21.03.18 Dark Web and Cybercrime Roundup
Former Hansa Vendor Doug-Heffernan Arrested in the Netherlands
Some darknet market users may remember a large vendor who operated on Hansa and then disappeared after Hansa went down. Netherlands police certainly remembered the vendor after discovering a series of accounts on Dream marketplace that sold the same items and fit the profile for the former Hansa vendor Doug-Heffernan. Some may recognize the other accounts: Smurfs, Mr. Bubblebgum, Rubiks and DrugsGames.
Netherlands police raided five houses in Amsterdam and an additional house and workshop in Werkendam. They arrested four suspects. One part of the case that caught the media’s attention came from an unusual item in the drug trafficking realm: a 3D printer. The police said the suspects had shipped out tens of thousands of packages with the drugs hidden inside printed “Nintendo” game cartridges and similar items.
Hacker Arrested for Selling Stolen Data on the “Crime Network”
The Bavarian Central Office of Cybercrime announced the arrest of a prolific 24-year-old alleged hacker who had been selling hundreds of thousands of stolen credit card numbers, username and password combos, and other stolen information. He sold the cards on a darknet carding and fraud forum (with a clearnet counterpart) called the Crime Network.
After almost two years of tracking him down and gathering evidence, German police finally caught the alleged fraudster at his apartment in Cologne, North Rhine-Westphalia. Crime Network went offline in 2015, but the 24-year-old had allegedly continued selling stolen PayPal credentials on other mediums.
Creator of Several Ransomware Variations Arrested in Poland
A Europol press release revealed that Polish law enforcement had arrested a Polish national suspected of being a ransomware author known as “Armaged0n” on the internet and amongst security researchers. Tomasz T., the suspect in question, had allegedly created the Flotera and Vortex ransomware. Europol said that Tomaz charged $200 to $400 per decryption key and earned a total of $145,000 between 2013 and 2018.
Tomasz lived in Belgium and had travelled to his hometown at the time of his arrest. Belgian Federal Police worked with Europol and Polish authorities to properly coordinate the arrest. Once Polish police arrested Tomasz, Belgian police raided his home and seized his electronic devices. The District Prosecutor’s Office in Warsaw has charged Tomasz with 181 counts of computer fraud and money laundering.
MSU Student Arrested for Distributing Fake Oxycodone Pills
The Minnesota River Valley Drug Task Force arrested suspected drug dealer Joshua Ryan Chlan at his house near MSU. The 19-year-old had allegedly been selling counterfeit oxycodone pills to other MSU students. After several students overdosed within three days, the City of Northfield Police looked into the situation and discovered the pills had contained carfentanil and cocaine instead of oxycodone. The 19-year-old had allegedly been ordering the pills from a darknet vendor.
Law enforcement caught him quickly thanks to a dealer who regularly bought drugs from Chlan and resold them to other students. One of the students who had overdosed told the police that she had purchased the pills from 22-year-old Joshua Edward Tarka. The police arrested Tarka and he rolled.
Tails Update Fixes Numerous Security Flaws
Tails, the live operating system of choice for whistleblowers and darknet drug vendors alike, issued an update just days after a major update. This update, while minor, does patch a reproducible libvorbis issue that impacts Tor/Firefox (CVE-2018-5146). The update patches three vulnerabilities in curl (1, 2, 3) that could have allowed an attacker to cause a DoS or an information leak. And lastly, the update fixed two samba issues. Samba was found open to a DoS attack when configured in a certain way (CVE-2018-1050). Additionally, researchers discovered that any authenticated LDAP user could change the password of any other register user account, administrator user account, or service user account (CVE-2018-1057).
Update here: Tails 3.6.1