The darknet, also known as the dark web, is a concealed section of the internet that's inaccessible via standard search engines. You can only access it using special software, settings, or authorization. This area comprises websites and content that are purposely kept hidden from public view.
Accessing darknet requires using Tor Browser, a special web browser that routes your internet traffic through a global network of relays managed by volunteers. This way, it becomes very difficult to trace which websites you're visiting, and these sites won't know where you are located.
When visiting the dark web, use a secure browser like Tor, do not reveal any of your personal information, and don't open suspicious files or links to stay safe.
The Darknet is often utilized for secure communication, discreet information or file sharing, anonymous research without identity exposure, and occasionally for engaging in illicit activities. It is also recognized for hosting underground black markets(darknet markets), whistleblowing platforms, and discussion boards that champion freedom of speech.
While accessing Darknet Markets themselves is typically not against the law in most places, engaging with illicit goods within them is generally considered a crime. On the other hand, some people might visit Darknet Markets for lawful purposes such as research, journalistic work, or simply to explore online communities. It's essential to know the local laws regarding online activities, and be cautious when using these platforms to avoid any potential issues.
Europol Dismantles iServer Phishing Operation and Ghost Cybercrime Communication Platform
Law enforcement agencies have revealed the dismantling of an international criminal organization that utilized a phishing platform to unlock stolen or lost mobile phones.
A PhaaS platform called iServer has affected over 483,000 people worldwide. The highest numbers are in Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina (29,000).
Europol stated, "The victims are largely Spanish-speaking citizens from various countries in Europe, North America, and South America," in a press release about the operation.
Operation Kaerb involved collaboration among law enforcement and judicial bodies from Spain, Argentina, Chile, Colombia, Ecuador, and Peru. During a coordinated effort between September 10 and 17, an Argentine national was arrested. He had been developing and managing a PhaaS service since 2018.
The operation led to 17 arrests, 28 searches, and the seizure of 921 items, including phones, devices, vehicles, and weapons. It is estimated that around 1.2 million mobile phones have been unlocked so far.
"Group-IB says iServer was an automated phishing platform. Its unique focus on extracting credentials to unlock stolen phones set it apart from standard phishing-as-a-service models."
According to a Singapore-based company, iServer provided a web interface. It let low-skill criminals, called "unlockers," gather device passwords and user credentials from cloud-based mobile platforms. This allowed them to bypass Lost Mode and unlock the devices.
The administrator of this criminal syndicate sold access to unlockers. They used iServer for phishing and to offer their services to phone thieves.
These unlockers also sent fraudulent messages to victims of phone theft aimed at collecting data needed to access the stolen devices. This was achieved by sending SMS texts prompting recipients to click a link to locate their lost phone.
Clicking the link caused a series of redirects. It ended on a page that urged the victim to enter their credentials, device passcode, and 2FA codes. Attackers exploited these to access the device, disable Lost Mode, and remove it from the owner's account.
"iServer automates the creation and distribution of phishing pages," Group-IB stated. "The pages mimic popular cloud-based mobile platforms. It has unique features that boost its effectiveness as a cybercrime tool."
Ghost Platform Shut Down in Global Action
This announcement coincides with Europol and the AFP. They reported the dismantling of an encrypted communications network called Ghost ("www.ghostchat[.]net"). It facilitated serious, global organized crime.
The platform, sold as part of a $1,590 custom Android smartphone with a six-month subscription, was used for many illegal activities. These included trafficking, money laundering, and extreme violence. This follows a series of similar services, like Phantom Secure, EncroChat, Sky ECC, and Exclu. They were shut down under similar circumstances.
Europol noted that "the solution utilized three encryption standards and provided the ability to send messages that would self-destruct based on a specific code, allowing criminal networks to communicate securely, evade detection, counter forensic efforts, and coordinate illegal operations across borders."
Thousands of users are estimated to have utilized the platform, with around 1,000 messages exchanged daily before its shutdown.
Since the investigation began in March 2022, a total of 51 suspects have been apprehended: 38 in Australia, 11 in Ireland, one in Canada, and one in Italy linked to the Italian Sacra Corona Unita mafia group.
Leading the arrests is a 32-year-old man from Sydney, New South Wales, charged with creating and managing Ghost as part of Operation Kraken. Others were accused of using the platform for trafficking cocaine and cannabis, drug distribution, and fabricating a false terrorism plot.
Jay Je Yoon Jung, the administrator, is believed to have started the criminal operation nine years ago, earning millions in illicit profits. He was arrested at his residence in Narwee, and the operation also led to the dismantling of a drug lab in Australia, along with the seizure of weapons, drugs, and €1 million in cash.
The AFP reported that it infiltrated the platform's infrastructure to conduct a software supply chain attack, modifying the software update process to access content stored on 376 active handsets in Australia.
Europol remarked that "the encrypted communication landscape has become increasingly fragmented due to recent law enforcement actions targeting platforms used by criminal networks."