Dream Market (Yet another Darknet Market) Accounts Compromised

A reddit user named Skillzythehacker has claimed to have compromised thousands of accounts on Dream Market, though market administrators said no Bitcoin were at risk. The attacker said of all the compromised accounts, none were using 2FA, a supposed panacea for login security issues.

Dream market admin wombat2combat released the following message:

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The user /u/Skillzythehacker sent the mods of /r/Darknetmarkets a list of over 
50 login credentials [names and passwords] for dream market accounts.

After looking at them more closely we can verifiy that they are working and the
accounts are pretty old because their user IDs are between about 100k and 500k
while the latest ones [when registering a new account] are higher than 700k.

It is therefore very likely that these login credentials were obtained through a
database breach/hack.

There were already made some changes to the current dream market warnings and 
this issue will be added to them too.
- -----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJYqiTvAAoJEMPzj/CHV15DtLUP/jQ9hpsuqUg/QMcoTN35rWgI
QVIbU2rK1APMnf3QL1WAGnqcyv3u3ymh3gV2CC9HkQDOBIbgkPOk77bjMMoV3G1/
rvDdSTsNHE4pv878k/IOT6mgBuQN3h2YEPsTbuT2XVzZoI2/PX3l+Zs/TEUTNnku
KIQSkZNWPQpIr8DKPXDmGW3Zulpfgv8+1b1m2NrThZe4hTQ9LObmE9gboeI6keRs
AVkrfG2ijB40ADjYWtIyj4AvxdvsGotL2p/QnrRfaDX8dfJWbpEeK/KEg0zwdVqe
VnTWsRoHCCb65IJ3It8YFIKhmDZRH27ulT4nCtyPu8grRRhQn+pZYP8wj0VBsOsa
raHNko4cJBo4y/BQjEfYHWjKO485w+RF1NRNfDuH8sj86zV2NpERtGCD9HZJ3hdk
07EN4/tuJbRlhImIJCx6I+Q7YCDtc2eKhRqy5IX2qwEspZvhUiDELVSvwquW2Hoz
OYmvkrMgao0Tdk4kaefk6VOXi+ClxK6VNYAvHWN//mylwOk4Av7Z4Kg5I33N1tfS
QY4bh3e7JwkQ/LHJghhRSeeTM5AAzFOPluLeXxx6zQf74f7fQYDfRJd/LRq2yp7H
MDV91mS/ID5814UIC0aNXTBfUzn7+bxJus0yJKTjGNiZBpE2SuoKsWARX03En9sn
pMtjAJ+DD5BZBcC+oiu5
=b1Lf
- -----END PGP SIGNATURE-----

The attacker is said to have provided proof he could log into various accounts, leading users to speculate that user info was stored with weak or no encryption. (archived)

US President Trump Hosts Press Conference And Reviews Action Packed First Month

United States President Donald Trump held his first solo press conference on the job and offered a comprehensive review of his action packed first month in office. Trump promised further action in the coming weeks as he celebrated a busy first month in spite of the fake news media, hostile career bureaucrats, and a slate of department secretaries delayed by an obstructionist legislature. A transcript of the press conference is presented below: Continue reading

Police One Forum Hacked In 2015, Users Notified Now

Police One, a forum frequented by members of US Federal and State "Law Enforcement" agencies, confirmed today that 715,000 of member accounts have gone up for sale on the deep web after a breach that occurred in 2015. The database contains usernames, password hashed with every hacker's favorite md5, email addresses, dates of birth, and other miscellaneous data for the bargain sum of 0.4 BTC. Forum officials said they were notifying members of the hack so they could reset passwords, although this will do little to prevent dedicated attackers from future attacks.

Oasis Drained While Major Monero Webwallet Languishes Offline

Altcoin Monero has suffered a blow in its push to become the dominant currency of darknet markets, with reddit users reporting that the owners of Oasis market have apparently pulled an exit scam, absconding with around 150 Bitcoin and a yet undetermined amount of Monero. Reports from reddit also indicate that users attempting to withdraw Monero from the Alpha Bay marketplace are meeting similar frustrations, though the site is still online. This news caps a very bad week for XMR, with the MyMonero web wallet service run by developer fluffypony (WoT:fluffypony) also being was offline for several days now, with users reporting silence from support channels and inability to withdraw funds, though private keys can still be recovered and imported into an actual wallet. These particular wallets have been target by hackers several times in the past few months, resulting in several millions of USD vanishing. At the time of the writing of this article, the sorry for your loss was at -17% and continued to plunge.

Github Enforces USG.NSA Copyright And Other Lols, Roundup Xtend'd

Following the initial announcement of "Shadow Broker's" (WOT:nonpeople) planned auction of alleged NSA surveillance tools and miscellanea, further lulz emerged. Here they are Roundup Xtend'd:

  1. Github effectively and proactively enforced a potential copyright claim by the United States National Security Agency by booting the information off their platform.
  2. Numerous media outlets are skirting around where the goods came from by tenaciously using the "Equation Group" moniker for the group with which the tools originated.
  3. The issue of whether the teasers offered of the goods for sale are novel or rehashes of previous leaks has not yet been definitively established given the sheer amount that has been leaked already.
  4. A suggested price of One Million Bitcoin has been floating around. The price, which represents a substantial percentage of the best money's monetary mass, reeks of insanity and a deep povertree of the sort that makes a supposed person incapable of market participation.

Sorry for your lols.

Darkode Member Sentenced

A Louisiana man arrested in July 2015 for his role in selling a botnet on Darkode forums has been sentenced to 366 days in prison and 3 years supervised release after being found guilty of "obtaining information by computer from a protected computer". At the time of his arrest Mr. Guildry  was found to be in possession of stolen credit card information, and allegedly stole almost 150 Bitcoin from his victims. Authorities said some of the Bitcoin stolen had been converted to cash and spent. Guildry was one of 70 members of the Darkode site around the globe that were arrested in a crackdown on carding sites as part of "Operation Shrouded Horizon".

LinkedIN Dump Leaked

A post on LinkedIn's blog this morning announced that data had been released which "claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012" A hacker known only as "Peace" was offering the complete dump on a darknet marketplace The Real Deal for the price of 5 Bitcoin. While LinkedIn claims to have increased security measures since the 2012 hack many users were still using the same password, likely across multiple sites. Passwords from that breach were unsalted, making it likely the majority were cracked within a few days after the hack. The company said there was no indication that any new security breach had occurred.

Yet Another Darknet Market Sprouts

It calls itself Silk Road 3.0 . The anonymous owners of another deepweb site, Crypto Market, are reputedly behind the new incantation which will be known as "Silk Road 3.0" While touting itself as "The darknet's most resilient marketplace", the login page states "We are under DDOS attack. Please come back later." at the time of the writing of this article. Reports further promised massive security updates though the site continues to be accessible only through the TOR network. Prior "Silk Road" markets including were attacked via flaws in Tor with Silk Road 2.0 notably having a record of the attack happening committed to court records.

Darknet Market Nucleus Offline

Popular darknet market Nucleus has been offline for nearly a week, leading many users to speculate that yet another exit scam is in the works. The market was holding roughly 5,000 BTC in deposits for vendors and users. No message from /u/nucleusmarket has been forthcoming on reddit's r/darknetmarkets sub which seems to be the preferred meeting place on clearnet for users of such marketplaces.