De-anonymizing ransomware domains on the dark web

#1 and #2 really should just be a part of #3: catastropic opsec.<p>I don&#x27;t know what it is about people who run these criminal enterprises on the darknet, but they constantly seem to be failing even the most basic of opsec. Re-using identities across multiple services, using e-mail addresses with real names, posting photos with identifiable information (and before websites stripped metadata for them, often posted with metadata), etc. I mean it&#x27;s nice that they are making it easier to catch themselves, but at the same time I can only wonder how some genius can invent some novel and complex ransomware operation just to turn around and use the email they&#x27;ve had since they were 13 to register the services that operate it.

Not sure why there&#x27;s a mystique over the &quot;dark web&quot;, they&#x27;re all still just websites, and suffer the same types of vulnerabilities.

This should come in handy if I ever have to run a website on the dark web

Looks like every server they busted broke at least one rule from the opsec info posted here just a month or two ago. Classic.

There is no silver bullet when it comes to protecting against ransomware. A ransomware attack A prime example of this was the WannaCry virus attack in May 2017, where 200,000+ computers worldwide were infected due to a weakness in Windows SMB EnternalBlue, which allowed hackers to hijack computers running on an unpatched Microsoft Windows operating system. Users were asked to pay anywhere from 300-700 bitcoins to decrypt the data in 3 days.<p><a href="https:&#x2F;&#x2F;www.spiceworks.com&#x2F;it-security&#x2F;cyber-risk-management&#x2F;articles&#x2F;ransomware-payment-to-pay-not-to-pay&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.spiceworks.com&#x2F;it-security&#x2F;cyber-risk-management...</a>

Basically they found some darknet onion sites whose operators reused the same unique favicon, self-signed TLS certificate, etc. on other sites hosted from public IP&#x27;s. And in one case left a secret key in a publicly-accessible configuration file.

Onion domains will never be good for anonymity. too big of a surface area, too much potential leakage somewhere

Did that last one remind anyone of Uplink[0]?<p>20 year old memories of proxying my ssh traffic through InterNIC just came flooding back!<p>0. <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Uplink_(video_game)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Uplink_(video_game)</a>

So certificates do not enable privacy they take it away.<p>SSL may stop your roommate or isp but they provide another vector for linking to other entities.<p>I wonder how many are using this technique to link web properties together.