Category Archives: Dark Web

We deal with all the topics on the Dark Web as well as all its excesses.

Dark Web: a hack that resulted in the theft of 600,000 credit card numbers

That digital data theft isn't just about legitimate platforms.

Indeed, it was reported by the specialized online media Bleeping Computer, that a black market on the dark web was allegedly hacked. Those responsible for this computer hack managed to steal several digital data that were being sold illegally on the platform in question. Among them personal data but also financial data. Let's talk about financial data. More than 600,000 credit card numbers in the summer stolen during this hacking. With what they have just undergone, it is unlikely that the initiators of this platform can still reopen.

This article will also interest you: The French have their data sold on the black market of the Dark Web

The store targeted by the computer attack is known as Swarmshop. It is specifically designed to market information and digital data illegally. People who tend to visit this online store go there to get stolen credit card numbers, personal data, exchange cryptocurrency or buy PayPal. The group-IB's cybersecurity specialists, those who discovered this unusual computer attack on March 17, have not failed to bring to the attention a less funny situation.

On another cybercriminal forum, it was possible to have access to the contents of this stolen database. Computer security experts say it contains certain data such as:

– nicknames,

– passwords,

– the coordinates,

– the activity history of The sellers' directors and buyers of Swarmshop.

"All sellers have lost their goods and personal data. It is unlikely that the card shop will reopen," the Group-IB security researchers said in their reports.

For clarification, it should be mentioned the fact that Swarmshop online platform that gather a community of nearly 12,000 illegal traders of the dark web.The computer attack that targeted him is not the first of its kind. In 2 years this is the second attack that targets platforms of this kind.

In addition, the database that is put up for sale by hackers contains 623,036 credit card numbers specifically. These credit card numbers come mainly from countries such as:

– the United Kingdom

– the United States

– France

– Singapore

– Saudi Arabia

– Brazil

– China

– Canada

– Mexico.

Group-IB researchers were able to demonstrate that "498 online bank account identification documents and 69,592 U.S. Social Security numbers and Canadian social insurance numbers." With such data, cyber criminals have the opportunity to initiate multiple computer hacks or acts of malice.

At this time, the hackers behind this computer attack have not yet been identified. We still don't know why they might have been motivated.

Now access an unlimited number of passwords:

Check out our hacking software

Medical data: Hundreds of French patients see their data given on the Dark Web

In a recent report published on 22 February, the French company specializing in cyber, CybelAngel highlighted the commercialization of pirated medical data.

The key to this report is the marketing of a file containing apartment data to nearly 500,000 patients of French origin according to Challenges.

The published report sets out three examples in which one can find in forums of French, Russian or Anglophone hackers, or a database such mentioned above is in heavy circulation. Report states in these terms that what is most surprising in all this is the presence of "500,000 French hospital data put online for free, whereas it could bring in several thousand euros. ». Apparently it was a document that consisted mainly of: "name, first name, email address, telephone number and patient health data (social security number, blood type, treating physician, etc.)", and also several medical examinations carried out by patients.

This article will also interest you: Medical data leaks: check if you are affected by the massive leakage of health data

In fact, it was people who had bought this data beforehand, who then went back online for the purpose of reselling it. The original supplier in view of this then decides to publish them for free. "Sharing will continue as long as some people sell what they bought me," he notes.

According to CybelAngel, there is a good chance that files that have been put up for sale contain data that may have been recovered during the attacks on several hospitals and mutuals, namely the National Hospital Mutual

"I understand that personal data can be interesting for advertising targeting. But I don't really see what they can do with social security numbers, blood type, etc… Would anyone have any idea of the real interest that people/groups/companies can find in buying this? " stresses a security expert. It can be used to do well-crafted phishing.

Someone who has a lot of very personal info that normally only a hospital or doctor owns can quite easily pass himself down as someone you trust.

Like, "Hello, Mr. X, do you have the No. XXX social security number? you made such a medial act on January 12, but we have a problem with the accounting, it lacks 100 …" ». Explains the latter. It won't work for sure, but statistically, it's probably more efficient and credible than the millionaire uncle who wants to share his fortune of 10 million euros against a small transfer … And if they come across an elderly person, they can go further, like, "You can check your Ameli account? If you're having trouble, I can do it for you… He concludes.

As for the cause of the leak, an investigation by the Media CheckNews was able to identify the source of the data leak. According to the latter, the problem originates in medical biology laboratories. These laboratories have in common the use of software known as Mega-Bus, an outdated computer program but still in commercialization. It would be managed by the company, Medasys, a subsidiary of the French group Dedalus France. The same French group that considers itself "Europe's leader in health software solutions" was implicated last year in a scandal involving a whistleblower that it allegedly fired for "serious misconduct". He had warned the authorities of computer security problems affecting several programs provided by the group. Vulnerabilities that would allow "anyone could access the extranet, from the web. This included access to tickets opened by hospitals and customer laboratories."

