It is a shame seeing Darknet vendors busted and their lives ruined for victimless crimes. I wrote a blog article about how to mitigate that:

'The case for a Darknet Trade Guild'

http://z7735okcy6gggduobp6vjfcgwz4ss5eeduww7iw2agjmfgpjlnquezqd.onion/article/the_case_for_a_darknet_trade_guild

I need honest feedback. Love you all!

I normally grab a #youtube video via #invidious onion instances this way:

 undefined

    
yt-dlp --proxy http://127.0.0.1:8118 -f 18 http://ng27owmagn5amdm7l5s3rsqxwscl5ynppnis5dqcasogkyxcfqn7psid.onion/watch?v="$videoID"


  

Now it leads to:

ERROR: [youtube] $videoID: Sign in to confirm you’re not a bot. This helps protect our community. Learn more

There used to be a huge number of Invidious instances. Now the official list is down to like ½ dozen.

The U.S. Department of Justice said that it has charged nearly 20 individuals for their involvement in the xDedic cybercrime marketplace operation, with more than a dozen already sentenced to prison.

The department announced on Thursday that it had reached the “culmination of a transnational cybercrime investigation” against the darknet site. Since its takedown in 2019, international law enforcement officers have arrested administrators, sellers and buyers in the U.S., Moldova, Ukraine, the U.K. and Georgia.

The Ukrainian-language cybercrime forum was founded in 2014. It illicitly sold login credentials to servers located worldwide, along with personally identifiable information, including dates of birth and Social Security numbers of U.S. residents.

Once purchased,

German law enforcement has seized the servers of the darknet marketplace Kingdom Market, a bazaar for drugs, malware, fake documents and other tools for cybercriminals.

In a press release on Wednesday, the police said they posted a takedown notice on the website and are now analyzing Kingdom Market's server infrastructure to identify the people behind the website's operation.

One person allegedly connected to Kingdom Market was identified last week as Alan Bill, a Slovakian national, who also went by his alias "Vendor," according to U.S. court documents.

U.S. law enforcement agencies "closely cooperated" with Germany in the operation, along with police from Switzerland, Moldova and Ukraine.

Kingdom Market was an English-speaking marketplace operating since March 2021. It offered more than 42,000 items for sale, including around 3,600 products from Germany. German pol

Police forces across the UK are to be given access to a software platform to support officers in investigating the dark web.

A procurement process has been launched by the City of London Police. The force houses the National Police Chiefs’ Council Cybercrime Programme – which serves as the “national strategic lead” for law enforcement’s response to cyber offences, according to a newly published commercial notice.

The City of London Police wishes to hear from suppliers that could provide “a dark web intelligence tool [as] software-as-a-service [and] to be used throughout the UK by police forces, regional organised crime units, the Serious Fraud Office, as well as other law enforcement agencies”.

The procurement notice says that the force is looking for a technology tool that will use web-scraping techniques to “provide an increased level of investigative capability… by providing dark web investigators with current data collections… from open, deep and dark web sources – including oth

Anatoly Legkodymov, founder of the dark web-tied crypto exchange Bitzlato, has pleaded guilty to operating an unlicensed money transmitting business in a New York court.

The Department of Justice originally filed charges against the Hong Kong-based exchange’s majority owner last January.

Bitzlato “sold itself to criminals as a no-questions-asked cryptocurrency exchange, and reaped hundreds of millions of dollars worth of deposits as a result,” US attorney Breon Peace said in a statement at the time.

According to the DOJ, Legkodymov will dissolve Bitzlato and “release any claim over approximately $23 million in seized assets of Bitzlato” as part of the plea agreement. A sentencing date has not been set yet.

“We are dismantling and disrupting the cryptocrime ecosystem using all tools available — including criminal prosecution. In January, the Department and our partners took down Bitzlato’s infrastructure and seized its cryptocurrency. Today’s conviction of Bitzlato’s founder is th

WASHINGTON –Milomir Desnica, 33, a national of Serbia and Croatia, pleaded guilty today in U.S. District Court in the District of Columbia to charges of conspiracy to distribute and possession with intent to distribute 50 grams or more of methamphetamine, announced U.S. Attorney Matthew M. Graves and FBI Special Agent in Charge Wayne A. Jacobs, of the Washington Field Office’s Criminal and Cyber Division. U.S. District Court Judge Carl J. Nichols scheduled sentencing for February 15, 2024.

According to the government’s evidence, Desnica, of Smederevska Palanka, Serbia, entered into a conspiracy in 2019 to develop and operate a website to sell narcotics that became Monopoly Market. According to the indictment, Monopoly grew into a vast marketplace for the sale of illicit narcotics including opioids, stimulants, psychedelics, and prescription medications, among other drugs.

In 2021, law enforcemen

A Ukrainian national is facing an eight year prison sentence for running an online marketplace that sold the personal data of approximately 24 million US citizens.

Vitalii Chychasov, 37, was sentenced on Tuesday after pleading guilty to conspiracy to commit access device fraud and trafficking in unauthorized access devices. In addition to the prison sentence he will forfeit $5 million in assets, the proceeds of fraud, and his control of the various marketplace domains.

Attempting to enter Hungary at the time, Chychasov was arrested in March 2022 for running the SSNDOB Marketplace, which stands for "social security number, date of birth" and operated over various domains including blackjob[.]biz, ssndob[.]club, ssndob[.]vip, and ssndob[.]ws.

He was later extradited to the US in July 2022, a month after SSNDOB was shut down by US, Latvian, and Cypriot authorities.

A Ukrainian national is facing an eight year prison sen

Recently, we've identified some operators associated with a high-risk, for-profit scheme. This financial scheme is promising monetary gains with cryptocurrency tokens, and is operated by third parties without the endorsement or approval of The Tor Project. We consider these relays to be harmful to the Tor network for a number of reasons, including that certain of the relays do not meet our requirements, and that such financial schemes present a significant threat to the network's integrity and the reputation of our project as they can attract individuals with malicious intent, put users at risk, or disrupt the volunteer-driven spirit that sustains the Tor Community.

As part of our assessment and due diligence into the matter, we engaged with relay operators and were often presented with scenarios in which relay operators associated with this scheme were putting themselves at risk by lacking the awareness of what project they were actually contributing to or operating relays in unsafe

For the purposes of the following subsections of this blog post, we'll be looking at the Revenue total following the 990, and breaking this total into the following categories:

• U.S. Government (53.5% of total revenue)
• Individual Donations (28.5% of total revenue)
• Non-U.S. Governments (7.5% of total revenue)
• Foundations (6.4% of total revenue)
• Corporations (3.4% of total revenue)
• Other (0.6% of total revenue)

According to court documents, 28-year-old Laderian Odom of Monroeville, Alabama, purchased 950 sets of stolen log in credentials from Genesis Market. The credentials included usernames and passwords for online bank accounts, shopping sites, social media accounts, and other online platforms. Investigators established that Odom purchased the stolen credentials after receiving an invitation to Genesis Market in the summer of 2020. He was arrested in April 2023 as part of an international operation dubbed, "Operation Cookie Monster," which took down 11 clearnet domains that belonged to Genesis market.

Operation Cookie Monster was launched in December 2018, five months after the market's launch. The investigators first gained access to the market's servers in December 2020. They collected information associated with the market's users such as usernames, passwords,

cross-posted from: https://links.hackliberty.org/post/285435

When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a public service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist.

They simply block Tor without discussion. It’s not even clear who at what level makes these decisions.. could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor.

Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters.

The lack o

cross-posted from: https://links.hackliberty.org/post/303031

These are the steps I take against companies who block Tor (e.g. a grocery store, bank, DNS provider.. whoever you do business with who have started using Cloudflare):

1. GDPR art.17 request to delete my email address & any other electronic means to reach me, but nothing else.
2. Wait 30 days for them to comply.
3. GDPR art.13 & 14 request to disclose all entities personal data was shared with + art.15 request for all my data (if I am interested) + art.17 request to erase all records. These requests are sent together along with criticisms for their lack of respect for privacy and human rights and shaming for treating humans like robots (if that’s the case).

The reason for step 1 & 2 is to neuter the data controller’s option to respond electronically so they are forced to pay postage. It’s a good idea as well because they would otherwise likely use Microsoft for email and you obviously don’t want

According to court documents, 32-year-old Marquis Hooper of California and his wife, Natasha Chalk, stole the PII of more than 9,000 people and sold it to fraudsters through the dark web and encrypted messaging platforms for $160,000 in bitcoin. To acquire the PII, Hooper created an account on a company that maintains a database that contains the PII of millions of individuals. The company allows its customers to download reports with all of an individual's PII information.

To open an account on the platform, Hooker claimed he had been ordered to open an account on the paltform and use it to verify the information of Navy personnel. The company approved the account on September 9, 2018.

Hooker and Chalk consequently ran tens of thousands of searches on the company's database. By December 18, when the company suspended Hooker's account, the couple had acquired the PII of over 9,000 individuals.

In March 2019, Hooker attempted to open another account on the company's platform. He ask

A Moldovan national has been extradited from the United Kingdom to face charges related to allegedly running an online marketplace selling access to compromised computers.

Sandu Diaconu, 31, appeared in a Florida courtroom on Monday for his arraignment. According to a Department of Justice press release, Diaconu was an administrator for the E-Root Marketplace, which was taken down by authorities at the end of 2020. Buyers could allegedly seek out “compromised computer credentials” on the site, such as remote desktop and secure shell access, “by desired criteria such as price, geographic location, internet service provider, and operating system.”

According to the DOJ, the site used an online payment system called Perfect Money to conceal the chain of payments.

“It also offered its illicit cryptocurrency exchange service for the purpose of converting Bitcoin to Pe

cross-posted from: https://links.hackliberty.org/post/115041

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Law enforcement officials in Finland worked with Europol and a cybersecurity firm to take down a dark web marketplace called PIILOPUOTI.

The platform had operated on the Tor Network since May 2022 as a way for people to smuggle and sell drugs as well as paraphernalia into Finland, according to a statement from Finnish Customs.

“The criminal investigation is still underway. At this point, Finnish Customs and our international cooperation partners will not provide any further information on the matter,” they said.

cross-posted from: https://links.hackliberty.org/post/98004

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.