The dangers that lurk on the Dark Web. Many people who have visited have said they have seen things they never wanted to see. We take you there.
We explain why it’s so important for everyone to know what’s there since we provide a roadmap to you, your family and the brands we all serve
These are the true crime stories about what happens when we shine a light on the Dark Web.
- What’s Public & For Sale on the Dark Web
- RENT-A-HACKER
- Applying for a job with a Cybercrime Gang.
- Staggering new reports and shocking stats
- Practical ways to avoid your data being sold
Hope you listen and hope you download all our episodes. New episodes on Mondays (plus bonus episodes!)
*
I wrote Moving Target because overconfidence is the enemy. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes and Noble, and more.
I wrote the Moving Target Trilogy because overconfidence is the enemy. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes and Noble, and more.
Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out at DMauro@NetGainIT.com or find more at www.NETGAINIT.com
New Exclusive Offers for our Listeners!
New non-fiction Book Series is out!
- Moving Target: The Art of Online Camouflage drops April 14.
- Moving Target: The Obedient Machine drops April 21.
- Book 3 -- Ghost and the Machine -- out soon!
🔥 4 years. 400+ interviews. Available on Amazon. We are all Stevie Parker.
Remove Your Data Online Today. Consider OPTERY Risk Free. Sign up here https://get.optery.com/DMauro-CyberCrimeJunkies
Or Turn it over to the Pros at DELETE ME and get 20% Off! Remove your data with 24/7 data broker monitoring. 🔥Sign up here and Get 20% off DELETE ME
🔥Experience The Best AI Translation, Audio Reader & Voice Cloning! Try Eleven Labs Today risk free: https://try.elevenlabs.io/gla58o32c6hq
===========================================================
Learn to stop cyber crime. ~Cyber Crime Junkies
[00:00:01] [SPEAKER_00]: Imagine setting yourself apart from the competition because your organization is always secure,
[00:00:07] [SPEAKER_00]: always available and always ahead of the curve. That's NetGain Technologies, your total one
[00:00:15] [SPEAKER_00]: source for cybersecurity, IT support and technology planning. Picture picking up the
[00:00:21] [SPEAKER_00]: phone and having decades of technology and cybersecurity expertise on the other end like
[00:00:25] [SPEAKER_00]: a bat phone but with a team of specialists ready to make your business faster, easier and
[00:00:31] [SPEAKER_00]: more profitable. Since 1984 NetGain Technologies has designed, built and implemented customized
[00:00:38] [SPEAKER_00]: technology solutions for businesses of all kinds. They offer a clear roadmap and security
[00:00:44] [SPEAKER_00]: plan to keep threats at bay, all at a predictable, affordable monthly cost. NetGain Technologies
[00:00:51] [SPEAKER_00]: supports organizations across the United States providing the benefits of a fully staffed in-house
[00:00:58] [SPEAKER_00]: IT department and security team at a fraction of the cost. Get peace of mind, get competitive,
[00:01:07] [SPEAKER_00]: get NetGain. Contact NetGain today at 844-777-6278 or reach out online at netgainit.com. That's
[00:01:18] [SPEAKER_00]: NetGainIT.com and get ahead of your competition today.
[00:01:26] [SPEAKER_01]: All right, so today's story is really cool. And when David and I began researching it,
[00:01:31] [SPEAKER_01]: every time we peeled back the onion, it got crazier and crazier. So in today's story,
[00:01:36] [SPEAKER_00]: we're going to review and shine a light on the dark web. We're going to discuss what's
[00:01:42] [SPEAKER_00]: available on the dark web. We're going to share a story of some people that have kind of
[00:01:47] [SPEAKER_00]: had some fun there in terms of applying for a job with a ransomware cyber crime gang
[00:01:55] [SPEAKER_00]: and tell you what that looks like because that really happens. And we're going to start off by
[00:02:01] [SPEAKER_00]: kind of explaining what it is, why it's there and some of the dangers that it shows. But
[00:02:10] [SPEAKER_00]: like anything else, the dark web is an aspect that in order to keep yourself, your family
[00:02:16] [SPEAKER_00]: and your organization's brand secure, we all have to know about it. It's just like any other
[00:02:22] [SPEAKER_00]: danger. It's why we put locks on our doors and lock our windows, right? Because we don't want people
[00:02:27] [SPEAKER_00]: that don't belong there to have access. Well, if we don't know about this and we don't know
[00:02:31] [SPEAKER_00]: where it is and what is out there, then we're not going to know how to protect ourselves online.
[00:02:36] [SPEAKER_00]: And that is the purpose of this. So the reason this matters is twofold. One,
[00:02:41] [SPEAKER_00]: when we did our research into the dark web, you'll find that all of the dark web
[00:02:48] [SPEAKER_00]: multiplic places and the websites that have the cyber gangs, the cyber gangs, they have walls of
[00:02:56] [SPEAKER_00]: shame. They publicize all of the data records, the images, driver's license, social security
[00:03:02] [SPEAKER_00]: numbers, the private intellectual property, the finances, the HR information, the healthcare
[00:03:07] [SPEAKER_00]: records. So on the dark web, that wall of shame is what gets released and sold and leveraged
[00:03:15] [SPEAKER_00]: in subsequent data breaches against individuals of organizations and the organizations themselves.
[00:03:22] [SPEAKER_00]: But even more so is many states now, many attorney general's offices and state governments
[00:03:29] [SPEAKER_00]: also have walls of shame in their own sense. Like for example, throughout the United States,
[00:03:36] [SPEAKER_00]: there are about 15 different states from Indiana, Hawaii, California, Texas, Montana,
[00:03:41] [SPEAKER_00]: and Hampshire, North Dakota, Oklahoma, Oregon, New Jersey, Vermont, Wisconsin, and more.