The data concerned here was allegedly stolen between 2015 and 2020 in several medical analysis laboratories in the localities of Morbihan, Côtes-d'Armor, Eure, Loiret and Loir-et-Cher.

When the laboratories were contacted, all unanimously responded that they had not been informed by anyone of the data leak.

As for Dedalus France, the hypothesis is plausible: "Mega-Bus is an old solution. If customers are still using it, it must be the last because it is no longer sold or maintained. Most customers of this system are migrating or have already migrated. »

As a reminder, it should be noted that the file contained information that was quite medically sensitive and personal. Indeed there was information about:

Pregnancy

– Drug treatments

– Medical conditions or even HIV-positive conditions of the patient)

The worst part is that the data wasn't even encrypted.

Now access an unlimited number of passwords:

Check out our hacking software

How our personal data is marketed on black market sites

On one of the world's leading data resale services, Genesis, nearly tens of thousands of people-owned information has been recorded.

How several Genesis platforms a little space specialized in the resale of profiles of Internet users. Of course the activity is illegal because it facilitates online identity theft.

This article will also interest you: The French have their data sold on the black market of the Dark Web

Generally this is a question that Internet users almost never ask. It's about where the data that's stolen during computer hacks goes. What do cyber criminals do with this information? What good could that do them do? yet these are issues that are essential in an effort to master the computer world and its threats.

In most cases, the personal data that is stolen during the various assaults, intrusions or phishing campaigns carried out by cyber criminals, we go where it is easy to monetize them. That is, on the Darkweb, the dark side. According to some estimates by computer security specialists, it is possible to find nearly 15 billion of the personal information available on the Darkweb. About $5 billion if you simply remove the duplicates.

And among its main services is Genesis, which looks like a huge online commerce platform typically specialized in reselling computer data. A platform that can only be accessed with just one click. The service is so professionalized that it offers its customers an after-sales service, sophisticated and responsive to meet the needs of customers as simply and efficiently as possible. An illegal service that was built around the resale of users' personal information.

Let's talk about digital profiles available on sites such as Genesis, including social security numbers, identity cards, passwords or other credentials, not to mention email addresses. In other words in any information that can allow cyber criminals to initiate identity theft actions. And the ability to get on Genesis, and other sites of the same ilk, Bots.

"A bot aggregates all the information that malware has been able to extract from a victim's computer: login credentials, usernames and passwords, but also more sophisticated information, including banking data, social network identifiers. Their average price is around $20 but can go up to $200, depending on the quality and scarcity of information," Emily Yale, data scientist at computer security company Shape Security.

We need to clarify one last one. Information purchased or sold on such platforms is not frozen information. "By purchasing a bot, hackers get the ability to generate a fingerprint that will fit into the web browser used, to fake a connection from the victim's computer. ». As if the service wasn't perfect enough, the bots provided by the platform are continuously updated, as long as the infected terminal is still in operation.

This means that even by changing your password so as to make sure you don't get hacked, it's hardly lost. Because the password can be easily known by cyber criminals, with the financial consequences that often result.

Platform like Genesis can only be accessed by invitation. However making purchases of credentials remain fairly simple as if you are buying something on an online shop. Services that unfortunately continue to grow in popularity.

"A year ago, between 120 and 130,000 bots could be purchased in this market place. At a glance, we can notice that there are now nearly 320,000. And those numbers are changing very quickly. It is very legitimate to think that the number of victims continues to grow," says Emily Yale.

According to figures provided by F5, more than 40,000 French people would have given them identification available on Genesis.

It should be voted that users who often find themselves trapped in this kind of profile marketing system. If the FBI is on the spot, the fact remains that the procedure can be expensive.

Now access an unlimited number of passwords:

Check out our hacking software

Computer hacking victims recognized in images on the Dark Web

Last week, the U.S. Homeland Security Administration publicly announced that some of the images available on the internet were videos that could identify travelers.

This article will also interest you: Data Leaks: several billion login data available on the Internet without any protection

These videos were allegedly hacked and published on the Dark web. In short, there are also pictures of the faces of travellers where you can clearly see faces, license plates or other information about their health. According to the Department of Homeland Security, the data leak was located with a customs and border control subcontractor called Perceptics.

The hacked information is indeed available on the Dark Web. Yet in the early days of the data leak, the U.S. Department of Homeland Security had formally denied this. According to a statement from a report prepared by the office of the U.S. Inspector General on the computer incident, nearly 184,000 images were stolen by hackers. The office then acknowledged that there were 19 images available on the dark side of the Internet.

According to the report, the data leak was facilitated by a lack of organization and security of sensitive data, which is available on an unencrypted device of the Customs and Border Protection.

