Dark Web Analysis

October 3, 2022
Staff, ThriveDX's Enterprise Division

What is the Dark Web?

Before embarking on Dark Web analysis, let’s review the three main layers to the internet. The Surface Web is what most of us think about: Netflix, online banking, CNN, Amazon, etc. For layers below that, we have the Deep Web.

The Deep Web comprises a staggering 96% of all web traffic and consists of places not crawled by Google. Password protected sites like your credit card statement, online account statements, even password-protected email is the Deep Web.

At the end of those layers, is the famous Dark Web. The Dark Web is where all the bad stuff resides, and some good stuff depending on what government you are and what you think “freedom” means.

What Happens on the Dark Web?

The Dark Web is also where our private information is sold, usually without our knowledge.

It’s where anyone with a TOR browser can access dozens of Silk Road knockoffs, purchase a Botnet…even hire a hitman.

The information, pictures, and videos you can access are exactly the types of images you would imagine.

Having said that, Dark Web analysis is not for everyone.

As the Dark Web Council states: “Despite best efforts, such networks, by virtue of their anonymous nature can attract morally objectionable, troubling, and disturbing language and imagery that may be upsetting or traumatizing.”

Mexico Ransomware Attack

Previously, we were quoted in an article about how a Russian hacker released a trove of Mexican taxpayer IDs that you can find here.

Here’s the summary:

In June 2020 a Russian hacker going by the screen name m1x stole a treasure trove of data from a Mexican government web portal.

He gave the government five days to pay an undisclosed ransom in Bitcoin. Three days into the standoff, the hacker mysteriously jumped the gun and released – among other things – 14,000 Mexican taxpayer ID numbers.

Change of Plans

According to Lucy Security (now a ThriveDX company) CEO Colin Bastabable, the government either wouldn’t or couldn’t pay the amount asked, so on June 7, 2020 m1x leaked 100 gigabytes of Mexican government data on a public cloud service.

“It’s not clear why he changed course, but’s what’s clear is that he rapidly accelerated the pressure on the victim, a tactic we’ve seen in several ransomware cases in the past several weeks,” Bastable said. “Typically, these types of hackers will do a public auction, but in this case the data was up there for anyone to grab.”

Massive SQL Database Leak

Later in June 2020, the Lucy Security (now ThriveDX) Dark Web analysis research team issued a press release detailing their finding that a collection of 945 archived SQL databases leaked to the Dark Web in a massive data leak.

Two databases totaling approximately 150gb of unpacked SQL files were released on June 1st, 2020, and on June 10th, 2020, respectively. The breach could potentially impact tens of millions of victims.

Alexa.com

The hackers targeted victims according to their Alexa ranking (https://www.alexa.com/siteinfo), claim the researchers. All have fewer than one million visitors.

The leaked databases, entire SQL dumps of the sites in question dated between 2017 and 2020, contained up to 14 million potential victims.

Sensitive information found by Lucy included security awareness statistics usernames, full names, phone numbers, hashed and non-hashed passwords, IP and email addresses, physical addresses, and other information.

Among the sites affected were 14 governmental sites belonging to Ukraine, Israel, UK, Belarus, Russia, Lebanon, Rwanda, Pakistan and Kyrgyzstan.

Massive Data Breaches: Still Here, Still Relevant

While these might be older examples, any cursory Dark Web analysis proves that data breaches are very much still with us today.

Uber Hack 2022

On September 15, 2022 an attacker on Uber’s private Slack channel matter-of-factly announced he had breached the company.

In the words of one security engineer: “It was a total compromise. They pretty much have full access to Uber.”

This was a social engineering attack derived from someone external bypassing multi-factor authentication by pretending to be someone from IT and spamming a particular employee demanding access. The employee finally relented and Uber became breached.

The hacker appears to be affiliated with the Lapsus$ group, a hacking contingent who has also breached the likes of Microsoft, Samsung, Nvidia, and Ubisoft, among others.

Like those attacks, a dark web data analysis found the stolen goods available on the Dark Web. The hacker certainly had a busy week, up until police apprehended him in London. A mere three days after this occurrence, he struck again.

Rockstar Games Hack 2022 (GTA Hack)

On September 18, 2022, a threat actor under the alias ‘teapotuberhacker’ leaked 50 minutes of not-yet-released Grand Theft Auto 6 (GTA6) onto one of the game’s popular user forums, apparently after gaining entrance to the company’s Slack channel where they downloaded the 90+ clips.

On September 22, 2002, the London Police Tweeted they had arrested a 17-year-old in Oxfordshire on suspicion of hacking and had him in custody.