now browsing by tag


#deepweb | Lime Scooter Accounts Are Being Sold on the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

On the dark web, there are plenty of people looking for a free ride. Or at least a very cheap one. A vendor on a dark web marketplace is advertising what they say are accounts for the scooter service Lime.

“This account is used free to locate rental scooters (with a random life),” a listing on a dark web market reads, referring to finding scooters that may be available to use. The vendor says they have accounts for both the European Union and the U.S.

“The accounts sold here are functional and verified. They are unique for sale. Once sold, the accounts are automatically deleted from my database,” the advert continues. The listing offers one account for €13.

Lime, like a wealth of other companies entering this space, lets users quickly rent scooters across major cities. Motherboard recently reported how Los Angeles wants scooter companies like Lime, Bird, and Uber’s JUMP to provide real-time location data of the scooters for city planning purposes, although activists have privacy concerns around the sharing of this data.

Armed with one of these accounts, it seems a customer wouldn’t need to pay Lime for using its scooters. The vendor has some conditions over using the accounts.

A section of the dark web listing offering Lime accounts. Image: Motherboard

“Do not change anything on the account (email/password etc),” they write. “Do not share the account (s).”

A Lime spokesperson said in a statement, “While this is not caused by any Lime security vulnerability, this illegal and dangerous behavior is absolutely against Lime policy and will not be tolerated on the Lime platform. We strongly remind our users that sharing account access information with any third party is against our user agreement and can expose them to significant cybersecurity risk.”

Lime added that it will be migrating iPhone users to Apple ID login in the future, and that the company does not allow people to use any password that has already appeared in HaveIBeenPwned’s leaked password list. The HaveIBeenPwned database, maintained by security researcher Troy Hunt, contains email addresses, usernames, and plaintext and hashed passwords from data breaches.

Motherboard previously discovered Uber accounts for sale on the dark web in 2015. Hackers were able to access these by using previously compromised passwords from other services.

Subscribe to our cybersecurity podcast, CYBER.

This article originally appeared on VICE US.

Source link

The post #deepweb | <p> Lime Scooter Accounts Are Being Sold on the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Man arrested for buying drugs using app, dark web – mumbai news

Source: National Cyber Security – Produced By Gregory Evans The city’s airport customs officers on Sunday arrested a 28-year-old man from Chembur who had placed an order for drugs through a mobile messaging app and paid for them through the dark web using cryptocurrency. Officers seized the drugs from a courier parcel and booked the man […] View full post on AmIHackerProof.com

#deepweb | Here’s how you can enable native WhatsApp dark mode on latest stable build with root

Source: National Cyber Security – Produced By Gregory Evans Bringing a consistent form of dark mode is not an easy task, as the existing implementations are very much fragmented. Even the apps from Google don’t have a standard way to toggle the color scheme – some rely on underlying system settings while others sport a […] View full post on AmIHackerProof.com

#deepweb | When Rogue Insiders Go to the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.

Researchers who operate undercover in the Dark Web are noticing an increase in activity among rogue employees selling access and stolen data from their organizations — mainly financial and telecommunications companies — for profit.

Charity Wright, cyber threat intelligence analyst and researcher at IntSights, says the rogue employee, often working via underground brokers, is a growing phenomenon in the Dark Web. Researchers have observed sellers, especially in Russian language-speaking forums, openly discussing how they offer services where they steal and sell information from their employers.

The researchers spotted a pair of telecommunications employees selling text message logs and geolocation information from phone SIM cards, for example. “There’s huge potential for damage if they use it to target VIPs or government employees,” for instance, Wright notes. “These services are relatively cheap, and all you have to do is provide them a phone number and they can give you everything they have on it.”

Rogue financial firm employees typically get paid more: Brokers offer 10 times more money for information supplied by bank insiders. “Because they have the keys to the kingdom … with customer bank information they have access to, and deals that are being closed, for insider trading,” she says.

IntSights has been studying the rogue insider trend in the Dark Web for the past four years. In 2017, IntSights and RedOwl published a report, “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web,” on their two-year study of Dark Web forums that recruit insiders. At the time, they noted a twofold increase in insider outreach and forum discussions between 2015 and 2016. 

Insider recruits go through an elaborate selection and verification process by the forums, including confirming the access the insider has within its organization and how fast they can grab it and release it. Once they are in, they are protected with a shroud of anonymity, the study found.

Most recently, IntSights has found the most active forums for rogue insiders include Dark Money, a forum for buying and selling stolen banking information; cc, a Dark Web site; and exploit.IN, a popular Russian Dark Web forum, she says. Genesis Market, Joker’s Stash, and Bitify are among some of the underground markets where stolen bank cards can go for anywhere from $30 to $50 apiece, or $95 for “fresh” cards, for example, Wright says.

What’s unclear, however, is just how these employees gone bad access the information they steal and monetize. “It looks like they already have access to it in their jobs, whether they are supposed to or maybe they have admin access they are not supposed to have. … We’re not really sure how they got the access,” she says. “But they are definitely out there and in some certain regions, like Russia, they are pretty blatant and open about what company they work for. They’re not even trying to hide it.”

That openness is not the case in English-speaking forums, however, where rogue insiders and sellers are more cautious and suspicious of buyers and questions. “In English-language forums, they tend to be a lot more cautious and suspicious,” especially now that they are aware of researchers and law enforcement infiltrating their spaces, she says. And because law enforcement has been shuttering some of these forums over the past couple of years, it’s harder to track where the rogue insiders go next, notes Wright, who will present some of IntSights’ latest Dark Web findings at Black Hat Europe in London this week.

But identifying in the Dark Web just who’s behind what and from where it came isn’t necessarily always cut and dried. There are plenty of cybercriminals selling data they have stolen from their victims.

“The economy of scale of the Dark Web has a multitude of participants — not all of them full-time cybercriminals,” notes Tom Kellermann, head cybersecurity strategist for Carbon Black, now part of VMware, which has seen an increase of 41% in so-called “island-hopping,” where attackers pivot from one victim to its business partners or other connected targets to steal information.

“The challenge is determining whether these are true insiders or digital insiders commandeering the digital transformation of the corporation and using it to island-hop and access-mine” data, he says.

Finding Out the Hard Way
IntSights gets hired by organizations to drill down on their stolen data in the Dark Web. They often don’t have visibility into their data leaking out of the organization, Wright notes. “A lot of organizations are very aware of what’s going on in their networks and what’s attacking them [and going on] inside, but they aren’t aware very much of what is exposed … outside of their network,” she says.

Organizations already are flooded with security incidents on a daily basis, often with an understaffed security team, so they triage the main threats first. “They start with the closest targets and biggest threats first,” Wright says. “First, it’s malware and data loss, and then if you mature your organization to a point where you can afford an insider-threat team, it’s usually one person. Then they are overwhelmed once they start digging into the insider threat.”

Related Content:

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “A Cause You Care About Needs Your Cybersecurity Help.”


Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

More Insights

Source link

The post #deepweb | <p> When Rogue Insiders Go to the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Online shops use ‘dark patterns’ to trick you into buying and signing up for more, study suggests

Source: National Cyber Security – Produced By Gregory Evans

Many online shopping sites use our psychology against us by subverting user decision-making through design choices called “dark patterns,” and oftentimes, this causes shoppers to make decisions they otherwise wouldn’t.

According to a new study that analyzed data from more than 11,000 popular shopping sites, these tactics are more pervasive than most people realize.

Dark patterns coerce, steer or deceive users into making decisions that they might not if they were otherwise fully informed or given an alternative.

This includes things like using a countdown timer to pressure shoppers into “snagging a deal” even though the deal doesn’t end after the timer runs out, generating deceptive notifications in a random fashion (e.g. using a random number generator to tell shoppers how many others are “currently viewing” a product) and “confirmshaming” — when a site’s pop-up urges users to sign up and phrases the “no” option as a shameful choice, e.g., “No thanks, I like paying full price.”

It’s an increasingly common choice to implement dark patterns in the design of online spaces, including social media sites, e-commerce sites, mobile apps and video games, and the research team at Princeton wanted to get a better idea of just how often dark patterns are being used and in what ways.

Out of the 11,000 websites analyzed, researchers found that about 11 percent were using some kind of dark pattern on their user interface, and a total of 183 sites were using deceptive tactics specifically.

According to data, the more popular the site, the more likely it was to be using dark patterns.

“At best, dark patterns annoy and frustrate users,” the study’s authors said, “At worst, they can mislead and deceive users. This includes causing financial loss, tricking users into giving up vast amounts of personal data, or inducing compulsive and addictive behavior in adults and children.”

One worry about digital shops in particular is that they have a much greater ability to manipulate shoppers’ cognitive limitations and biases.

“For example, unlike brick-and-mortar stores, digital marketplaces can capture and retain user behavior information, design and mediate user interaction, and proactively reach out to users,” the study’s authors said. “Other studies have suggested that certain elements in shopping websites can influence impulse buying behavior.”

