Cyber Crime Junkies
Socializing Cybersecurity. Translating Cyber into business terms. Newest AI, Social Engineering and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manages cyber risk.
Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast
Cyber Crime Junkies
Secrets Found In The Dark Web
Summary
This conversation shines a light on the dark web, discussing its purpose, dangers, and what is available on it. It explores the increase in dark web activity and the sale of stolen data, including passwords and personal information. The conversation also delves into the operations of cybercrime gangs and their recruitment of cyber mercenaries. It highlights the role of anonymity and encryption in the dark web and provides cautionary tales of individuals who have been caught and arrested for their involvement in cybercrime.
Takeaways
- The dark web is a hidden part of the internet that allows for anonymity and access to illegal activities.
- Stolen data, including passwords and personal information, is readily available for sale on the dark web.
- Cybercrime gangs operate like cartels, recruiting cyber mercenaries for specific tasks in campaigns.
- The dark web is a breeding ground for cyber attacks, including ransomware and social engineering.
- Law enforcement agencies face challenges in tracking down individuals on the dark web due to encryption and anonymity.
Sound Bites
- "Shining a light on the dark web"
- "Double extortion: locking down data and demanding ransom"
- "Rent-A-Hacker: hiring cyber criminals for various tasks"
Chapters
- 00:00 Introduction to the Dark Web
- 07:24 The Significance of the Dark Web
- 11:46 The Sale of Stolen Data
- 19:19 Inside Cybercrime Gangs
- 23:28 Recruitment of Cyber Mercenaries
- 37:44 Challenges in Tracking Down Dark Web Criminals
Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446
Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.
🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!
Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
Secrets Found In The Dark Web
Takeaways
The dark web is a hidden part of the internet that allows for anonymity and access to illegal activities.
Stolen data, including passwords and personal information, is readily available for sale on the dark web.
Cybercrime gangs operate like cartels, recruiting cyber mercenaries for specific tasks in campaigns.
The dark web is a breeding ground for cyber attacks, including ransomware and social engineering.
Law enforcement agencies face challenges in tracking down individuals on the dark web due to encryption and anonymity.
Sound Bites
"Shining a light on the dark web"
"Double extortion: locking down data and demanding ransom"
"Rent-A-Hacker: hiring cyber criminals for various tasks"
Chapters
00:00 Introduction to the Dark Web
07:24 The Significance of the Dark Web
11:46 The Sale of Stolen Data
19:19 Inside Cybercrime Gangs
23:28 Recruitment of Cyber Mercenaries
37:44 Challenges in Tracking Down Dark Web Criminals
Topics: secrets found in the dark web, ways to access the dark web, ways cyber crime communications on the dark web, your identity for sale on dark web today, whats for sale on the dark web, behind scenes cyber criminalsbehind the mask cyber crime gangsbreaking cyber crime stories we need to know, can cyber criminals be taken down like the mafia, cyber crime gang discussions, hopw cyber crime gangs recruit,
Dino Mauro (00:02.35)
So in today's story, we're going to review and shine a light on the dark web. We're going to discuss what's available on the dark web. We're going to share a story of some people that have kind of had some fun there in terms of applying for a job with a ransomware cybercrime gang and tell you what that looks like, because that really happens. And we're going
start off by kind of explaining what it is, why it's there, and some of the dangers that it shows. But like anything else, the dark web is an aspect that in order to keep yourself, your family, and your organization's brand secure, we all have to know.
It's just like any other danger. It's why we put locks on our doors and lock our windows, right? Because we don't want people that don't belong there to have access. Well, if we don't know about this and we don't know where it is and what is out there, then we're not going to know how to protect ourselves online. And that is the purpose of this. But with that said, let's give you a general and quick disclaimer. OK, you should never go and visit the dark
OK, it's not all illegal there, but it is the Wild West. Just please don't go there. Feel free to check out YouTube. Look at our YouTube at cybercrime junkies. Check out other YouTube of security researchers that have gone there and you can get a sense of what is out there. But it's a place where people go when they don't want to be found like criminals in
or if they live in a country with strict internet restrictions. And also to go there, you need a specific browser, the Tor Browser, T -O -R, which is like, it stands for the Onion Router. And it was originally set up by federal government to access certain things and to give people that were in certain countries that had restrictive prohibitions on internet use.
Dino Mauro (02:26.338)
But when you get there, there are you subject yourself to a lot of vulnerabilities and can be and can subject you to being breached. So please don't go there. More than that, too, is there's a lot of people that have visited there, even security researchers that we've spoken to that have said that they've seen things that they never can unsee, that they never wanted to see, namely horrific videos, posts about horrible things.
So as a public safety manager, don't go there. But check out the story that we have about the people that have been there and the research that we have. We're going to review real quickly what is public there and what is for sale on the dark web. We're going to walk you through what it's like to apply for a job with a cybercrime gang. And we're going to talk about some staggering new statistics and some reports. And the goal of all this
to find and figure out practical ways to avoid your data ever being
Dino Mauro (03:32.43)
So in the beginning, the internet is a wide open space and most of the internet that we go to is the surface web. It's only about five to 10 % of the entire internet. I don't know if you were aware of that, but when we get online and we're looking at social media and we're using our emails and we're checking information out, getting news.
communicating with friends and family and coworkers. That is really the surface Internet. In addition to that, the vast amount of the Internet is called the deep web. And the deep web is usually behind credentialed firewalls. It is academic research, medical records that are behind and encrypted, legal documents, things like things of that nature, government agency documents.
things that aren't open to the public by simple searches. And again, keep in mind that every time we do a search and we look online, it's recorded, it's indexed, right? Because it's how the algorithms work. They need to track all of that so that they can tie your question or your inquiry into the data that is stored in these banks of information.
But when you access the dark web, the whole point of accessing it is to do so that allows for anonymity. And by using the browsers that allow for anonymity, you're able to find things that are not accessible through indexed searches. So they use the Tor browser, T -O -R, which stands for the Onion Router. And basically what it does is it spins all
your searches so that it's not coming from your internet protocol. It's not coming from your IP. By the time you search using this browser, you may be accessing the internet from a server in another country. And by doing that, it doesn't tie to you. So yeah, it gives you some anonymity. So that is part of the reason why a lot of people have
Dino Mauro (05:57.566)
have thought of using that Tor browser or similar browsers like that. But there are many other safer, more standard ways of doing it. For example, any VPN, any virtual private network that you can get right on the surface web, you can download them for free. Some have paid options and they do a remarkable job of keeping your searches and your information secure. So those are always recommended. But when
Accessing the dark web, it opens up a world of unseemliness and various sites that really cannot be unseen once you actually see it. And the use and access of the dark web has dramatically increased in recent years, which is a cause for concern for many people. In an ID agent report from
the risk from remote workers has been highlighted, right? Because as we have more dispersed workforces and they're entering the internet, oftentimes it creates massive amounts of risk to the organization because they're not all in the office operating under the network where a corporate network can lock things
And this has been proven by the development of all of the data that's been exposed and for sale on the dark web. When we think about the significance and why the dark web matters, think about what a data breach is. When the data is taken, there are two basic forms of extortion that occur to
The first is, let's say, a ransomware attack and cybercrime gangs such as Reval, AreEvil, and others were some of the first to do this double extortion form. And that is, you know, they lock down your data and then they demand money, non -traceable money. So it's usually in cryptocurrency like Bitcoin to access that data. But then there's a double extortion.
Dino Mauro (08:19.596)
meaning for those that don't pay, they publicize and humiliate people by selling that data on the dark web. So there's two forms of extortion that occur in a lot of the data breaches that occur these days. In the ID agent report that we mentioned earlier, there was an astonishing find on the dark web of
five, just shy of 26 million active passwords that belonged to employees of Fortune 1000 companies, which were available readily in dark web marketplaces and data dumps. See on the dark web, once you get there, are marketplaces. One of the most famous one was Silk Road back in the day where
All sorts of illegal activities and illegal products and services can be bought and sold all through cryptocurrency. We have an entire episode on the Silk Road.
Dino Mauro (09:33.774)
marketplace and what that did to people. And in these data dumps, that's where most cybercrime gangs actually get a lot of their data to leverage it for additional spearfishing. In a semantic report in September, about 65 % of active criminal gangs rely on their spearfishing powered by the dark web data to launch
attacks. There are also major data leaks and data dumps found on the dark web, meaning this is all the information that has been stolen in data breaches and that is for sale on the dark web. So one of the biggest ones was the Rock You 2021 password leak. ID agent reported in June 2021 that a great deal of these passwords that had been accumulated on the dark
which provided a lot of ammunition for cyber attacks, were listed for sale in these marketplaces. Cyber criminals could easily buy and sell all of this confidential private information, just like it is a commodity.
And it's openly for sale right there on the dark web. In 2020 alone, over 60 % of the data that was already on the dark web at the start of 2020 could harm businesses. And there was an additional 22 billion new records added to the dark web marketplace and data dumps just in that year
For example, that Rock You 2021 data leak contained 8 .4 billion passwords used by leading Fortune 1000 company employees, all for sale and all available to be bought and sold and leveraged in further cyber attacks. And that was found to have occurred in subsequent years.
Dino Mauro (11:46.466)
So let's talk practically for a second. What does this mean? So they have some data of ours, right? They've got a password. We've used it for a couple of things, but what does it matter? Well, let me tell you a quick story. In our security research, we came across a gentleman, we'll call him John. And John worked for a company that had been subject to a data breach.
didn't think anything of it, changed his passwords, followed the company protocols, and just continued on with his day to day. Within two weeks, John got a call from his HR department. Never a great thing to get called by HR, so the first thing out of John's mouth was, okay, what did I do? And I'm sorry, whatever I did. Well, that wasn't why they were
What they were calling about is that there had been an unemployment claim made under his name. And he cleared it up with HR simply by saying, obviously, I'm still working here and that didn't happen. But what that did was show a couple of different things to make that claim. There are so many aspects of John's life that had to be verified in order to proceed with that claim. And all of those had been
You see in the state where John lives, the government, when they make a and provide payment for an unemployment claim, they send out a bank card. They mail out a bank card from a bank that is a card where they can access those funds and liquidate them. And the Postal Service has a process called informed
With informed delivery, you're able to see photographs of the mail that's going to come to your mailbox. And what had happened was the hackers had compromised John's email and saw when the debit card was going to be in his mailbox and grabbed it before he even got there and were able to spend the money and exercise on that unemployment claim that had been
Dino Mauro (14:05.92)
under his name, even while he was working.
Within a week after that, John got a call from a Verizon store in another state saying that a phone had just been issued to him and the payment had been declined, but they needed to secure payment for
Over the next couple of months, had already been over 15 purchases from Amazon being shipped to different addresses in different states, all under his name, with his credentials and tied to various credit cards of his, as well as certain credit cards that he didn't even know about. And then about six months later, John found
In his mail that there was a condominium in Nevada that had been cashed out in a cash out refi and then they never made the payments so they had foreclosed on all in his name. All done with a valid state ID that had been obtained with his name and.
His credit had been ruined. In addition, the time and expense that John had to do to clean up all of this has taken him over two years and months and months of effort and heartache. For him, his family and interfered with his occupation. That's just one example of what happens in one of the passwords that gets leaked.
Dino Mauro (15:54.318)
in these big data breaches. And as we mentioned before, just in 2020 alone, there was over 22 billion new records dumped on the dark web. So let's get to some of the cooler stuff. So what happens? What gets posted on the dark web? Well, there's a lot of different things. PT Security published an article in February of 2021 about a breakdown
of all of the activity in popular dark web forums that they had found. And they found a couple interesting statistics. One is an estimated 90 % of all of the posts found in these dark web forums are from buyers looking to contract someone for cyber crime. Almost 70 % of the dark web forum hiring posts were looking for cyber criminals to do website hacking to
do social engineering, and some others were even like Rent -A -Hacker. Rent -A -Hacker is a well -known location on the dark web where various skilled criminals actually advertise for their services. And then when we digged into certain of the form posts in the dark web,
We found about 7 % of the forum posts were ads for hackers looking for work. 2 to 5 % were forum posts made by cyber criminal developers who were selling the tools to be used. And about 20 % of the forum posts were searching for the bad actors who could obtain specifically targeted user or client databases.
I mean, check this out. There is a site on the dark web where hackers are selling babies personal data. Anything from certain dates of birth, like from 1998 to 2008, minors, kids have had their social security numbers, their dates of birth, their location, their parents' names, their grandparents' names, the towns that they live in,
Dino Mauro (18:20.734)
addresses all for sale on the dark web. So why is that so significant? Well, it's really, really dangerous because most parents don't bother to check their children's FICO scores when they're still kids because they don't have loans. But there are untold stories of people that as they grow into adults, they find various credit cards
lines of credit, real estate, all bought in their name, even though they were children. Because when they're able to be us online, they can pay people as us, buy things as us and act as us. They take control over our entire digital presence. When you're on the dark web and you're using these browsers, you're able to search for these and find some of these.
We've posted on our YouTube channel several of the sites that we saw. One group that researchers found is called Atlas Intelligence Group, AIG. It's also known as like the Atlas Cyber Army. They have a professional looking webpage and they advertise for their services. What makes this group more dangerous than others is they recruit cyber mercenaries to do specific jobs.
as part of larger campaigns that are only known to the top people within the cyber gang. What's shocking is that they openly advertise. Their leader who goes by the name of Mr. Eagle and who posts with various other lieutenants or captains underneath him on some of these forums actually advertise on other marketplaces.
such as Telegram channels, along with its own Telegram channel. Telegram is a method of communication that's used. Their targets are people in countries all over the world that include the US, Pakistan, Israel, Colombia, and the Emirates. And they also focus on state agencies and other state assets as well. They seem to be targeting DDoS services, which is denial of service, taking down websites,
Dino Mauro (20:46.926)
gathering up the information on websites, as well as hacking scripts and tools and gathering up documents and other templates about specific individuals or companies. They sell obvious services like the ability to hire them to do social engineering and destroy the reputation of a person or an organization. And then they even have advanced
skill sets and information where they offer platforms and malware that would take a little bit more skill to leverage. But all of that is part of these forums where they all kind of get together and talk. And the prices start from $1 ,000 US, obviously all paid in cryptocurrency, which is non -traceable.
on up from there in terms of cost. But what we found is a pattern. What we found is a pattern in these organizations where the head people that are running and targeting certain organizations or government agencies as victims, what they're doing is they're recruiting individual cyber mercenaries for different tasks. And each one is done as part of a campaign. So that way, the people that are running the
crime gangs, should somebody get caught, they're not aware of what role they played by doing X task. Meaning, let's say they hire a hacker to to do social engineering or to do brute force entry and gain a certain specific amount of data. Well, they're paid for that job. And that's it. That's all that they know. But the masterminds in these cybergames are actually using that as part of a larger campaign.
to attack an entire region or to get an organization even higher up. And they're gonna leverage those data points that are obtained in the one task that they hired in order to do that. It provides some level of anonymity and protection for the crime gang leaders because nobody, should they be caught, knows everything that is done completely.
Dino Mauro (23:14.262)
So there's no way of even flipping them upward to be able to have them rat on their bosses, essentially. But it also gets more complicated.
And in our research, we found several people that had done research to see what it was like to actually apply for a job with one of these cyber gangs. And it was absolutely fascinating. So Shemul Gyan from Cyberint wrote an article in July of 2022 about
the Atlas Intelligent Group, AIG, and what they found when they attempted to have conversations with this group on the dark web forums. This group allegedly has ties not only within cryptocurrency exchanges, but also within members of law enforcement in Germany that would be able to back them up
provide additional information and coverage for them. The article goes on to talk about what we had mentioned earlier about their way of thinking and how only the admins in these forums and the cybercrime leaders had full knowledge of what the actual campaigns would be. So they would hire these cyber mercenaries for different tasks using phrases of
campaign throughout their communications. What was cool is during their searches, they were able to actually find a job posting for spearfishing and social engineering experts. And there was another example of publishing contracts for web hacking individuals. Each campaign, this group tended to recruit a different set of individuals.
Dino Mauro (25:26.722)
with different skill sets so that none of them really had full knowledge of what the complete campaign was about. This layered in kind of matter of segregation between the participants keeps everybody doing all their dirty work kind of in the
And all of this kind of bolsters the theory in cybersecurity that's commonly held in cybersecurity researchers. And that is that these cybercrime groups actually act and operate just like cartels, just like drug cartels in the sense that when you compare them to other cybercrime syndicates, that clear behavior of a cartel is there as we're able to see that their leaders serve as
architects of the campaigns, while the hired mercenaries follow the mastermind's orders. So how do they communicate? Well, on the dark web, they use Telegram. It's almost like Facebook Messenger or WhatsApp, but they use the Telegram platform. And when they communicate, they speak in code. They use different channels for different sex and they reference different leaked databases throughout.
This particular group, AIG, set up three different telegram channels. One was a data place marketplace that had leaked databases that they were currently selling.
That's an example of that is what we just talked about in terms of the full information on specific individuals so that they can take over their identities online. The second channel that this group used is where the leader and the administrators publish the contracts and various subscribers or job applicants have the opportunity to offer their services for it.
Dino Mauro (27:29.164)
channel is really interesting. One example that we're showing online visually right now, there's a request to all people from the United Kingdom in London. They're searching for this one individual. If someone and they post the license, the driver's license of that individual. And if someone has a connection to a police officer in London and can check the address, they're willing to pay for it and handle
immediately. And the other channel that AIG uses is a commercial channel that posts announcements from the team, such as the process of doxing, which is revealing personal information about a user, scammers that they come across, intended next targets where they talk about, and update from other people that might be interested. And this AIG group lists their services for sale.
in Sellex, S -E -L -L -I -X dot I -O. And that platform offers essentially like an e -commerce platform for anyone. As part of their services, they're offering payment with cryptocurrency and they even act as a middleman, providing another layer of anonymity for group members. And because there's really no honor among thieves, this Mr. Eagle, the head architect of this group,
other members that join these sites against scammers or unapproved ads. Meaning if somebody is advertising on there and they haven't been able to fulfill one of their tasks, they ban them immediately. And besides that Mr. the Cyberint researchers found there were four other individuals that go by certain online.
characteristics, certain online acronyms. One was El Royo, one was Mr. Showy, S -H -A -W -J -I, and another was S -4 -1 -T -4 -4, and another person that went by the name of Coffee. And these admins basically take care of responsibilities like advertisement, management tasks, operations of the channels. And then apparently, you know, occasionally we'll communicate
Dino Mauro (29:55.384)
followers of the channel. And while this AIG group says that they don't specifically target any specific industry or region in the world, most of the data that they post for sale comes from the finance, education, and manufacturing industries, which leads researchers and observers of this to feel that this is one of the groups behind the targeted attacks in those industries.
One of the things that they advertise is they expose pedophiles, is they will go and list individuals, home addresses, phone numbers, pictures, et cetera, and other various personal information of individuals that have been charged as pedophiles in various nations throughout Europe and North America. In another aspect of the dark web, a great finding was in cyber news.
that wrote in April of 2021 about their application with a ransomware gang, one of the most notorious ones in the world. This group went all the way to apply for a job as a cyber mercenary and got right to the point. And they actually verified that it was real and that it was legit. And wait until you hear about the money that is at stake
So in scouring the dark web, what they found is as opposed to certain, you know, cyberware, cybercrimes, the service advertisements that you'll see pop up throughout the dark web. This ad that was looking for cyber mercenary was actually coming from our evil, Reval, which is also known as Sodenokibi, which is one of the most notorious ransomware groups in the
Reval is a ransomware as a service operation. They've extorted millions of money worldwide in the past few years. The group's been inspired by the Resident Evil movie, that movie series, and its most widespread ransomware threat on the planet, according to CSO Online and various Securious experts.
Dino Mauro (32:20.302)
They really perfected their craft and they're creators of that famous double ransom. First, you steal the data and hold it ransom, but since only about 50 % pay and 50 % don't pay the ransom, they double down on that and then say, well, if you're not going to pay the ransom and pay it by this date, then we're going to humiliate you and publish the data to the
Dino Mauro (32:46.06)
One of the members that is most well known online is known as Unknown, like that's his username, Unknown. And he heads up the, he orchestrates the crime of hiring mercenaries that they call affiliates to do specific tasks and they pay handsomely. How handsomely? Well, in one exchange, the job
collecting an excess of one million dollars per week. That's one million dollars US per week with the split of it being 80 % to the mercenary, the person that actually carries out the task and 20 % to
Dino Mauro (33:37.89)
And what they do in these campaigns is they will to they will launch a campaign with one of the variants, one of the types of malicious code to see if it's getting past firewalls. It's actually landing and resulting in extortion that will work. Once it works and it works well, then they'll hire many different affiliates. They'll hire multiple different mercenaries to carry it on in a wider spread
And if one variant doesn't capture enough revenue, then they leverage a different type and they feel it works on that new one, that new more profitable endeavor. So here's really how it works. An attack involves a team of well -funded and skilled criminals. This is not a kid in a hoodie in his mom's basement cracking code, drinking Red Bull all night. One affiliate creates the code, another affiliate or cyber mercenary,
will launch it in phishing attacks and social engineering attacks. And yet another affiliate will handle the extortion and public humiliation. And yet another affiliate, too, will leverage that for insider trading or the selling of the stock once the bad news gets public. None of these affiliates necessarily know what the other is doing or that they're even working on the same campaign, but the architects do and the heads.
The person known as unknown with Reval is the one architecting all of this. And they usually keep the group small and often no more than five levels for each campaign. So when you break down the money out of that one million dollars per week, they split that one million four to five ways with 20 % off the top going to our evil. And with hundreds of campaigns going on throughout the week, you can see how it all gets broken down.
But to approved as an affiliate and to be accepted into these groups where there's no trust among everyone and everybody is communicating nefariously and anonymously, you have to earn it. And what they do is they give you tests. They give you a scenario and see if you're able to hack into it. And once you are and you send
Dino Mauro (36:06.51)
code and it actually works, then you get another level of trust built up. There literally are job boards, one popped up called dark jobs on the dark web. They're professional looking, they're managed like Indeed or Monster .com. The applicants take tests to prove that they have the technical and evil chops to execute the task.
And then based on a series of questions and then verifications that the syndicates will do, these cyber mercenaries earn what's called trust points. The more trust points one earns, the more jobs they're able to apply for. And this is big business and big money. All the payments are made through a crypto wallet from the job board. And once the job is done, it's transferred to the crypto wallet of the affiliate, of the
And then for an extra fee, a mercenary could even get an insider criminal at one of the crypto exchanges to launder it into US currency.
So some of you might be wondering like we were, and that is why can Interpol and the FBI not track down these websites and these syndicates? Why can't these people get caught? And the response in the hacker community is, it's because it's all, it's the onion router, right? There's no way of tying a specific IP to a specific individual. But it's not always the case.
One example is Silk Road, right? And when you think about, because the Silk Road founder, which we'll talk about in another episode, actually got busted and went to prison because they were able to track it down. Because like most criminals, they do one or two dumb things. Like in Silk Road, the Silk Road website actually advertised on the Surface
Dino Mauro (38:13.378)
for Silk Road and they were able to track down from that actual advertisement where the actual IP was. There was a couple other reasons that led to that, but we'll get into that in that other episode. But when you think about it, since the servers are set up on the onion router, right? Where things are spun around, you don't know, you could be going online in Israel one hour and then going online in Dubai the next, there's no way of tying to where the actual physical person is.
But there's certain servers that are all hosted on the Onion browser. And one group of servers was called Freedom Hosting. And that founder got caught when websites that Freedom Hosting was hosting actually went down. It's believed that the FBI actually hacked them, launched some malicious code against them. It's alleged, we don't know.
