8-10-17 Dark Web and Cybercrime Roundup

Club Promoter Sold Pounds Of Drugs At Events He Had Organized

A 40-year-old man from Atlanta, GA, organized concerts and events at nightclubs throughout the Southeast United States as an event organizer. He owned the club promotion company “Freakstep Promotions.” According to U.S. District Court Judge Madeline Haikala, the defendant also used his company as a drug distribution network. He planned events, ordered drugs online, and worked with his co-conspirators and employees to sell pounds of drugs at those very events.

In late 2016, USPIS Inspectors and US Customs officers intercepted packages containing 2,000 ecstasy pills each. As packages of drugs circulated the mail stream, federal agents profiled the defendants. Eventually they conducted controlled delivery on several co-conspirators and the enterprise owner himself. After his arrest, he admitted to his role as the “leader” of the drug distribution network that spanned Alabama, Georgia, and Florida.

He pleaded guilty to drug charges in April 2017. Half a year later, Judge Haikala sentenced the Atlanta man to serve 10.5 years in an Alabama federal prison. DeepDotWeb

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

Ryan Lin, a 24-year-old Massachusetts man, stalked and harassed his housemates and former-housemates online while evading local police through services like Textfree, Tor, and VPNs. He tormented one woman for more than a year after stealing personal files from her iCloud and Google Drive accounts. Hiding behind supposedly anonymous VPNs, he “cyberstalked” the victim to the extent that the stalking substantially impacted her life. Local law enforcement contacted the FBI who then requested logs from the VPN provider, ultimately resulting in the suspect’s arrest.

Best VPN Services: VPN Comparison Chart

Lin targeted the primary victim after he had moved in with her as a housemate. He allegedly stole her private information from her computer after moving into the house. Among the digital items stolen were the victim’s diary, her sexually explicit photographs, and information about her medical history. He then invaded the woman’s life by sending the explicit photos to her friends and family, Swatting schools under her name, sharing information about her medical background that she had never shared with anyone, and often spoofed his emails and texts to appear as if they had been sent from the victim’s computer or phone.

The FBI finally caught him after investigating a computer at his former workplace. His work computer, although it had been cleaned, still contained enough evidence to point agents in the correct direction; recovered data revealed that he had used or subscribed to PureVPN and WANSecurity. PureVPN’s logs linked the abusive internet activity to Lin, even though their privacy statement claims that the VPN provider does not “monitor user activity” or “keep any logs.” “We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers,” the site’s privacy policy explains. BleepingComputer

Adblocker Extension for Chrome Hid Monero Miner

Not long ago, the notorious torrent site known as “The Pirate Bay” made headlines for running a piece of Javascript in the background that secretly mined Monero. Secretly, in this sense, referring to the use of the user’s CPU to mine monero without notifying the user. The computer’s CPU usage spiked when visiting The Pirate Bay, so the secret surfaced almost immediately. (Also, fans make noise). A similar scenario recently unfolded, this time with a Chrome adblocking extension.

More than 140,000 Chrome users had downloaded “SafeBrowse,” the adblocker that mined Monero through the same Coinhive script that The Pirate Bay had used. Google pulled the extension from the Chrome web store after reports of high CPU usage started appearing on the extension’s rating page. The Mozilla plugin has been removed as well. For mining Monero in the background, a Chrome extension or browser plugin could be a profitable path if someone manages to successfully slip the code into a popular plugin. According to BleepingComputer, removing the guide from a Windows machine takes a bit more work than a Mac or a computer running Linux. The extension changed the default homepage, so the chances of this one flying low were astronomically

low. DeepDotWeb

Related on Reddit this week: AlpraKing’s effective bitcoin tumbling guide (This is not an endorsement of the guide).

Co-Admin of “The Love Zone” Sentenced to Two Years

Like PlayPen, the darknet child abuse/pornography forum The Love Zone attracted pedophiles from across the globe. And although Taskforce Argos infiltrated and took the site down several years ago, the court cases continue to make the news. Again, just like PlayPen. This admin, a 34-year-old from Denmark, received the minimum sentence for his role in the distribution of “disturbing” amounts of child pornography.

In addition to his role as a co-admin of The Love Zone, the 34-year-old also ran what appeared to have been his own site known as “DanBB.” His site, one exclusive to a more select demographic, concerned the prosecution. Apparently concerned them more than The Love Zone. DanBB contained only a more “serious” type of imagery that the prosecution described as particularly graphic.

Almost one year after pleading guilty to child pornography charges, the 34-year-old received his sentence from a Denmark judge. The minimum: two years in prison. He will, however, be permanently barred from working with children in any capacity. DeepDotWeb.

Cloudflare Bans Sites For Using Cryptocurrency Miners

The torrent site ProxyBunker took the path blazed by The Pirate Bay and implemented the notorious Javascript Monero miner by Coinhive that struggles to stay out of the spotlight. Cloudflare sent the ProxyBunker administrator an email that notified him of his violation of Cloudflare’s TOS. Nothing more. The administrator shot Cloudflare an email asking what part of the TOS he had violated, given that he had not knowingly violated any rules enforced by Cloudflare (allegedly).

Cloudflare responded with an email explaining that the ProxyBunker owner had installed Coinhive’s Javascript Monero miner and had not given users the option to turn off the miner. This, the administrator claimed, was inaccurate. Nevertheless, Cloudflare still considered the script to be a form of malware:

“Multiple domains in your account were injecting Coinhive mining code without notifying users and without any option to disabling [sic] the mining,” the Head of Trust Safety at Cloudflare wrote.”

“We consider this to be malware, and as such the account was suspended, and all domains removed from Cloudflare”

The domains were ultimately restored, albeit without the code and with a firm warning. TorrentFreak