Experts: “Stop Enabling Sex Traffickers Act” Will Drive Traffickers Toward the DarkWeb

Recently, an Ohio Senator proposed a bill, which would introduce new felony charges for sex offenders. With the new charges, the senator seeks to cut back online sex trafficking, however, an expert stated that the new bill is dangerous, and sex traffickers might migrate to the dark web.

The recent bill, proposed by Senator Rob Portman (Ohio), aims to put an end to online sex trafficking. According to the senator, sex trafficking claimed the lives of many victims – who are often underaged – and this needs to be stopped. Senator Portman stated in an article (written by him) in the Guardian that websites, such as Backpage.com, are “knowingly” running advertisements of underaged girls. Law enforcement authorities tried to shut down such websites in the past, however, according to the senator, the sites are protected by the 1996 Communications Decency Law. The goal of the law was to protect website owners against the users and third parties who were posting harmful and illegal content on their domains. However, as of today, the law is now protecting online sex traffickers, the senator argues.

The senator stated that the protection of online sex trafficking by a federal law is a “failure of the Congress”. To fix this “flaw” in the U.S. justice system, Senator Portman proposed the Stop Enabling Sex Traffickers Act. The bipartisan law will make modifications to the Communications Decency Law, which would allow law enforcement to crack down and prosecute websites that “knowingly facilitate” online sex trafficking. According to the senator, this way, the victims of sex trafficking will get their justice against the websites where their “services” were advertised.

Senator Portman’s bill received criticism from the tech community stating that the bipartisan law will limit the freedom of speech.

“And despite what some opponents of this bill in the tech community have argued, it is narrowly crafted and only removes immunity protections from websites that knowingly facilitate, support or assist online sex trafficking. This high standard will protect against frivolous lawsuits for good online actors not actively engaging in these inhumane crimes,” the senator wrote.

On the other hand, the opposers of the bill do not only say that the new law will limit freedom of speech but that it is not against sex traffickers but sex workers.

“Don’t be too deceived. This isn’t primarily about sex trafficking as most of us would understand it; this is an attack on sex workers in general; trying to deny them the means to do business on the internet. Backpage sex work listings in the USA have already been shut down in a previous attack,” one user wrote under the Guardian article response of the senator’s bill.

Kim Mehlman-Orozco, a human trafficking expert, said that the new bill won’t close down online sex trafficking but will create more havoc in the lives of the victims.

“I think that this policy, like many anti-trafficking pieces of legislation in the past, is symbolic in nature,” she said.

Ms. Mehlman-Orozco has conducted numerous research in the past regarding sex and human trafficking. She also testified as an expert witness for the prosecution in multiple sex trafficking cases. Ms. Mehlman-Orozco said that the history and her research suggests that Senator Portman’s bill will not crackdown on online sex trafficking but it will force the sex traffickers to migrate to the dark web or to overseas countries out of the reach of U.S. law enforcement authorities. She said that “makes [the traffickers] harder to identify, harder to prosecute, and harder to rescue [the] victims.”

According to Senator Portman, numerous senators are supporting his bill, however, not the tech giants Facebook and Google. According to a Google spokesperson, the legislation is “overly-broad” and the company seeks to rework the bill with the lawmakers to narrow the proposal’s scope.

“Look, they said they have concerns about internet freedom. There’s nothing in this legislation that would affect my freedom as an internet user, unless I’m assisting people in trafficking,” Senator Portman said, adding that he hopes the two companies will come on-board with his proposal.

Drug Dealer Bought a Gun on the Darknet “for Protection”

In early October, the Chilly-Mazarin Criminal Court heard the case of a formerly convicted drug dealer who had stepped up in the world of crime. In addition to cocaine and marijuana, police found a semi automatic in the suspect’s home. The gun, he said, came from the darknet.

