Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
1. Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel – The Hacker News
The advanced persistent threat (APT) WIRTE, believed to be associated with the Hamas-affiliated Gaza Cyber Gang, has expanded its cyber operations to target Israeli entities. The threat actor was previously engaged in espionage operations targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt. Full article here.
2. Russian Espionage Group Targets Ukrainian Military with Malware via Telegram – The Hacker News
On October 28, Google’s Threat Intelligence Group released a report exposing a suspected hybrid Russian espionage and influence operation targeting the Ukrainian military. As highlighted in the report, the campaign—being tracked as “UNC5812”—utilizes a Telegram persona named “Civil Defense” to deliver malware to its targets. The Telegram account claims to be a “provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters.” In addition to delivering malware, UNC5812 is also carrying out an influence operation intended to undermine support for Ukraine’s mobilization efforts. Read more.
3. U.S. government employee charged in leak of Israel’s plans to attack Iran – CBS News
The U.S. Department of Justice (DOJ) has charged Asif W. Rahman—who was formerly employed by the Central Intelligence Agency (CIA)—for allegedly leaking highly classified U.S. intelligence documents regarding Israel’s plans for a retaliatory strike against Iran. Rahman was charged with “two counts of illegal transmission of national defense information.” Article here.
4. New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers – The Hacker News
Researchers have identified a new Android banking malware dubbed “ToxicPanda” that has already infected over 1,500 devices. Though initially believed to be associated with the TgToxic banking trojan family, analysts at Cleafy Threat Intelligence have identified “significant differences in the campaign’s code,” which has prompted the Cleafy team to track the new family as ToxicPanda. Read article.
5. Hacker gets 10 years in prison for extorting US healthcare provider – Bleeping Computer
In a November 13 press release, the U.S. Department of Justice (DOJ) announced that 45-year-old Robert Purbeck from Meridian, Idaho, was sentenced to 10 years in prison “for hacking into the computer servers of 19 victims across the United States.” Purbeck also stole the personally identifiable information (PII) of more than 132,00 individuals and was found to have engaged in multiple attempts of extortion. Full article here.
6. Redline, Meta infostealer malware operations seized by police – Bleeping Computer
On October 28, the international law enforcement task force “Operation Magnus” disrupted the RedLine and META infostealer operations. The task force consisted of the Dutch National Police as well as authorities from the U.S., U.K., Belgium, Portugal, and Australia. As highlighted in a press release from the European Union Agency for Criminal Justice Cooperation (Eurojust), RedLine and META had targeted “millions of victims worldwide,” making them two of the most prevalent infostealers in the world. Full article.
7. Phishing emails increasingly use SVG attachments to evade detection – Bleeping Computer
Cybersecurity researchers have observed threat actors using Scalable Vector Graphics (SVG) attachments in phishing emails to evade detection. The SVG image format uses XML-based code rather than pixels to create an image; this format allows the attachments to bypass email protections and thereby distribute malware. As highlighted by BleepingComputer, threat actors are able to create SVG attachments that “not only display images but also create phishing forms to steal credentials.” Read more.
8. Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps – The Hacker News
Researchers at FortiGuard Labs have identified instances of the advanced malicious framework “Winos 4.0” being hidden in gaming-related applications. These have included “installation tools, speed boosters, and optimization utilities.” Winos 4.0 was previously observed being used in the campaigns “Void Arachne” and “Silver Fox,” as documented by Trend Micro and the KnownSec 404 Team in June. Read article.
9. US indicts Snowflake hackers who extorted $2.5 million from 3 victims – Bleeping Computer
The DOJ has announced the indictment of two suspected hackers—Connor Riley Moucka and John Erin Binns—for hijacking Snowflake cloud storage accounts to steal data. As many as 165 Snowflake customers may have been impacted by the hackers’ operations. As noted in the indictment, Moucka and Binns used stolen access credentials to gain access to the victims’ Cloud Computing Instances and to download data. Read more.
Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.
Unfortunately, data leaks have become a part of life, with almost all people’s data being released in a leak in some form. As more and more of our data and information is held on digital platforms, the risk of it being exposed increases. Vulnerabilities mean that both large and small companies that hold our data can be subject to a hack and data being leaked.
Although there are limited actions that can be taken to secure our data, with that responsibility falling to the companies that store our data, it is important to know what actions can be taken when data is leaked to protect people and organizations and minimize the damage.
It is important to note that once data appears on the dark web it cannot be removed, and there is no way of knowing who has access or has accessed that information. However there are actions that can be taken to mitigate risks when your data appears in one of these leaks.
Monitoring
An important first step is actually knowing that your data has been leaked whether personal information or your corporate information. It is important that you are monitoring all PII (personally identifiable information) to identify if it appears in a leak, and if it does what leak it appears in and what information has been exposed.
It is also important to confirm if the details of the leak are correct, what was the source of the leak and what types of data are exposed? Leaks are often reported in the media, by the company themselves usually for regulatory purposes or through leak monitoring services. You should identify what sensitive information has been exposed whether it be an email address or social security number. This can help you focus on securing your most at risk data.
DarkOwl Vision allows you to monitor all of your company’s assets to identify if they have appeared in a data leak. Our Leak Context feature will provide details of the leak, where it was sources and if it has been confirmed.
Figure 1: Example of Leak Context feature
Change your Passwords
If your passwords are exposed, and maybe if they aren’t, a good step to ensure your accounts are secure is to update your passwords. A company should have a good password policy that means that passwords are updated regularly. Even if it has been identified that a password hasn’t been exposed, it should still be changed immediately.
When reviewing your password policy, whether in response to a leak or as a good security practice the following things should be considered:
Use a Strong Password – A strong and unique password should be used for each of your accounts
Do not reuse passwords – A unique password should always be used
Enable Two-Factor Authentication (2FA) – Where possible ensure you make use of 2FA. Authenticator apps are more secure that One Time Passwords (OTPs)
Make use of Password Managers – PMs can ensure that you generate complex and use unique passwords.
Figure 2: Time to Crack Passwords of Varying Degrees of Character Length and Complexity
Freeze your Credit Report
Especially if a leak includes financial information, you should freeze your credit report. This is also true if sensitive information such as your social security number is exposed. It is best practice to keep your credit report frozen unless you need to use it yourself.
You should also review and monitor your bank and credit card statements to ensure no suspicious transactions take place. Any identified issues should be reported immediately.
Phishing Scams
The information which appears in leaks can be used to make phishing scams more believable. It can also be used to target individuals who may be associated with a target organization. As AI matures, it is more likely that phishing messages will become more convincing and more difficult to spot. However people should be on the lookout for the following:
Any messages which ask for personal information
Include attachments or links
Urge you to take immediate action
Ask you to make any kind of payment
If you think an email or SMS is suspicious always attempt to verify the legitimacy by contacting the alleged sender. You should do this directly not in response to the message.
Figure 3: Example of an unclaimed asset scam email claiming that the recipient was entitled to property from either inheritances, or from unallocated government holdings
Other Attack Types
While phishing attacks are the most likely threat to occur when data is leaked there are other threats that individuals should be aware of.
Variations of phishing attacks are smishing and vishing. If a phone number is leaked you may become a more likely target for these types of attacks.
As mentioned above in relation to credit freezes, if financial information is leaked you are much more likely to be a victim of financial fraud. This can happen at both the personal and organizational level so it is important to be vigilant for any changes in your finances as well as the possibility of identity theft.
If an organizations network information is exposed, such as private domains, IP addresses or admin credentials are exposed this can leave organizations more vulnerable to hacking attempts. Any data leaked relating to the organizations security or infrastructure should be immediately reported to the cyber security and incident response teams so they can take effective mitigation actions.
Security Implemented Across all Accounts
If your data is exposed, it is best practice to ensure that all of your accounts are secure, not just the one associated with the data leak. As passwords are often reused and email addresses used across multiple accounts your information could be used to target multiple accounts.
You should also check your privacy settings across all accounts, sometimes information used in phishing attacks and other social engineering attacks can be obtained through data brokers or from social media accounts. You should therefore ensure on all accounts that unnecessary access is revoked and make sure that your accounts are either private or if you need to share information make sure you know what information is being shared and limit this where possible.
Transparency
For organization that identify their information or their employees information has appeared in a leak, it is important to make sure you inform people of what data has been exposed and what implications this may have for them. It’s important to reassure clients, partners, and employees that you’re addressing the breach and safeguarding their information. Include these elements in your communication plan:
Notify Key Stakeholders – Share essential information with those affected, including an explanation of the breach, the data involved, and recommended steps for safeguarding their own data.
Provide Reassurances – Explain any steps the organization is taking to mitigate the impact, such as enhanced security measures or support resources.
Outline Remediation Steps – If offering credit monitoring, cybersecurity resources, or identity theft protection, make it clear how stakeholders can access these services
Incident Response for Third-Party Breaches
In some cases, it may be prudent to have a plan in place for if your organization’s data appears in third party data leak. This will not be required in every case and will depend on which leak data appears in and what data is exposed.
Responses to leaks can be part of an overall Incident Response Plan, mitigating actions that can be part of these plans when it comes to leaks are:
Assemble a Response Team – Bring together key internal stakeholders, including IT, legal, risk management, and PR teams.
Engage with the Third Party – Ensure open communication with the vendor to receive continuous updates and understand what actions they’re taking to address the breach.