The elements to which the authors are referring are things such as product reviews and ratings, discounts and quick add-to-cart buttons, which are all meant to impact a shopper’s decision-making.

The term “dark patterns” was coined by UX Specialist Harry Brignull in 2010, and he describes them as “tricks used in websites and apps that make you buy or sign up for things that you didn’t mean to.”

A new study from Princeton University found that many online shops use manipulative tactics, called dark patterns, to trick shoppers into buying and signing up for more. (Neil Godwin/Future Publishing via Getty Images)

While the tactic of using dark patterns has been studied before, those analyses relied on anecdotal data or data collected from user submissions. New research from a team at Princeton University provides the the first large-scale evidence documenting the prevalence of dark patterns.

Researchers developed an automated approach to collecting data about the user experience on shopping sites by creating a web crawler, which simulates a user browsing experience and identifies elements of the design interface. They then extracted all of the user interface designs and inspected the resulting clusters for instances of dark patterns. Finally, they categorized and labeled the dark patterns that they identified.

The research was focused solely on shopping websites for the study, and researchers used the web crawler to visit more than 11,000 of the most popular e-commerce sites worldwide, searching for dark patterns that trick people into signing up for recurring subscriptions or making unwanted purchases that result in financial loss.

They discovered 1,818 instances of dark patterns, which represented 15 dark pattern types across seven broad categories. These instances were found on 1,254 sites out of the more than 11,000 sites included in the data set, which equates to about 11 percent, and 183 sites were found to display deceptive messaging.

Researchers also identified 22 third-party entities that provide e-commerce sites with the ability to create and implement dark patterns on their sites.

The majority of dark patterns were found to be covert, deceptive and information-hiding in nature.

Covert dark patterns steer the user into making specific purchases without their knowledge — such as introducing a decoy to make certain other choices seem more appealing. Deceptive dark patterns induce false beliefs either through affirmative misstatements, misleading statements or omissions, such as a site offering up a discount that seems to be time-limited, when in reality it appears each time the web page is opened or refreshed.

Information-hiding dark tactics obscure or delay the presentation of necessary information to the user, such as when a site doesn’t disclose that additional charges will be added at the very end of checkout.

Researchers also found that most types of dark patterns work by exploiting peoples’ cognitive biases. The researchers cited these cognitive biases as main targets of dark patterns:

  • Anchoring effect: The tendency of an individual to over-rely on an initial piece of information (the “anchor”) in future decisions.
  • Bandwagon effect: The tendency of an individual to want or value something more because other people value it (or at least seem to).
  • Default effect: The tendency of an individual to choose an assigned, default option because it’s easier than seeking out other options.
  • Framing effect: The tendency of an individual to reach different conclusions from the same information when it is presented differently.
  • Scarcity bias: The tendency to place higher value on things that seem scarce.
  • Sunk Cost Fallacy: The tendency of an individual to carry on with an action because they have already invested time and energy into it, even if they might end up worse off overall.

The study’s authors said that users are becoming increasingly more aware of these tactics, but their new data set could be used to build further countermeasures to help consumers make more informed decisions.

“One such countermeasure could be a public-facing website that scores shopping websites based on their use of dark patterns,” the authors said. “Our data set can also enable the development of browser extensions that automatically detect and flag dark patterns.”

The researchers warned that their estimates are likely the lower bound of prevalence due to the limitations of their automated method, which only scraped text data from pages containing products on each site, the site’s cart and the checkout interface.

While this means that dark patterns are probably far more pervasive than the average online shopper realizes, a little awareness can cut down on a lot of subversive manipulation — and hopefully pad your pocketbook in the process.

This story was reported from Los Angeles. 

Source link

The post #deepweb | <p> Online shops use ‘dark patterns’ to trick you into buying and signing up for more, study suggests <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | In new world of data breaches and dark web deals, identity theft goes mainstream: JPSO | Crime/Police

Source: National Cyber Security – Produced By Gregory Evans Identity theft used to be a more complicated, hands-on racket that included mail theft, dumpster diving, scam telephone calls and emailed offers. But hackers, aided by improvements in computer technology and internet accessibility, have introduced an illicit efficiency to the crime, stealing the personal information of […] View full post on AmIHackerProof.com

#deepweb | A Guide to Everything You Need to Know About Dark Data

Source: National Cyber Security – Produced By Gregory Evans We are living in a world where data is a currency, offering businesses leverage in the market. Hence data ought to be treated as a resource that needs to be exploited to the maximum potential. Normally, companies make use of structured data to collect information. However, […] View full post on AmIHackerProof.com

#deepweb | Stolen credit card data from Singapore banks worth more on Dark Web, Tech News & Top Stories

Source: National Cyber Security – Produced By Gregory Evans

Stolen credit card data from Singapore banks is valued higher on the Dark Web than that from other countries because of the robust cyber security measures protecting it and the difficulty in obtaining such data, according to new research from cyber security firm Group-IB.

The Singapore-based firm yesterday said that for cards from the United States, the average price for raw payment card data, which includes credit card number, expiration date, cardholder name and CVV number, is between US$8 (S$11) and US$10 on Dark Web shops.

Please subscribe or log in to continue reading the full article. Learn more about ST PREMIUM.

Enjoy unlimited access to ST’s best work

  • Exclusive stories and features on multiple devices
  • In-depth analyses and opinion pieces
  • ePaper and award-winning multimedia content

Source link

The post #deepweb | <p> Stolen credit card data from Singapore banks worth more on Dark Web, Tech News & Top Stories <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | How to use Dark Mode theme on WhatsApp Web

Source: National Cyber Security – Produced By Gregory Evans

How to use Dark Mode theme on WhatsApp Web&nbsp

Key Highlights

  • It has been long since WABetaInfo showed us the social messaging giant was working on bringing the dark mode to the Android, iOS, and web versions
  • There have been reports that WhatsApp may be working on not just one but two dark modes for iPhones in the future
  • WhatsApp recently launched a new beta feature has been renamed to Delete Messages

Yes, we get it! It has been long since WABetaInfo showed us the social messaging giant was working on bringing the dark mode to the Android, iOS, and web versions. There have been reports that WhatsApp may be working on not just one but two dark modes for iPhones in the future. 

WhatsApp recently launched a new beta feature has been renamed to Delete Messages. The Delete Messages feature has been put in the Dark Mode for smartphones which are under development as well. The Delete Messages feature is reportedly under development.

The WABetaInfo report has stated, “In the WhatsApp beta for Android 2.19.282 update, we presented a new feature under development called Disappearing Messages, that will automatically delete messages after a certain period of time. The feature is still under development, and WhatsApp is starting to work again on it in the 2.19.348 update, where they renamed Disappearing Messages to Delete Messages. When enabled, the feature can be toggled in Contact Info or Group Settings (only administrators can enable the feature in a group).”

There is also a dark mode feature in the pipeline for the Android OS and so is for the web version of WhatsApp. There has been no mention on as to when the feature may launch, but if you are using WhatsApp web regularly, and are interested in the dark mode theme – then we may have a way out.

How to enable Dark Mode on WhatsApp Web on Google Chrome

Here we give you steps on how to enable Dark Mode on WhatsApp Web on Google Chrome

Install Extension

You’ll have to install the Stylus extension on Chrome and a separate theme for it as well.

Go to Chrome Store

You can get Stylus extension from the Chrome Web Store by clicking here.

Now install theme

Once the extension is installed, you can get the theme from here by clicking ‘Install Style.”


Enjoy Dark Mode

Now you can load WhatsApp Web and let the darkness drop.

Source link

The post #deepweb | <p> How to use Dark Mode theme on WhatsApp Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Cybercriminals also offering Black Friday bargains on dark web: report

Source: National Cyber Security – Produced By Gregory Evans

Black Friday deals have spread to black-market retailers hawking drugs, stolen data and fake IDs online, according to new reports.

The annual discounting bonanza for legitimate businesses is now also a staple of the internet underworld, digital security firm co-founder James Chappell told Sky News. 

“We’ve seen the same strategies that online retailers and physical retailers use, being used in these criminal markets,” said Chappell, whose company is called Digital Shadows.

“We see them used either to provide discounts, ‘stack ’em high and sell ’em cheap’ type strategies, and we’ve seen the same with discount codes, introductions, building up excitement before the event, adverts that entice and enthuse,” he told the outlet.

A week before the big day, Chappell’s company found more than 1,600 posts about “Black Friday 2019” on dark web criminal forums, according to the Independent.

Cybercriminals in the UK make more in illegal online sales than any other European country, per a new report from the European Monitoring Centre for Drugs and Drug Addiction.

The report noted that British dark web retailers pulled in over $30 million USD between 2017 and 2018.

Source link

The post #deepweb | <p> Cybercriminals also offering Black Friday bargains on dark web: report <p> appeared first on National Cyber Security.

View full post on National Cyber Security