[00:03:48] [SPEAKER_00]: They all publicize the data breaches that they have become aware of. And in addition to that,
[00:03:57] [SPEAKER_00]: they show when the data breaching occurred and then when they were notified. And oftentimes
[00:04:02] [SPEAKER_00]: you'll see that's six to eight to nine months later. And then it also says the number of people,
[00:04:08] [SPEAKER_00]: the number of records involved. And the reason this matters is that wall of shame interferes with
[00:04:14] [SPEAKER_00]: organizations ability to build their brands because other organizations that are going to have
[00:04:19] [SPEAKER_00]: these organizations that have been subject to a breach as as vendors, they don't want to do
[00:04:24] [SPEAKER_00]: business with. And you'll see a lot of companies today look to both the dark web as well as
[00:04:30] [SPEAKER_00]: the government posted walls of shame to actually do a deep inquiry into that. Why? Because
[00:04:41] [SPEAKER_00]: should they not have fixed their systems and updated things? And should they wind up getting
[00:04:46] [SPEAKER_00]: breached, they could leverage that breach into attacking themselves, into attacking the
[00:04:51] [SPEAKER_00]: individual organization that is looking to buy those products or services.
[00:04:55] [SPEAKER_00]: And on the video for video watchers, we just showed some of the wall of shame of one of the
[00:05:03] [SPEAKER_00]: Ragnar locker on the dark web, their wall of shame. And then we also showed a list from one of the
[00:05:10] [SPEAKER_00]: Attorney General's offices that show just in 2022 alone, there's 25 pages of companies that have
[00:05:16] [SPEAKER_00]: been listed and shows the date that it was breached, the date they were notified, all
[00:05:20] [SPEAKER_00]: the people at Rimbaud, the types of markets, etc. But that said, let's give you a general and quick
[00:05:26] [SPEAKER_00]: disclaimer. Basically it's this, please don't go to the dark web yourself. Consider all this
[00:05:31] [SPEAKER_00]: information just for educational purposes. People that have been there, including security
[00:05:35] [SPEAKER_00]: researchers, law enforcement people that we have spoken to have said they have seen things that
[00:05:39] [SPEAKER_00]: they cannot unsee untold videos, posts, and it's really the heart of the unfettered wild west
[00:05:47] [SPEAKER_00]: of criminal activity and a certain element of society that goes there. So again, we're here
[00:05:54] [SPEAKER_00]: to raise awareness not to promote the dark web in any way. So please don't feel free to check out
[00:06:00] [SPEAKER_00]: YouTube, look at our YouTube at cyber crime junkies, check out other YouTube of security
[00:06:07] [SPEAKER_00]: researchers that have gone there and you can get a sense of what is out there. But it's
[00:06:13] [SPEAKER_00]: a place where people go when they don't want to be found, like criminals in general.
[00:06:18] [SPEAKER_00]: Or if they live in a country with strict internet restrictions. And also to go there you need a
[00:06:23] [SPEAKER_00]: specific browser, the Torr browser, TOR, which is like it stands for the onion router.
[00:06:30] [SPEAKER_00]: It was originally set up by federal government to access certain things and to give
[00:06:36] [SPEAKER_00]: people that were in certain countries that had restrictive prohibitions on internet use.
[00:06:44] [SPEAKER_00]: So in the beginning, you know, the internet is a wide open space and most of the internet that we
[00:06:51] [SPEAKER_00]: go to is the surface web. It's only about five to 10% of the entire internet. I don't know if you
[00:06:58] [SPEAKER_00]: were aware of that, but when we get online and we're looking at social media and we're using
[00:07:04] [SPEAKER_00]: our emails and we're checking information out, getting news, communicating with friends and family
[00:07:09] [SPEAKER_00]: and coworkers, that is really the surface internet. In addition to that, the vast amount of the internet
[00:07:16] [SPEAKER_00]: is called the deep web. And the deep web is usually behind credentialed firewalls. It is
[00:07:22] [SPEAKER_00]: academic research, medical records that are behind and encrypted, legal documents, things
[00:07:30] [SPEAKER_00]: like things of that nature, government agency documents, things that aren't open to the public
[00:07:36] [SPEAKER_00]: by simple searches. And again, keep in mind that every time we do a search and we look online,
[00:07:44] [SPEAKER_00]: it's recorded, it's indexed, right? Because it's how the algorithms work. They need to track all
[00:07:50] [SPEAKER_00]: of that so that they can tie your question or your inquiry into the data that is stored in these
[00:07:55] [SPEAKER_00]: banks of information. But when you access the dark web, the whole point of accessing it is
[00:08:02] [SPEAKER_00]: to do so that allows for anonymity. And by using the browsers that allow for anonymity, you're able
[00:08:08] [SPEAKER_00]: to find things that are not accessible through indexed searches. So they use the Tor browser to
[00:08:15] [SPEAKER_00]: your which stands for the onion router. Basically what it does is it spins all of your searches
[00:08:22] [SPEAKER_00]: so that it's not coming from your internet protocol. It's not coming from your IP.
[00:08:28] [SPEAKER_00]: By the time you search using this browser, you may be accessing that the internet from a
[00:08:35] [SPEAKER_00]: server in another country. And by doing that it doesn't tie to you. So yeah, it gives you some
[00:08:41] [SPEAKER_00]: anonymity. So that is part of the reason why a lot of people have thought of using that Tor
[00:08:47] [SPEAKER_00]: browser or similar browsers like that. But there are many other safer, more standard ways
[00:08:54] [SPEAKER_00]: of doing it. For example, any VPN, any virtual private network that you can get right on the
[00:08:59] [SPEAKER_00]: surface web, you can download them for free. Some have paid options and they do a remarkable
[00:09:03] [SPEAKER_00]: job of keeping your searches and your information secure. So those are always recommended. But
[00:09:09] [SPEAKER_00]: when accessing the dark web, it opens up a world of unseemliness and various sites that
[00:09:19] [SPEAKER_00]: really cannot be unseen once you actually see it. And the use and access of the dark web has
[00:09:27] [SPEAKER_00]: dramatically increased in recent years, which is a cause for concern for many people.
[00:09:32] [SPEAKER_00]: In an ID agent report from May, the risk for remote workers has been highlighted,
[00:09:37] [SPEAKER_00]: right? Because as we have more dispersed workforces and they're entering the internet,
[00:09:44] [SPEAKER_00]: oftentimes it creates massive amounts of risk to the organization because they're not all in the
[00:09:50] [SPEAKER_00]: office operating under the network where a corporate network can lock things down.
