Arvin Club darknet showcase site

May 18, 2021GeneralEdward Kiledjian

Screen Shot 2021-05-18 at 9.52.18 AM.png

The Cl0P Ransomware Darknet showcase

March 3, 2021GeneralEdward Kiledjian

There are hundreds of write-ups about the CL0P Ransomware and the grand behind it. They came back into the spotlight recently claiming to have exploited the Accellion FTA (old file transfer service) and thus customers running unpatched version of the Accellion product.

Over the last couple of weeks, more “leaks” have come out claiming many more companies have been breached through this vulnerability and then infected with the Cl0p ransomware.

Many have asked if I knew where (on the Darknet, aka TOR network) the CL0P gang is publishing the list of infected companies. the answer is yes : http://ekbgzchl6x2ias37.onion/

Screen Shot 2021-03-03 at 1.05.36 PM.png

Now a word of caution. We aren’t certain who created this site. We don’t know if data on the site is actual CL0P infected organizations or simply someone that found the leaks and is claiming they are infected.

My research leads me to believe that the CL0P group is behind this TOR site and that the data on it is indicative of infected organizations.

If you click on Canadian Bombardier, you get this page with some data provided as proof.

Screen Shot 2021-03-03 at 1.08.20 PM.png

Here is a sample of the “proof” they provide for Bombardier

Screen Shot 2021-03-03 at 1.09.41 PM.png

The moral of the story is that there are bad people our there that want to profit from the misery of others. These threat actors are getting more creative and have improved marketing skills trying to “encourage” victims to pay up.

Hire a good CISO and invest in your security program.

TorCard selling international bank accounts

February 7, 2019GeneralEdward Kiledjian

TorCard #TOR based #darkMarket is selling bank accounts for about 10% of the accounts balance. Accounts come from the#USA, #Italy, #France, #UK, #Germany and #Spain. http://aqdkw4qjwponmlt3.onion/Buyaccount.html #Theft #Fraud #Cyber #Security #Infosec

Hitman services on the TOR Darkweb

December 17, 2018GeneralEdward Kiledjian

My readers have shown great interest in the TOR anonymity network (aka Darknet or Darkweb). To answer some of the more common questions I get asked, I have written a bunch of articles (including):

Recently I have received a bunch of questions (over a dozen emails and messages) asking if you can buy Hitman services on the Darknet. I guess recent movies have people thinking. The answer is probably. Since I haven’t used these services, I can’t vouch if they are real (they could be governmental sting operations) but here are some examples…

Hitman Service 47

Link : http://q2zbeqym56qqp6l6.onion/

The prices are interesting on this site. “Average Joe and Jane” for $10K…

Bratva Mafia Hitmen for hire

Link : http://2dsfjelfbxdjnjtp.onion/?w=laste

What about a hitman marketplace that claims to test all contractors? “Some hitmen are pending doing test orders, and we want to ensure we filter out cops wanting to pose as hitmen. “

Pricing seems similar to the Hitman Service 47

“If your target is the average person, for example an ex-wife, business partner, or some enemy, the price is around $10,000 to hire the average hitman. Some less experienced operatives accept $5000 while other skilled operatives can charge $20,000 for shooting with a hand gun and escape using a stolen car or motorcycle.”
“For important people, like small celebrities, who have bodyguards, we offer you professional ex-military operatives starting at $30,000. They use sniper rifles to do the job and can escape discretely.”\

Conclusion

The answer is yes. You really can buy anything on the Darknet if you know where to look. Remember that many of these may be fake scams or law enforcement stings. However some do sound legit but…. This is all very illegal. I provided the above sites as examples only and am not recommending them.

Operation Green Heart targets online currency counterfeit buyers

December 11, 2018GeneralEdward Kiledjian

A massive Europe wide operation took place between November 19 until December 6th, arresting 235 suspects in 13 countries. The operation confiscated 1,500 Euro banknotes, drugs, weapons, computers, phones, bitcoin, etc.

This operation was made possible after a 33-year old counterfeiter was arrested in June 2018 by Austrian police in the city of Leoben. The counterfeiter was producing 10,20 & 50 Euro banknotes and it is believed he had successfully offloaded over 10,000 (worth ~ $500,000 EUR) notes before being arrested. The counterfeit notes were sent out using regular mail, so as not to arouse suspicion.

The counterfeiter is believed to have designed the notes on his own computer. He printed them himself and made them look authentic using (suspected) Chinese made holograms. Depending on the quality of the prints, the price varied from 15-40% of the notes face value.

Aldia.cat also reports that data from an FBI/Europol raid on another Darknet seller specializing in weapons, drugs and fake money also contributed valuable information to Operation Green Heart.

The operation involved raids on 300 dwellings across Europe: 178 in Germany, 28 in France, 20 in Austria and others in Spain (Madrid, Velncia, Las Palmas de Gran Canaria, Tenerife, Barcelona, Sevilla, Granada, etc) , Croatia, Cyprus, Finland, Ireland and the Netherlands.

One of the suspects arrested in Munich still had 14 counterfeit notes with him.

The moral of the story is that good policing can cut through the anonymity of TOR, so criminals beware.

Sources: