A man from Alabama was convicted to 10 years in prison for selling Darkweb hard drugs

Joseph William Davis, 26 years old, from Madison, Alabama, was sentenced to 10 years in prison for the possession with intent to distribute of 50 grams of methamphetamine, 40 grams of fentanyl, 2.81 grams of cocaine, and 80,000 units of Xanax.

On Wednesday, 19th of December 2018, U.S. Attorney Jay E. Town, U.S. Postal Inspection Service Inspector in Charge Adrian Gonzalez and DEA Associate Special Agent in Charge Brad Byerley announced the ruling.

U.S. District Judge Madeline Hughes Haikala sentenced the man to ten and a half years of incarceration after pleading guilty in August of 2018 to conspiracy to sell drugs and firearms possession. Firearms that according to the Department of Justice, were used in “furtherance of drug trafficking.”

Also known as “OlympusXans,” or “OX,” Davis was trafficking darkweb drugs through encrypted internet chats to Madison County addresses. Everything passed through the U.S. Mail.

DEA Associate Special Agent Brad Byerley had this to say:

“The successful prosecution of Joseph Davis is a direct result of outstanding partnerships with federal, state, and local law enforcement. It should put others who engage in this type of activity on notice: if you sell drugs, whether on the street corner or online on the dark web, you will face federal charges and a lengthy prison sentence. This sentence in federal prison sends a message of our unending resolve to pursue drug traffickers who wreak havoc in our communities.”

Several U.S. Postal Inspectors, the Drug Enforcement Administration, Huntsville-Madison County County Strategic Counterdrug Team, and the Cullman County Sheriff’s Department investigated the drug case, which Assistant U.S. Attorney Jonathan S. Keim indicted.

“Federal law enforcement will continue to shine a spotlight on drug dealers operating in the darkest corners of the internet,” U.S. Attorney Jay E. Town declared. “Federal prison beds await them all.”

“I commend the hard work and countless hours put forth by all of the law enforcement agencies involved,” U.S. Postal Inspection Service Inspector in Charge Adrian Gonzalez affirmed. “Together we will continue to be vigilant in identifying and working to prosecute those who illegally utilize the mail while keeping the safety of the American public and our Postal Service employees at the forefront.”

The drugs Davis was selling are responsible for many overdoses around the world and are deemed rather unstable substances. A large portion of the penalty derived solely for the type of drugs sold by the man. Fentanyl and Xanax are extremely dangerous artificial narcotics that have established themselves in the collective perception as probably the most dangerous drugs in circulation. An additional prison term was also added in light of his willingness to use firearms to protect his drug business.


SOURCE: https://www.waaytv.com/content/news/Madison-man-used-dark-web-to-traffic-drugs-503238531.html


Five arrested in Italy for trafficking Darknet drugs from Spain to the region of Trento

Five arrests were issued on 13th of December 2018 in Trento, Italy, for four Italians and a foreigner caught importing drugs from Spain through the darknet. A total of 30 kg of narcotics have been seized.


Giuseppe Garramone, Quaestor (provincial public security department) of Trento, was one of the leading proponents of the investigative action as part of Operation Darknet.

Italian prosecutors disrupted the network following an airport bust of a certain D. E. (unknown full name) in Frankfurt on 8th of August 2017. The man had 20 grams of cocaine destined for an Italian citizen. More than a year later, on 29th of August 2018, the Italian police raided the house of D.E. The Mobile Squad of Trento found 50 grams of cocaine and about 500 grams of marijuana, a reason for which D. E. (unknown full name) was arrested. It was later discovered that the drugs were paid via bitcoin bought with Poste Pay money.

On the same day, the residence of another suspect, D.L. (unknown full name), was raided. Police found 50 grams of cocaine, 8850 grams of marijuana, and the equivalent sum of 5940 euros in counterfeit banknotes. He was arrested and put in precautionary custody.

The investigation revealed a network behind the drugs that were trafficked from Spain. Thanks to telephone interceptions, on 20th of September 2018, a truck from Spain was stopped with 18 kilograms (40 pounds) of hashish on board and the sum of 3500 euros allocated as payment for work done by one of the affiliates. On this occasion, three people were arrested in the city of Rovereto.

In the following days, the analysis of the seized phones confirmed the business relationship established between Italian citizens with Spanish suppliers.

Prosecutors Marco Gallina and Davide Ognibene obtained precautionary custody for all five of the suspects: three in prison and two at house arrest. Furthermore, three cars and a motorbike were confiscated among other propriety obtained through illicit means.