[00:09:58] [SPEAKER_00]: And this has been proven by the development of all of the data that's been exposed and
[00:10:04] [SPEAKER_00]: for sale on the dark web. When we think about the significance and why the dark web matters,
[00:10:10] [SPEAKER_00]: think about what a data breach is. When the data is taken, there are two basic forms of
[00:10:17] [SPEAKER_00]: extortion that occur to people. The first is let's say a ransomware attack and
[00:10:23] [SPEAKER_00]: cyber crime gangs such as RIVOL or EVIL and others were some of the first to do this
[00:10:30] [SPEAKER_00]: double extortion form. And that is, you know, they lock down your data and then they demand
[00:10:35] [SPEAKER_00]: money, non-traceable money so it's usually in cryptocurrency like Bitcoin to access that data.
[00:10:42] [SPEAKER_00]: But then there's a double extortion, meaning for those that don't pay, they publicize and humiliate
[00:10:49] [SPEAKER_00]: people by selling that data on the dark web. So there's two forms of extortion that occur
[00:10:56] [SPEAKER_00]: in a lot of the data breaches that occur these days. In the ID agent report that we
[00:11:03] [SPEAKER_00]: mentioned earlier, there was an astonishing find on the dark web of 25 just shy of 26 million
[00:11:11] [SPEAKER_00]: active passwords that belonged to employees of Fortune 1000 companies which were available
[00:11:18] [SPEAKER_00]: readily in dark web marketplaces and data dumps. So on the dark web once you get there,
[00:11:24] [SPEAKER_00]: there are marketplaces. One of the most famous one was Silk Road back in the day
[00:11:30] [SPEAKER_00]: where all sorts of illegal activities and illegal products and services can be bought and sold
[00:11:37] [SPEAKER_00]: all through cryptocurrency. We have an entire episode on the Silk Road marketplace
[00:11:44] [SPEAKER_00]: and what that did to people. And in these data dumps, that's where most cyber crime gangs
[00:11:49] [SPEAKER_00]: actually get a lot of their data to leverage it for additional spearfishing. In a semantic
[00:11:55] [SPEAKER_00]: report in September, about 65% of active criminal gangs rely on their spearfishing
[00:12:03] [SPEAKER_00]: powered by the dark web data to launch their attacks. There are also major data leaks and
[00:12:10] [SPEAKER_00]: data dumps found on the dark web meaning this is all the information that has been stolen
[00:12:14] [SPEAKER_00]: in data breaches and that is for sale on the dark web. So one of the biggest ones
[00:12:18] [SPEAKER_00]: was the Rock U 2021 password leak. ID agent reported in June 2021 that a great deal of these
[00:12:28] [SPEAKER_00]: passwords that had been accumulated on the dark web which provided a lot of ammunition for cyber
[00:12:33] [SPEAKER_00]: attacks were listed for sale in these marketplaces. Cyber criminals could easily buy and sell
[00:12:39] [SPEAKER_00]: all of this confidential private information just like it is a commodity.
[00:12:45] [SPEAKER_00]: And it's openly for sale right there on the dark web. In 2020 alone over 60% of the data
[00:12:52] [SPEAKER_00]: that was already on the dark web at the start of 2020 could harm businesses and there was an
[00:12:59] [SPEAKER_00]: additional 22 billion new records added to the dark web marketplace and data dumps just
[00:13:07] [SPEAKER_00]: in that year alone. For example, that Rock U 2021 data leak contained 8.4 billion passwords used by
[00:13:17] [SPEAKER_00]: leading Fortune 1000 company employees all for sale and all available to be bought and sold
[00:13:25] [SPEAKER_00]: and leveraged in further cyber attacks and that was found to have occurred in subsequent years.
[00:13:32] [SPEAKER_00]: So let's talk practically for a second what does this mean? Okay so they have
[00:13:36] [SPEAKER_00]: some data of ours right they've got a password you know we've used it for a couple things but
[00:13:40] [SPEAKER_00]: what does it matter? Well let me tell you a quick story in our security research we came across a
[00:13:47] [SPEAKER_00]: gentleman who called him John and John worked for a company that had been subject to a data
[00:13:53] [SPEAKER_00]: breach didn't think anything of it changed his passwords followed the company you know protocols
[00:13:58] [SPEAKER_00]: and just continued on with his day-to-day. But then two weeks John got a call from
[00:14:04] [SPEAKER_00]: his HR department never a great thing to get called by HR so the first thing out of John's mouth
[00:14:10] [SPEAKER_00]: was okay what did I do and I'm sorry whatever I did well that wasn't why they were calling.
[00:14:15] [SPEAKER_00]: What they were calling about is that there had been an unemployment claim made under his name
[00:14:22] [SPEAKER_00]: and he cleared it up with HR simply by saying obviously I'm still working here and that
[00:14:26] [SPEAKER_00]: didn't happen but what that did was show a couple different things to make that claim
[00:14:31] [SPEAKER_00]: there are so many aspects of John's life that had to be verified in order to proceed with that claim
[00:14:38] [SPEAKER_00]: and all of those had been done. You see in the state where John lives the the government when they
[00:14:47] [SPEAKER_00]: make a and provide payment for an unemployment claim they send out a bank card they mail out a
[00:14:52] [SPEAKER_00]: bank card from a bank that is a card where they can access those funds and liquidate them
[00:14:59] [SPEAKER_00]: and the postal service has a process called informed delivery with informed delivery you're able to see
[00:15:07] [SPEAKER_00]: photographs of the mail that's going to come to your mailbox and what had happened was the hackers
[00:15:12] [SPEAKER_00]: had compromised John's email and saw when the debit card was going to be in his mailbox and
[00:15:20] [SPEAKER_00]: grabbed it before he even got there and were able to spend the money and exercise on that
[00:15:26] [SPEAKER_00]: unemployment claim that had been made under his name even while he was working within a week after
[00:15:34] [SPEAKER_00]: that John got a call from a Verizon store in another state saying that a phone had just been
[00:15:41] [SPEAKER_00]: issued to him and the payment had been declined but they needed to secure payment for him.