Local news outlets reported that the 31-year-old suspect had not “escaped a prison sentence.” In a way, he came close during his Chilly-Mazarin case; the judge had ordered a two year prison sentence, but with a suspended year.

On numerous occasions in the recent past, leparisien wrote, that the suspect had caught drug trafficking charges for the purpose of reselling the drugs in face to face transactions. Outside of the scope of the 31-year-old’s case, darknet news spilled out of many French publications. And in one case, even Europol. One of the most recent incidents included the story of the former Dream Market vendor and moderator, OxyMonster aka Gal Vallerius.

Additionally, France recently offered a list of translations for the “darknet.” They raised some complaints as the definitions provided by the Journal Officiel (of the French republic) left open ends. The difference between the deepweb and darknet were ignored, according to critics.

In the recently closed case in the Chilly-Mazarin Criminal Court, no new definitions were needed nor did they matter. The court heard how the 31-year-old found himself in police custody yet again for drug trafficking, this time with a weapon. Drug trafficking itself was not unusual for the man. Nor was the actual drug party of the crime.

The defendant had, in the past, distributed drugs that he had ordered from darknet marketplaces. A fairly normal activity. Law enforcement caught the man, this time, after he made an illegal U-turn with hidden license plates. A police car pulled him over and discovered five containers of cocaine. Soon after, police searched the defendant’s Chilly-Mazarin home.

They found more than 40 grams of cocaine in the refrigerator. And under the sink, they found nearly 300 grams of marijuana. Include a semi-automatic weapon and ammunition to match. When questioned about the gun, he told police that he needed it for self-defense. “I bought it on the Darknet to protect me. Two months ago, I was assaulted,” he said. A notable period in history where someone had successfully ordered a gun from the darknet. And later got arrested for traffic violations.

Hacker Advertises India National Internet Registry Database

Two security companies, Seqrite’s Cyber Intelligence Labs and seQtree InfoServices noticed an advertisement on a darknet forum for access to a database (a dump, not live access) that belonged to India’s National Internet Registry. The data breach impacted more than 6,000 internet service providers, government entities, and private companies. As of now, it looks as if no damage has come from the incident.

Teams from seQtree and Seqrite immediately tracked down what information they could about the background of the threat actor. They found nothing of importance. The persona, they announced, was created recently. Seqrite wrote that new identities are being used by threat actors when data breaches are involved.

India’s National Internet Registry: IRINN aka Indian Registry for Internet Names and Numbers is responsible for “coordinating IP Address allocation with other Internet resource management function at national level in the country.” The vendor actually choose not to name the internet registry service that he had breached; in a small email address “sample list,” the seQtree and Seqrite spotted information that led to that discovery.

The advertisement on a darknet forum:

As mentioned in the title, selling database of one of the biggest Internet Protocol controller.

In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.

Selling it for 15 BTC”

In the sample list that the teams talked the vendor into sharing, the teams noticed email addresses belonging to an Indian technology company and at least one email address from the Indian government. So, they pushed the vendor for more information. In return, the unidentified entity shared a text file with roughly 6,000 email addresses from the organizations affected by the breach.

The hacker, in addition to having access to IRINN and APNIC databases, can access documents uploaded by IRINN users. The screenshots provided by the hacker revealed that he can access login details. And, possibly the most terrifying: the access obtained by the hacker likely allows for IP/ASN allocation. Potential fallout from this breach could be massive.

Some of the affected organizations or companies include the Unique Identification Authority of India, Defence Research and Development Organisation, Idea Telecom, Mastercard/Visa, State Bank of India, among many others. The teams reached out to IRINN and the breach was acknowledged, but they have not made a notice available to the public.

Sheep Marketplace Owner Gets Nine Years in Prison

 

A court in the Czech Republic sentenced Tomáš Jiříkovský, the creator of the Sheep darknet marketplace, to serve nine years in prison for stealing bitcoins from the market’s users. According to the court, Jiříkovský stole bitcoin worth roughly 16 million crowns—the equivalent of $731,600 US dollars. The sentence also applies to his role as the owner of Sheep Marketplace and for illegal weapons found in his possession during his arrest.