Coordinate with Legal and Compliance Teams – Confirm the legal obligations that apply to data exposures resulting from third-party breaches, such as notifying regulatory bodies and customers.
Data Privacy Considerations
Legal and regulatory compliance is essential when dealing with third-party breaches. Ensure your response is aligned with data protection regulations that apply to your business and industry, such as GDPR, CCPA, or HIPAA. In many cases, your organization is responsible for notifying affected parties, even if the breach occurred due to a third-party vendor.
Consult Legal and Compliance Experts – Engage your legal team to understand notification requirements and determine if the breach must be reported to regulatory bodies.
Document Your Response – Maintain thorough documentation of all actions taken in response to the breach, including communications with the third party, incident assessments, and mitigation measures. This can protect your organization if regulators review your actions later.
Cyber Security Training
It is also important that organizations provide regular cyber security training to their employees to ensure that they understand how they should be protecting both their personal and corporate data. This training can also advise individuals on what action should be taken should their information be leaked and what risks they should be on the lookout for and how to mitigate them. All employees should understand how to handle corporate data securely and what to do if they notice suspicious activity.
Conclusion
While data leaks are alarming, having a plan can make a big difference in minimizing their impact. By acting quickly and taking the necessary steps to protect your or your organization’s information, you can significantly reduce the potential risks to finances and privacy.
Data breaches involving third-party vendors pose unique challenges, but with a proactive approach, organizations can mitigate the impact. By responding swiftly, communicating transparently, and strengthening security practices, organizations can protect thier data, reputation, and relationships with stakeholders
Stay vigilant, be proactive about security, and take charge of your or your organization’s digital footprint—it’s the best defense against future breaches.
Learn how access to darknet data can help your organization stay safe. Contact us.
As Black Friday approaches, the excitement for holiday shopping fills the fall air. Countless look forward to and save all year for the unbeatable deals, seasonal savings, and frenzied shopping experience. Yet there is a dark side of this retail bonanza which often goes unnoticed. Just as shoppers flock to stores for discounts, scammers are ready to exploit the rush. With an increase in online shopping, especially post-pandemic, the risks of falling victim to Black Friday scams have never been higher.
The Rise of Black Friday Scams
Black Friday, traditionally the day after Thanksgiving, marks the beginning of the holiday shopping season. It has transformed into a global phenomenon, with retailers offering massive discounts both in-store and online. According to the FBI’s internet Crime Complaint Center (IC3), reports of online fraud make a significant spike during this global phenomenon. In 2022 the IC3 reported over 800,000 complaints related to various forms of internet crime, with significant losses attributed to online Black Friday shopping scams.
The Federal Trade Commission (FTC) noted that in 2022, Americans lost approximately $1.3 billion to online scams, with a substantial portion occurring during the holiday shopping period. As consumers scramble for the best deals, scammers capitalize on their urgency and excitement, creating the breeding ground for fraud. This number has only gone up since 2022 and FBI’s annual internet crime report indicated that in 2023 there was a 22% spike in losses from online scams.
3 Common Types of Black Friday Scams
Understanding the different types of common scams prevalent during Black Friday can help consumers recognize potential threats
Phishing Emails and Fake Websites
Scammers will often send emails that appear to be from legitimate retailers, offering unbelievable deals. These emails may contain links to counterfeit websites designed to steal personal information, such as credit card numbers and login credentials. According to ProofPoint, phishing attempts increase by nearly 200% during the holiday season. Be wary of unsolicited emails, especially those urging you to click links of provide sensitive information. Go directly to the company websites and see if the deals are available there.
Figure 1: Walmart phishing site deployed in Brazil, Source: phishtank.org
Counterfeit Products
As shoppers seek discounts, some may fall victim to fake retailers selling counterfeit goods. Whether it is electronics, clothing, or popular toys, scammers often advertise products at prices that seem too good to be true. The National Association of Secretaries of State (NASS) reports that counterfeit goods lead to billions in losses every year. This only amplifies during the high-demand season. Before making a purchase always research the seller and check for reviews before clicking that “purchase” button.
Figure 2: Counterfeit Rolex watches for sale
Online Auction and Marketplace Scams
Platforms such as eBay and Facebook Marketplace can be breeding grounds for scams during Black Friday. Fraudsters may list items at enticing prices, only to disappear after receiving the payment. The Better Business Bureau reported a 25% increase in complaints related to online marketplace scams during the holiday season in 2023. It is pivotal to verify the credibility of sellers and if a deal seems too good to be true, it probably is.
Figure 3: User looking to sell counterfeit gold through a verified eBay seller; Source: DarkOwl Vision
Who is Most at Risk?
Anyone can fall victim to online scams, however certain demographics are more vulnerable than others. According to FTC, older adults are often targeted because they have less experience with online shopping and digital safety practices. The other demographic that is often targeted is young shoppers as they can be more focused on finding a good deal than watching for warning signs. Regardless of age, it is crucial for all consumers to be aware of potential scams and educate themselves on how to identify them.
How to Avoid Black Friday Scams
Verify Website Security: Always check for “https://” at the start of the URL and look for the padlock icon in the address bar before entering any personal information. These indicate that the site is secure.
Research the Retailer: Prior to making a purchase from an unknown site or company, research the retailer. Look for reviews and check the Better Business Bureau for any complaints. Remember if a deal seems too good to be true it likely is so take time to ensure the legitimacy of the website and its offers.
Use Secure Payment Methods: Opt for secure payment methods, such as credit cards or trusted payment services like PayPal, Venmo, or Zelle. These options often provide buyer protection in case of fraud. Avoid sending money via wire transfer or using prepaid gift cards, these are common methods scammers use to receive payments.
Be Wary of Emails and Ads: Always avoid clicking on links in unsolicited emails or advertisements. Instead, navigate to the retailer’s website directly by typing the URL into your browser. Legitimate retailers will not ask for sensitive information via email.
Enable Multi-Factor Authentication: For added security, enable two-factor authentication on all accounts. This adds an extra layer of protection against unauthorized access. Always take advantage of security features offered by online platforms.
Stay Informed: Knowledge is power, be aware of the latest scams circulating. Websites such as IC3 and FTC regularly publish alerts and information on prevalent scams during the holiday season. Staying informed is a powerful tool in protecting yourself and your loved ones from fraud.
While Black Friday can be an excellent opportunity for savings, it’s essential to approach it with caution. The dark web serves as a reminder of the dangers lurking in the digital space, where scammers exploit human psychology and urgency. This year for Black Friday, start by prioritizing your safety by staying informed and adopting best practices to protect your personal and financial information. By being proactive and vigilant, you can enjoy the holiday shopping experience, find some great deals, and keep the funds you don’t want to spend, safely where they belong.
In DarkOwl’s Darknet Marketplace Snapshot blog series, our researchers provide short-form insight into a variety of darknet marketplaces: looking for trends, exploring new marketplaces, examining admin and vendor activities, and offering a host of insights into this transient and often criminal corner of the internet. This edition features Dark Empire Market.
Don’t forget to subscribe to our blog at the bottom of this page to be notified as new blogs are published.
Introduction
Darknet marketplaces (DNMs) are synonymous with the dark web where users can buy and sell illicit goods. It began with the Farmer’s Market, followed by the more prolific Silk Road. Ever since Silk Road was taken down by law enforcement, different markets have jostled for supremacy. As such, DNMs are some of the most recognized features of the dark web.
Recently law enforcement has improved its ability to seize darknet marketplaces (DNMs), meaning that the vendors must migrate to new sites. There have also been several exit scams from marketplaces with the admins closing the site and taking the funds that are held in escrow.
This is DarkOwl’s third blog in a series dedicated to reviewing the most popular darknet marketplaces (DNMs) since Kingdom, Incognito, and Bohemia marketplaces were seized by law enforcement. We will explore the various sorts of products regularly sold and well as how much the product pricing can vary within or between product categories.
Traditional DNMs are defined as dark or deep web sites where numerous (often hundreds) vendors can sell various types of products ranging from drugs, digital goods, leaked databases, counterfeit documents, credit cards, etc. The most popular traditional DNMs that remain today are:
DISCLAIMER: Please note that this list specifically excludes any forum that also has a marketplace section like XSS or Exploit, as well as marketplaces that specialize in one product category like digital goods on Russian Market.
Our first two blogs focused on Ares & Dark Empire Market. Today we will review MGM Grand Market.
MGM Grand Market
MGM Grand has gained more popularity as several marketplaces have shut down since 2023. According to open-source research, 10 DNMs have shut down since 2023 either due to law enforcement seizures or exit scams. The following markets are listed as having closed down in 2024.
Genesis Market
TOR Market
Vice City Market
ASAP Market
Tor2Door Market
Royal Market
Kingdom Market
Bohemia Market
Incognito Market
Nemesis Market
MGM Grand Market originally surfaced in April 2021 and has quickly become one of the most talked about DNMs on Dread along with Archetyp Market (which we will cover in our next blog on this topic) .
According to DarkOwl’s Vision, we have over 11,600 results pertaining to MGM Grand Market. DarkOwl first saw MGM Grand mentioned on the popular darknet hacking forum, Dread, in January 2022, when a Dread user created a post rating various vendors on the site. DarkOwl has since seen “MGM Grand” mentioned on this forum at least 364 times. Typically, Dread users discuss experiences with marketplace vendors:
Recently DarkOwl analysts discovered a Dread user asking which DNM is best for carding or credit card fraud. One user responded, “MGM Grand is decent, but make sure it has escrow bc some vendors don’t have it enabled.”