[00:15:49] [SPEAKER_00]: Over the next couple months there had already been over 15 purchases from Amazon being shipped to
[00:15:56] [SPEAKER_00]: different addresses in different states all under his name with his credentials and tied to
[00:16:03] [SPEAKER_00]: various credit cards of his as well as certain credit cards that he didn't even know about
[00:16:08] [SPEAKER_00]: and then about six months later John found out in his mail that there was a condominium in
[00:16:15] [SPEAKER_00]: Nevada that had been cashed out in a cash out refi and then they never made the payment so they
[00:16:22] [SPEAKER_00]: had foreclosed on it all in his name all done with a valid state ID that had been obtained
[00:16:30] [SPEAKER_00]: with his name and his credit had been ruined. In addition the time and expense that John had
[00:16:39] [SPEAKER_00]: to do to clean up all of this has taken him over two years and months and months of effort
[00:16:45] [SPEAKER_00]: and heartache for him his family and interfered with his occupation. That's just one example of what
[00:16:54] [SPEAKER_00]: happens in one of the passwords that gets leaked in these big data breaches and as we mentioned before
[00:17:03] [SPEAKER_00]: just in 2020 alone there was over 22 billion new records dumped on the dark web so let's get to
[00:17:15] [SPEAKER_00]: that on dark web. Well there's a lot of different things. PT Security published an article in February
[00:17:20] [SPEAKER_00]: of 2021 about a breakdown of all of the activity in popular dark web forums that they had found
[00:17:28] [SPEAKER_00]: and they found a couple interesting statistics one is an estimated 90 percent of all of the posts
[00:17:34] [SPEAKER_00]: found in these dark web forums are from buyers looking to contract someone for cybercrime almost
[00:17:40] [SPEAKER_00]: 70 percent of the dark web forum hiring posts were looking for cyber criminals to do website hacking
[00:17:47] [SPEAKER_00]: to do social engineering and some others were even like rent a hacker rent a hacker is a is a
[00:17:56] [SPEAKER_00]: well-known location on the dark web where various skilled criminals actually advertise
[00:18:04] [SPEAKER_00]: for their services and then when we digged into certain of the forum posts in the dark web
[00:18:12] [SPEAKER_00]: we found about 7 percent of the forum posts were ads for hackers looking for work
[00:18:17] [SPEAKER_00]: two to five percent were forum posts made by cyber criminal developers who were selling the
[00:18:23] [SPEAKER_00]: tools to be used and about 20 percent of the forum posts were searching for the bad actors
[00:18:30] [SPEAKER_00]: who could obtain specifically targeted user or client databases stay with us we'll be right back
[00:18:40] [SPEAKER_00]: everyone did you ever want to ask us a question directly or communicate give us feedback make
[00:18:46] [SPEAKER_00]: suggestions whatever it is you can now do that direct there's a link in the show notes right
[00:18:53] [SPEAKER_00]: at the top where you can text us directly come communicate with us right here in the podcast
[00:18:59] [SPEAKER_00]: studio or you can text the number 904-867-4466 and text the number 201-4652 and leave your message
[00:19:12] [SPEAKER_00]: that is 904-867-4466 or text the number 204-4652 and leave your message we look forward to talking
[00:19:24] [SPEAKER_00]: to you soon I mean check this out there is a site on the dark web where hackers are selling babies
[00:19:35] [SPEAKER_00]: personal data anything from certain dates of birth like from 1998 to 2008 minors kids have had their
[00:19:46] [SPEAKER_00]: social security numbers their dates of birth their location their parents names their grandparents
[00:19:51] [SPEAKER_00]: names the towns that they live in their addresses all for sale on the dark web so why is that so
[00:19:58] [SPEAKER_00]: significant well it's really really dangerous because most parents don't bother to check their
[00:20:04] [SPEAKER_00]: children's FICO scores when they're still kids because they don't have loans but there are
[00:20:09] [SPEAKER_00]: untold stories of people that as they grow into adults they find various credit cards and
[00:20:19] [SPEAKER_00]: lines of credit real estate all bought in their name even though they were children
[00:20:25] [SPEAKER_00]: because when they're able to be us online they can pay people as us buy things as us and act as us
[00:20:32] [SPEAKER_00]: they take control over our entire digital presence and when you're on the dark web and
[00:20:38] [SPEAKER_00]: you're using these browsers you're able to search for these and find some of these
[00:20:42] [SPEAKER_00]: we've we've posted on on our youtube channel several of the sites that we saw one group that
[00:20:48] [SPEAKER_00]: researchers found is called atlas intelligence group AIG it's also known as like the atlas cyber
[00:20:54] [SPEAKER_00]: army they have a professional looking web page and the advertise for their services what makes
[00:20:59] [SPEAKER_00]: this group more dangerous than others is they recruit cyber mercenaries to do specific jobs
[00:21:07] [SPEAKER_00]: as part of larger campaigns that are only known to the top people within the cyber gang
[00:21:14] [SPEAKER_00]: what's shocking is that they openly advertise their leader who goes by the name of mr eagle and who
[00:21:21] [SPEAKER_00]: posts with various other lieutenants or captains underneath him on some of these forums actually
[00:21:28] [SPEAKER_00]: advertise on other marketplaces such as telegram channels along with its own telegram channel
[00:21:35] [SPEAKER_00]: telegram is a method of communication that's used their targets are people in countries all
[00:21:40] [SPEAKER_00]: over the world that include the us pakistan israel colombia and the emirates and they also focus
[00:21:46] [SPEAKER_00]: on state agencies and other state assets as well they seem to be targeting d-dOS services which
[00:21:53] [SPEAKER_00]: is denial of service taking down websites gathering up the information on websites as well as
[00:21:59] [SPEAKER_00]: hacking scripts and tools and gathering up documents and other templates about specific individuals
[00:22:06] [SPEAKER_00]: or companies they sell obvious services like the the ability to hire them to do social engineering
[00:22:14] [SPEAKER_00]: and destroy the reputation of a person or an organization and then they even have advanced
[00:22:20] [SPEAKER_00]: skill sets and information where they offer platforms and malware that would take a little
[00:22:28] [SPEAKER_00]: bit more skill to to leverage but all of that is part of these forums where they all kind of get
