Stolen credentials could unmask thousands of darknet child abuse website users

Thousands of people with accounts on darknet websites for sharing child sexual abuse material could be unmasked using information stolen by cybercriminals, according to research published Tuesday.
In a proof-of-concept report, researchers at Recorded Future said they have been able to identify these individuals from credentials harvested by infostealer malware - a type of malware that typically steals log-in credentials for banking services, which are then exploited by financial fraudsters.
Alongside the log-in details for banking apps are other credentials, including to accounts on.
Onion websites known for trafficking CSAM. The users of these sites, which run on the Tor network, are anonymized by the network relaying each connection through several hops on an encrypted network.
The individual infostealer logs contain credentials for other services used by the infected person.
The logs link those anonymous CSAM website users to accounts on clear web platforms, such as Facebook, where they have used their real names - and sometimes even include autofill data stored in a web browser, such as a home address - giving law enforcement agencies the opportunity to investigate offenders and safeguard at-risk children.
The Record is an editorially independent unit within Recorded Future.
The retailers involved in the ecosystem for trading these stolen credentials include Russia Market and 2Easy Shop, as well as the now-defunct Genesis Market, which was seized by law enforcement last year, leading to more than 120 arrests.
The retailers collect the stolen data from wholesalers.
Dmitry Smilyanets, a product manager at Recorded Future, explained that the company legally acquires this wholesale data, often shared in bulk on Telegram, for security purposes.
Recorded Future analyzes these records for domains used by corporate customers to protect compromised employee accounts or identify when customers are impacted to tackle consumer fraud, with around 150 million credentials being ingested by the company every month.
According to the report, by querying this data alongside partners - including World Childhood Foundation and the Anti-Human Trafficking Intelligence Initiative - the researchers were able to identify approximately 3,300 unique users with accounts on at least one darknet site for the sharing of CSAM. Recorded Future said it had shared all of its findings with law enforcement in the U.S., including raw data which is not included in the public report.


This Cyber News was published on therecord.media. Publication date: Tue, 02 Jul 2024 14:05:34 +0000


Cyber News related to Stolen credentials could unmask thousands of darknet child abuse website users

Stolen credentials could unmask thousands of darknet child abuse website users - Thousands of people with accounts on darknet websites for sharing child sexual abuse material could be unmasked using information stolen by cybercriminals, according to research published Tuesday. In a proof-of-concept report, researchers at Recorded ...
4 months ago Therecord.media
Revenue from Darknet Markets Dropped to 13 Billion in 2022 - The amount of money earned by darknet markets decreased from $2.6 billion in 2021 to $1.3 billion in 2022, according to a new study. Researchers from blockchain analysis firm Chainalysis attributed much of the decline to the closure of Hydra Market, ...
1 year ago Therecord.media
Ransomware Revealed: From Attack Mechanics to Defense Strategies - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
10 months ago Offsec.com
OffSec Yearly Recap 2023 - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
10 months ago Offsec.com
Unveiling the OWASP Top 10:2021 Learning Path - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
9 months ago Offsec.com
The Essential Guide to Incident Response and Cyber Resilience - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
9 months ago Offsec.com
Secure coding training for robust software 2024 - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
8 months ago Offsec.com
Cybersecurity training aligned with the MITRE ATT&CK framework - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
7 months ago Offsec.com
Cloud security training: Build secure cloud systems - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
7 months ago Offsec.com
Proactive Threat Detection: Introducing Threat Hunting Essentials - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Session HTTP cfuvid [x5] discord.comHubspotVimeozoominfo.com This cookie is a part of the services provided by ...
6 months ago Offsec.com
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
1 year ago Trendmicro.com
Infrastructure Hardening and Proactive Defense: The System Administrator's Toolkit - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Session HTTP cfuvid [x5] discord.comHubspotVimeozoominfo.com This cookie is a part of the services provided by ...
5 months ago Offsec.com
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
4 months ago Bleepingcomputer.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
10 months ago Krebsonsecurity.com
Is TikTok Safe for Kids? - As the TikTok craze continues to spread worldwide, many parents wonder about the safety implications of the app their kids can't get enough of, particularly if their kids are on the younger side. TikTok features mature user content that may require ...
10 months ago Pandasecurity.com
What to do if your company was mentioned on Darknet? - Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention. While the darknet does facilitate the sale of diverse data types, for example, bank card information, driver licenses and ID photos, etc. ...
10 months ago Securelist.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
9 months ago Bleepingcomputer.com
Have I Been Pwned adds 71 million emails from Naz.API stolen account list - Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using ...
9 months ago Bleepingcomputer.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
1 month ago Krebsonsecurity.com
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
11 months ago Therecord.media
LockBit claims cyberattack on Croatia's largest hospital - The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia's largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, ...
4 months ago Therecord.media
German police take down Kingdom Market, a darknet emporium of illicit goods - German law enforcement has seized the servers of the darknet marketplace Kingdom Market, a bazaar for drugs, malware, fake documents and other tools for cybercriminals. In a press release on Wednesday, the police said they posted a takedown notice on ...
10 months ago Therecord.media
Incognito Darknet Market Mass-Extorts Buyers, Sellers - Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ...
7 months ago Krebsonsecurity.com
Marriott Leads the Way to Protect Children Online - Read how Marriott has rapidly deployed Cisco DNS-layer security across nearly 5,000 properties to advance human rights. For over 96 years, Marriott International, the world's largest hospitality company, has been Putting People First. Grounded in its ...
7 months ago Umbrella.cisco.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)