MGM Grand Market allows transactions to be processed using only Bitcoin (BTC), which is unique. Most DNMs allow transactions in BTC as well as other cryptocurrencies such as Monero, Litecoin, Ethereum, and Dash. Additionally, DarkOwl analysts have increasingly seen other currencies like Tether also being used on the darknet.
Homepage
The below screenshot displays MGM Grand Market’s Homepage. MGM Grand’s site format is familiar because it resembles the format of search engines like DuckDuckGo and Google: including a search bar, popular topics, site logo, and design.
Credentials are required to log in and view content, but the registration process is simple. It requires a username, password, pin, and completing a simple captcha.
Underneath the search bar is an overview of MGM Grand’s most popular product categories including:
Fraud (2364 Listings)
Drugs (5599 Listings)
Digital Goods (2261 Listings)
Guides & Tutorials (2121 Listings)
Miscellaneous (996 Listings)
Currently there is a total of 13,341 product listings. The drugs section currently contains the most product listings, while Miscellaneous contains the fewest listings.
Fraud
The fraud category on MGM Grand Market offers a wide range of fraud products from bank accounts, credit cards, fintech accounts, leaked databases, and more. Currently there are 2364 product listings, and the below screenshot previews 3 products.
Verified Bank Drops, $600.00 USD
USA leaked CCN + personal details, $35.00 USD
Western Union Cashout Methodology, $3.25 USD
Looking a step further, a review of the content on one of the posts which is advertised as, “Verified Bank Drops EU/US Crypto Exchanges Fast Delivery + Custom Name Accounts” and is for sale for $600.00. The vendor claims they are selling a “fully verified” sumup.com account with Ireland IBAN and Kraken Crypto Exchange Account info including all personal account details. This product received a 4.5 Star rating, despite showing “0 sold” at the time of review.
This vendor further alleges they can also sell bank account details for various banks, money transfer services, and crypto currency exchanges, the below is a list of financial institutions the vendor claims to be able to provide access to.
Drugs
The drugs category on MGM Grand offers a wide variety of illicit narcotics and prescription drugs such as cocaine, Ritalin, Xanax, LSD, and more. Currently there are a total of 5599 drug listings on this market. The below displays a preview of these listings:
Speed Paste Amphetamine, $1.07 USD
Cocaine, $40.00 USD
Xanax, $1.60 USD
Digital Goods
The Digital Goods category has a total 2261 listings. Products range from accounts for sale, e-books, malware, RDP, gift cards, and more.
The above screenshot previews 3 common products under the Digital Goods category including:
DarkOwl analysts selected one product (see below screenshots) to further examine. The below product is a large collection of hacking tools ranging from RATs, cracking tools, fake emails, keyloggers, VPNs, DDOS tools, etc., which the vendor, Safety1st, alleges is worth over $12,000.00 USD, but is generously offering this “mega pack” for $3.26 per each tool. According to the description this vendor has so far sold 1 product and accepts escrow. The vendor also has received a 5-star rating.
A full list of the hacking tools available from this vendor is shown below:
Guides & Tutorials
“How to” guides and methodology tutorials are some of the most sold products across the darknet. There are a total of 2,122 products listed under MGM Grand’s Guides & Tutorials section. The content of these guides varies greatly from how to grow weed, how to hack a phone, how to deploy infostealer malware, how to create a counterfeit id, etc.
The products listed in the above screenshot are:
The Drug Users Bible, $3.25 USD
Hydroponic Heroin How To Grow Opium Poppies Without Soil, $3.25
Miscellaneous product categories exist on most DNMs, but the product listings are quite random and sometimes contain porn and other NSFW (not safe for work) content. However, MGM Grand has included counterfeit ids, money, and services under this category. There are currently a total of 966 products listed under Miscellaneous on MGM Grand Market. DarkOwl analysts have shared a preview of a few products below and their prices:
Updated Counterfeit Money Bible (Fake Euro & Dollar), $6.51 USD
Mixing Bitcoin Service – We Mix Clean Your BTC – Bitcoins Cleaning, $10.86 USD
Generate Unlimited Mobile Phone Numbers of Any Country, $3.26 USD
MGM Grand Market is a popular destination for those looking to purchase fraud products, digital goods, drugs, tutorials, counterfeit ids/currency, and more. MGM Grand’s popularity is expected to continue increasing as more marketplaces shutdown either due to law enforcement seizures or exit scams. During our next blog in this series of DNM reviews we will look at Archetyp Market.
Subscribe to email to receive the latest research directly into your inbox every Thursday and don’t miss our next Darknet Marketplace Snapshot.
In the age of cybercrime, it is imperative that organizations are monitoring the dark web and dark web adjacent sites in order to identify threats and risks that may be posed to them and their organization. These risks can be reputational, financial, security related or have real world physical implications. In order to identify and combat these threats, organizations will often turn towards a Managed Service Provider to assist them. In this blog we will investigate what MSP and MSSPs should be monitoring for on behalf of their customers.
What is an MSP/MSSP?
A Managed Service Provider (MSP) is a company that manages a customer’s IT infrastructure and end user systems. They are usually responsible for monitoring sources and attributes which pose a threat to networks, infrastructure, security, communications and data storage. While some of these tasks will require monitoring network traffic and performance and ensuring compliance, they are also often responsible for cyber security services such as monitoring threats on the dark web.
A Manages Security Service Provider (MSSP) is a type of MSP that focuses on security, particularly cyber security. They will monitor devices, systems, remote security operations centers (SOC). Their main focus is to protect their clients IT infrastructure from cyber threats. But increasingly they also need to protect their client’s data and how it is accessed and potentially shared.
For all MSP and MSSP it is imperative that they monitor the dark web in order to mitigate any threats that may be posed to their clients. We will explore some of the information that is available that they should be monitoring for.
Ransomware
Ransomware attacks continue to increase in 2024, with most groups now releasing the data of their victims on dark web shame sites when their requested ransom is not paid. The information leaked can contain huge amounts of data from all areas of an organization.
The leak of this data can not only cause reputational damage but can also leave the organization, their employees and organizations in their supply chain open to further attacks, depending on what information is contained in the leak.
It is important the MSSP monitor the leak pages of all ransomware groups to identify if any of their clients have fallen victim to a ransomware attacks. However, they should also be reviewing the leaked data for any organizations that are linked to their client to ensure that none of their client’s data has been exposed. DarkOwl Vision can be used to alert MSSPs when any information relating to their client appears on a ransomware site.
Data Leaks and Stealer Logs
Data leaks are being released at an alarming rate and can include vast amounts of data relating to individuals and organizations. Leaks predominately will contain credentials, usually email addresses and passwords but can also include information such as Social Security Numbers, IP addresses, Physical addresses and other identifying details.
It is important that MSSPs monitor all domains linked to a client organization to identify if any of their employees’ credentials have been leaks. Leaked credentials can be used to obtain further access to a network and so steps should be taken to ensure that the leaked password is no longer in use.
Information in leaks can also be used to conduct social engineering attacks so MSSPs should arrange for cyber security training so employees know what to be on the lookout for. In some cases, if individuals are high profile enough leaked information could also lead to real world implications.
Stealer logs, while not the same as leaks, also provide details of individuals credentials. Stealer logs tend to have fresher information in them due to the way that they a collected by malware so immediate steps need to be taken.
Initial Access Brokers
An Initial Access Broker (IAB) is an someone who specializes in gaining unauthorized access to systems or networks and then sells this access to other malicious actors. IABs will often sell their access on the dark web through forums or marketplaces. The price for access typically varies based on the organization’s size, industry, or the level of access achieved.
IABs will often name the sector that their victim is in but will not always advertise the true identity for fear of tipping off the victim to the vulnerability. However, they will often provide images of panels or other proof that they have access.
It is important that MSSPs monitor all known IABs on marketplaces and forums on the dark web, as well as any other chatter around access to organizations. Particularly those in the industry of the client. DarkOwl Vision allows you to create alerts which can monitor these types of threat actors and this chatter.
Threats
The dark web and dark web adjacent sites, particularly Telegram are increasingly being used to spread mis- and dis-information. In some cases, this rhetoric can lead to direct threats against organizations and or individuals. Although in the majority of cases those making threats are usually “trolls” who don’t intend to follow through on their threats, some individuals share this information as part of leakage, sharing their true intentions of real threats they intend to carry out. It is therefore important that MSSPs are vigilant for these types of discussions and ensure they are able to make an assessment about the threat in conjunction with other available sources. However, this can be difficult due to the anonymous nature of the dark web.
Threat actors can also share information about individuals on the darkweb, including their location and other sensitive information about the individual. This is generally known as a Dox, although information can be shared in other ways. A Dox of an individual can include their home address, their telephone numbers other PII and details of social media accounts. This is something that MSSPs should be extra vigilant for as can have a real-world impact.
Assets to Search For
MSSPs should ensure that they are monitoring for as many of their client’s assets in the dark web as possible, this includes but is not limited to”
Email addresses
Domains
IP addresses
Physical addresses
Financial information
Social Security Numbers
Full names
As well as assets MSSPs should monitor for attacks or chatter against the industry their clients are from as well as their geographical locations
Conclusion
As part of an MSSPs and MSPs role in security the IT and cyber security of a company, it is important that they are monitoring for threats and risk that is being shared and talked about on the dark web. This is the only way that they can ensure that they have insights into what activities criminals are engaging in and who they are potentially targeting.