[00:22:34] [SPEAKER_00]: together and talk and the prices start from one thousand dollars us obviously all paid in cryptocurrency
[00:22:42] [SPEAKER_00]: which is non-traceable on up from there in terms of cost but what we found is a pattern what we
[00:22:49] [SPEAKER_00]: found is a pattern in these organizations where the head people that are running and
[00:22:53] [SPEAKER_00]: targeting certain organizations or government agencies as victims what they're doing is they're
[00:22:59] [SPEAKER_00]: recruiting individual cyber mercenaries for different tasks and each one is done as part of a campaign
[00:23:06] [SPEAKER_00]: so that way the people that are running the cyber crime gangs should somebody get caught
[00:23:12] [SPEAKER_00]: they're not aware of what role they played by doing x tasks meaning let's say they hire a hacker to
[00:23:20] [SPEAKER_00]: to do social engineering or to do brute force entry and gain a certain specific amount of data
[00:23:26] [SPEAKER_00]: well they're paid for that job and that's it that's all that they know but the masterminds in these
[00:23:31] [SPEAKER_00]: cyber gangs are actually using that as part of a larger campaign to attack an entire region
[00:23:36] [SPEAKER_00]: or to get an organization even higher up and they're going to leverage those data points
[00:23:41] [SPEAKER_00]: that are obtained in the one task that they hire in order to do that it provides some
[00:23:46] [SPEAKER_00]: level of anonymity and protection for the crime gang leaders because nobody should they be caught
[00:23:52] [SPEAKER_00]: knows everything that is that is done completely so there's no way of of even flipping them
[00:24:01] [SPEAKER_00]: upward to be able to be able to have them rat on their on their bosses essentially
[00:24:07] [SPEAKER_00]: but it also gets more complicated than that and in our research we found several people
[00:24:13] [SPEAKER_00]: that had done research to see what it was like to actually apply for a job with one of these cyber
[00:24:19] [SPEAKER_00]: gangs and it was absolutely uh fascinating so shimu gyan uh from cyber rent wrote an article
[00:24:30] [SPEAKER_00]: in uh july of 2022 about the atlas intelligent group pig
[00:24:38] [SPEAKER_00]: and what they found when they attempted to have conversations with this group on the dark web forms
[00:24:46] [SPEAKER_00]: this group allegedly has ties not only within cryptocurrency exchanges but also within
[00:24:52] [SPEAKER_00]: members of law enforcement in germany that would be able to back them up and provide
[00:24:59] [SPEAKER_00]: additional information and coverage for them the article goes on to to talk about what we
[00:25:04] [SPEAKER_00]: mentioned earlier about their their way of thinking and how only the admins in these forms
[00:25:11] [SPEAKER_00]: and the cyber crime leaders had full knowledge of what the actual campaigns would be so they
[00:25:17] [SPEAKER_00]: would hire these cyber mercenaries for different tasks using phrases of the campaign throughout
[00:25:25] [SPEAKER_00]: their communications and what was cool is during their uh searches they were able to actually
[00:25:33] [SPEAKER_00]: find a job posting uh for spearfishing and social engineering and there was another example of
[00:25:40] [SPEAKER_00]: publishing contracts for web hacking individuals each campaign this group tended to recruit a
[00:25:47] [SPEAKER_00]: different set of individuals with different skill sets so that none of them really had full
[00:25:52] [SPEAKER_00]: knowledge of what the complete campaign was about this layered in kind of matter of
[00:25:59] [SPEAKER_00]: segregation between the participants keeps everybody doing all their dirty work kind of in
[00:26:03] [SPEAKER_00]: the dark and all this kind of bolsters the theory of uh cyber security of that's commonly held
[00:26:12] [SPEAKER_00]: in cyber security uh researcher and that is that these cyber crime groups actually act and operate
[00:26:17] [SPEAKER_00]: just like cartels just like drug cartels in the sense that when you compare them to other
[00:26:23] [SPEAKER_00]: cyber crime syndicates that clear behavior of a cartel is there uh as we're able to see
[00:26:30] [SPEAKER_00]: that their leaders serve as architects of the campaigns while the hired mercenaries
[00:26:34] [SPEAKER_00]: follow the mastermind's orders so how do they communicate well on the dark web they use telegram
[00:26:41] [SPEAKER_00]: it's almost like a facebook messenger or a whatsapp but they use the telegram uh platform
[00:26:46] [SPEAKER_00]: and when they communicate they speak in code they use different channels for different
[00:26:51] [SPEAKER_00]: sex and they um reference different leaked databases throughout this particular group
[00:26:57] [SPEAKER_00]: aig set up three different telegram channels one was a data place marketplace that had leaked
[00:27:02] [SPEAKER_00]: databases that they were currently selling that's an example of that is what we just talked about
[00:27:08] [SPEAKER_00]: in terms of the um full information on specific individuals so that they can take over their
[00:27:15] [SPEAKER_00]: identities online uh the second channel that this group used is where the leader and the
[00:27:20] [SPEAKER_00]: administrators published the contracts and uh various subscribers or job applicants have the
[00:27:26] [SPEAKER_00]: opportunity to offer their services for it um that channel is really interesting
[00:27:33] [SPEAKER_00]: the one example that we're showing online visually right now uh there's a request to all people from
[00:27:39] [SPEAKER_00]: the united kingdom in london they are searching for this one individual if someone and they post
[00:27:44] [SPEAKER_00]: the license the driver's license of that individual and if someone has a connection to
[00:27:50] [SPEAKER_00]: a police officer in london and can check the address they're willing to pay for it
[00:27:54] [SPEAKER_00]: and handling it immediately and the other channel that aig uses uh is a commercial channel that
[00:28:01] [SPEAKER_00]: posts announcements from the team just such as the process of doxing which is revealing
[00:28:07] [SPEAKER_00]: personal information about a user uh scammers that they come across intended next targets where
[00:28:12] [SPEAKER_00]: they talk about and update from other people that might be interested and as aig group lists
[00:28:18] [SPEAKER_00]: their services for sale uh in selix s e l l i x dot i o and that platform all offers essentially like
[00:28:26] [SPEAKER_00]: an e commerce platform for anyone um as part of their services they're offering payment with
