A veteran cybercriminal has revealed what is really on the dark web - where hackers, hitmen and drug dealers run wild.
The source, who has spoken anonymously, explained how hackers use ransomware to steal data for large payouts or 'to just see the world burn' and explained that any system connected to the web is at risk of an attack.[1]
'I've watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?' the man said while donning a mask to conceal his identity.
Speaking anonymously to Vice, an unethical 'black hat' turned 'white hat' hacker bound by a moral code explained how bad actors use ransomware for large payouts or 'to just see the world burn.'
The dark web is a place where one activity is untraceable. A recent report found the most sought-after content was child pornography, followed by guns and drugs. While the hacker did not touch on those illegal activities, he is worried 'about major impacts [ransomware will have] to financial markets or potential impacts to things like electricity production facilities.'
A retired colonel in military intelligence in the UK, said last year, “The dark web is used increasingly by serious and organized criminals for a variety of purposes. They look for vulnerability in kids when grooming them for things like running drugs along county lines, for exploitation in pedophile rings or recruitment by terrorist and extremist groups.”
A few platforms offer access to the dark web, including i2p, FreeNet and Tor.
Tor - short for The Onion Router - is a seething matrix of encrypted websites that allows users to surf beneath the everyday Internet with complete anonymity. It uses numerous layers of security and encryption to render users anonymous online. A study estimated that there are around 2.6million Tor daily users. “The same study found from a single data capture that about 80% of traffic to onion services was directed to services which did offer illegal porn, abuse images and/or child sex abuse material,” researchers from the Australian National University said.
The hacker interview was conducted by Vice in 2021, but the video recently surfaced again as a reminder that there is a dark world of people whose only goal is to cause havoc using the internet.
The man began his hacking career as a black hat, which is a type of cybercriminal that does not abide by laws and conducts attacks for their own purposes. He has since turned over a new leaf, becoming a white hat, where he uses his skills for good, tracking down criminals online and looking for vulnerabilities in systems to fix them - not exploit them. “If I wanted to gain access to a secure company, I wouldn't go kick the door down,” he said at the start of the interview. “I would target people I know who have access, who I know bring personal devices into a building or do things adjacent to the sensitive stuff, and I would then work my way up.”
The first ransomware attack was written by Joseph Popp in 1989 and used to target the healthcare industry. The attack, called AIDS Trojan, was done by Popp handing out 20,000 infected disks to attendees of the World Health Organization's AIDS conference. The disks were labeled 'AIDS Information - Introductory Diskettes.'
When the floppy was downloaded to a computer, a large image appeared on the screen that read the software would “Adversely affect other program applications. You will owe compensation and possible damages to PC Cyborg Corporation and your microcomputer will stop functioning normally.”
The program would count the number of times the computer was booted and once it reached 90, it would hide the directories and encrypt or lock the names of the files on the C drive. To regain access, the users had to send $189 to PC Cyborg Corporation at a PO box in Panama.
The first ransomware attack was written by Joseph Popp in 1989 and used to target the healthcare industry. The attack, called AIDS Trojan, was done by Popp handing out 20,000 infected disks to attendees of the World Health Organization's AIDS conference. |
Ransomware has since evolved to where a hacker does not need to leave their home, everything can be done on the dark web. “In the old days, for a country to cause disruption to a country as big as the United States, you would need millions and millions of dollars' worth of investments to do something,” the man told Vice. “Today, you just need a few thousand dollars and a laptop and a couple of smart hackers to write some code and send something out.”
Kevin Mitnick is deemed ' the world's most famous hacker' for his attack on 40 major companies, including IBM, Nokia and Motorola, in 1995. He stole computer codes, which some estimate cost nearly $330 million, and spent five years in jail. Upon his release in 2000, Mitnick said he was 'reformed' and now lives as a white hat - an ethical security hacker.
The man speaking with Vice claimed to do this type of work. “I at one time considered myself a black hat and changed to a white hat,” said the man, whose long gray beard flowed from underneath the mask. “White hats tend to be hackers who are bound by an ethical code, who try to do things to improve the greater good and who are bound by the law.”
His past escapades put him in the middle of the devious behaviors of the dark web. He explained that while large countries like Russia and China are typically named in ransomware attacks, 'every single country has a reason to weaponize these kinds of attacks.' And it is the smaller countries that fly under the radar that are taking full advantage. He claimed every Western country has gone to the dark web looking for help from the 'community.'
It has also been made known that even the top officials do not understand which systems are the most vulnerable and 'painful' when encrypted by hackers. This was made clear during the Colonial Pipeline ransomware attack in 2021, which was orchestrated by the DarkSide hacking group and closed down the entire system. The attack halted 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey. Officials labeled it the most disruptive cyberattack on US energy infrastructure in history. The FBI named DarkSide behind the attack. Colonial reportedly bowed to the hacker's demands, paying a $5 million ransom in exchange for a decryption key to restore server access.
The white hat hacker touched on the Initial Access Broker Market, which are threat actors who sell cybercriminals access to corporate networks. 'For an average price of around $2,800, these so-called initial access brokers (IABs) sold stolen VPN and remote desktop protocol (RDP) account details and other credentials that criminals could use to break into the networks of more than 2,300 organizations around the world, without breaking a sweat,' Dark Reading reports.
Since the Vice video, the Initial Access Broker (IAB) Market has seen a boom in business. Cybersecurity researchers reported 2,348 instances of IAB sales activity between H2 2021 and H1 2022. The number of brokers also grew from 262 to 380. Some 2886 companies had sensitive data published on ransomware leak sites over the reporting period, a 22 percent increase on the previous year, InfoSecurity Magazine reports.
The FBI is not blind to the illegal activity but has struggled to takedown big players. The agency is now searching for operators and users of the sites. “We're not only trying to attack the supply side, but we're also attacking the demand side with the users,” a senior FBI official said this month on the agency's takedown of Genesis Market, a large online criminal marketplace. “There's consequences if you're going to be using these types of sites to engage in this type of activity.”
International law enforcement agencies led by the FBI seized a sprawling dark web marketplace popular with cybercriminals, where stolen passwords were sold for as little as $1 each. The hacker cyber-bazaar, known as Genesis Market, was seized in a multinational crackdown dubbed 'Operation Cookie Monster' after the site specializes in stolen digital fingerprints, known as cookies.
According to the FBI, Genesis Market offered access to data stolen from more than 1.5 million compromised computers worldwide, containing over 80 million account access credentials. The stolen data included passwords for services such as online banking, Facebook, Amazon, PayPal and Netflix, as well as digital fingerprints that criminals can exploit to bypass online security checks by spoofing the victim's device.
In coordinated raids worldwide, more than 200 searches were carried out, and about 120 people were arrested, including 24 arrests in and around the British town of Grimsby, UK law enforcement officials said. A senior FBI official said that suspects were also arrested within the US in connection with the bust but did not offer details on the number of arrests or the charges.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.dailymail.co.uk/sciencetech/article-11982783/amp/I-hacker-30-years-scariest-things-saw-dark-web.html
Comments