Curious how DarkOwl can help your organization? Contact Us.
DarkOwl analysts have been closely monitoring darknet sites like Ramp4U, BreachForums, XSS, and Exploit in addition to chat platforms like Telegram and Discord for any concerning or threatening language in the lead up to, on the day of, and following the November 5, 2024 American presidential election.
Start of Conspiracy Theories
We have identified individuals across the deep and dark web—particularly on the dark web-adjacent messaging app Telegram—spreading misinformation regarding the electoral process. On the morning of November 5, Cambria County Commissioner Scott Hunt in Cambria County, Pennsylvania announced a “ballot printing issue” that resulted in tabulators being unable to scan ballots. The issue was caused by “how the ballots were printed,” and was not a problem with the machines. Numerous individuals online, however, were observed misrepresenting the information and spreading numerous conspiracy theories. These have included unfounded claims that voting machines were tampered with to undermine the Republican vote.
These conspiracy theories fall into a larger trend of mis- and disinformation undermining trust in the electoral process, which gained significant traction following the 2020 presidential election. On the day of the election, analysts continued to observe the spread of false narratives suggesting that voting system manufacturers like Dominion Voting Systems are “changing votes.” Many individuals in far-right Telegram channels are also continuing to reiterate the conspiracy theory that the 2020 presidential election was “stolen.”
As noted in DarkOwl’s recent 2024 U.S. Presidential Election Disinformation on the Dark Web whitepaper, U.S.-based conspiratorial political movements like QAnon are actively sharing false information pertaining to the 2024 presidential election. In the weeks leading up to the election—and on Election Day—QAnon Telegram channels have spread misinformation claiming that the “deep state” is taking steps to “steal the election.” The conspiratorial political movement, for instance, has pointed to the length of time needed to count ballots as a sign of interference. Many of these unfounded claims stem from—and are amplified by—falsities spread by prominent political figures, including former President Donald Trump. Far-right Telegram channels have notably picked up on posts made by Donald Trump on Election Day claiming that there is “massive cheating” taking place in Philadelphia. Philadelphia officials have already issued a statement in response countering the former president’s unfounded claim.
Furthermore, on Election Day, the Federal Bureau of Investigation (FBI) announced that there are fabricated videos spoofing the FBI—using both its name and insignia—currently circulating online. As highlighted by CBS News, the videos are spreading “false information about security threats and election integrity.” Although the threat actors behind the videos have not been identified at this time, researchers believe it is likely that Russia is behind the disinformation. This would be consistent with expectations that nation states—particularly Russia, Iran, and China—would ramp up disinformation operations closer to November 5.
Mis- and disinformation claiming that the election is being “stolen” and that voting machines are being hacked was increasingly observed on the night of November 5 and in the early hours of November 6, prior to the announcement of president-elect Donald Trump’s victory. Following the announcement, individuals in far-right Telegram chats were seen claiming that the “steal” was stopped “at the last minute.” Moreover, since the results have come in, DarkOwl has observed left-wing individuals—particularly on Twitter/X—spreading conspiracy theories claiming that the election was “rigged” in favor of president-elect Donald Trump. As was the case with far-right conspiracy theories, there is no evidence to support these claims.
Reactions from RAMP4U
DarkOwl analysts identified a post on RAMP4U titled, “USA state of Georgia Police Department Captain email hacked | ELECTIONS SPECIAL HACK.” This post, originally published by the user, Pwnstar, on 11/02/2024, has gained attention, and the threat actor stated it was being shared specifically ahead of the election.
Below is a screenshot of Pwnstar’s original post, which claims to have 2.3 GB of emails belonging to “Captain of Georgia PD.” No city, county, or town was named, but the user further alleges that this data goes all the way back to 2012 until Sep 2024. Most replies asked the user for the price of the data leak and whether the information is genuine.
The following screenshot also appeared on Pwnstar‘s original post. The image is an alleged data sample from the Georgian police captain’s leaked emails – specifically a “Municipal Court Jail Docket Sheet.”
The Georgia police captain post has continued to receive attention from prospective buyers clarifying details about the leak followed by the threat actor, Pwnstar, responding. Below are a couple noteworthy comments.
Pwnstar accused Dinamit of being a journalist or law enforcement agent:
Reactions from BreachForums
A thread titled, “USA Voter Databases Collection” originally appeared on Breachforums in June 2023, but has recently resurfaced as a popular thread in light of the 2024 election. Several users claim to have recent data for various states including the following information:
Voter ID Number
First & Last Names
DOB
Full Addresses
Email & Phone Numbers
This post did not continue to receive additional replies after the elections results were finalized. However, DarkOwl Analysts identified an actor named OriginalCrazyOldFart that has a particular interest in US voter data.
There are 13 pages of replies. Pages 12 and 13 contain comments from 11/1/2024 until Current Date. One response worth noting was from OriginalCrazyOldFart on 11/2/2024 where this user claims that they have current Voter lists for various states like Georgia and Iowa.
DarkOwl analysts searched BreachForums and discovered OriginalCrazyOldFart has posted several threads related to US voter data as well as regularly publishing various types of leaked databases related to private companies and government agencies around the world. One thread titled, “2024 Statewide North Carolina Voter list. 8,695,045 lines (plus OHIO VOTERS),” was originally created on 7/31/2024, but has continued to receive comments as recent as 11/6/2024. This actor claims to have the following data for voters in North Carolina and Ohio:
DOB
Phone Number
Race
Driver’s License Numbers
OriginalCrazyOldFart replied to 4 different users asking to clarify the type of data for sale. In this particular response they go into details about how they obtained data from various states including:
New York
Pennsylvania
Wisconsin
Missouri
Arkansas
Kansas
Utah
These posts highlight the interest that threat actors have in voting information, even after information has been available for long periods of time. Although given the PII (personal identifiable information) available in these leaks it is more likely the information would be used for traditional hacking and phishing techniques rather than to perpetrate any type of data fraud. However, once a threat actor obtains this kind of data it is difficult for us to know how they are going to use it.
Furthermore, watching activity on the dark web in the run up to the election, during election day and in the immediate aftermath, highlights the effect that this event has had on certain aspects of the community. Rhetoric from those on Telegram and other sites noticeably changed in light of the result. DarkOwl analysts will continue to monitor these groups and conversations to see how the conversation changes in the coming months up to an including the inauguration to understand if threats, conspiracy theories and other threatening rhetoric persists or increases from both sides of the aisle.
Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
1. Discord blocked in Russia and Turkey for spreading illegal content – Bleeping Computer
On October 8, Russian state-owned news agency TASS reported that Russia’s communications regulator blocked Discord “for violating Russian law.” A day later, on October 9, Turkish authorities announced that it too had blocked the instant messaging app. Turkey cited “crimes of ‘child sexual abuse and obscenity’” as the reason for its decision. Many Discord users have since begun to protest the decision online due to the sudden changes which were made without warning. Full article here.
2. U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – The Hacker News
In an October 3 press release, the U.S. Department of Justice (DOJ) announced the seizure of 41 internet domains that have been used by Russian intelligence agents for computer fraud in the U.S. The DOJ’s seizure was coordinated with Microsoft, which seized 66 additional domains used by the same threat actors. According to the DOJ’s press release, the domains were used in a phishing campaign run by the Russian government to steal American citizens’ sensitive information. Read more.
3. Police arrest four suspects linked to LockBit ransomware gang – Bleeping Computer
In a recent press release, Europol announced the arrest of four individuals linked to the ransomware gang LockBit. The first arrest was of a LockBit ransomware developer and occurred in August 2024. Two more individuals were subsequently arrested by British authorities that same month. A fourth suspect—believed to be the administrator of a bulletproof hosting service used by LockBit—was arrested in Madrid by Spain’s Guardia Civil. In addition to the four arrests, the United States, United Kingdom, and Australia also announced sanctions against an actor the UK’s National Crime Agency identified as a “prolific affiliate of LockBit and strongly linked to Evil Corp,” the Russian cyber-crime gang. The UK sanctioned 15 additional Russian citizens for ties to Evil Corp, the US sanctioned six, and Australia sanctioned two. Article here.
4. U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes – The Hacker News
In a September 27 press release, the DOJ announced the indictment of three Iranian nationals allegedly employed by the Islamic Revolutionary Guard Corps (IRGC) for attempting to undermine the U.S. electoral process. The individuals are being charged for hacking into the accounts of “current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns,” as part of Iran’s continued efforts to sow discord and influence U.S. elections. Read article.
5. New FASTCash malware Linux variant helps steal money from ATMs – Bleeping Computer
Cybersecurity researcher HaxRob has discovered a new Linux variant of FASTCash malware being utilized by North Korean hackers. The malware is used to infect payment switch systems and perform “unauthorized withdrawl[s] of cash from ATMs.” The new Linux variant is reportedly similar to the previous Windows and AIX variants of FASTCash. Full article here.
6. China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration – The Hacker News
Researchers at the cybersecurity firm ESET have identified a new China-aligned threat actor dubbed CeranaKeeper. The threat actor has been observed targeting governmental entities predominantly in Southeast Asia since early 2022. Targets have included Thailand, Myanmar, the Philippines, Japan, and Taiwan. Most notably, starting in 2023, CeranaKeeper has targeted government entities in Thailand specifically. These targets are consistent with those previously targeted by Chinese state-sponsored threat actors. Full article.