[00:28:31] [SPEAKER_00]: cryptocurrency and they even act as a middleman uh providing another layer of identity for group
[00:28:37] [SPEAKER_00]: members and because there's really no honor among thieves this mr eagle the head architect of this
[00:28:44] [SPEAKER_00]: group warns other members that join these sites uh against scammers or unapproved ads meaning if
[00:28:51] [SPEAKER_00]: somebody is advertising on there and they haven't been able to fulfill one of their tasks they ban
[00:28:56] [SPEAKER_00]: them immediately and besides that mr eagle the uh cyberint researchers found there were four
[00:29:05] [SPEAKER_00]: other individuals that go by certain online characteristics uh certain online acronyms one
[00:29:10] [SPEAKER_00]: was el rojo one was mr uh shawie s h a w ji and another was s 401 t four m four uh and another person
[00:29:21] [SPEAKER_00]: that went by the name of kaufi and these admins basically take care of responsibilities like
[00:29:26] [SPEAKER_00]: advertisement management tasks operations of the channels and then apparently you know
[00:29:31] [SPEAKER_00]: occasionally will communicate with followers of the channel and while this aig group says that
[00:29:37] [SPEAKER_00]: they don't specifically target any specific you know industry or region in the world most of the
[00:29:44] [SPEAKER_00]: data that they post for sale comes from the finance education and manufacturing industries
[00:29:49] [SPEAKER_00]: which leads researchers and observers of this to feel that this is one of the groups behind
[00:29:54] [SPEAKER_00]: the targeted attacks in those industries one of the things that they advertise is
[00:29:59] [SPEAKER_00]: they expose pedophiles is they will go and list individuals home addresses phone numbers pictures
[00:30:06] [SPEAKER_00]: etc uh and other various personal information of individuals uh that have been uh charged as
[00:30:13] [SPEAKER_00]: pedophiles in various nations throughout europe and moth in another aspect of the dark web a
[00:30:19] [SPEAKER_00]: great finding was in cyber news uh that wrote in uh 2021 april of 2021 about their application
[00:30:27] [SPEAKER_00]: with a ransomware game one of the most notorious ones in the world this group went all the way
[00:30:33] [SPEAKER_00]: to apply for a job as a cyber mercenary and got right to the point and they actually verified that
[00:30:40] [SPEAKER_00]: it was real and that it was legit and wait until you hear about the money that is at stake here
[00:30:46] [SPEAKER_00]: so in scouring the dark web what they found is as opposed to a certain you know cyberware
[00:30:52] [SPEAKER_00]: or cyber crimes of service advertisements that you'll see pop up throughout the dark web
[00:30:57] [SPEAKER_00]: this ad that was looking for cyber mercenary was actually coming from our evil
[00:31:02] [SPEAKER_00]: evil which is also known as uh sidenokibi which is one of the most notorious ransomware groups
[00:31:11] [SPEAKER_00]: in the world um evil is a ransomware as a service operation they've extorted millions
[00:31:17] [SPEAKER_00]: of money worldwide in the past few years uh the group's been inspired by the resident evil
[00:31:24] [SPEAKER_00]: movie um that that movie series and its most widespread ransomware threat on the planet
[00:31:30] [SPEAKER_00]: according to cso online in various security experts um they really perfected their craft
[00:31:35] [SPEAKER_00]: and their creators of that famous double ransom first you steal the data and hold it ransom
[00:31:41] [SPEAKER_00]: but since only about 50 percent pay and 50 percent don't pay the ransom they double down on that
[00:31:45] [SPEAKER_00]: and then say well if you're not going to pay the ransom and pay it by this date then we're
[00:31:50] [SPEAKER_00]: going to humiliate you and publish the data to the public stay with us we'll be right back
[00:32:02] [SPEAKER_00]: we are proud to be sponsored by kite works a secure content platform for cmmc compliance
[00:32:08] [SPEAKER_00]: kite works is fed ramp moderate authorized and helps accelerate your path to cmmc 2.0 compliance
[00:32:15] [SPEAKER_00]: did you know kite works puts defense contractors on the fastest path to meeting cmmc 2.0 requirements
[00:32:21] [SPEAKER_00]: leveraging the same zero trust framework guidance used for federal requirements
[00:32:26] [SPEAKER_00]: kite works supports nearly 90 of the security requirements for cmmc 2.0 level three this can
[00:32:34] [SPEAKER_00]: drastically reduce the effort and cost associated with obtaining cmmc 2.0 authorization what's really
[00:32:41] [SPEAKER_00]: cool to us is kite works has an ongoing bounty program and regular penetration testing to minimize
[00:32:46] [SPEAKER_00]: vulnerability along with one click appliance updates kite works provides unparalleled ease
[00:32:53] [SPEAKER_00]: of use with its intuitive web UI mobile apps and even outlook integration this user friendly
[00:32:59] [SPEAKER_00]: experience avoids productivity disruptions during your cmmc 2.0 implementation accelerate your cmmc
[00:33:07] [SPEAKER_00]: 2.0 compliance and address federal zero trust requirements with kite works universal secure
[00:33:14] [SPEAKER_00]: file sharing platform made for defense contractors visit kiteworks.com to get started that's
[00:33:22] [SPEAKER_00]: kiteworks.com to get started today one of the members that is most well known online is known
[00:33:38] [SPEAKER_00]: as unknown like that's this username unknown and he heads up the he orchestrates the crime of
[00:33:48] [SPEAKER_00]: hiring mercenaries that they call affiliates to do specific tasks and they pay handsomely
[00:33:54] [SPEAKER_00]: how handsomely well in one exchange the job entailed collecting an excess of one million
[00:34:03] [SPEAKER_00]: dollars per week that's one million dollars us per week with the split of it being 80 to the
[00:34:11] [SPEAKER_00]: mercenary personally actually carries out the task and 20 to reveal and what they do in these
[00:34:19] [SPEAKER_00]: campaigns is they will to they will launch a campaign with one of the variants one of the
[00:34:25] [SPEAKER_00]: types of malicious code to see if it's getting past firewalls it's actually landing and resulting in
[00:34:31] [SPEAKER_00]: extortion that will work once it works and it works well then they'll hire many different
[00:34:37] [SPEAKER_00]: affiliates they'll hire multiple different mercenaries to carry it on in a wider spread attack
[00:34:43] [SPEAKER_00]: and if one variant doesn't capture enough revenue then they leverage a different type
[00:34:47] [SPEAKER_00]: and they feel it works on that new one more that new more profitable and so here's really how