North Carolina man pleaded guilty to attempted assassination with radioactive material

U.S. Attorney Andrew Murray announced on 30th of November 2018 that Bryant Riyanto Budi, 27 years old, of Matthews, North Carolina appeared before U.S. Magistrate Judge David S. Cayer and has pleaded guilty to attempted possession of radioactive material with intent to cause death or serious bodily injury to another individual. Budi tried to buy radioactive substances from the darkweb between 22nd of April 2018 and 1st of June 2018 and faces life in prison.

Court documents reveal that the culprit contacted an undercover FBI agent on the darknet inquiring about a hitman. Homeland Security Investigations Special Agent Christopher Nasca responded to the inquiry but added that they needed to switch their conversation from the hidden vendor’s messaging system to e-mail. After several e-mails were exchanged with prices, methods, and descriptions of the target, undercover agent raced from his office in New York to Charlotte. The conversations continued from e-mail to SMS where Budi asked for proof of the hitman’s seriousness. Budi asked for photos of the hitman’s guns and the target’s house, to which the undercover police officer complied.

Suddenly, agent Christopher Nasca receives intel from FBI about a person trying to buy radioactive substances to kill a civilian. The buyer specified his intentions to kill the “enemy” with the dangerous material. He asked for an unknown mixture of lethal substances that could kill a person the size, weight, and dimensions of his “enemy” which resembled very much to the descriptions of Budi’s murder-for-hire target. Later, Budi even told the agent that he was scammed by a hitman who was supposed to get the job done.

On the 31st of May 2018, a bait package was sent to Budi’s friend from college at an address in Charlotte. Budi had previously spoken with his friend about him picking a parcel from him. A bait package was then sent which led his arrest the next day.

Budi remains in federal custody and hasn’t received a sentencing date yet. Attempted possession of radioactive material carries life in prison, but the court will probably want to further evaluate the culprit’s mental health.


SOURCE: https://www.justice.gov/usao-wdnc/pr/matthews-nc-man-pleads-guilty-attempted-possession-radioactive-material-murder-hire

Cryptojacking malware infections have risen 400% in 2018 according to Kaspersky Lab

The year 2018 has seen a surge in cryptocurrency-mining malware by four times in the Middle East, Turkey, and Africa (META) regions according to anti-virus firm Kaspersky Lab. Some 13 million cases were registered around the world for such malicious software infections that redirect a portion of the host’s computer processing power towards mining cryptocurrency for the guest. A four-time increase from 3.5 million cases back in 2017.

It’s important to know that there are two types of cryptojacking:

1) The first one involves mining software injected directly into the host’s computer files. They’re usually delivered by malicious links and through some form of scamming or deceit.

2) The second type refers to in-browser mining scripts that run as long as the visitor stays on the page. Some are legitimate mining scripts installed by their respective website owners, while others are malicious scripts injected by third-party actors. The former is considered the safest form of cryptojacking, being approved by the website owner, while the latter exploits both the website and its viewers. Most of the hidden scripts were injected into streaming websites, especially pornographic or pirating sites, forums, and similar places where the user is inclined to spend much time.

The source code on a cryptojacking website with the beneficiary wallet address. Screenshot author Pranshu Bajpai, CC BY-ND

Some might argue that almost all cryptojacking cases are unethical, thus the name ‘jacking.’ The embedded mining software is almost never brought to the attention of the visitor but instead happens secretly, without disclosure — everything at the expense of the user who may not even realize that his processing power and electricity are being spent to create and send cryptocurrency to an unknown wallet. It’s fundamental to keep in mind that even if unnoticeable, the mining process drains the battery, consumes electricity, and works the processor and video card which in turn, can make the system run slowly, reduce its life-span, or even damage the hardware by overloading.

An example of CPU overutilization from hidden cryptocurrency mining in an extension

Although the whole world is affected by the attacks, less-developed countries from Africa, South America, and the Middle East seem to experience the majority of the attacks.

According to a study made by Bad Packets Report on February 2018, it showed that 34,474 websites are executing Coinhive, the most popular cryptojacking JavaScript. Another research from AdGuard found that the total profit from cryptojacking is around $150,000 per month from which a third goes to the mining network and the rest to the website owner.

There are some exceptions to the rule, however — cases in which websites ask for the clear consensus of the user in using some of its processing power to generate cryptocurrency. Transparent cases such as these are considered legitimate and safe. For example, this UNICEF website asks your permission to mine cryptocurrency off your browser for charity.