In an October 16 press release, the U.S. Department of Justice (DOJ) announced the indictment of two Sudanese nationals for their alleged role in cyberattacks carried out by the hacktivist group Anonymous Sudan. The group, which launched in 2023, has conducted “over 35,000 DDoS attacks in a year” targeting a variety of sectors, including “critical infrastructure, corporate networks, and government agencies in the United States and around the world.” Read more.
8. Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation – The Hacker News
In an October 8 press release, Dutch police announced the arrest of three administrators of “Bohemia/Cannabia,” a notorious dark web market. The international law enforcement operation, which was carried out with the U.K., U.S., and Ireland, resulted in the dismantling of the dual marketplace, which was one of the world’s largest and longest running platforms “for the trade of illegal goods, drugs, and cybercrime services.” In total, the joint law enforcement operation seized over 8 million euros in cryptocurrency from the arrested platform administrators. Read article.
9. New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries – The Hacker News
Cybersecurity researchers from NSFOCUS have discovered a new botnet malware family dubbed “Gorilla Botnet.” According to the cybersecurity firm’s report, between September 4 and September 27, the botnet issued “over 300,000 attack commands, with a shocking attack density.” The botnet has targeted a variety of sectors, including education, government, finance, and communications. Over 100 countries have been impacted, “with China and the U.S. being the hardest hit.” Read more.
Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.
Imagine walking through a neighborhood on Halloween night. The streets are dimly lit by flickering jack-o’-lanterns, and each house holds its secrets. Some doors open to friendly treats, while others conceal hidden tricks. This scene mirrors the Darknet, a hidden part of the internet that remains largely unseen and inaccessible to the average user. Like Halloween, the Darknet blends curiosity, excitement, and potential risks. Understanding what it is, how to access it, what lies within its depths, and how to navigate it safely is essential for anyone intrigued by this mysterious digital realm.
What is the Darknet?
The darknet is a segment of the internet that is not indexed by standard search engines like Google or Bing. Unlike the surface web, accessible to anyone with an internet connection, the darknet operates on encrypted networks, ensuring high anonymity for its users. This anonymity makes it a haven for both legitimate and illicit activities.
At its core, the darknet uses specialized software to mask users’ identities and locations. This encryption is like wearing a costume on Halloween, allowing individuals to interact without revealing their true selves. The primary purpose is to provide a secure space where privacy is paramount, shielding users from surveillance and tracking.
How to Access the Darknet
Accessing the darknet requires specific tools and precautions, like preparing for a Halloween adventure. The most common method involves using the Tor Browser, a specialized web browser designed to anonymize your internet traffic by routing it through multiple servers worldwide. This process makes it difficult for anyone to trace your online activities back to you.
Many users also employ Virtual Private Networks (VPNs) to add an extra layer of security. A VPN masks your IP address, further protecting your identity and making your internet connection more secure. Some individuals use secure operating systems like Tails, designed to leave no trace on your computer, ensuring maximum privacy.
Using these tools is essential for maintaining anonymity. Just as a costume can conceal your identity on Halloween, these technologies help protect your personal information and online presence from prying eyes.
What Can You Find on the Darknet?
The darknet hosts a wide range of content and activities. Its anonymity attracts legitimate users seeking privacy and those engaging in illegal activities.
Marketplaces operate as online stores where users can buy and sell goods anonymously. While some offer legitimate products, others deal in illegal items such as drugs, weapons, and stolen data.
Forums allow individuals to discuss various topics without fear of censorship. These can be free speech places but also harbor discussions related to criminal activities.
Whistleblowing sites like SecureDrop enable whistleblowers to share information securely and anonymously with journalists and the public, promoting transparency and accountability.
Content-sharing platforms facilitate the exchange of files, documents, and other digital content without tracking, supporting both legal and illegal information sharing.
While these opportunities exist, it’s important to recognize that not everything found there is safe or legal. Illegal activities and malicious content pose significant risks to those who navigate this hidden internet realm.
The Good and the Bad
The darknet embodies both positive and negative aspects. Understanding these dualities is crucial for anyone considering exploring them.
On the positive side, it protects privacy, shielding users from government surveillance and corporate tracking. It offers a platform for free speech, allowing individuals to express their opinions and share information without fear of censorship or retaliation. Researchers, journalists, and activists can access resources and communicate in ways that might not be possible on the surface web. Additionally, it facilitates connections among individuals dealing with sensitive issues, offering support and resources that might be stigmatized elsewhere.
On the negative side, the darknet is a breeding ground for illegal activities, including the sale of drugs, weapons, and stolen data. Cybercrime such as hacking, fraud, and identity theft are prevalent, posing significant threats to individuals and organizations. It can host disturbing and illegal content, including extremist material and illicit pornography. The lack of regulation and oversight increases the risk of encountering fraudulent schemes and deceptive practices.
Recognizing the darknet’s dual nature helps users make informed decisions about their engagement, balancing the potential benefits against the inherent dangers.
Safe Browsing Practices
Navigating the darknet requires a cautious approach to ensure safety and security. Implementing the following practices can significantly reduce risks:
Use a VPN to encrypt your internet connection and mask your IP address.
Install the Tor Browser to anonymize your browsing by routing your connection through multiple servers.
You should stay anonymous by avoiding sharing personal information such as your real name, address, or financial details.
Verify the legitimacy of websites and users before interacting or making transactions to avoid scams and fraudulent activities.
Avoid downloads from untrusted sources to prevent malware infections that can compromise your device and data.
Keep all your tools and software updated to protect against security vulnerabilities and exploits.
Ask yourself: Are you prepared to handle the risks? Do you know how to protect yourself?
Practical Tips for Safe Navigation
Beyond the fundamental safety measures, implementing practical strategies enhances your security on the darknet. Use strong, complex passwords for all your accounts to prevent unauthorized access. Enable two-factor authentication wherever possible to add an extra layer of security to your accounts.
Regularly back up your data to protect against loss or theft, ensuring you can recover important information if needed. Monitor your online activity to keep track of your presence and detect any suspicious behavior that could indicate a security breach. Educate yourself about the latest threats and best practices to improve your security measures continuously
These strategies build a robust defense against the risks, allowing you to navigate more confidently and securely.
Understanding the Risks
The darknet poses significant risks that users must be aware of to navigate safely. Being informed about these dangers is the first step in mitigating them.
Illegal activities can lead to severe legal repercussions, including prosecution and imprisonment. Personal information can be exposed through hacks or malicious activities, leading to identity theft and financial loss. Scams and fraudulent schemes are common, resulting in the loss of money and valuable assets. Additionally, exposure to disturbing or illegal content can have adverse effects on mental well-being, causing stress, anxiety, or trauma.
Evaluate your motives for accessing the darknet and weigh the potential benefits against these risks to make informed decisions about your online activities.
Benefits of the Darknet
Despite its notorious reputation, the darknet offers several benefits that can be harnessed for positive purposes. Journalists use it to communicate securely with sources, protecting their anonymity and the integrity of their investigations. Academics and researchers access uncensored information and collaborate without the constraints of mainstream internet censorship. Activists organize and communicate without fear of retaliation, supporting movements that seek social and political change. It also champions the right to online anonymity, advocating for user privacy and freedom from surveillance.
These benefits highlight the darknet’s potential as a tool for empowerment and positive change, offering avenues for those who prioritize privacy and freedom of expression.
Challenges Faced
Navigating the darknet is not without its challenges. Accessing and using it requires certain technical knowledge and familiarity with specialized tools and software. Verifying the credibility of information and users can be difficult, increasing the risk of encountering scams and fraudulent activities. The landscape is continuously changing, with new platforms emerging and existing ones shutting down, making it challenging to stay up-to-date. Laws regarding the Darknet vary by region, creating confusion and potential legal risks for users who may inadvertently engage in illegal activities.
Overcoming these challenges requires a proactive approach, continuous learning, and vigilance to navigate safely and effectively.
The Future of the Darknet
The darknet is poised to evolve alongside technological advancements and changing societal dynamics. Governments may implement stricter controls and surveillance measures to curb illegal activities, impacting user anonymity and access. Enhanced encryption technologies will bolster security, making it even more challenging for authorities to monitor activities. As mainstream technologies adopt features that prioritize privacy and security, the distinction between the surface web and the darknet may become less pronounced. Innovative platforms will continue to emerge, offering new ways for users to interact and share information securely.
These developments will influence how the darknet is used and perceived, shaping its role in society and the broader internet ecosystem.
Final Thoughts
The darknet embodies the duality of Halloween—where light and shadows coexist. It offers a space for privacy, free speech, and access to uncensored information while harboring illegal activities and potential dangers. Understanding its structure, the tools required to access it, the content it hosts, and the best practices for safe navigation are essential for anyone venturing into this hidden digital world. Stay informed and cautious to explore its opportunities while safeguarding against inherent risks.
Curious how darknet data could be important to your business? Contact us.
The dark web community of those buying, selling, trading and sharing data is extremely active. Dark web sites such as BreachForums and LeakBase are heavily used by threat actors to trade data, ask about what is available and provide links to stolen data. However, some individuals in this community are more active than others, regularly sharing data leaks from high profile organizations, often claiming they have hacked the data themselves or worked with other hackers to make the data available.