According to court spokeswoman Eva Sigmund, the judgement is not yet final and Jiříkovský still has time to appeal the sentence. During an interview after the market owner exit scammed, Jiříkovský denied any role in Sheep Marketplace administration. At most, he claimed, the market’s staff had hired him for software development.

Two Florida men hacked the marketplace in late 2013. They stole 5,400 bitcoins from the market, prompting the market’s owner to run one of the first major exit scams. “We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found [a] bug in system and stole 5,400 BTC – your money,” the admin wrote. The two Floridians made off with far more money than Jiříkovský managed to steal. But if the narrative given to the public was accurate, Jiříkovský initiated his exit scam after the hackers had already stolen a large percentage of the market’s holdings.

Former public prosecutor Marek Vagai explained that the two men from Florida had stolen $4,575,115 in bitcoin. Jiříkovsky made off with the remaining bitcoin—a relatively miniscule portion of the funds. Less than one million dollars. $731,600.

The internet identified Jiříkovský and his significant other, Eva Bartošová, in a surprisingly sorry amount of time. Little came of the dox. Initially, at least. Law enforcement later noticed suspicious financial activity coming from accounts belonging to Jiříkovský and Bartošová. Police arrested the duo in March 2015. Jiříkovský had illegal weapons in his possession that contributed to the nine year sentence. The court dropped Bartošová’s case, according to local media sources.

A so-called “cyber security expert” named Vlastimil Klima exams the data taken from the 25-year-old suspect’s phone and computer. He reported that the devices point towards Jiříkovský as the marketplace owner and the bitcoin scammer behind the exit scam. Kilma said that on the phone, he discovered a file that contained marketplace settings. He also found a database that contained information on transactions and other sensitive information.

The number of stolen bitcoins was lower than the initially reported number. However, between the thefts and exchanges, the couple’s $700k may have been the entirety of the remaining stolen bitcoin. Market owners frequently collect a commission on marketplace sales and Jiříkovský made money via the commission avenue—in addition to the scam that he still adamantly denies having any role in.

As appeals will likely be filed, the sentence may later change, but after several years of waiting, some vendors (and buyers) finally saw their wishes come to life.

Tor Update Supports v3 Onion Services

 

The second latest alpha build of Tor, Tor 0.3.2.2-alpha, enabled the more secure “next-generation hidden services protocol” (aka v3 onion services). Tor Project President Roger Dingledine said that next generation hidden (onion) services fix security and design flaws found in the original or legacy hidden services. He explained that mistakes he had made in the 2004 onion service protocol are being exploited by “fear-mongering ‘threat intelligence’ companies.” In this alpha build, some of the updates from proposal 224 have been added to Tor, including several directory protocol improvements and updated cryptographic building blocks.

At Def Con 25, Dingledine presented v3 onion services and announced that a public build would likely be available in December 2017. Until then, the alpha build(s) will support prop224 onion services for both onion service operators and clients themselves and hopefully provide a testing platform for a stable build in December. Tor Browser 7.5a5 includes support for the new services, along with other significant changes to the way Tor functions.



Some of the included updates in the 0.3.2.2-alpha are listed as follows:

  • The cryptographic building blocks use updated or more secure signature algorithms and hashing methods. For instance, the older SHA1/DH/RSA1024 was swapped with SHA3/ed25519/curve25519.
  • Directory protocol has been improved and now leaks less metadata to directory servers. This is, in part, to avoid attacks where a hidden service can be censored easily based on the descriptor. To prevent predictability Tor uses, different, pseudo random variables. Time period, public keys, shared random values, etc.
  • “Better onion address security against impersonation; more extensible introduction/rendezvous protocol; and a cleaner and more modular codebase.”

