To better understand the offerings on the hidden digital marketplace of the dark web, we managed to infiltrate BreachForums – an exclusive online platform bustling with cybercriminal activity.
Here’s what we found.
Table of Contents
What is the dark web?
To provide some context, let’s explain what we refer to as the ‘dark web’ and ‘cybercrime forums’. The dark web is an obscure area of the internet that can be accessed using specific browsers such as Tor, with a primary focus on maintaining user privacy. These platforms are often associated with cybercrime forums, which are online communities where illegal activities are discussed and coordinated.
On the dark web, you’ll find a variety of purposes served, ranging from secure, confidential web navigation to illicit activities like trading in stolen information, illegal substances, firearms, services, and prohibited goods.
On the dark web, cybercrime forums serve as meeting places for hackers, con artists, and other illicit actors who share knowledge, tools, and offerings, frequently using cryptocurrencies to ensure secretive financial deals.
What is BreachForums?
In the year 2015, BreachForums, originally known as RaidForums, was introduced to the digital world by the Portuguese hacker Diogo Santos Coelho. Initially, RaidForums served as a platform for a group of individuals who shared an interest in ‘infiltrating’ websites and virtual environments with the intention of causing mischief, jesting, or disrupting online activities.
Initially, hackers on the site started breaking into social media platforms and websites, stealing millions of user accounts. They later sold these stolen credentials to the highest bidders. Over time, RaidForums transformed into one of the most advanced and widely recognized centers for criminal activities in the dark web.
Binance users KYC data seems to be on sale on the dark web now
alleged github hack leak
— otteroooo (@otteroooo) February 4, 2024
In February 2024, when Binance suffered a breach, it was BreachedForums where user KYC details were initially offered for sale. Similarly, leaked Bitcoin ATM code from El Salvador, exposed later in April, also turned up for sale on BreachForums.
The website became a target for cybercriminals interested in purchasing confidential data from corporate hacks and even stolen government files. As a result, it drew attention from global law enforcement agencies.
In 2022, Europol and American intelligence teams joined forces to take down a website and apprehend Diogo Santos Coelho, its founder, who is currently being held in the UK on charges of cybercrime. He is now awaiting extradition to the United States.
RaidForums was transformed into BreachForums, with the change initiated by a user known as PomPomPurin who was subsequently arrested by the FBI in 2023. After PomPomPurin’s arrest, control of BreachForums passed to another user called Baphomet. However, the FBI seized BreachForums in May 2024; since then, multiple copies of the site have resurfaced.
Though the site remains active with many users, there’s been talk among internet users that it could potentially be a decoy or a trap, possibly established by the FBI, aimed at observing and apprehending cybercriminals for legal action.
What we found on the dark web crime hub BreachForums
Upon accessing BreachForums, we were greeted with numerous suggestions of illicit activities right off the bat. Unlike other cybercrime forums that may feign as IT and cybersecurity interest groups, BreachForums has never attempted to conceal its true identity. At the time of our login, the homepage displayed users offering services from criminal gangs such as MS13 or La Mara Salvatrucha for $10,000.
In the realm of dark web listings that involve violence, it’s often safer to assume they’re fraudulent rather than genuine. However, the illicit activities didn’t just stop at this posting. The site’s chatbox, continuously updating with conversations, showed users actively discussing and transacting in real-time. This included the sale of goods on the forum’s marketplace, which was teeming with vendors offering illegal items like stolen data, guides on bank fraud and credit card fraud, IP tracking services, and a host of other illicit goods.
Additionally, it’s worth noting that the conversation included a shared interest in anime and manga, as it turns out, even those engaged in cybercrimes can have pastimes like these.
As a crypto enthusiast, upon my very first login, I noticed an overwhelming influx of posts, all published within mere hours. This suggests a vibrant and active online community, one that continues to thrive, albeit possibly under close scrutiny from the authorities.
The picture illustrates individuals offering access to various services, including video streaming platforms such as Paramount Plus and Netflix, as well as hacked accounts on platforms like OnlyFans.
In the hidden discussion section about data breaches, it was observed that users were trading unauthorized access to data leaks. This included collections of corporate C-Suite email credentials, identification documents from countries like the UAE, India, Qatar, and Saudi Arabia, along with a leak of files and images pilfered from Saudi Arabian military emails that had been compromised.