[00:34:52] [SPEAKER_00]: how it works an attack involves a team of well funded and skilled criminals this is not a kid
[00:34:58] [SPEAKER_00]: in a hoodie in his mom's basement cracking code drinking red bull one affiliate creates the
[00:35:03] [SPEAKER_00]: code another affiliate or cyber mercenary will launch it in phishing attacks and social
[00:35:08] [SPEAKER_00]: engineering attacks and yet another affiliate will handle the extortion and public humiliation
[00:35:13] [SPEAKER_00]: and yet another affiliate too will leverage that for insider trading or the selling of the stock
[00:35:20] [SPEAKER_00]: once the bad news gets public none of these affiliates necessarily know what the other is doing or
[00:35:26] [SPEAKER_00]: that they're even working on the same campaign but the architects do and the heads like the
[00:35:31] [SPEAKER_00]: person known as unknown with Reval is the one architecting all this and they usually keep
[00:35:37] [SPEAKER_00]: the group small and often no more than five levels for each campaign so when you break down
[00:35:41] [SPEAKER_00]: the money out of that one million dollars per week they split that one million four to five ways
[00:35:46] [SPEAKER_00]: with 20 off the top going to our evil and with hundreds of campaigns going on throughout the
[00:35:53] [SPEAKER_00]: week you can see how it all gets broken down but to get approved as an affiliate and to be
[00:36:02] [SPEAKER_00]: accepted into these groups where there's there's no trust among everyone and everybody is
[00:36:08] [SPEAKER_00]: communicating nefariously and anonymously you have to earn it and what they do is they give you
[00:36:15] [SPEAKER_00]: tests they give you a scenario and see if you're able to hack into it and once you are and you
[00:36:21] [SPEAKER_00]: send them the code and it actually works then you get another level of of trust built up
[00:36:29] [SPEAKER_00]: there literally are job boards one popped up called job dark jobs on the dark web
[00:36:34] [SPEAKER_00]: other professional looking they're managed like indeed or monster calm the applicants take tests to
[00:36:41] [SPEAKER_00]: prove that they have the technical and evil chops to execute the test and then based on a
[00:36:46] [SPEAKER_00]: series of questions and then verifications that the syndicates will do these cyber mercenaries
[00:36:51] [SPEAKER_00]: earn what's called trust points the more trust points one earns the more jobs they're able
[00:36:56] [SPEAKER_00]: to apply for and this is big business and big money all the payments are made through a crypto
[00:37:02] [SPEAKER_00]: wallet from the job board and once the job is done it's transferred to the crypto wallet of the
[00:37:07] [SPEAKER_00]: affiliate of the mercenary and then for an extra fee a mercenary could even get an insider criminal
[00:37:14] [SPEAKER_00]: at one of the crypto exchanges to launder it into us currency for them so some of you might be
[00:37:21] [SPEAKER_00]: wondering like we were and that is why can interpol and the fbi not track down these websites
[00:37:28] [SPEAKER_00]: in these syndicates why can't these people get caught and you know the response in the hacker
[00:37:33] [SPEAKER_00]: community as well it's because it's all it's the onion router right there's no way of tying a specific
[00:37:38] [SPEAKER_00]: ip to a specific individual but it's not always the case one example is silk road right and when
[00:37:47] [SPEAKER_00]: you think about because the silk road founder which we'll talk about in another episode actually
[00:37:51] [SPEAKER_00]: got busted and went to prison because they were able to to track it down because like most
[00:37:57] [SPEAKER_00]: criminals they do one or two dumb things like in silk road the the silk road website actually
[00:38:05] [SPEAKER_00]: advertised on the surface web for silk road and they were able to track down from that
[00:38:12] [SPEAKER_00]: actual advertisement where the actual ip was there's a couple other reasons that led to that
[00:38:15] [SPEAKER_00]: but we'll get into that in that other episode but when you think about it since the servers
[00:38:19] [SPEAKER_00]: are set up on the onion router right where things are spun around you you don't know you
[00:38:24] [SPEAKER_00]: could be going online in israel one hour and then going online in uh deba the next there's no way
[00:38:30] [SPEAKER_00]: of tying to where the actual physical person is um but there's there's certain servers that are all
[00:38:36] [SPEAKER_00]: hosted on the onion router and one group of servers was called freedom hosting um and that
[00:38:41] [SPEAKER_00]: founder got caught um when websites that freedom hosting was hosting actually went down um it's
[00:38:49] [SPEAKER_00]: believed that the fbi actually hacked them launched some malicious code against them it's alleged we
[00:38:54] [SPEAKER_00]: don't know uh and took those sites down which exposed the emails and the ip addresses for all
[00:39:00] [SPEAKER_00]: of those users who had purchased from it so many arrests and the kingpin owner of freedom
[00:39:06] [SPEAKER_00]: hosting was caught indicted and sent to prison so if nothing else scares you away from going to
[00:39:15] [SPEAKER_00]: the dark web uh the fact that your purchases on the marketplace in the dark webs can absolutely
[00:39:22] [SPEAKER_00]: wind up you being exposed and then indicted for um this actually happened in 2015 there was a 17-year
[00:39:30] [SPEAKER_00]: old boy in germany who was dealing kilos of cocaine using the dark web uh and what happened
[00:39:38] [SPEAKER_00]: is one of the producers that was producing the coke um actually got busted well when they
[00:39:44] [SPEAKER_00]: got busted what happens they seized the hard drive and when they seized the hard drive they found
[00:39:50] [SPEAKER_00]: this producer was selling this to this dealer in germany and when the kid went to the post office
[00:39:56] [SPEAKER_00]: which he had done over a hundred times before to pick up his packages the cops were there and he
[00:40:00] [SPEAKER_00]: was arrested his hard drive was seized and when they reviewed it they found a treasure of all
[00:40:05] [SPEAKER_00]: of his dealings he was sentenced uh in 2018 to decades in prison and like i mentioned before
[00:40:16] [SPEAKER_00]: silk road got busted after advertising on the surface web and we're going to leave you today
[00:40:24] [SPEAKER_00]: with with a story of a uh 55 year old latvian woman who actually worked remotely for uh as
[00:40:33] [SPEAKER_00]: as a computer programmer and advertised her services on the surface web and then also advertised
