Recently Browsing 0 members
No registered users viewing this page.
By Ather Fawaz
Empire Market, a drug dealing behemoth on the dark web has been offline for three days
by Ather Fawaz
It's been three days since one of the most popular darknet marketplaces, Empire Market, went offline. Customers have been unable to access their accounts and the administrators have seemingly gone off the radar without a trace. Sellers are distressed over the loss of funds, and some have even reported being the victims of Dusting Attacks whereby they've received small amounts of bitcoin in an attempt to deanonymize their cryptocurrency earnings.
According to Bloomberg, the Empire Market dealt with drugs, fake documents, malware, etc., and ranked among the most trafficked illicit online marketplaces after the shutdown of sites like Silk Road, AlphaBay, and Hansa. But what exactly caused Empire Market to go offline is unclear.
Bloomberg interviewed Mark Arena, CEO of Intel 471, a cybersecurity firm that tracks darknet marketplaces, who believes that there are two likely reasons for the sudden disappearance. Either the site administrators were arrested by law enforcement agencies or they have scammed customers and went off the radar with escrowed money.
We've seen the former happen with the October 2013 shutdown of Silk Road by the FBI. The latter is also likely because Empire Market operated on the basis of escrowing money whereby anyone wishing to sell makes a deposit, which was held in escrow, giving the administrators control over it. Not only this, but a site moderator who goes by the name 'se7en' has also seemingly deleted his Dread account, and another moderator 'Melbourne' has confirmed that an exit scam is likely. While the exact figure of escrowed money is difficult to gauge, Mark Arena estimates at least 'single-digit millions' to be involved here.
By Ather Fawaz
Twitter claims that a social engineering attack led to the spread of the cryptocurrency scam
by Ather Fawaz
A few hours back, many high-profile Twitter profiles were hacked to spread a cryptocurrency scam. Among the affected accounts were those of Microsoft co-founder Bill Gates, SpaceX CEO Elon Musk, and Amazon CEO Jeff Bezos. Under the hack, a tweet was posted claiming that the profile was giving back or doubling the amount of cryptocurrency sent to the account.
Shortly after, Twitter posted that it was investigating the problem. Now, Twitter Support (@twittersupport) has notified us on what it knows about the nature of the attack. The thread also tells us about the actions the site took to mitigate the effects of this hack.
First, the social media giant deemed last night's attack was a 'social engineering attack' to take control of highly-visible accounts by targeting some Twitter employees with access to internal systems. Immediately after the site got to know of this, it removed the malicious tweet and disabled further tweeting from the affected accounts. Interestingly, all verified accounts, affected or not, were unable to tweet. An hour later, Twitter restored this functionality, but it is still limiting access to internal tools as it continues to investigate the hack.
While Twitter's allusion to its employees being targeted does not directly state that one or more of its employees were behind the socially engineered attack, it still raises a few eyebrows at such a possibility. We already have reports hinting at an inside job citing sources from the SIM swapping community and the selling of vanity usernames. Rest assured, we shall continue to update you as the situation unfolds.
By Abhay V
Elon Musk, Bill Gates, and other prominent Twitter accounts hacked for Bitcoin scam [Update]
by Abhay Venkatesh
Many high-profile Twitter accounts were hacked today to spread a Bitcoin scam. The accounts included those of SpaceX CEO Elon Musk and Microsoft co-founder Bill Gates. The tweets (spotted by TechCrunch) that have now been removed by the users claimed that the individuals were “giving back” or “doubling” the number of Bitcoins sent to the account.
Other accounts such as that of Coinbase, CoinDesk, and Binance were also compromised. According to TechCrunch, the scammer’s website was flagged by Cloudflare as a phishing site but was still accessible when clicked on. At the time of writing, the scammers’ site had already collected up to 2.8 Bitcoins, averaging to about $25,700. A spokesperson for Binance, a cryptocurrency exchange platform provider, told the publication that its security team is investigating the breach. Several other companies that the source reached out to did not respond to a request for comment.
Images: Saagar Enjeti (Twitter) It is currently not clear how the accounts were compromised. A statement by Coindesk added that several of the hacked accounts had multi-factor authentication enabled, suggesting that the breach could have been made possible by a Twitter vulnerability. Additionally, the hackers reportedly took over the accounts completely, even changing the email addresses linked to those accounts, making it difficult to reset the passwords and take back control.
A Twitter spokesperson said that the microblogging website is “looking into” the matter. However, it is advised to be careful of any such messages from prominent Twitter users promising returns on Bitcoin donations.
Update: Twitter Support has posted a statement that reads:
Google launches website to help detect and stop scams
by João Carrasqueira
Scams have been a long-lasting threat on the internet, and companies such as Facebook and Google have tried to protect their users through e-mail filters or potential scam warnings. Now, Google has announced a partnership with the Cybercrime Support Network to help people identify and stop scammers that might be out to get their money, with a website called Scam Spotter.
According to the Federal Trade Commission, $1.9 billion were lost to scams in 2019 alone, which works out to roughly $3,600 being lost every minute. Scammers use tactics that involve tax payments, some sort of contest, or impersonation to appear as someone who you would trust and send money to. To avoid this, the new website offers three general guiding principles - taking time to ask questions, double-checking the identity of the person contacting you, and avoid sending money if something feels off.
Scam Spotter shines light on different types of scams, including romance scams - which have cost over $200 million in 2019 - tax-related scams, contest or lottery winner scams, and an especially popular type of scam these days, COVID-19 scams. For each of these types of attack, the website offers more specific tips on how to avoid them, including links to resources that can be used to double-check information. There's also a short quiz that tests your ability to identify a potential scam.
For many users, especially those that are more tech-savvy, scams are generally easy to identify, but evidently, there are still many people losing money to this sort of attack. Google encourages sharing Scam Spotter with people who might be prone to falling for schemes like these.
Facebook Messenger now helps you identify fake users
by João Carrasqueira
Nearly two years ago, Facebook was found to be testing a new feature for Messenger that helps identify ill-intended users trying to pass off as someone else. Specifically, the feature was meant to detect when a potential scammer was imitating the profile of one of the victim's friends. Now, as reported by TechCrunch, the feature is now rolling out to users with some additional capabilities.
The originally-reported feature, which detects when a potential scammer is trying to appear as one of the victim's friends, is still pretty similar. When a user receives a message from an account that's impersonating one of their friends, a warning will be displayed at the top of the chat, letting them know the other user is using a similar name to one of their friends. Reviewing the warning will provide additional information, such as when the account was created and how many friends they have compared to the legitimate account.
There's a new capability, too, which simply warns users when a potential scammer is trying to deceive them. According to the report, the app will use machine learning to detect anomalies in an account's activity's such as sending a high number of message requests to users, especially if the messages are being sent to users under younger than 18. Reviewing the warning will allow the victim to block the potential attacker, and provide a little more guidance on how to identify scams.
The features seem to be mostly targeted at young users, in an effort to teach them how to be cautious online and it comes at a time when false friend requests are on the rise due to a change to Facebook's search algorithm. It was initially available in a limited rollout back in March, and it's now expanding. On iOS, it should be available at some point next week.