In our initial analysis, the recent release of military documents seems authentic, yet it has been traced back to 2016, suggesting this user is trying to deceive others by presenting old leaked material as new. This is just one instance of the various fraudulent activities that cybercriminals engage in online, attempting to pass off outdated information as current.
A user asserted that they had private access to a data breach involving an Australian health insurance company called MedBank, and it’s confirmed that this organization, MedBank, experienced a cyber attack by Russian criminals in the year 2022. During this incident, the personal details of approximately 9.7 million Australians were taken illegally.
Rather than the notorious “hitman”-style ads that often characterize the dark web, the activities on BreachForums are more about selling leaked documents and identities, which unfortunately seem quite credible given their consistent success in doing so over extended periods.
It’s plausible that some of these recurring posts could be set-ups by the FBI or other law enforcement agencies, aiming to apprehend individuals involved in criminal activities.
Services found on BreachForums
In addition to stealing data, crafty cybercriminals often advertise diverse services for rent on the dark web, and they usually accept cryptocurrencies as a form of payment.
As a crypto investor, I swiftly stumbled upon users on BreachForums who claimed to provide DDoS services. These services essentially involve a distributed denial of service attack, where malicious individuals exploit a botnet to disrupt a website’s functionality. The objectives behind such attacks can vary, from extorting money from the victim, targeting rival businesses, or merely causing harm to an enemy.
A gang of cybercriminals offering their services, known as Hidden Virtual Network Computing (HVNC), were advertising a tool that allows unauthorized access to another person’s computer from a distance.
It’s worth mentioning that the post resembled an advertisement for legal online services, as it provided a comprehensive rundown of its features and pricing structures, along with the availability of customer service in both Russian and English languages.
Additional offerings encompassed a service that gave criminals temporary phone numbers, which they could use to receive verification codes for activating online accounts without revealing their true identities or personal phone numbers.
We uncovered instances where spam emails were being sent in large quantities for various illicit mass-promotion efforts, including scams involving phishing and other harmful software, as well as discovering ads for tools designed to flood an opponent’s email account. The intention behind these actions is often to render the email service unusable or to conceal malicious activities such as warnings of unauthorized login attempts.
One persistent sender crafted an advertisement that seems to originate from an artificial intelligence system, along with a brand emblem for their unnamed service. We’ve omitted the name to avoid promoting their business.
Various discussions were focused on markets offering remote server access, custom programming for web development, and graphic design, all resources that could potentially be utilized to construct elaborate deceits, like fake websites intended to swindle users’ personal information.
As an analyst examining this scenario, I’m inclined to believe that while a portion of these services might be authentic, a significant number appear to be fraudulent. The repeated seizure and reopening of the website suggest potential issues, and considering all user accounts are less than two years old, it raises questions about their legitimacy.
As a researcher examining online marketplaces, I’ve noticed that many cybercrime forums rely on escrow systems or build trust through a seller’s history of ‘reputable’ transactions. However, this novel site appears to have minimal safeguards in place to prevent scams, which raises concerns about its security and reliability.
Multiple providers claim they handle escrow transactions, which means a neutral intermediary keeps the money safe until both parties confirm their satisfaction with the payment. For instance, this developer who provides prefabricated phishing sites and landing pages offers such an arrangement.
Users who agree to use an escrow service might genuinely be offering the goods they’re advertising, but it’s important to note that this platform also has a significant number of fraudulent transactions involving escrow payments.
In truth, there’s a whole discussion or topic dedicated to scams within this platform, where users share their experiences and report instances of suspected fraudulent activities on the site itself.
According to uuu732, their attempt to deceive others online ended up being a trap instead. They had been scammed when they paid user PennyTrate-x $300 for software that claimed to bypass antivirus programs and send infected PDFs to unknowing targets, only to find out later that they themselves were the victims of a scam on BreachForums.
In a situation where the expected items were not delivered by the vendor, they failed to offer an explanation when prompted by the moderator. This lack of response resulted in their account being suspended.
A different user has shared an account of a disagreement with a separate vendor. In this instance, the user made an unsuccessful attempt to buy a compromised database from a Swiss insurance firm for $500 and a failed purchase of a compromised database from a Swiss retail store for an additional $1,300. The user claimed that they did not get the illicit data in either transaction.
What do dark web criminals do with stolen user data?
Unscrupulous online users purchase login credentials and personal details with the intention of breaking into email and social media platforms for one of two purposes: either to plunder the user’s financial resources or to acquire confidential data, which they can then misuse in various malicious ways.
A malicious individual on the dark web could potentially exploit a user’s PayPal account without authorization, attempting fraudulent transactions or moving funds to another account. Additionally, they might misuse personal data such as passport details to apply for loans under false pretenses, which is known as identity theft.
This data can often be exploited by criminals for threatening or coercive actions, such as extortion and blackmail, once they’ve gained access to a person’s confidential accounts.
How to stay safe online
It’s important to recognize that the dark web is a potentially risky part of the internet due to numerous factors. For instance, a website that has been confiscated and reopened on multiple occasions still serves as a bustling marketplace for illicit activities, including services, products, and scams aimed at fellow users.
On the surface web (clearnet), maintaining safety is crucial. One effective method is by enabling two-factor authentication on all devices and online accounts. This security measure requires a second device, like a mobile phone, to confirm login details, thereby reducing the risk of hacking and phishing attacks. Additionally, double-checking URLs before accessing them can help avoid falling victim to fraudulent sites.
Casual explorers venturing into the mysterious depths of the Dark Web may unwittingly mingle with experienced swindlers and cybercriminals, who are always on the lookout for vulnerabilities. It’s advisable for visitors to exercise caution by refraining from clicking on unknown links or downloading suspicious files. Furthermore, it’s important to remember that making any transactions could potentially expose you to a range of issues, not just from legal entities but also from unscrupulous individuals.
The safest approach to avoiding potential dangers on the dark web is not venturing into it at all. Instead, we regularly explore various parts of the dark web and provide you with consistent updates about our discoveries, ensuring you remain informed about the seedy side of the global internet.
How to get to the dark web on a Chromebook?
The question about navigating the dark web on a Chromebook comes up quite frequently, but I must emphasize that it’s best if people avoid accessing the dark web altogether. While the dark web can be an intriguing topic for journalists, it’s also rife with con artists and other criminal elements that could pose a risk to individuals who encounter them.
To gain access to the dark web on a Chromebook, users usually install Linux through the Crostini app and then add the Tor browser repository. This allows them to tap into Tor’s hidden services, another name for the dark web. However, I must stress that this should only be done for research or journalistic purposes; otherwise, it’s best to steer clear of it.
Why is the dark web so creepy?
The dark web is often perceived as ‘spooky’, partly because it’s frequently depicted in popular YouTube videos where content creators claim to unbox ‘mystery packages’ from the dark web, and also due to its frequent appearance in short stories and ‘creepypastas’, a genre of horror fiction.
As a researcher, I’ve come to understand that the perception people have about the dark web is often misguided. In truth, it’s more about transactions and exchange of information than the sensationalized portrayals suggest. Many individuals access this network to share uncensored information, such as political whistleblowers seeking protection, or for less noble purposes like cybercrime activities and illicit trade.
How to check my if my email is on dark web?
Instead of visiting shady sites like Nulled to discover if your email has been compromised, you don’t have to delve into the murky depths of the dark web. A more straightforward approach is using the Have I Been Pwned tool available on the open internet to find out if your email address is among the breached ones.
Is the dark web real?
Absolutely, the dark web does indeed exist, serving as a platform where significant financial transactions take place in the illicit trade of drugs, stolen digital assets, harmful software like malware, firearms, hacking jobs, and various illegal goods.
What to do if email is on dark web?
In case your email is discovered on the dark web, it’s advisable to promptly update your password and enable two-factor authentication (2FA). If you continue to receive login requests even after that, you may need to contemplate switching to a new email address entirely.
Read More
- POL PREDICTION. POL cryptocurrency
- Smino and Samara Cyn To Hit the Road on ‘Kountry Kousins’ Tour
- Hong Kong Treasury says crypto is not a ‘target asset’ for its Exchange Fund
- PYTH PREDICTION. PYTH cryptocurrency
- Ananya Panday claims ‘its tough being Bhidu’ after working with Jackie Shroff; find out why
- The Vampire Diaries Nina Dobrev Reunited With Co-Stars To Recreate Throwback Photo, And I’m Not The Only One Loving It
- Blockaid new dashboard to track Web3 activity and threats
- AI16Z PREDICTION. AI16Z cryptocurrency
- SEN PREDICTION. SEN cryptocurrency
- Solana L2 Sonic includes TikTok users in airdrop
2025-01-18 06:53