The report stated that: "Customs and Border Protection (CBP) did not properly protect sensitive data on an unencrypted device used during its facial recognition technology pilot project."

This incident, it should be noted, in some ways will have a significant impact on public confidence in the U.S. government on the security issue. Travellers may begin to refuse certain controls on their biometric data at the level and customs services. The report states: "This incident may undermine public confidence in the government's ability to safeguard biometric data and may result in a reluctance of travellers to allow DHS to enter and use their biometric data at U.S. Customs."

Several technologies are used in the processing and analysis of biometric data of travellers by CBP. In particular, there are devices used for facial recognition, cameras to make images of vehicles as well as faces crossing the border. The data is then collected and collected in different computers. The entire system allows the Department of Homeland Security to be able to control inflows and exits from U.S. territory or easily search for criminals on the run, as well as terrorists.

Apparently, the biometric data set collected is analyzed by the Department of Homeland Security: "contains the biometric data repository of more than 250 million people and can process more than 300,000 biometric transactions per day. This is the largest filing of biometric data by the federal government, and DHS shares this repository with the Department of Justice and the Department of Defence. ».

Deployments of such a biometric analysis device and necessarily expensive. So we can imagine the budget for all this work. Involving a developed network of contractors and subcontractors. Perceptics is one of those private companies involved in this technology production chain. Its role is mainly to process images of faces as well as vehicles that have been captured at the toll posters. Moreover for this reason the report mentioned its involvement in this data leak because of the presence of vehicle license plates on the Dark web.

"A subcontractor working on this project, Perceptics, transferred copies of CBP's biometric data, such as passenger images, to its own corporate network," the report said. In addition, the U.S. Department of Homeland Security noted that "later in 2019, DHS experienced a major privacy incident, as the subcontractor's network was subjected to a malicious cyber attack."

In addition, the person responsible for this incident is a hacker known as Boris Bullet-Dodger.

Now access an unlimited number of passwords:

Check out our hacking software

Access to business networks is for sale on the Dark Web

Recently, Digital Security specialist Positive Technologies published the report of a study it conducted on the illicit trade in access to computer networks in companies.

This report has been made available to the public since May 20. In this article, we will give you the content of this search.

This article will also interest you: 7600 websites of the Dark web offline after the attack of their host

According to the Positive Technologies report, attacks on enterprise computer network access have increased by almost 19% over the past decade, and this is observed every year. In the dark side of the Internet, that is, the Dark Web, it is possible to discover a market of this phenomenon more than illegal. Malicious software and other computer services can be obtained for anyone interested in smuggling into corporate networks. Taking into account the deep meaning of the Dark Web that brings together exploits, software and even references, most often illegal, it allows people of bad intentions to have illegal control over several remote terminals. In other words, cyber criminals going through the Dark Web, could have access to an apartment web server to a business, a workstation and even a confidential database.

To do this, hackers will investigate to find any security vulnerabilities around the perimeter of the targeted company's network. It could be un-updated software, a web application that is not protected. The password is not tough enough or a server misconfigured. When they are able to collect this kind of information, they can steal transfer or market it to other hackers. But it's not hackers who buy this kind of data. Competitors or other persons with any interest may also become customers of information thieves. Sometimes, when customers of a network of cybercriminals, are willing to pay commissions of up to 30% profit, for the computer attack of a business infrastructure, in annual turnover exceeds in the $500 million.

The Positive Technologies report indicates that more than 50 accesses to the computer network of very large companies, were put up for sale on the Dark web at the end of 2019. The victims were partly from a company with annual sales in excess of hundreds of millions of dollars. It was reported that U.S. companies alone made up one-third of the victims. This made them the main targets of cyber criminals. Behind her were italian and British companies, which each accounted for 5.2% of the victims. Subsequently, Brazilian companies were up to 4.4%, followed closely by the Germans by 3.1%.

In addition, the Positive Technologies report showed that hackers sold access to the network of professional companies in the United States primarily, with 20% closely followed by industrial companies at 18%. Government institutions follow closely with 14.8%. In contrast, in Italy, industrial companies are the most exposed with 25%, followed by professional services companies to the tune of 17%. In Brazil, the change is also taking place because government institutions are leading the way with 20% of exposures closely followed by professional services companies at 17%. The United Kingdom is in much the same trend as the United States with professional services companies leading the exposures with 33%. But this time, the education science sector comes in second with 25% of exhibitions. Finance closes the market with 17 percent. In Germany, 29% of sales of access to computer networks are for IT companies and professional services companies. Finally Australia, which is the least exposed compared to the others, where the bulk of access sales generally concerned, the system of government or companies affiliated with science and education.

In addition, the catch required when selling its access can range from $500 to $5,000. The average generally perceived by cyber criminals is $5,000. This clearly highlights the fact that large companies are a real source of money for cyber criminals.

Now access an unlimited number of passwords:

Check out our hacking software