One such threat actor is known as USDoD. He has been very active on BreachForums, sharing multiple leaks and also claiming to be starting his own site to share data. However, it was reported late last week that he had been arrested in Brazil. Here we will review some of USDoD’s activities and what lead to his arrest.
Leaks Shared by USDOD
USDOD has had a profile on BreachForums since July 2023. In that time, he had posted 112 times, created 33 threads and earned a reputation of 891. His profile also states that he had referred 31 people to join the forum. He also won awards as a “leaker,” “hacker,” and “God.”
Figure 1: USDoD’s BF profile which has been banned subsequent to his arrest
While most threat actors active on the dark web tend to try and hide details about themselves, USDoD shared further information on his profile. While this information is likely false, it is notable that any information at all was shared. The profile also provides links to his Telegram channel and his Twitter/X account.
Figure 2: Additional information provided on USDoDs BF profile
While many threat actors are active on Telegram, it is unusual that USDoD linked his dark web profile to an open web social media profile. Linking this digital footprint allows investigators more avenues to identify the true identity behind USDOD’s alias.
USDoD was known to share posts on Twitter/X which would detail his activities such as, visiting family members in hospital and watching the US election debates. While these details could have been shared to throw off researchers, it is still unusual and risky behavior for a threat actor. His Twitter/X account is currently suspended.
USDoD leaked a lot of data on BreachForums. Some high-profile leaks and data scrapes included:
LinkedIn
InfraGard
National Public Database
USA Criminal Records
Crowdstrike IoC list
Gov UK database
EPA.gov
Such high-profile targets meant that many governments and law enforcement operators were likely keen to identify and apprehend USDoD.
Figure 3: List of threads posted by USDoD highlighting his targets
A New BreachForums?
When BreachForums was seized in early 2024, USDoD posted on Twitter/X that he was planning to create his own forum, hosted on the surface web which would allow users to continue to share data.
He claimed that this new site would be completely run by him, as he did not trust anyone else. He also outlined the technology he would use, the domains he had registered and how he would operate the site and what information would be allowed on it.
He stated that he was launching this platform for the good of the community rather than for financial gain. USDoD named the new site BreachNation, and even spent time uploading profile images and media related to the new site.
Figure 4: Twitter posts from USDOD announcing BreachNation
Ultimately USDoD backtracked on his promise to launch this site. In a lengthy post on Twitter/X he stated that he did not have the time to run the site in the way that he wanted to. He stated he had a social life to maintain and if he ran this site it would take up all of his time and he would not be able to live his life.
By this point, BreachForums was back up and running as usual, albeit with some more security to enter the forum. USDoD continued to use BreachForums to share more leaked data.
USDOD Doxxed?
Reporting in August 2024 suggested that USDoD had been doxed and that his true identity had been identified. However, no information was identified on the usual dox sites such as Doxbin and Pastebin.
Chatter quickly stated that the information had come from CrowdStrike, one of the targets of USDoD. A Brazilian news agency stated that they had been leaked a “detailed report from CrowdStrike” which had identified USDoD as a 33-year-old man living in Minas Gerais, Brazil.
The article further stated that all of the information relating to this individual had already been passed on to Law enforcement Agencies.
After this article came out, USDoD appeared to confirm that the information shared, and his true identity were correct. He stated that he would be turning himself in for the actions that he had taken.
Figure 5: USDoD quote confirming his identity
However, many in the community thought that the information was incorrect and that the information was made up to protect USDoD’s true identity.
USDOD Arrested?
On October 16, 2024, Brazil’s Policia Federal announced that they had arrested a suspect in Brazil as part of Operation Data Breach, who was allegedly responsible for hacking the Federal Police and other international institutions.
In their release, the police went on to state that the suspect had also boasted of several other “cyber invasions” including the hack of InfraGard.
The community which USDoD seemed very proud to be a part of was quick to spread the news of the arrest, looking for information to confirm if it was true, with some noting that they were wrong to doubt the authenticity of the “dox.”
Figure 6: Chatter on BF related to USDoD’s arrest
Conclusion
The arrest of the individual behind USDoD highlights Law Enforcement’s continued efforts to counter the spread of stolen information and apprehend the individuals for hacking into organization’s systems on a global scale.
However, USDoD presents an interesting case given his transparency about his daily life and his seeming indifference to hiding his identity, usually a hallmark of those individuals who operate on the darkweb. The fact that he was willing to confirm his true identity and suggest that he would turn himself over to law enforcement maybe suggests he had become disillusioned with his criminal activities.
Whatever the case may be, USDoD was a prolific hacker and sharer of sensitive data. His apprehension by Brazilian authorities will contribute to a safer ecosystem until some other actor steps up to take his place. But a message has been sent to the stolen data sharing community that they are not safe from law enforcement action.
In this webinar, DarkOwl analysts explore the disinformation landscape on the dark web in the context of the upcoming U.S. presidential election. What emerges is a complex, multifaceted online space characterized by a variety of actors, ranging from nation states to American citizens and U.S.-based conspiratorial political movements. All of the above play key roles in both creating and amplifying mis- and disinformation which has seeped from the deep and dark web onto the surface web, and vice versa. As a number of prominent social media platforms maintain policies of limited disinformation regulation, false narratives previously concentrated on the dark web and alternative social media platforms have become mainstream, thereby gaining traction and reaching greater audiences. Combined, these factors reflect a complex environment in the lead up to the election and highlight the importance of identifying and combatting mis- and disinformation.
Make sure to check out our full report on this topic.
NOTE: Some content has been edited for length and clarity.
Erin: We’re excited to kind of talk about this topic. I’m Erin, I’m the Director of Collections and Intelligence at DarkOwl, and I’m joined by my colleague Bianca who works on all of our investigations and services and has been digging into this topic quite a bit. So obviously, it’s November next week, which I find insane. And we’re just about two weeks out from the election. And there’s a lot of things going on out there on mainstream media, obviously. But we wanted to take a deep dive and see what we’re seeing from our side of things on the dark web. So, with that being said, I think we can dive right in and Bianca, I guess the first question would be:
Why is it important that we’re looking at the dark web in this election cycle?
Bianca: Well, during this election period, as with previous elections and recent years, particularly since 2016, we’re seeing disinformation narratives gaining pretty significant traction. And disinformation, as we know, can play quite a significant role in influencing voters. And much of these false narratives that we’re seeing are originating on the dark web and dark web adjacent spaces, especially Telegram. And so, because of that, in order to get a comprehensive picture of the online disinformation landscape and the role it can play influencing voters, it really is vital to examine the role that the dark web plays in spreading that disinformation.
Who are probably the main groups that we should be concerned about them that we’re seeing kind of having, spreading this kind of disinformation and misinformation?
I think you can basically broadly divide the main groups into two categories. And I’d say that the first one is nation states and then you also have domestic actors. So, starting off with the nation states, two of the main actors we’re seeing are Russia and Iran. Russia of course has a history of leading influence operations against the US as we’ve seen since 2016. Russia’s strategy this year though, it’s worth noting, does seem quite different compared to previous years. Most notably, they really seem to be taking advantage of domestically produced conspiracy theories more and more really this year, as opposed to, as we’ve seen previously from them – creating their own false narratives and then sharing and disseminating those narratives. And I think that shift in tactics is a reflection of the domestic disinformation landscape that we’re seeing right now, where you have these absurd conspiracy theories entering the mainstream and then being viewed by millions of people online. So really, nation states like Russia that are leading these foreign influence operations are recognizing that that’s unfortunately something they can take advantage of these domestically produced conspiracy theories.
Other than Russia moving on with these nation -state actors, we are of course seeing Iran emerging as a key player right now in election influence operations. In the lead-up to November 5th, Iran has already carried out cyber-attacks against election campaigns with the DOJ – just recently announcing the indictment of, I believe, three Iranian hackers for targeting former President Donald Trump’s campaign. Importantly though, Iran is also actively sharing content that like Russia’s, is aimed at sowing discord in the US. And that’s something we’ve seen from Russia, of course, since 2016, increasingly. And for Iran, Microsoft researchers in particular identified these websites associated with Iran that are basically posing as American sources and spreading in disinformation.
So we’ve got Russia, Iran, and continuing on with nation states, we really shouldn’t forget China was also leading its own election -focused influence operations. One of its influence operation campaigns has been active since 2017. And we’ve recently been seeing increased activity from that campaign. But I do want to highlight that researchers do seem to believe that China’s efforts likely will be more restrained compared to Russia and Iran. And they don’t really seem to be aiming to undermine one campaign over another. So whereas you see Russia attempting to undermine Vice President Kamala Harris’s campaign and Iran attempting to undermine former President Donald Trump’s campaign, we’re not really seeing that lean or favoring from China to the same extent. So those are the main nation-state actors.
Erin: It’s interesting as well, sorry to interrupt you, but how the landscape has changed since 2016, right? So I saw some reporting with Russia as well that they didn’t necessarily get what they wanted maybe out of the Trump presidency and is that impacting what their goals are and how they’re reacting now. So it seems like as you were just saying, that they’re more trying to focus on just creating that conflict internally in the US, as well as still, promoting Trump, but it’s interesting how they’ve changed their tactic.
Bianca: Yeah, that’s a great point. And they’re just continuing to so discord, like that seems to be the number one priority, really, and undermining faith in the election process and undermining faith in democracy. So that’s something we’re still seeing from them. Those are the main nation-state actors to answer your question that are kind of the main players right now in the disinformation landscape.