and took those sites down, which exposed the emails and the IP addresses for all of those users who had purchased from it. So many arrests and the kingpin owner of Freedom Hosting was caught, indicted, and sent to
Dino Mauro (39:30.766)
So if nothing else scares you away from going to the dark web, the fact that your purchases on the marketplace in the dark webs can absolutely wind up you being exposed and then indicted for. This actually happened in 2015. There was a 17 -year -old boy in Germany who was dealing kilos of cocaine using the dark
What happened is one of the producers that was producing the coke actually got busted. Well, when they get busted, what happens? They seize the hard drive. And when they seize the hard drive, they found this producer was selling this to this dealer in Germany. And when the kid went to the post office, which he had done over a hundred times before to pick up his packages, the cops were there and he was
His hard drive was seized and when they reviewed it, found a treasure of all of his dealings. He was sentenced in
Dino Mauro (40:41.87)
2018 to decades in prison. And like I mentioned before, Silk Road got busted after advertising on the Surface
Dino Mauro (40:55.054)
And we're going to leave you today with a story of a 55 -year -old Latvian woman who actually worked remotely as a computer programmer and advertised her services on the Surface Web and then also advertised her services on the dark web. In June 2021, the U .S. Department of Justice arrested
alleging that she worked as a programmer for Trickbot, which is a malware as a service platform responsible for infecting millions of computers and seeding many of the systems with ransomware. So how did this self -employed website designer and mother of two come to work for one of the world's most notorious cybercrime gangs? Well, it kind of happened like this.
Krebs on security wrote in June of 2021, whole article about her and explained that ala Max Witt, this 55 year old Latvian national got arrested in Miami, Florida in February of 2021. The department of justice indicted her for overseeing the creation of code, which related to monitoring and traffic of users of this trick
malware.
And it also alleged that she was involved in the control and deployment of ransomware and then obtaining payments from ransomware victims and developing tools for the storage of the credentials that got stolen from all of the various victims infected by that Trickbot malware. So as it's alleged, this
Dino Mauro (42:55.156)
Ella Max -Witt had provided code to the TrickBot group for a web panel. And that web panel was used to access victim data stored in a database. That database contained tons of private credit card numbers and stolen credentials from the TrickBot botnet that was used, as well as various information about affected machines that had been made
And like Silk Road and the 2015 German boy who got busted, she did some things that were just really kind of, made some mistakes that were really kind of rudimentary. It appeared at some point in 2020, she actually hosted
trick -bot malware on a vanity website registered in her own name. It was actually alowit .net. And while it's definitely a terrible idea for cybercriminals to mix their personal life with their work life, her social media accounts actually mentioned a close family member, maybe her son or husband.
I had the first name of Max, which allegedly was her hacker handle. So it didn't take long or even too many layers to peel back for the feds to be able to identify her. And in a moment that is almost comical, Alex Holden, who's the founder of a security intelligence firm called Hold Security, wrote that one of her biggest mistakes happened
Christmas of the prior year in 2019 when she infected one of her own computer, one of her own computers with the TrickBot malware, which allowed it to steal and log her own data within the botnet interface. It's basically like shooting yourself in the foot. So unlike what we heard before about how all of the different cyber mercenaries didn't know what the other one was doing, and that way, if something bad happened,
Dino Mauro (45:17.036)
the architects, the head people could really never be busted. Here, this hacker mom with basically no common sense was well known by everybody in the group. Many in the gang not only knew her gender, but I actually knew her name. Several group members had al -awit folders with data
in there. So they knew exactly who she was and where they were getting their code from. They even referred to her almost like somebody would refer to their grandmother. And while we hope you enjoyed a quick light shining into the darkness of the dark web, we do want to caution you about going there yourself. For example, like in the
advertisement for the rent a hacker that we're showing online right now. You'll see that these people advertise for work that they will do anything. You know, this one advertises that I will do anything for money. I'm not a I'm not afraid of anything. Right. If you want me to destroy some business or a person's life, I'll do it. Here's simple examples of things I can
hacking something technically, causing technical trouble on websites, causing disruption on networks with DDoS attacks and other methods, economic espionage, getting private information from someone, ruining your opponent's business or private persons you don't like. I can ruin them financially, get them arrested, or do things like that. If you want someone to get known as a child porn user, no problem.
The level of depravity that is on these sites that are openly advertised for is what we all have to be concerned about. You can see citations to this in our YouTube channel as well. It's really kind of remarkable how dangerous it can be when people are able to hide because of anonymity online.
Dino Mauro (47:40.942)
they're able to do things that if they were in front of you, you know they would justify and water down and make it seem a lot more innocent than it actually is. And we hope you enjoyed today's episode of Shining the Light on the Dark Web and check out our next episode coming up right now.