I was a hacker for 30 years. These are the scariest things I saw on the dark web
- An ethical hacker revealed the inner workings of the dark web
- He explained how ransomware is used to steal tens of millions of dollars
- READ MORE: FBI leads ‘Operation Cookie Monster’ raid on hacker marketplace
The dark web is a lawless land where hackers run wild in the shadows of the internet, but one of its regular visitors has pulled the lid off of on this mysterious society.
Speaking anonymously to Vice, an unethical ‘black hat’ turned ‘white hat’ hacker bound by a moral code explained how bad actors use ransomware for large payouts or ‘to just see the world burn.’
These attacks are made through ransomware, which hackers use to steal data and demand tens of millions of dollars for the trove to be returned.
‘I’ve watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?’ the man said while donning a mask to conceal his identity.
The video comes as international law enforcement agencies led by the FBI seized a sprawling dark web marketplace popular with cybercriminals, where stolen passwords were sold for as little as $1 each.
The hacker cyber-bazaar, known as Genesis Market, was seized in a multinational crackdown dubbed ‘Operation Cookie Monster’ after the site specializes in stolen digital fingerprints, known as cookies.
Speaking anonymously to Vice , an unethical ‘black hat’ turned ‘white hat’ hacker bound by a moral code explained how bad actors use ransomware for large payouts or ‘to just see the world burn’
The interview was conducted in 2021, but the video recently surfaced again as a reminder that there is a dark world of people whose only goal is to cause havoc using the internet.
The white hat said he now uses his skills for good, tracking down criminals online and looking for vulnerabilities in systems to fix them – not exploit them.
‘If I wanted to gain access to a secure company, I wouldn’t go kick the door down,’ he said at the start of the interview.
‘I would target people I know who have access, who I know bring personal devices into a building or do things adjacent to the sensitive stuff, and I would then work my way up.’
The first ransomware attack was written by Joseph Popp in 1989 and used to target the healthcare industry.
The attack, called AIDS Trojan, was done by Popp handing out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference.
The disks were labeled ‘AIDS Information – Introductory Diskettes.’
When the floppy was downloaded to a computer, a large image appeared on the screen that read the software would ‘Adversely affect other program applications. You will owe compensation and possible damages to PC Cyborg Corporation and your microcomputer will stop functioning normally.’
The white hat said he now uses his skills for good, tracking down criminals online and looking for vulnerabilities in systems to fix them – not exploit them
The first ransomware attack was written by Joseph Popp in 1989 and used to target the healthcare industry. The attack, called AIDS Trojan, was done by Popp handing out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference
The program would count the number of times the computer was booted and once it reached 90, it would hide the directories and encrypt or lock the names of the files on the C drive.
To regain access, the users had to send $189 to PC Cyborg Corporation at a PO box in Panama.
Ransomware has since evolved to where a hacker does not need to leave their home – everything can be done on the dark web.
‘In the old days, for a country to cause disruption to a country as big as the United States, you would need millions and millions of dollars’ worth of investments to do something,’ the man told Vice.
‘Today, you just need a few thousand dollars and a laptop and a couple of smart hackers to write some code and send something out.’
A black hat hacker is an individual who is not bound by an ethical code, breaks laws and typically conducts hacks for their own purposes.
Kevin Mitnick is deemed ‘ the world’s most famous hacker’ for his attack on 40 major companies, including IBM, Nokia and Motorola, in 1995.
He stole computer codes, which some estimate cost nearly $330 million, and spent five years in jail.
Upon his release in 2000, Mitnick said he was ‘reformed’ and now lives as a white hat – an ethical security hacker.
The man speaking with Vice claimed to do this type of work.
‘I at one time considered myself a black hat and changed to a white hat,’ said the man, whose long gray beard flowed from underneath the mask.
‘White hats tend to be hackers who are bound by an ethical code, who try to do things to improve the greater good and who are bound by the law.’
Kevin Mitnick is deemed ‘ the world’s most famous hacker’ for his attack on 40 major companies, including IBM, Nokia and Motorola, in 1995. He stole computer codes, which some estimate cost nearly $330 million, and spent five years in jail (pictured is his release in 2000)
But his past escapades put him in the middle of the devious behaviors of the dark web.
He explained that while large countries like Russia and China are typically named in ransomware attacks, ‘every single country has a reason to weaponize these kinds of attacks.’
And it is the smaller countries that fly under the radar that are taking full advantage.
He claimed every Western country has gone to the dark web looking for help from the ‘community.’
It has also been made known that even the top officials do not understand which systems are the most vulnerable and ‘painful’ when encrypted by hackers.
This was made clear during the Colonial Pipeline ransomware attack in 2021, which was orchestrated by the DarkSide hacking group and closed down the entire system.
The attack halted 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.
Officials labeled it the most disruptive cyberattack on US energy infrastructure in history.
The FBI named DarkSide behind the attack. Colonial reportedly bowed to the hacker’s demands, paying a $5 million ransom in exchange for a decryption key to restore server access.
The Colonial Pipeline ransomware attack in 2021 was orchestrated by the DarkSide hacking group and closed down the entire system. The attack halted 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey
The white hat hacker touched on the Initial Access Broker Market, which are threat actors who sell cybercriminals access to corporate networks.
‘For an average price of around $2,800, these so-called initial access brokers (IABs) sold stolen VPN and remote desktop protocol (RDP) account details and other credentials that criminals could use to break into the networks of more than 2,300 organizations around the world, without breaking a sweat,’ Dark Reading reports.
READ MORE: Hackers hide malware in a James Webb Telescope image of galaxy
Bad actors are taking advantage of the James Webb Space Telescope (JWST) popularity by hiding malware in the first public image shared by President Biden in July that shows a glowing galaxy that formed 4.6 billion years ago.
Since the Vice video, the Initial Access Broker Market has seen a boom in business.
Cybersecurity researchers reported 2,348 instances of IAB sales activity between H2 2021 and H1 2022. The number of brokers also grew from 262 to 380.
Some 2886 companies had sensitive data published on ransomware leak sites over the reporting period, a 22 percent increase on the previous year, InfoSecurity Magazine reports.
The FBI is not blind to the illegal activity but has struggled to takedown big players.
The agency is now searching for operators and users of the sites.
‘We’re not only trying to attack the supply side, but we’re also attacking the demand side with the users,’ a senior FBI official said this month on the agency’s takedown of Genesis Market, a large online criminal marketplace.
‘There’s consequences if you’re going to be using these types of sites to engage in this type of activity.’
According to the FBI, Genesis Market offered access to data stolen from more than 1.5 million compromised computers worldwide, containing over 80 million account access credentials.
The stolen data included passwords for services such as online banking, Facebook, Amazon, PayPal and Netflix, as well as digital fingerprints that criminals can exploit to bypass online security checks by spoofing the victim’s device.
In coordinated raids worldwide, more than 200 searches were carried out, and about 120 people were arrested, including 24 arrests in and around the British town of Grimsby, UK law enforcement officials said.
A senior FBI official told DailyMail.com that suspects were also arrested within the US in connection with the bust but did not offer details on the number of arrests or the charges.
Source: Read Full Article