But I do also want to highlight that second bucket I mentioned that’s domestic actors. And there are US-based individuals and political movements that are generating disinformation related to the election and candidates that we’re seeing right now. For instance, the far-right conspiratorial movement, QAnon in particular, which first appeared in 2017, they seem to have effectively entered the mainstream at this point, and their conspiracy theories are seen across the surface web. And that’s a lot of the disinformation that we’re seeing in the current landscape is coming from these far-right conspiratorial movements. To answer your question, I’d say those are the two main buckets, the nation-states, but then also domestic actors.
What are the most common types of disinformation narratives that we’re currently seeing being circulated?
I’d say broadly you can group the main narratives into two groups, two categories. So those that are questioning election integrity and then you have those that are targeting presidential candidates. So, for the first category, you have essentially all of the disinformation that’s questioning election integrity. So unfounded claims of voter fraud, which of course was also a very dominant narrative in 2020, and we’ve seen that narrative persist and enter the mainstream increasingly. And some of those narratives are being amplified by foreign actors, but American citizens themselves are also responsible, I think, for a lot of that amplification. That’s the first category and then the second category broadly is disinformation aimed at undermining either Vice President Kamala Harris’ campaign or former President Donald Trump’s campaign. To give an example, you have Russia spreading disinformation that’s again meant to support Trump and undermine Harris and then at the same time Iran spreading disinformation meant to support Harris and undermine Trump. To give a more specific example, one of the most recent examples of disinformation aimed at undermining a candidacy was this staged video that was created by Russia that falsely accused Governor Tim Walz of sexual misconduct. And that was a story in the news this week. The video has already been debunked, but it nonetheless gained hundreds of thousands of views on Twitter and has been shared on the dark web and on groups in Telegram. So, I’d say those are really the two main categories that we’re seeing right now.
Erin: I think with AI and things, it really highlights how videos can be made relatively easily these days that can be shared. And by the time that they’re debunked or shown to be false, the damage is almost done, the genie’s out of the bottle. So definitely concerning, but you just touched on the dark web and Telegram.
How are we seeing it being shared on the dark web and how are apps like Telegram being utilized?
Well, to address Telegram, right now we are seeing lots of groups on Telegram, especially far-right ones, that are basically spreading disinformation meant to sway voters. And again, some of that disinformation is coming from nation states. There are Russian news bots in a lot of these channels that are sharing headlines and articles that, again, are false and have no basis in fact. So, like you’ll see RT news, Russian bots, RT news, of course, being Russian funded propaganda. And then you’ll also have some of these same Telegram groups and channels sharing disinformation that’s originating from U.S. based individuals and again, conspiratorial movements like QAnon. So going back to this, the role that domestic actors are playing in addition to nation-states. It’s really interesting that a lot of the conspiratorial content that we’re seeing on spaces like Telegram, a lot of that content is leaking into the surface web. And vice versa, there is a lot of content overlap. And that’s concerning given that there used to be a much clearer distinction between the surface web and platforms, dark web adjacent platforms like Telegram. So, you’re seeing a lot of interaction in terms of the content we’re seeing on both spaces.
Erin: I think that’s an interesting point, right? Because we tend to think of the dark web, some dark web adjacent platforms like Telegram where there’s limited oversight, although obviously that seems to be changing at the moment, where people want to hide their intentions and stay anonymous. And with this, we’re really seeing people like move over and have less concern about hiding their identity. Like, how do you see that happening and why do you think that’s happening?
Bianca: I think it’s not surprising that we’re seeing, you know, anonymity being weaponized to spread this information, right? It’s more difficult to attribute this disinformation to a specific group, even a nation state or an individual, if they’re remaining anonymous, and that’s not just on the dark web, you know, we’re also seeing the anonymity on the surface web with users on Twitter, now X, spreading disinformation, but kind of hiding their true identity. And that’s become a lot easier on Twitter, especially where the verified checkmarks don’t signify reputability anymore that you just buy the checkmark. And it’s easier to kind of stay anonymous and sell yourself as this reputable source.
I did want to touch back about Telegram, though. I think it’s not surprising that we’re seeing a lot of disinformation there, of course, wanting to flag that just a few months ago in August, the app’s founder was arrested and charged in France in relation to an investigation into criminal activity on Telegram. So, it’s really not just disinformation being shared on the platform. The main concern right now also is violent extremist content and child sexual abuse material that we’re seeing on Telegram. But in terms of disinformation, I think it’s worth highlighting that one of the main concerns about Telegram is the sheer size of the groups and channels there. So, channels don’t have a limit on the number of subscribers and groups can have, I think as many as 200,000 members, which is massive, right? And that scale means that disinformation can very quickly reach large audiences and then gets shared and amplified by these massive groups in over and over and over again. So overall, Telegram is absolutely hosting a lot of the disinformation we’re seeing regarding the election, whether that’s false claims of voter fraud or also disinformation targeting presidential candidates. And that’s definitely something to be concerned about.
Erin: Yeah, and I think we’ve definitely seen Telegram being used in other arenas in that way as well. Israel Hamas is an excellent example of disinformation being shared and even actual news information being shared quicker on Telegram than it is on mainstream media. And someone was asking me earlier this week, actually, if I think what’s next after Telegram now that the CEO’s been arrested and moved on and I was like, honestly, I don’t think people are going to move or not quickly because there’s too many people in too many groups and they’re too well established that I think it will be difficult for them to move and create that with any of the other apps that are out there, but it’s definitely having an impact I think on a lot of the things that are going on. So that’s a really interesting insight.
There’s a lot of conspiracy theories going around and some conspiracy theories have even been shared by the candidates themselves. How do you think that’s impacting the information that’s being shared and how viral those things are getting?
Bianca: Conspiracy theories are effectively significantly distorting the information landscape right now, in the lead up to the election. And as you noted, a lot of them are gaining a lot of traction. And I think, you know, to give an example, a good example of the prominence of conspiracy theories right now is the information landscape we saw during Hurricane Helene and Milton. So you had far-right groups and individuals who were spreading disinformation claiming that the US government was using weather control technology so that the hurricane would be steered towards Republican voters. And you had, as you noted, of course, prominent figures reiterating these theories. There were politicians and public figures amplifying that conspiracy theory. Former President Donald Trump claimed that hurricane relief funds were being spent on illegal migrants, so having public figures reiterate those conspiracy theories lend them more credence, right, and makes it easier for them to gain traction, even though they are completely false. A lot of these conspiracy theories gained millions of views on Twitter and were reshared by more prominent figures in the Republican Party and also by Twitter’s own CEO, Elon Musk. And a lot of the most viral posts were from far-right individuals sharing often xenophobic and racist conspiracy theories. And so, I think the fact that there are millions of people engaging with this content, on Twitter especially, and amplifying and agreeing with the conspiracy theories is very concerning. And it’s ultimately a reflection of the divisiveness that we’re seeing ahead of the election. What we saw with Hurricane Helene and Milton was effectively the weaponization of tragic events, right? To influence voters ahead of the election. And that weaponization unfortunately worked and reached a massive audience. And it of course also had unfortunately real world implications with meteorologists receiving death threats. So absolutely conspiracy theories are playing a key part in this disinformation landscape right now.
What are we seeing from the far left or from others? Is it quite a similar activity or is it different?
Well, that’s a really interesting question because, of course, no political party is immune to conspiracy theories. But based on the research we’re doing right now, far-right individuals, including public figures or Republican members of Congress are dominating the disinformation landscape right now on the dark web and also on the surface web, importantly, and like I said, there is a lot of overlap in terms of content in both of those places. A lot of the dominant conspiracy theories we are seeing right now are rooted in far-right ideas. So again, for the Hurricane Helene and Hurricane Milton response and information landscape, we saw a lot of conspiracy theories and disinformation aimed at undermining the Biden-Harris administration and the Harris Walz presidential campaign. And on dark web adjacent platforms like Telegram, far-right groups are also dominant in terms of election disinformation. The group spreading significant disinformation and with the largest numbers of subscribers are our right groups as we’ve seen up until now. And that’s consistent with findings as well that that type of disinformation does tend to be particularly prevalent and toxic in that far-right online space.
Turning to left-wing conspiracies, the most prominent one I’d say that we’ve seen up until now was the baseless claim that the July 13th assassination attempt against former President Donald Trump in Pennsylvania was staged by the Trump campaign. And a lot of that chatter surrounding that unfounded conspiracy theory, interestingly enough, was on Twitter, X, rather than on the dark web. Ultimately, no political movement is free of conspiracy theories. But the ones gaining the most traction right now do appear to be far right conspiracy theories.
Erin: Yeah, I feel like it seems like the far right are just a lot better at organizing and weaponizing things like social media and telegram and etc. because we did a lot of work to try and balance and see what we could find left-wing group that’s thought of out there talking and you know maybe they’re just better at hiding what they’re saying or maybe they’re not you know doing it in the same way but it’s interesting how it does always seem to lean to that far-right side.
I know there was a recent arrest a couple of weeks back of an individual in Oklahoma that the FBI stated had intentions to attack voters. This is a very real-world impact. Can you talk about how that was linked to Telegram and how we’re seeing that thing being spoken about on dark web adjacent sites?
