Cyber Updates – June 30, 2021
This month we explain how easy it is for malicious attackers to leak Netflix accounts. We also explore how carding is recently on the rise in two specific carding forums we’ve been monitoring. And we have a new announcement about the addition of Royal Market to our coverage!
Last but not least, don’t miss our Cyber Business Unit Manager Liran Sorani’s take on the latest news from the world’s largest social media platform and how it will affect intelligence gathering.
Netflix Leaked Accounts
With close to 140 million subscribers, Netflix is the most popular media streaming service, making it an ideal target for cybercrime. Many of us, active Netflix users, subscribe with our private email addresses. This makes it easy for malicious actors to steal data records and, once hacked, gain access to a lot more than just our Netflix account. That’s why thousands of accounts are leaked on a weekly basis.
Hackers often share leaks for free, as it takes almost no effort to obtain them. Leaked Netflix accounts include user email addresses, passwords, and phone numbers. It can also include additional details like user’s names and gender, dates of birth, and location.
Webhose detects these leaks in several online sources, such as the open web, the dark web, and Telegram networks. Posts include actors selling, sharing and mentioning the leak in several hacking forums in these sources.
As Netflix users, many of our day-to-day accounts, private and commercial, are at risk, as we often use the same log-in information for various services (bank apps, HMOs, Netflix, Spotify, email and Google accounts).
To see discussions related to Netflix breached data, use the following query: “Netflix” AND (leak OR cracked OR premium OR accounts OR acc)
Weekly Find: Carding Fraud on the Rise
Carding fraud continues to gain in popularity in the dark web. It’s a fraud method related to the abuse of services containing sensitive personal information. This includes information such as stolen credit cards, bank accounts, stolen accounts, and more.
At Webhose we detected an increase in the number of discussions related to carding over the last 6 months in a few well-known carding forums such as Altenen and Club2Crd. The Altenen forum has more than 900,000 members. Club2Crd has more than 175,000 members.
Carding fraud can be found in every corner of the dark web. One of the most popular places to find it is Telegram. Actors here open dedicated channels and share stolen credit card information that can lead to carding of a wide range of different services.
Here is an example of carding we found this week. The actor goes by the name “Only carding” and posted in the X-Force Telegram group for carders:
To see discussions related to carding fraud use the following query: site.domain:*carding OR carding OR cardable OR carder
New Source in Webhose Coverage: Royal Market Now Available
We recently added Royal Market, a new marketplace in the TOR network to our coverage in the Cyber endpoint. The site was launched in April 2021 and quickly became popular. It now has almost 10,000 listings. The listings available on the market are very similar to other dark web marketplaces. Royal Market offers a variety of products from diverse categories such as illicit drugs (including cannabis, ecstasy, prescription drugs, opioids, steroids, drug recipes, stimulants, benzos and psychedelics), counterfeit, digital goods, frauds, services, tutorials and leaks.
What makes Royal Market popular is that it is user-friendly and secure.
To see content from this marketplace, use the query: site.domain:rpd25x73bfc57j5b6c7u4y5pfbyxdi2qtnwl2a4jorqsnah4ug2z5iqd.onion
Cyber Viewpoint: The Alternative to Free Speech Discussions
As part of our Cyber Update, we’d like to share an expert opinion about trends and the future of cyber data with our Cyber Business Unit Manager Liran Sorani. Today’s opinion focuses on Facebook’s recent development of a new set of tools and how it could impact the collection of web data in the future.
Facebook recently published a set of tools that allow a Group Admin to automatically moderate comments and posts published by activists.
This is part of an ongoing tightening of restrictions around free speech in mainstream social networks such as Twitter, Linkedin, and Tumblr. I’d like to share my thoughts about this development and how it could impact the collection of web data in the future.
The communities that usually face restrictions on such networks include:
Terrorist or extremists groups that call for violence against a government or a country
Racist groups that usually provoke violence against specific ethnic or racial groups
Conspiracy groups that discuss false facts or misinformation and might influence larger communities (a.k.a “fake news” )
Mainstream social networks are currently leading a fight against such communities. Angered by what they cite as relentless privacy violations, surveillance capitalism, targeting, and political bias, these communities are migrating to alternative networks.
Here are a few of the latest places they use to freely share and communicate their ideas:
Gab – where we can find Nazis, racists and far-right communities.
Rumble – A video-sharing site home to many right-wing conservatives. It now has 50 millions unique users a month.
MeWe – Includes groups sympathetic to QAnon, such as the Great Awakening (banned from Reddit) and the Empowered Citizen Institute’s Great Awakening Patriots (banned from Twitter).
My belief is that these restrictions will become tougher. Mainstream social networks will need to invest resources into blocking violent types of speech, partially due to government pressure. As a result, more free speech platforms will emerge, often with little to no restrictions.
I also think that intelligence platforms will need to reconsider their data coverage and take into account the new trend of FSPs (Free Speech Platforms) to detect these threats ahead of time and mitigate them.
That’s it for our Cyber News Update from our Cyber Team this time. We’ll be back again next time with more exciting updates from the world of cyber. Stay tuned for more updates!
Until next time,