As time goes on and more users test v3 onion services, additional prop224 features will likely make their way to Tor and the Tor Browser. They announced that, in the future, some of the next updates will include advanced client authorization and improved guard algorithms.

“[M]istakes in the original protocol are now being actively exploited by fear-mongering ‘threat intelligence’ companies to build lists of onion services even when the service operators thought they would stay under the radar,” the Tor Co-founder said at Def Con 25. “These design flaws are a problem because people rely on onion services for many cool use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook.”

One can recognize the new onion service addresses by the length of the address: 56 characters. They are noticeably longer than v2 onion service addresses. One current example is Riseup’s v3 onion address: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd[dot]onion.

Instructions on setting up a prop224 service can be found on the Tor Blog.

UK Firm Unites With Interpol to Fight Cybercrime

 

BT, UK’s biggest telecoms provider on the 4th of October announced that it had taken a step forward in combating cyber-crime by becoming partners with international police organization Interpol, in a data exchange agreement to fight cyber-crime.

This makes BT the first telecommunications provider to sign an exchange data agreement with Interpol to combat global cyber-crime by providing current data threat intelligence.

The agreement was signed at the Singapore based Interpol Global Complex for Innovation (IGCI). Threats intelligence experts from BT will send their data and knowledge over to the IGCI which will help locate cyber-criminals and also to monitor both existing and emerging cyber threats and attacks.

Interpol can now rely on BT’s threat intelligence expert for their special insight into the evolving global cyber threat terrain as well as global cyber-criminals around the globe at it seeks to strengthen its own Interpol Global Complex for Innovation facility (IGCI).

BT and Interpol after the data-sharing agreement stated that they can even take their cooperation to a much greater height which will provide protection for consumers, businesses, families, and governments against the ever-rising cybercrime threat.

“The scale and complexity of today’s cyber-threat landscape mean cooperation across all sectors is essential if we are to effectively combat this global phenomenon,” said the executive director of the IGCI, Noboru Nakatani.

He then moved further to state that: “Interpol’s agreement with BT is an important step in our continued efforts to ensure law enforcement worldwide has access to the information they need to combat these evolving cyber threats.”

BT and Interpol happen to be pals already having worked together many times, most recently in the South East Asian region.

“Threat intelligence sharing between law enforcement agencies and the private sector is essential in the fight against cybercrime, which is increasingly borderless in nature,” said the CEO of BT Security, Mark Hughes.

He continued to say that: “Tackling cyber-crime, therefore, requires a collective, global response where the public and private sectors work hand-in-hand. BT’s security experts will help Interpol to identify cyber-criminals and hold them to account, as we jointly develop our understanding of the challenges that we and other organizations face in the battle against cyber-attacks.”

Earlier this year, Interpol appointed BT as one of only seven international companies equipped with adequate security expertise to help in an operation to fight cybercrime in South East Asia.

BT’s threat intelligence and investigation team, based at the company’s security operations center in Singapore, gave out information on regional threats including data relating to local hacktivist groups and phishing sites.

The much greater operation discovered nearly 270 websites which were infected with a malware code which was too an advantage in the design application of the websites. Among them were many government websites containing sensitive data on its citizens. Several phishing operators were also uncovered with some even linking to Nigeria.

In addition, 8,800 C2 servers were also uncovered which at that time were active across eight nations. They were used to distribute a wide range of malware attacks, including those typically launched to target institutions, spread ransomware, launch Distributed Denial of Service (DDoS) attacks, and distribute spam.

Executive Director of IGCI, Noboru Nakatani afterward stated that the operation was a clear and perfect indication that, both the private and public sectors can come together and work efficiently together in the ongoing fight against cybercrime.

“With direct access to the information, expertise, and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” Mr. Nakatani said.

He continued with his comments, stating that: “Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long-term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime.”

Also, a few months back in this year, BT commissioned a KPMG cyber security report which was dubbed “The cybersecurity journey – from denial to opportunity,” in which it identified 5 stages that businesses should experience during their passage regarding leadership in cybersecurity.

The report came to a conclusion that, for businesses to attain the final stage, True Leadership, they must acknowledge that to make their defenses much stronger, they need to spread their wings to the wider community. And that can be done by exchanging their data and expertise with their colleagues and the organizations in the public sector.

India’s National Internet Registry Breach, Data Spotted On Darknet

Over 6,000 businesses in India have been reportedly breached by an unknown cyber criminal. The enterprise arm of IT security firm Quick Heal, Seqrite claimed they spotted over 6,000 sensitive information of organizations including service providers, banks and government put up on the Darknet for sale.

According to the information, the nation’s internet registry was also hit by the attack, but the organization says the information obtained was trivial.

The National Internet Exchange of India (NIXI) released a statement condemning the notice as announced by the Darknet hacker. The NIXI clarified that there was no serious breach of the Indian registry database. “There has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System,” said a NIXI spokesperson.

In a statement issued to the media by the NIXI, they said: “There was an attempt to penetrate the system and hackers were able to collect some basic profile information of the contact persons of some of the affiliates which were displayed by him on the darknet.”

The statement continues to read that: “existing security protocol of NIXI is robust and capable of countering such attacks. However, following this breach, security protocol has been further strengthened and review of existing infrastructure has also been initiated.”

The breached data spotted on the Darknet has been priced at 15 Bitcoins. Senior Director, Cyber Education, and Services at Quick Heal, Rohit Srivastwa, said to reporters that the government authorities have been alerted: “We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on the Darknet, the above-mentioned organizations and enterprises can get affected.”

The Seqrite has also informed the various government agencies to report any suspicion and potentially threatened organizations, or that they should change their passwords and make updates on their security protocols.

India was nearly affected by 3.2 million debit card breaches in 2016 after an attack which was labeled as India’s largest banking system data breach. Around 641 customers lost an amount worth Rs1.3 crore. The loopholes that enabled the attack to be launched in 2016 still seem to exist and have been exploited by the hackers once again. The government provided cyber safety to teens to prevent Darkweb activities, but data breach activities still reign.

Numerous agencies have been put at risk following the breach. The Idea Telecom, Flipkart, Aircel, TCS, ICICI Prudential Mutual Fund, Bombay Stock Exchange and many other Indian organizations have become “sitting ducks” to cyber attacks.

Reports have listed several other government official websites which face the risk of data leaks, and the names on top of the list are Unique Identification Authority of India (UIDAI), Defence Research and Development Organisation (DRDO), Indian Space Research Organisation (ISRO), Reserve Bank of India (RBI), Employees’ Provident Fund Organisation (EPFO), State Bank of India and some other websites not listed.

Is India prepared for Cyber Attacks?

India does not have a strict regulatory enforcement mechanism, and this has raised concerns about the readiness of the country to face data breaches in this era where there has seen the rise in Ransomware attacks. Privacy practitioners, however, do not agree that India is ready for any data protection against cyber attack.

Sunder Krishnan, a Mumbai based chief risk officer, at Reliance Life Insurance Company, believes that if the strict regulatory enforcement mechanism is employed, it will lead to an opportunity loss for India. “If enacted, it will lead to opportunity loss for the Indian IT/BPO industry, as it further increases the threshold for data transfer outside EU/EEA,” he said.

Krishna also said that the inexistence of legal framework makes it difficult for data protection and transparency to be established. “It’s tough, as there is no holistic legal framework/regulator in the form of data protection authority, data quality and proportionality, data transparency, etc., which addresses and covers data protection issues in accordance with the principles of the EU Directive, OECD Guidelines or Safe Harbor Principles.”

With all these factors in existence, the Indian authorities have been a bit skeptical in the implementation of the regulations and it has made it appear that they are not ready for cyber attacks.