[00:40:39] [SPEAKER_00]: her services on the dark web in june 2021 the u.s. department of justice arrested her
[00:40:47] [SPEAKER_00]: alleging that she worked as a programmer for trick bot which is a malware as a service
[00:40:52] [SPEAKER_00]: platform responsible for infecting millions of computers and seeding many of the systems
[00:40:58] [SPEAKER_00]: with ransomware so how did this self-employed website designer and mother of two uh come to work
[00:41:05] [SPEAKER_00]: for one of the world's most notorious cyber crime gangs um well it kind of happened like this
[00:41:12] [SPEAKER_00]: kreb's unsecurity wrote in june of 2021 a whole article about her and explained that
[00:41:18] [SPEAKER_00]: a la max wit this 55 year old latvian national uh got arrested in miami florida in february of
[00:41:25] [SPEAKER_00]: 2021 the department of justice indicted her uh for overseeing the creation of code which related to
[00:41:32] [SPEAKER_00]: monitoring and traffic of users of this trick bot malware and it also alleged uh that she was
[00:41:41] [SPEAKER_00]: involved in the control and deployment of ransomware and then obtaining payments from ransomware
[00:41:46] [SPEAKER_00]: victims and developing tools uh for the storage of the credentials that got stolen and uh um
[00:41:54] [SPEAKER_00]: from all of the various victims infected by that trick bot malware so as it's alleged this uh
[00:42:02] [SPEAKER_00]: a la max wit had provided code to the trick bot group for a web panel and that web panel was used
[00:42:10] [SPEAKER_00]: to access victim data stored in a database um that database contained tons of private
[00:42:16] [SPEAKER_00]: credit card numbers and stolen credentials from the trick bot botnet that was used
[00:42:21] [SPEAKER_00]: as well as various information about effective machines uh that had been made available
[00:42:27] [SPEAKER_00]: and like silk road and other in the in the 2015 uh uh german boy who got busted she did some things
[00:42:37] [SPEAKER_00]: that were just really um kind of uh they made some mistakes that that that were really kind
[00:42:44] [SPEAKER_00]: of rudimentary um it appeared at some point in 2020 uh she actually hosted trick bot malware on a
[00:42:52] [SPEAKER_00]: vanity website registered in her own name uh it was actually ala wit dot net and um while it's
[00:43:01] [SPEAKER_00]: definitely a a terrible idea for cyber crime uh cyber criminals to mix their personal life with
[00:43:07] [SPEAKER_00]: their work life um her social media accounts actually mentioned a close family member maybe her son
[00:43:13] [SPEAKER_00]: her husband i had the first name of max which allegedly was her hacker handle so it didn't take
[00:43:19] [SPEAKER_00]: long or even too many layers to peel back for the feds to be able to uh identify her and in a
[00:43:27] [SPEAKER_00]: moment that is almost comical um alex holden who's the founder of a security intelligence firm
[00:43:33] [SPEAKER_00]: called hold security wrote that one of her biggest mistakes happened christmas of the prior
[00:43:38] [SPEAKER_00]: year in 2019 when she infected one of her own community one of her own computers with the trick
[00:43:43] [SPEAKER_00]: bot malware uh which allowed it to steal and log her own data within the botnet interface it's basically
[00:43:49] [SPEAKER_00]: like shooting yourself in the foot so unlike what we heard before about how all the different
[00:43:56] [SPEAKER_00]: cyber mercenaries didn't know what the other one was doing and that way if something bad
[00:44:00] [SPEAKER_00]: went happened the architects the head people could really never be busted um here uh this hacker mom
[00:44:07] [SPEAKER_00]: with basically no common sense was well known by everybody in the group many in the gang not
[00:44:16] [SPEAKER_00]: only knew her gender but i actually knew her name several uh group members had ala wet folders
[00:44:22] [SPEAKER_00]: with data in in there so they knew exactly who she was and where they were getting their code
[00:44:29] [SPEAKER_00]: they even referred to her almost like somebody would refer to their grandmother in the end she flew
[00:44:36] [SPEAKER_00]: on her way to lethia by way of a stopover in miami and the moment she landed on us soil she was
[00:44:41] [SPEAKER_00]: apprehended indicted charged in his serving time in prison well we hope you enjoyed a quick
[00:44:51] [SPEAKER_00]: light shining into the darkness of the dark web um we do want to caution you about going
[00:44:56] [SPEAKER_00]: there yourself uh for example like in the uh advertisement for the rent a hacker that we're
[00:45:03] [SPEAKER_00]: showing online right now um you'll see that these people advertise for work that they will do
[00:45:09] [SPEAKER_00]: anything they you know this one advertises that i will do anything for money uh i'm not a
[00:45:17] [SPEAKER_00]: oh i'm not afraid of anything right if you want me to destroy some business or a person's life
[00:45:22] [SPEAKER_00]: i'll do it here's simple examples of things i can do hacking something technically causing
[00:45:27] [SPEAKER_00]: technical trouble on websites uh causing disruption on networks with d-dOS attacks and other
[00:45:33] [SPEAKER_00]: methods economic espionage getting private information from someone ruining your opponents
[00:45:38] [SPEAKER_00]: business or private persons you don't like i can ruin them financially get them arrested
[00:45:43] [SPEAKER_00]: or do things like that if you want someone to get known as a child porn user no problem
[00:45:49] [SPEAKER_00]: so the level of uh depravity that is on these sites that are openly advertised for
[00:45:55] [SPEAKER_00]: is what we all have to be concerned about you can see citations to this in our youtube channel
[00:46:02] [SPEAKER_00]: as well it's really kind of remarkable how uh how dangerous it can be when people are able
[00:46:10] [SPEAKER_00]: to hide because of anonymity online they're able to do things that if they were in front of you
[00:46:16] [SPEAKER_00]: you know they would justify and uh water down and make it seem a lot more innocent than it actually
[00:46:23] [SPEAKER_00]: is we hope you enjoyed today's episode of shining the light on the dark web and check out our next
[00:46:30] [SPEAKER_00]: episode coming up right now hi cybercrime junkies thanks for listening got a question you want
[00:46:36] [SPEAKER_01]: us to address on an episode reach out to us at cybercrime junkies dot com we explore why
[00:46:42] [SPEAKER_01]: cybercrime grows daily how it is funded productized and organized how to protect yourself and where
[00:46:49] [SPEAKER_01]: cybercrime goes to hide and thanks for being a cybercrime junkie