Bianca: Yes, absolutely. For more context, earlier this month, the DOJ announced that they had arrested this Afghan national who was based in Oklahoma City. Like you said, for plotting an attack on election day on behalf of ISIS. And then he was arrested by the FBI for purchasing two AK 37s with his brother-in-law, who was an accomplice, and the suspect admitted that he was going to carry out the attack on election day and expected to die in that attack and go down as a martyr. In terms of his connections to Telegram, the suspect interestingly was very active in pro-ISIS telegram groups and allegedly saved ISIS propaganda, as was noted in the indictment document, to his iCloud account and I believe also to his Google account. So, ISIS propaganda from Telegram. He had also been in contact with an ISIS associate via Telegram who was giving him guidance regarding the upcoming attack that he was plotting. So definitely Telegram connections there and it’s ultimately not that surprising given that Telegram is notorious for being a hotbed or extremist activity, particularly for ISIS. There are lots of pro-ISIS groups there. And not just, of course, pro-ISIS groups, unfortunately, a lot of domestic extremist groups, as I noted, that being one of the main issues leading to the CEO’s arrest recently in France. But absolutely, the individual had ties to individuals in ISIS,and those connections were through Telegram.
Erin: Yeah, it’s interesting how we see this group for really being used in Telegram and how the arrest of the CEO may impact that. I mean, we definitely saw after the announcements that Telegram are going to cooperate with law enforcement and individuals talking about moving to other messaging platforms. As I said, I’m not sure, that they’re all going to move, but I think it’s interesting that they’re having those conversations because Telegram really has been that hotbed and obviously, we’re talking about elections now, but I think you can go to any big event that’s happened or any kind of extremist group and find some kind of telegram footprint for them at the moment.
How do you think things are comparing to the disinformation and what we were seeing in the 2016 campaign?
Well, in 2016, we, of course, had Russia leading extensive disinformation operations against the U.S., also in an effort to interfere with the presidential election, and, as you mentioned, the aim of those campaigns was to sow discord and undermine American democracy, and they used bots and intelligence officers that were masquerading as American citizens to spread this information and again exacerbate divisions. And these operations have not stopped, right? We’re still seeing that activity today. But what’s different now, in 2024 compared to 2016, is that other nation-states have significantly ramped up their influence operations as well, you know, as I mentioned, particularly Iran, and they’re engaging in similar large-scale campaigns, you know, Iran in this election has really emerged as a prominent actor in the current disinformation landscape in the lead-up to November 5th. They’ve already carried out cyber-attacks against presidential candidates, campaigns, they’ve actively disseminated disinformation meant to sow discord among American voters like Russia did in 2016. And you know, as I mentioned, we’ve also seen China similarly amplifying divisive rhetoric and there are Chinese linked influence operations and campaigns that are spreading disinformation and conspiracy theories.
So, to answer your question, ultimately, this year is quite different from 2016, just in terms of the variety of actors that we’re seeing engaging in large scale influence operations. But also importantly, I think that what’s particularly concerning right now, and especially different from 2016 is the way that, as I’ve noted, conspiracy theories have effectively become mainstream. And that’s really not to say that 2016 was devoid of conspiracy theories. There were, of course, conspiracy theories in 2016 and there will always be conspiracy theories. But the scale of their reach today is on a completely different level. As I mentioned, there are mainstream platforms, particularly X, so not just the dark web, where false claims about presidential candidates and regarding the validity of the election, these conspiracy theories are gaining millions of views. And part of the reason that their It is so significant is that you have US prominent US based individuals that are amplifying those conspiracy theories and allowing it to gain even more traction. And because of that, these conspiracy theories have entered the mainstream and are not just in the dark corners of the internet anymore. So, I think that’s really the the main difference between 2016 and 2024.
Erin: Yeah, I feel like domestically, people are just more emboldened to share their views regardless of if they’re conspiracy theories or even if they’re not, they’re just, I think people are less concerned about the impact that that’s going to have as you say, because on both sides, so many politicians are backing that kind of rhetoric. And as you say, it’s interesting, obviously, we focus on the dark web and dark web adjacent, that it’s kind of impossible to look at this topic these days without looking at social media, because there’s such an overlap and they interact so much, like the things that are shared on Twitter, and then immediately put onto Telegram and vice versa. And there’s no one policing that or checking that. And the likes of Facebook and Instagram will try and say, this isn’t true or this isn’t verified or read this at your own cost, but Twitter seems to have moved away from doing that a little bit in recent years. And yeah, I think it’s very difficult with the amount of information that individuals are receiving to make sense of everything that’s going around and just the pure, as you say, the sheer size of data and conspiracy theories and things that are being shared now compared to previously. I can see why it’s difficult for people to make a judgment. And as I said earlier, like once these things are out there, it’s really hard to walk them back. There’s a lot of people that however many times you tell them something isn’t true and it’s been debunked, aren’t going to believe you.
Do you think we should expect a shift, as I said at the outset, we’re just over two weeks away from election day. So are we expecting any shift as we move closer to the election day?
Yes, absolutely. It’s very likely that we’ll see a pretty significant increase in disinformation targeting American voters as we get closer to November 5th. Russia, Iran and China are well aware of the fact that their influence operations can have a greater impact closer to the date of the election when they can influence voters. And as individuals have already begun to vote. And US intelligence officials are actually already warning of this increase. There were reports stating that influence operations targeting specific political campaigns have already increased. I think it’s really important to note, though, that foreign influence operations aren’t going to stop after November 5th. And the ODNI actually just released a report, I think yesterday, warning that Russia, China, and Iran are all expected to continue their influence operations well through inauguration day. And it’s very likely that they’ll continue spreading disinformation again meant to sow discord among Americans and to undermine trust in the election process. And that’s something we already saw with the presidential election in 2020. Election officials and intelligence officials have particularly warned that there’s a possibility that Russia, Iran and China could actually try to stoke post-election violence. So that’s something that definitely needs to be closely monitored. But yes, we’re expecting to see an increase in that kind of activity leading up to November 5th, but also well after November 5th up until inauguration day.
We’ve mainly been talking about all the concerning things that are happening in this run up to the election, but I want to touch on what steps can individuals and organizations take to try and combat some of this election related disinformation.
I think the most important step and the quickest one, at least for individuals, to combat disinformation and this it seems very simple but it’s to verify sources. So before sharing or reposting anything online, just taking a few minutes to check the credibility of the source and also take the time to cross reference and see if you can find another source that’s also a reputable or sharing the same information. So if you can cross-reference, there’s a greater likelihood that that information is valid. For organizations, I’d say carrying out fact-checking initiatives already is vital. Social media platforms, it’s worth noting, have the ability to give users the opportunity to report disinformation. And that’s huge. But Twitter, again, coming back to Twitter unfortunately removed a feature that allowed users to report misinformation and disinformation. So, bringing that back that feature, I think, and for other organizations and social media platforms implementing that features is a pretty vital first step to combat election related disinformation. But yeah, fact checking in general and verifying your sources is the way to go.
Erin: I think knowing where something came from and make sure that it’s not just circular reporting. Everything is coming from one place. Usually, you know, a place that may not be that legitimate is such an important thing to do. And I think having discussions about that. So just going back to the dark web briefly, I think we’ve talked about how there’s a lot of crossover that’s going to mainstream social media sites. Would you say that there’s anything specific on the dark web relating to elections? I know like in the past, we’ve seen things related to like voting machines and hacking. And you know, DEF CON is famous for having their hacking village. Have we seen an increase in that kind of discussion or not really? Absolutely, seeing a lot of narratives about kind of questioning election integrity, like you said, voting systems.
Bianca: Absolutely, a lot of that on the dark web and on telegram channels, especially in a lot of these channels that have as many as, you know, and groups that have as many as 200,000 subscribers. Again, a lot of them are aimed at undermining confidence in the election process in the U.S. and sowing discord. So definitely seeing those conspiracy theories dominant on Telegram, but as you noted as well, you really can’t look at it in the vacuum, right, because a lot of those disinformation narratives are also being seen on mainstream platforms. So, it’s interesting that we’re seeing this kind of dialogue between the two spaces and that theories that previously would have probably been limited to the corners of the internet as it were are now very much so in the mainstream. And it’s sometimes even hard to identify where they first originated? Just because of the fact that we’re seeing them all over the place, all these conspiracy theories.
Erin: Yeah, absolutely. And I think that’s the thing I think on the dark web, the more things that we see are the traditional dark web things that you see people doing, like talking about hacking, or talking about, you know, leaking voter information or information that could be used relating to voters. That’s the dark web bread and butter whereas you know outside of things like Telegram I’m not sure that people are using the dark web for those kinds of conversations because they don’t need to they can do it on mainstream platforms without fear of you know reprisal so it’s a really interesting shift I think that you’re highlighting.
Any final thoughts that you wanted to share?
Well, just highlighting again I’m glad that you asked the question about things people can do to combat disinformation and just flagging again the importance of verifying sources. There are lots of great sources online as well from CISA on step selection officials can take to ensure to ensure that we’re combating disinformation right now. Organizations and individuals can do a lot to combat this rise in misinformation and disinformation that we’re seeing right now. Thank you all for joining this webinar.
Erin: That just made me think as well – I was at some sessions recently where I feel like you can’t have a dark web or an OSINT or a chat these days about mentioning AI. And I just feel like these days with the way AI is improving and deep fakes in terms of generating stories and generating videos and generating images is just something people that need to be so aware of and goes back to your point about really validating those sources because things can look so believable these days in a way that they couldn’t several years ago. So I think that’s an interesting point as well.
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.
