U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Darknets in the Deep Web, the home of assassins and pedophiles

Security experts at Trend Micro published a report on the Deep Web and related illegal activities that exploit the darknets it contains. Experts at TrendMicro published an interesting report on the Deep Web focusing their analysis on the services and products available in the dark part of the internet that is not indexed by the principal search […]

Darknets in the Deep Web, the home of assassins and pedophiles

Security experts at Trend Micro published a report on the Deep Web and related illegal activities that exploit the darknets it contains.

Experts at TrendMicro published an interesting report on the Deep Web focusing their analysis on the services and products available in the dark part of the internet that is not indexed by the principal search engines.
First of all, let me clarify the difference between the Deep Web and the Dark Web, two terms often confused. The “Deep Web” refers the part of the Internet that is
The most popular “dark nets” are TOR, Invisible Internet Project (I2P) and Freenet, and in order to explore these networks it is necessary to use specific tools. Unfortunately, the anonymity offered by such networks is an element of attractive for cyber criminals that concentrated their illegal activities in this hidden part of the Web.
It is quite easy to find hidden services and marketplace where is it possible to buy any kind of illegal product and service, including drugs, stolen credit card data, weapons, malware, zero-day exploits and fake documents.

In the deep web it is also possible to pay for various illegal services, like hacking services, money laundering services and hire an assassin.

The report, published by Trend Micro, is a sort of “census report” of the Deep Web, based upon information gathered over the past two years by the Trend Micro Deep Web Analyzer. The Deep Web Analyzer is described by the experts of the security company as a web crawler that scan the hidden services and resources collecting URLs of TOR- and I2P-hidden websites, Freenet resource identifiers, and domains with nonstandard TLDs, and extracting content information of interest (i.e. Links, email addresses, and HTTP headers).

The researchers at Trend Micro identified 8,707 pages they dubbed “suspicious,” examined the “Surface Web” sites that those sites linked to, and discovered that the majority of them fall into the following categories:

  • Disease vector (drive-by download) sites (33.7%).
  • Proxy avoidance sites (31.7%).
  • Child exploitation (26%).

Let’s walk through the report, starting to analyze the site content and language used to try to figure the possible origins of their users.

The English is the prevalent language fro the content crawled by the experts, nearly the 62 percent of website analyzed of 3,454 scouted domains are in English followed by Russian (228 domains) and French domains.

Deep Web Content Language Analysis
The interesting data are related to the language distribution based on the number of URLs, the number of Russian URL is greater than the English one. The experts motivated this data confirming that some website are mirrored in both TOR and I2P.

By analyzing the principal black markets, the experts tried to profile principal operators, even if the operation is very hard the results are very approximative in my opinion. The analysis revealed that the principal illegal activity remains related to the sale of drugs and chemicals.

“Top 15 vendors across all marketplaces showed that light drugs were the most-exchanged goods in the Deep Web. This was followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts. This data backed up the idea that a majority of Deep Web users—at least those who frequent the top marketplaces—go there to purchase illicit drugs.” states the report.

DeepWeb Black markets vendors buyers

The researcher discovered many suspicious websites on the Dark Web proposing assassinations services, they included the price list of a criminal group calling itself C’thulhu. The services, including rape, “underage rape,” maiming, bombing, crippling, and murder. The prices are ranging from $3,000 for “simple beating” of a “low-rank” target to $300,000 for murdering a high-ranking or political target and making it look like an accident.”

deep web assassination services

The report also confirms the exploitation of resources in the dark web to hide command and control infrastructure of a number of malware, including the Vawtrak and Dyre banking Trojan, and the Critroni ransomware.

I strongly  suggest you to read this interesting report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Deep Web, Dark Web)