17.7.17 Dark Web and Cybercrime Roundup

17.7.17 Dark Web and Cybercrime Roundup

Alleged Alphabay Admin Found Dead in Bangkok Jail

On July 12, news sites in Thailand reported that a 26-year-old Canadian man had died in a Bangkok jail. The news spread quickly and the world soon learned the man’s identity: Alexandre Cazes of Trois-Rivières, Québec, Canada. Alphabay marketplace disappeared when the Royal Canadian Mounted Police raided locations throughout Trois-Rivières, hunting for “computer equipment.”

2A952FC037DB4927B75C36622DBFF5E2 (2).jpg

Police in Thailand arrested Cazes on behalf of the FBI on July 5 for undisclosed drug crimes. The 26-year-old had lived in Thailand for years as a fugitive, but he lived well, according to media reports. He owned several houses, multiple high-end vehicles—including a Lamborghini—and had $12m in combined assets. His father, Martin Cazes, admitted that his son created illegal websites and made a fortune with Bitcoin, but did so “without bad intentions.”

423ec41d00000578-4688842-image-a-24_1499859682328.png

  • “His company’s website(s), however, disappeared with the Alphabay servers. Nevertheless, LinkedIn provided a skillset which pointed towards only one thing: that Cazes had the skills required to fill the role DeSnake performed.”
  • “[Cazes’s] business addresses were in locations searched by the RCMP on July 5. On top of that, one Reddit user explained, ‘the EBX company site […] was developed and had similar code to Alphabay when inspecting sources.’”
  • Martin Cazes, Alexandre’s father, said the feds tried to connect his son to the Alphabay admin “alpha02.” Additionally, his father claimed Alexandre lived in Thailand for four years—not the alleged eight years.

Read the full story at DeepDotWeb.

Alphabay death: Wondering which market is Headed to the Top? Here is some insider info!

Alphabay vanished. Some believe that the site will return. Others believe that the marketplace will never see the light of day. It could, in part, be due to the RCMP raids in Quebec. The death of the alleged Alphabay admin, DeSnake, could have sent the other Alphabay admins into a frenzy. Maybe the time for an exit scam finally came. Whatever the case may have been, the “Top Markets” list needs a new drug market. Not only that, but some former Alphabay users need a new marketplace.

Screenshot_2017-07-15_15-18-41.png

DeepDot revealed incoming Google search terms for different darknet drug markets, alongside additional metrics:

  • Impressions & Clicks: How many times did a Google search with a marketplace name pull DDW pages. And among those, how many viewers clicked a DDW link for a specific marketplace.
  • Searches on the site: How many queries, using DDW’s built-in search feature, contained market-specific search strings.
  • Market-focused page clicks: How many DDW visitors travelled to market-related pages.

The stats covered the previous 28 days, so Alphabay, despite the “defunct” status, still dominated the search traffic. DeepDotWeb

Hansa Registration Disabled Temporarily

Former-Alphabay users searched for a replacement market—or as Bitcoin.com wrote, “Darknet Users Rush for a replacement market.” Many landed on the multi-sig market known as Hansa. Too many users, according to Hansa administration. Only a few days after the Alphabay disappearance, Hansa reported technical issues and blocked user registration.

Screenshot_2017-07-15_13-39-32.png

“Due to the influx of Alphabay refugees we are dealing with technical issues. We have set a temporary stop on new registrations until further notice. Registration disabled temporarily.

HANSA staff (Hansa frontpage and Reddit discussion.)

Vault 7: CIA Developed Android Malware That Works as an SMS Proxy

In a recent installment of “Vault 7,” the name for a series of CIA tool leaks orchestrated by Wikileaks, the public learned of an Android tool that reroutes text messages to a CIA-owned server. The tool, dubbed “HighRise” came packaged within an Android Package Kit, also known as an APK—the “format” of Android applications. The app, called TideCheck, has a secret control panel for HighRise.

Screenshot_2017-07-15_15-11-24.png

The HighRise features:

  • Send a copy of all incoming SMS messages to an Internet-based server controlled by a CIA operative.
  • Send SMS messages from the target’s smartphone.
  • Provide a communications channel between the HighRise field operator & the LP.
  • TLS/SSL secured internet communications.

Wikileaks has dumped CIA tools since March, if not earlier. BleepingComputer

Interview with a Top Alphabay Accounts Phisher

On June 27, one Bitcoin phisher pleaded guilty to creating fake darknet market phishing login pages. He claimed that he had made $360,000 from his phishing sites. On July 12, DeepDotWeb conducted an interview with a more successful Bitcoin phisher. Under the online handle “Phishkingz,” the phisher explained that he made more than $1 million during the last year—merely from fake Alphabay pages. Now that Alphabay vanished, he started the same work on the Dream marketplace. In the first day phishing Dream users, he claimed that he had already made four bitcoins.

https-www-deepdotweb-com-wp-content-uploads-2017-1.png

“I have a trade volume on local bitcoins of about 500 BTC in total. This is all on an account I created 1 year and 2 months ago. Everything is stolen BTC from phishing and I have a cryptopay.me account that has had over 400,000£ worth in BTC over the last 6 months. Phishing is very profitable on the dark web.” – Phishkinz. DeepDotWeb

Additionally, remember that the only official clearnet link for DeepDotWeb is DeepDotWeb.com. A typo can easily send an unsuspecting user to DeepDortWeb, DeepDogweb, DeeepDotWeb, etc. The only .onion link, additionally, is: deepdot35wvmeyd5[dot]onion.

The post 17.7.17 Dark Web and Cybercrime Roundup appeared first on Deep Dot Web.