Although the mining scripts are merely tools that can even serve a useful purpose, as mentioned above, the situation got out of hand. A few months ago, Google announced a general ban on all plugins and extension involving cryptocurrency mining from its Chrome browser, whether white or black hat.

“Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose, and the user is adequately informedabout the mining behavior. Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.”

Individuals are not the only ones targeted: businesses are too. Company-owned computers are very sought-after targets since they’re continually functioning in large numbers and usually lacking adequate security protocols. More so, hackers have adapted the script-injection methodology specifically for commercial companies through ‘formjacking.’ It refers to a malicious Javascript inserted into the payment process of a website. The credit card information is then obtained. Most recently, in June 2018, Ticketmaster had 40,000 customer records compromised, and in September 2018, British Airways encountered a similar attack on 400,000 clients.

As a first defense system, the National Cyber Security Centre’s board toolkit is an excellent starting point. Adblockers, antivirus programs, and mining-blocking browsers are must-haves against cryptojacking.










A 21-year-old German received just 60 hours of community work for ordering darkweb cannabis for personal consumption

Daniel F. (not real name), 21 years of age, ordered hundreds of grams of darknet marijuana for personal consumption through the post office in the German district of Pfaffenhofen. More precisely, he used to place orders of about 100 to 250 grams of marijuana each time, for a total of 800 grams paid in bitcoin. The judge gave the young man 60 hours of community work alongside drug rehabilitation.

The defendant has been judged by juvenile justice standards despite him being 21 years old. Thus, receiving a light sentenced compared to the minimum of one-year imprisonment of the adult penal code regarding the purchase of marijuana for personal use. The change in the judging regiment was made due to the defendant’s absence of criminal priors and good behavior. Also, the fact that the illegalities started when he was 18 years old and that no criminal enterprise was found.

Judge Ulrich Klose highlighted the ideas himself:

“That was a massive offense, but juvenile justice is about education.”

The judge then asked Daniel if he quit drugs:

“Then we could take a hair sample from you?”

To which the defendant replied:

“No, problem. Actually, I always wanted to stop it.”

The representative of the juvenile court confirmed the good behavior, saying he has volunteered in social and civic actions, traveled the world, and completed two internships.

It is clear that not only the public opinion but also the judicial practices have drastically changed when it comes to marijuana consumption. Such light sentences were unheard of in past decades. A similar case happened in Austria, where a man fueled his cannabis vice using fake euros and received only two months of prison time.

SOURCE: https://www.donaukurier.de/lokales/pfaffenhofen/DKmobil-Drogen-aus-dem-Darknet;art600,4018378

Facebook exposed the private and unpublished pictures of 6.8 million users due to an API bug that gave unhindered access to 1,500 apps

On 4th of December of 2018, Facebook announced that up to 1,500 apps created by 876 developers had unrestricted access to the user’s profile images, including unpublished photos and photos set to private. The application program interface (API) bug affected users from September the 13th to September 25th of 2018 and regards the applications which asked access to the profile images.

Facebook users who granted access to third-party apps from the fifteen thousand apps which had the problem, gave unhindered access to their profile images, whether public or private.

Affected users are being identified and notified by the company. Users can also access the following dedicated page to see if they’re affected: https://www.facebook.com/help/200632800873098

Tomer Bar, a Facebook developer, explained the Photo API bug:

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.

Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.

We will also notify the people potentially impacted by this bug via an alert on Facebook. The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug. (See example of user notification below)

We are also recommending people log into any apps with which they have shared their Facebook photos to check which pictures they have access to.”

Facebook users were exposed to this bug for 12 days, but it’s unclear if hackers exploited any vulnerabilities. Also, such API errors are not uncommon among corporations. Earlier this year, Twitter and Google were also affected by similar bugs which exposed the information of over 50 million people.

Source: https://developers.facebook.com/blog/post/2018/12/14/notifying-our-developer-ecosystem-about-a-photo-api-bug/

A 52-year-old Turkish dealer sentenced to nine years and nine months in Germany for Deepweb drug trafficking



At the end of November 2018, a 52-year old Turkish man residing in Germany was convicted to nine years and nine months of prison for distributing hard drugs both on the streets and on the darkweb. The Criminal Police in Mühldorf, Germany declared it was one of the lengthiest investigations in its history, since the establishment of the Commissariat 4 for drug-related crimes.

The investigation was code-named “Vehicle” after the first piece of information the Kriminalpolizei of Mühldorf acquired about the target — that he was a car salesman.

In September 2017, the investigation group “Vehicle” was created to hunt down the criminal organization that was trafficking a relatively large amount of drugs in the region. Enough even to be considered the biggest dope-pushers in all of the Bavarian town of Altötting.

Amphetamine, pain-killers, marijuana, ecstasy, and cocaine (picture) were among the sold narcotics by the network. In addition to a secret drug and money hideout in the city center, a bar in the town of Neuötting was a common place for frequent meet-ups of the gang members. Each one had its duties; some were “runners” while others “negotiators.”

The first breakthrough came in October 2017 when a drug peddler for the gang was caught by a police checkpoint on the A94 highway. He was transporting several kilos of marijuana and one kilo of amphetamine, a large amount of ecstasy, and cocaine. The bust led to the raid and arrest of the 52-year-old ringleader in November 2017.

Shortly afterward, comprehensive and conclusive prosecution was issued against a variety of people involved. Criminal proceeding ensued against 50 other defendants, including darknet buyers and sellers, which prompted the mandated search raids of other 20 locations.

The operation was a complete success, and the investigation squad which consisted of six civil servants was dissolved.

SOURCE: https://www.polizei.bayern.de/oberbayern/news/presse/aktuell/index.html/289815

Border customs investigators arrested 32-year-old Dutchman in Germany for selling drugs on the Darknet

The Frankfurt Customs Investigation Office arrested a 32-year-old Dutchman in North Rhine-Westphalia on Tuesday, 11th of December 2018, after a sting operation. The operation was under the direction of the NRW Cybercrime task force in the Lower Rhine town of Kleve.

Investigators announced on Thursday that the man is under custody. He’s accused of selling marijuana, hashish, cocaine, amphetamines, and ecstasy tablets (photos) internationally on the darkweb.



Law enforcement was targeting the suspect since last summer. According to Cologne prosecutors, police found several kilograms of drugs, including 10 thousand ecstasy pills between his residence in the Netherlands and a holiday house in the Dutch province of Gelderland. Narcotic paraphernalia, laboratory utensils, and packaging material were also found.

The man is facing hard prison time regardless of what country is going to judge him, Germany or the Netherlands. Culprits caught between two or more countries will try their best to get judged in the country where the laws are in their favor. Although both countries have relaxed laws for personal consumption, they also have equally severe laws for hard drug trafficking.

Source: https://www.presseportal.de/blaulicht/pm/116258/4142305


Nine members of the sexual predator gang called “Bored Group” convicted to 40 years in prison

The group called “Bored Group” was convicted at the beginning of December for manipulating minor girls on the internet to self-harm and perform sexual acts.


Christian Maire (photo) of Binghamton, N.Y., 40 years of age at the time of the sentencing, and the married father of two, was the ringleader of the organization and received the highest prison term, 40 years. He was busted by a former victim who helped the FBI.

Other culprits received similar prison terms:

  1. Arthur Simpatico, 47 years old, of Mississauga, Ontario, Canada. Sentenced to 38 years;
  2. Jonathan Negroni Rodriguez, 37 years old, of West Hollywood, California. Sentenced to 35 years;
  3. Michal Figura, 36 years old, of Swarthmore, Pennsylvania. Sentenced to 31¼ years;
  4. Odell Ortega, 37 years old, of Miami. Sentenced to 37½ years;
  5. Brett Jonathan Sinta, 36 years old, of Hickory, North Carolina. Sentenced to 30½ years;
  6. Caleb Young, 38 years-old, of Cuyahoga Falls, Ohio. Sentenced to 30 years;
  7. Daniel Walton, 34 years old, of Saginaw, Texas. Sentenced to 30½ years;
  8. William T. Phillips, 39, of Highland, New York. Sentenced to 33 years.

The organization would lure young girls aged 8-17 through social media and online chatrooms posing as a group of teenage boys. Sexual acts and even a few instances of self-harming were requested of the girls after elaborate psychological scams to win trust.

In other words, using fake profiles, pictures, and videos of young boys, the gang would act convincingly on teenage dating websites such as MyLOL.com, Gifyo, Periscope, and YouNow. Each member had its role and worked systematically. The group would comment on old and non-sexual posts of girls to stand out of the crowd, and then they’d send chatrooms invitations.

The psychological bond of the group with the victims was developed over long periods of time around topics like school, family, sports, and sex. Furthermore, the final manipulative strategies to get the victims to undress were also well-thought. For example, the dares or challenges would gradually progress to sexual requests alongside strategic compliments. Another technique involves competitions between victims to see who performs the most outrageous actions. But probably the most interesting psychological tactic resides in the group’s frequent use of the word “bored” as to appear authentic and reassuring. Apart from being in the name of the group, chatrooms or certain posts would also be called “justsobored,” “borednstuff,” and “boredascanbe.” The word was used to give the illusion of a bored group of innocent teenage boys.

On the other hand, the organization also had a defense strategy. First of all, as stated before, the group never commented on sexual posts. Second of all, the group had an entire network of “Hero” or “White Knight” investigation teams that would alert the group of the existence of people that might warn the victim of the scheme. Such networks were used for other purposes and were both internal and external of the group’s nucleus. More so, archives were kept with the personal information of each victim, as well as other details involving past or current scams. Chatrooms were also categorized in “camping rooms,” where victims were expected to return and “regular rooms, ” where victims would appear at least once per week.

The downfall of the group started in 2017 when a group member linked the “Bored Group” to the news of a bust of an unrelated sexual predator which confirmed the FBI’s suspicions.

Some of the victims spoke up about the mental and social scars. A woman from New Orleans, tricked when she was 16, declared last week at the sentencing:

“I am a 20-year-old girl standing here today, facing the monsters that destroyed my childhood due to child exploitation. (…) I enjoyed having ‘friends’ to talk to every day. They were always there no matter what time of day. “

The woman described how she was tricked into the scheme. Several videos were made of her which were used for blackmail. The stress and psychological abuse lead to self-harm, hospitalization, and even suicide attempts:

“I know they knew I was hurting, because they would watch me cry and some would even ask me to self-harm while they watched. Thinking back to those days causes me to cry myself to sleep, wondering when the monsters will stop haunting me.”

Tragically, the group sobbed as well upon hearing the decades-worth of punishment they have to face. The leader of the group begged for mercy, and although the U.S. District Judge Stephen Murphy sparred him life in prison, the final sentence totaled not a day less than four decades of prison.

Source: https://eu.freep.com/story/news/local/michigan/detroit/2018/12/12/sexual-predators-christian-maire-teen-girls-online/2233922002/

Over 40,000 government accounts have been found on the Darkweb from Saudi Arabia, Italy, Israel, Portugal, Switzerland, Norway, Georgia, Bulgaria, and Romania

Over 40 thousand accounts for government websites were found on the darkweb from countries including Saudi Arabia, Italy, Israel, Portugal, Switzerland, Norway, Georgia, Bulgaria, and Romania.

More than half of the accounts (52%) belong to Italian government officials, followed by Saudi Arabian government accounts (22%), and Portugal government accounts (5%).

Group-IB’s is a Russian IT security firm headquartered in Moscow, and it is considered one of the top global vendors of threat intelligence on the market. Head of Group-IB’s Computer Emergency Response Team (CERT-GIB), Alexandr Kalinin, explained that the access credentials were most likely for sale. Their research indicated that the hackers used fairly common pieces of malware and trojans to gather the list. The potentially used software names include Pony, AZORult Infostealer, and Qbot.

Mr. Kalinin believes the list was acquired over time from large samples of victims around the world and then categorized in public officials and privates. Although the credentials vary significantly in importance from local portals to high-level governmental websites, they still pose a high risk in the case of a determined attacker.

The compromised accounts were from a wide array of government agencies. They varied from accounts on local government sites to state-level agencies and official government portals. Some of the most high-profile access areas offered by the hackers include: Switzerland (admin.ch), Poland (gov.pl), Bulgaria (government.bg), Romania (gov.ro), Norwegian Directorate of Immigration (udi.no), Ministry of Finance of Georgia (mof.ge), Israel Defense Forces (idf.il), Italian Ministry of Defense (difesa.it), Ministry of Foreign Affairs of Romania, Ministry of Foreign Affairs of Italy etc.

“The scale and simplicity of government employees’ data compromise, shows that users, due to their carelessness and lack of reliable cyber defense, fall victims to hackers. Cybercrime has no borders and affects private and public companies and ordinary citizens, ” declared Alexandr Kalinin.

The Group-IB took the investigative initiative after following a discovery by Agari IT group who identified another group of scammers with a similar list of 50,000 global CEOs. Most likely used for cyber reconnaissance missions such as Business Email Compromise (BEC) scams.

Source: https://www.zdnet.com/article/over-40000-credentials-for-government-portals-found-online/