De-anonymizing ransomware domains on the dark web

by auiyaon 6/28/2022, 6:15:01 PM with 11 comments
  • by ziddoapon 6/28/2022, 8:00:17 PM

    #1 and #2 really should just be a part of #3: catastropic opsec.

    I don't know what it is about people who run these criminal enterprises on the darknet, but they constantly seem to be failing even the most basic of opsec. Re-using identities across multiple services, using e-mail addresses with real names, posting photos with identifiable information (and before websites stripped metadata for them, often posted with metadata), etc. I mean it's nice that they are making it easier to catch themselves, but at the same time I can only wonder how some genius can invent some novel and complex ransomware operation just to turn around and use the email they've had since they were 13 to register the services that operate it.

  • by auiyaon 6/28/2022, 8:05:38 PM

    Not sure why there's a mystique over the "dark web", they're all still just websites, and suffer the same types of vulnerabilities.

  • by orthoxeroxon 6/28/2022, 7:23:43 PM

    This should come in handy if I ever have to run a website on the dark web

  • by spacemanmatton 6/28/2022, 11:17:16 PM

    Looks like every server they busted broke at least one rule from the opsec info posted here just a month or two ago. Classic.

  • by neh_89on 6/30/2022, 3:28:07 AM

    There is no silver bullet when it comes to protecting against ransomware. A ransomware attack A prime example of this was the WannaCry virus attack in May 2017, where 200,000+ computers worldwide were infected due to a weakness in Windows SMB EnternalBlue, which allowed hackers to hijack computers running on an unpatched Microsoft Windows operating system. Users were asked to pay anywhere from 300-700 bitcoins to decrypt the data in 3 days.

    https://www.spiceworks.com/it-security/cyber-risk-management...

  • by rkagereron 6/29/2022, 8:10:34 AM

    Basically they found some darknet onion sites whose operators reused the same unique favicon, self-signed TLS certificate, etc. on other sites hosted from public IP's. And in one case left a secret key in a publicly-accessible configuration file.

  • by paulpauperon 6/29/2022, 12:58:18 AM

    Onion domains will never be good for anonymity. too big of a surface area, too much potential leakage somewhere

  • by Handytingeon 7/12/2022, 6:36:31 AM

    Did that last one remind anyone of Uplink[0]?

    20 year old memories of proxying my ssh traffic through InterNIC just came flooding back!

    0. https://en.wikipedia.org/wiki/Uplink_(video_game)

  • by 48cfuon 6/29/2022, 6:02:47 AM

    [dead]

  • by dpapaion 6/28/2022, 6:57:02 PM

    undefined

  • by ipaddron 6/28/2022, 7:24:04 PM

    So certificates do not enable privacy they take it away.

    SSL may stop your roommate or isp but they provide another vector for linking to other entities.

    I wonder how many are using this technique to link web properties together.