue of $80,000.

The recent closure of major dark web marketplaces seems to have done little to slow buyers’ demand for weapons on hidden marketplaces, with two teenagers being arrested in the Netherlands last month for attempting to order a gun online, and Australia’s Daily Telegraph warning that more people in the country are buying firearms from dark web dealers than ever before. If anything, the range of weapons available on the dark web is growing, with the UN warning that terrorists might soon be able to purchase 3D printing technology that would allow them to print their own guns from hidden marketplace dealers. As a consequence, it feels almost inevitable that it will not be long before another mass-casualty terror attack will be carried out with weapons purchased from the dark web.

Continue Reading

Articles

25 million Android devices infected with malware that swaps legitimate apps for bogus ad-filled versions

Published

on

25 million Android devices infected with malware

Security researchers have discovered a new form of malware designed to infect Android devices and replace legitimate apps with malicious versions that show fraudulent ads.

Analysts at Check Point Research, who have named the malware Agent Smith after a fictional character from the Matrix film franchise, believe the malicious software has already infected as many as 25 million devices across the US and India.

The malware, which disguises itself as a Google-related application, is said to exploit known Android vulnerabilities to automatically replace installed apps with malicious versions that show device users ads selected by hackers who profit financially from their views.

Check Point notes that while the software is currently only being used by cyber criminals to profit from ad views, it could be adapted to steal personal and banking information, or turn Android handsets into remote listening devices.

The online security firm has withheld the identity of the malicious actor behind the malware after passing information to Google and law enforcement agencies.

In a statement, Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point Software Technologies, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith’.

“In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps.”

Earlier this month, CSIS Security Group published information about a separate piece of malware that it claims has infected more than 10 million Android devices made by South Korea’s Samsung.

The bogus Updates for Samsung app, which had been downloaded by millions of users before being pulled from the Google Play store, purported to manage firmware updates that improve and secure the running of Samsung devices.

In reality, the app simply directed users to an ad-packed website that charged for the download of firmware updates.

In a statement, Google said: “Providing a safe and secure experience is a top priority and our Google Play developer policies strictly prohibit apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data. When violations are found, we take action.”

Continue Reading

Articles

Hacked medical information now among most valuable data offered on dark web, new study reveals

Published

on

hacked medical information

Hackers are increasingly attempting to attack healthcare organisations in a bid to steal valuable data they hold on their IT systems, according to a new report from online security company Carbon Black.

A survey conducted by the firm revealed that 83% of healthcare organisations have witnessed an increase in cyber attacks over the course of the past year, and that two thirds (66%) said hacking attempts had become more sophisticated over the last 12 months.

The study found that stolen records from healthcare providers have become one of the most valuable data assets sold on dark web illicit marketplaces, and that such records can change hands for three times as much as general consumer personally identifiable information (PII).

According to the poll, Carbon Black’s healthcare customers saw an average of 8.2 attempted cyber attacks per endpoint each month last year, with 45% stating they had encountered hacking attempts in which the primary motivation was the destruction of data over the same period.

Analysis of stolen medical data offered on dark web marketplaces conducted by Carbon Black revealed that information that would allow criminals to pose as doctors was among the most expensive data listed, with malpractice insurance documents, medical diplomas, board recommendations, medical doctor licenses and DEA licenses on offer for as much as $500.

Meanwhile, forged prescription labels, sales receipts and counterfeit or stolen healthcare cards that could allow criminals to illegally obtain prescription drugs were found to sell for considerably less, and are typically being offered for between $10 and $120 per record.

Hacked health insurance login information is cheaper still, Carbon Black discovered, costing less than $3.25 per record on average.

Describing how cyber criminals are able to monetise the data they steal from healthcare organisations, the report says: “A hacker compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity.

“The hacker then sells to a buyer or intermediary (who then sells to the buyer) for a high enough price to ensure a return on investment, but low enough to ensure multiple people buy the item.

“The buyer poses as the stolen doctor’s identity and submits claims to Medicare or other medical insurance providers for high-end surgeries.”

The report was published as US clinical laboratory Quest Diagnostics admitted that a third-party billing company may have exposed personal and medical records belonging to 11.9 million of its patients.

Quest said earlier this week that the American Medical Collection Agency (AMCA) had informed it that an unauthorised user had accessed its systems, which contained data on patients who had used Quest’s services.

Continue Reading

Articles

UK police warn TV streaming pirates of prosecution risk ahead of major football matches

Published

on

UK police warn TV steaming pirates

Police in London have warned internet pirates who illegally share live coverage of sporting events from a television subscription service online that they could face prosecution and a large fine.

Cautioning illicit streamers that investigators are able to shut down illegal online live broadcasts of major sporting occasions such as this weekend’s Europa League and Champions League finals, City of London Police highlighted the case of a man from Bristol who was forced to hand over more than £16,000 ($20,200) after he was caught re-streaming content from UK satellite broadcaster Sky Sports.

In October 2017, UK intellectual property protection organisation FACT revealed that Yusuf Mohammed had also been told he must provide information about the profit he made from illegally streaming paid-for content online, and reveal details of people he colluded with while doing so.

The City of London Police’s Intellectual Property Crime Unit (PIPCU) noted that an EU Court of Justice ruling made in April 2017 means that offenders caught illegally sharing paid-for content online can have their subscription accounts terminated immediately and expect to be prosecuted and fined.

Waning that members of the UK public should be aware that misusing their TV subscriptions has serious repercussions ahead of this weekend’s highly-anticipated football clashes, Detective Chief Inspector Teresa Russell, head of PIPCU, said in statement: “The UEFA Champions League is just one in a number of high profile sporting events each year, but don’t let your eagerness to tune in make you commit a crime.

“By illegally streaming the match, you never know when the site is likely to be shut down. It could be at a crucial point in the match! In fact, enforcement agencies and companies will aim to do just that in an attempt to dissuade people from using illegal sites in the future.”

The warning comes two months after a UK court jailed three men for a total of 17 years after they were found guilty of running a pirate streaming service that offered illegal access to live Premier League football matches.

Steven King, Paul Rolston and Daniel Malone were sent to prison after Warwick Crown Court heard they made over £5 million ($6.29 million) over the decade during which their scam lasted.

Ringleader King was handed a seven-year-and-four-month sentence, while Rolston was jailed for six years and four months, and Malone for three years and three months.

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares