Study: Using Stylometry to Detect Cross-Market Vendor Profiles

Researchers analyzed the literary style of darkweb vendors to identify vendors using different identities.

Using stylometry, researchers analyzed thousands of vendor identities on four darkweb marketplaces and linked more than 700 identities. The study involved the collection of information nodes, which included vendor profiles from four defunct marketplaces, including Valhalla (522), Dream Market (2,547), Evolution (1,650), and Silk Road 2 (681).

https://darknetlive.com/post/study-using-stylometry-to-detect-a-vendors-alternate-profiles/

PDF:
https://darknetlive.com/post/study-using-stylometry-to-detect-a-vendors-alternate-profiles/documents/fingerprints.pdf

#study #stylometry #fingerprints #darkweb #marketplaces #vendors #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FBI Admits Purchasing NSO Group's Pegasus Spyware

The FBI purchased the NSO Group’s Pegasus spyware but only for “testing and evaluation,” they claimed.

The Federal Bureau of Investigation confirmed to The Guardian that the Bureau had purchased a license to access Pegasus for “product testing and evaluation only.” NSO Group, an Israeli firm, sells spyware and hacking tools to “government intelligence and law enforcement agencies” across the globe. The company’s products are “classified as a military export by Israel.” Pegasus is “one of the world’s most sophisticated hacking tools.

https://darknetlive.com/post/fbi-admits-purchasing-nso-group-s-pegasus-spyware/

#fbi #pegasus #nso #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

SentryPeer

A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.

This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to block them at the service providers network and the next time a user/customer tries to call a collected number, it’s blocked.

Traditionally this data is shipped to a central place, so you don’t own the data you’ve collected. This project is all about Peer to Peer sharing of that data. The user owning the data and various Service Provider / Network Provider related feeds of the data is the key bit for me. I’m sick of all the services out there that keep it and sell it. If you’ve collected it, you should have the choice to keep it and/or opt in to share it with other SentryPeer community members via p2p methods.

https://sentrypeer.org/

#sentrypeer #fraud #detection #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Matrix vs. XMPP

What are XMPP and Matrix and what makes them special?

XMPP and Matrix are two decentralized and federated free software projects for chat, including true end-to-end encrypted chat.

Users can either install the software on their own server if they want, but they can also easily register on any public server—both allow any XMPP or Matrix user to talk to users on their server or on any other one. In essence, it works like email: you might have an email account on a different site than your friend, but all accounts on all sites can communicate.

In a world where most communication is done on centralized proprietary platforms without end-to-end encryption like Facebook, Telegram and Google, Matrix and XMPP both are permanent solutions to communication privacy. Even based boomerware like IRC has to play second fiddle to them.

The only question is, "Which is better? XMPP or Matrix?"

https://lukesmith.xyz/articles/matrix-vs-xmpp

💡 Read as well:
Internet Messaging versus Congested Network

#matrix #xmpp #privacy #amdocs #israel #intelligence
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

"Your account has been deactivated"

I've received that message today. I'm from Belarus.

"We noticed an issue when verifying your account. The legal entity information associated with your account fully matches a restricted party or one or more parties from the United States government's consolidated screening list, another government's sanctions list, or a restricted regions list."

I know nothing about sanctions but I'm 100% sure that's how sanctions should not work by discriminating developers from country which governments appeared in any sanctions list.

https://developer.apple.com/forums/thread/700036

#apple #developers #belarus #sanctions #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Foreign Office target of 'serious cyber incident'

The UK's Foreign, Commonwealth and Development Office (FCDO) was the target of a "serious cyber-security incident", it has emerged.

The details came via a tender document published on a government website, seemingly by mistake.

It revealed that cyber-security firm BAE Systems Applied Intelligence was called on for "urgent support".

The BBC understands unidentified hackers got inside the FCDO systems, but were detected.

https://www.bbc.co.uk/news/technology-60309335

#uk #fcdo #hacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Belarusian activists hacked railway servers in order to interfere with Russian troop relocations.

Hackers knows as "Cyber Guerillas" have hacked and encrypted the servers and the database of the Belarus railroad company. The backups were deleted as well. The goal of the attack was to make it harder for the Russian army to move its troops into Belarus.

#Russia has been gathering troops near Ukrainian borders for several months now. Earlier, #Belarus and Russia announced joint military exercises in February.

OATHqr - Turn your secrets into scannable QR codes

OATHqr helps you create security credentials for use with 2FA/MFA and other OATH-enabled apps. Use it to generate scannable QR codes for one-time password authenticator apps such as Aegis or YubiKey. Or skip the QR code altogether and paste the formatted otpauth URI it creates directly into OpenPGP-activated password managers such as the remarkable Pass standard unix password manager.

💡 Features:

- Makes no external requests and may be run completely offline.

- Installable application can be added to mobile device home screen.

- Friendly form accessible to both sighted and non-sighted users.

- Utilizes strict default-src Content-Security Policy as sandbox.

- Proactively disables Google FLoC surveillance for affected users.

- Promotes ethical software alternatives to Google Authenticator.

- Automatic light/dark color scheme based on system preference.

https://codeberg.org/vhs/oathqr

#oathqr #qrcodes #2fa #mfa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Binance, led by the world’s richest crypto billionaire, is taking a $200 million stake in Forbes

Binance, the world's biggest cryptocurrency exchange, is making a $200 million strategic investment in Forbes, the 104-year-old magazine and digital publisher, CNBC has learned.

The funds will help Forbes execute on its plan to merge with a publicly traded special purpose acquisition company, or SPAC, in the first quarter, according to people with knowledge of the deal.

Investors have grown skeptical of SPAC deals generally, and media deals in particular, in recent months amid the broader stock market retrenchment. Binance will replace half of the $400 million in commitments from institutional investors announced by Forbes in August, said the people, who declined to be identified before the transaction is announced.

That would make Binance one of the top two biggest owners of Forbes, which will be listed on the New York Stock Exchange under the ticker FRBS, the people said. The crypto company will also get two directors out of nine total board seats, they said.

The move shows the increasing real-world influence of the crypto sector, which has seen surging valuations and minted a new class of billionaires amid global interest in digital assets. While crypto companies have gone public, affixed their names to sports arenas and flooded airwaves with celebrity endorsements, this is the sector's first big investment in a traditional U.S. media property.

https://www.cnbc.com/2022/02/10/forbes-spac-binance-led-by-the-worlds-richest-crypto-billionaire-is-taking-a-200-million-stake-in-forbes-.html

#binance #crypto #forbes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bvp47: Top-tier Backdoor of US NSA Equation Group

In 2016 and 2017, “The Shadow Brokers” published two batches of hacking files claimed to be used by
“The Equation Group”. In these hacking files, researchers form Pangu Lab found the private key that can
be used to remotely trigger the backdoor Bvp47. Therefor, It can be concluded that Bvp47 is a hacker tool
belonging to " The Equation Group".

https://files.shitpost.to/rvfxfdj9zmajdtww.pdf?key=SxiRfjPs1SFpxU2gUK5PBmx08w2KTIL7

⚠️ I strongly advise everyone to pass pdfs through something like DangerZone or MAT2 before opening them.

#Bvp47 #nsa #backdoor #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

email2phonenumber

email2phonenumber is an OSINT tool that allows you to obtain a target's phone number just by having his email address.

💡 For full details check:
https://www.martinvigo.com/email2phonenumber

💡 Demo:
https://www.youtube.com/watch?v=dfvqhDUn81s

‼️ IMPORTANT:
*email2phonenumber is a proof-of-concept tool I wrote during my research on new OSINT methodologies to obtain a target's phone number. The supported services (Ebay, Lastpass, Amazon and Twitter) have long added protections to protect from these type of scraping like having to receive a code over email first or simply adding captchas. There are of course many other sites that are still leaking phone number digits but I am focused on other research projects. Feel free to submit pull request if you want to add support for new sites.

Please check out my newer tool "Phonerator", which is maintained and focuses on the novel aspect of this research, generating valid phone numbers. See more details. There is also a small OSINT challenge in there... ;)

https://github.com/martinvigo/email2phonenumber

https://www.martinvigo.com/tools/phonerator/

#osint #email2phonenumber #phonerator
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ukraine calls on hacker underground to defend against Russia

Feb 24 (Reuters) - The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.

As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv. read more

"Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country," the post read, asking hackers and cybersecurity experts to submit an application via Google docs, listing their specialties, such as malware development, and professional references.

Yegor Aushev, co-founder of a cybersecurity company in Kyiv, told Reuters he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday. Aushev's firm Cyber Unit Technologies is known for working with Ukraine's government on the defense of critical infrastructure.

https://www.reuters.com/world/exclusive-ukraine-calls-hacker-underground-defend-against-russia-2022-02-24/

#ukraine #russia #hacker #cyberdefence
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bye fsb.ru

https://nitter.pussthecat.org/YourAnonNews/status/1500169119219466251

via Twitter

💡 Read as well:
Anonymous has taken down the FSB website

#OpRussia #anonymous #fsb
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Brave takes the spring out of creepy bounce tracking

Just say no to websites bypassing privacy protections with sneaky redirects

Browser maker Brave has developed a new way to ground "bounce tracking," a sneaky technique for bypassing privacy defenses in order to track people across different websites.

Bounce tracking, also known as redirect tracking, dates back at least to 2014 when ad companies were looking for ways to avoid third-party cookie blocking defenses.

"Bounce tracking is a way for trackers to track you even if browser-level privacy protections are in place," explained Peter Synder, senior director of privacy at Brave, on Tuesday.

"Privacy respecting browsers try to prevent sites from learning about your behaviors and activities on other sites. Bounce tracking attempts to circumvent these protections by gaming how your browser behaves when you browse from one site to another."

Say a website embeds a third-party script from info.tracker. When the website is visited, the third-party script tries to read third-party cookies from info.tracker that have been stored in the visitor's browser.

If it can't – because third-party cookies are blocked – the script redirects to the info.tracker domain by writing a new URL to the browser's window.location object or via some link hijacking method like injecting an info.tracker iframe into the original website.

Doing so puts info.tracker into a first-party context, enabling it to set tracking cookies.

Info.tracker then redirects back to the original website URL and info.tracker cookies can then be read in third-party contexts. By doing so across multiple different websites, info.tracker can develop a profile of the people's interests.

To curtail privacy intrusions of this sort, Brave software engineer Aleksey Khoroshilov and senior software engineer Ivan Efremov devised a defense called Unlinkable Bouncing.

https://www.theregister.com/2022/03/09/brave_bounce_tracking/

#brave #browser #bounce #tracking #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Clone Wars - Open source clones of popular sites

100+ open-source clones and alternatives of popular sites like Airbnb, Amazon, Instagram, Netflix, TikTok, Spotify, WhatsApp, YouTube, etc. List contains source code, tutorials, demo links, tech stack, and GitHub stars count. Great for learning purpose!

https://github.com/GorvGoyl/Clone-Wars

#clonewars #opensource
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Staying online during a conflict

First of all, we hope that there won't come a time where you need to read this article. Nevertheless, since it may happen, here's how you can remain connected to the internet during incertain times.

Do note that this guide is covered for two scenarios: when your connection becomes less stable because of a conflict or when your country's slowly blocking social media platforms.

💡 Element: a messaging app

Element is a messaging app that lets you talk with other users. If you pick a server in the region (e.g. one that you host yourself or one that the city's university hosts) then you won't lose your connection to the server.

Additionally, since this server can connect to any other Element (Matrix) server, you will always be able to communicate with the outside world whenever there's a brief connection.

This means it's very difficult to block. Your country cannot just block "the Signal server", they'll instead need to block every single hobbyist in the world that decides to set up a new server for Element.

💡 Mastodon: Twitter unblocked

Mastodon uses very similar protocols to what Element uses: everyone can set up their own servers, which makes Mastodon hard to block.

Take a look at mastodon.social, ru.social, pleroma.chirno.tech, glasgow.social, witches.live, and many more.

Each of them hosts their own instance, that separately needs to be blocked from the internet. You can use instances.social to find a Mastodon instance that suits best for you.

💡 PeerTube: when YouTube goes down

Do you need to share videos that YouTube may not want to share? Can you no longer access YouTube's foreign servers? Use PeerTube.

PeerTube allows you to broadcast your videos to whomever can see them. This can be very useful when your connection with YouTube is unstable and you'd like to share the videos yourself anyway.

💡 Conclusion

Using these platforms, you will be able to remain connected with the world better - in situations where connections aren't always stable, as well as if the government may decide to block websites.

Take good care of yourself, and we hope these tips will be helpful for you.

https://digital-justice.com/articles/connection-during-conflict.html

#tips #element #peertube #mastodon
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Release: Roskomnadzor (820 GB)

In the Cyberwar category, we are listing 364,000 files from the Roskomnadzor, the Russian federal agency responsible for censorship of Russian media, specifically from the republic of Bashkortostan.

In the Cyberwar category, we are listing 340,000 files from the Роскомнадзор or Roskomnadzor of the Russian Republic of Bashkortostan. By population, Bashkortostan is one of the larger republics of the Russian federation, and Roskomnadzor is the Russian federal agency responsible for the monitoring and censorship of Russian media.

Roskomnadzor's activities are always a matter of public interest to the people of Russia and to the world. Their recent actions have only emphasized this:

Roskomnadzor has given instructions about what can be said and ordered media outlets to delete stories that call Russia's invasion of Ukraine an Invasion. In response to Facebook's fact-checking Russia's statements about the war, Roskomnadzor began restricting access to Facebook before later blocking it. Roskomnadzor also threatened to block access to Russian Wikipedia over their article about the Russian invasion of Ukraine. This follows an established history of similar actions in the past.

The source, a part of Anonymous, urgently felt the Russian people should have access to information about their government. They also expressed their opposition to the Russian people being cut off from independent media and the outside world. We are publishing this release in anticipation of Russia potentially being cut off from the global internet on March 11, and hope Russians will have time to download this data, before then.

https://nitter.pussthecat.org/YourAnonTV/status/1501942349550653443

via Twitter

https://www.jpost.com/breaking-news/article-700940

💡 Download (817.5 GB)
https://ddosxlvzzow7scc7egy75gpke54hgbg2frahxzaw6qq5osnzm7wistid.onion/wiki/Roskomnadzor

#OpRussia #anonymous #roskomnadzor #cyberwar #ukraine
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Former Canadian Government Employee Extradited to the United States to Face Charges for Dozens of Ransomware Attacks Resulting in the Payment of Tens of Millions of Dollars in Ransoms

A Canadian man was extradited yesterday from Canada to the United States on an indictment returned in the Middle District of Florida that charges him with conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer arising from his alleged participation in a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has targeted dozens of victims all over the world, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.

According to court documents, Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, Canada, from April through December 2020, conspired to and did intentionally damage a protected computer and transmit a ransom demand in connection with doing so. The indictment also alleges that the United States intends to forfeit more than $27 million, which is alleged to be traceable to proceeds of the offenses. The defendant will make his initial appearance today in federal court in Tampa before U.S. Magistrate Judge Julie S. Sneed.

https://www.justice.gov/opa/pr/former-canadian-government-employee-extradited-united-states-face-charges-dozens-ransomware

#NetWalker #ransomware #usa #canada
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

#Emotet E5 Update - Within the last several hours, we have seen some bots on the Epoch 5 botnet begin to drop SystemBC now as a module and execute it. This is the first drop beyond Cobalt Strike that we have seen since Emotet returned. This is a significant change 1/x

https://nitter.pussthecat.org/Cryptolaemus1/status/1502069552246575105

via Twitter

#emotet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Privacy and the Future of the Internet

The Internet is at a critical juncture. As it has been for the past decade or so, those who care about privacy and social morality are (practically) barred from participation in interest-based "focus groups", because most of them are still on Facebook, Twitter, YouTube and other anti-social networks. Even websites that have nothing to do with these networks have forgone self-management of user accounts in favor of "social logins," which are only useful until Facebook blocks your account and you realize you're now blocked from everything, and the only customer support available is provided by bots who were programmed to fix nothing and provide no information.

Government-provided services around the world are becoming more and more difficult to receive without installing apps spyware on your smartphone. Search engines grow more and more unusable every day, and our ability to self-govern is being taken away by money-hungry startups and corporations who are looking to "make the world a better place." Finally, the Internet as a whole is now nothing more than a shopping mall, where visitors implicitly consent to being searched.

https://ido50.net/rants/privacy-and-the-future-of-the-internet

#privacy #internet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv