FBI takes down Dark Web site the “Silk Road”

seized

Pretty big news in the computer world today as the FBI took down one of the most prolific dark web sites on the internet, the “Silk Road”

The Silk Road has been in about every major news story about the online drug trade for quite a while now. The site seemed to operate with impunity as it blatantly offered illegal drugs for sale online in the Hidden Web, or Dark Web, as it is called.

The Dark Web is not accessible via normal internet browsing, you need a program like Tor to access the hidden sites. The Dark Web is a haunt for illegal goods, and services and the Silk Road was one of the most popular sites.

The website not only offered to ship illegal drugs in an envelope to any location, they also offered illegal services like forged documents and access to hacked accounts. You could even pay for these services with the anonymous currency “Bitcoins”.

According to reports the website generated about $1.2 Billion in sales over 30 months of operation.

The alleged sole creator and operator of the site, 29 year old Ross Ulbricht, also known as “Dread Pirate Roberts”, was arrested and appeared in Federal court today.

Apparently federal cyber crime experts compromised the Silk Road server on July 23, 2013 and were able to pull data from the system. A bit ironic as Ulbricht allegedly hired a hitman to take out a user who was threatening to release the identity of thousands of Silk Road users.

Cudos to the FBI Cyber Crime team, this is a huge move to combat online cyber crime!

Advertisements

The Jester’s Website Seized by the DHS ICE

Jester Seized

Popular Patriot Hacker seems to have had his website seized by the Government. Anyone surfing to his website today (http://www.jesterscourt.cc/) were greeted with the message above.

According to the notice, the website was seized by the Immigration and Customs Enforcement (ICE) – Homeland Security Investigations division.

According to their website:

“The ICE Homeland Security Investigations (HSI) directorate is a critical asset in the ICE mission, responsible for investigating a wide range of domestic and international activities arising from the illegal movement of people and goods into, within and out of the United States.”

That sounds pretty odd, but you would think the next paragraph would seem more pertinent:

“HSI investigates immigration crime, human rights violations and human smuggling, smuggling of narcotics, weapons and other types of contraband, financial crimes, cybercrime and export enforcement issues. ICE special agents conduct investigations aimed at protecting critical infrastructure industries that are vulnerable to sabotage, attack or exploitation.”

But the kicker is the message about “Willfull copyright infringement”. That is rather odd. Not sure how that corresponds to his website, other than he was selling “Jester” themed merchandise from it through the Zazzle store.

Going to the Zazzle store and clicking on any of the Jester Shirts produces an error message saying the shirts are no longer available or have been deleted:

Jester Zazzle

Haven’t seen any mention of the seizure on the Jester’s Twitter page, though it seems from his posts that he is currently at the Black Hat conference in Vegas.

Wow, copyright infringement, how odd. Not at all how I imagined the feds coming after the Jester.

** Update ** Jester’s Page back online, Questions remain

US Department of Defense Cyber Crime Center Website Down

DC3 Down

Just going through the Twitter feeds and one of our favorite security professors that we follow mentioned that the US Department of Defense Cyber Crime Center (DC3) was down:

DC3 Down Twitter

As this article is posted, the site still appears to be offline, see screenshot above from the “Down for Every One or Just Mewebsite.

A quick check of DC3.mil through whatsmydns.net also shows that numerous global DNS servers can’t communicate with it:

DC3 DNS Propagation

It doesn’t seem to be completely down as pinging the address does return a response from the hosting company. But the web server is definitely offline.

According to Wikipedia, “The Department of Defense Cyber Crime Center (DC3) is an United States Department of Defense agency that provides digital forensics support to the DoD and to other law enforcement agencies. DC3’s main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations from the Defense Criminal Investigative Organizations (DCIOs), DoD counterintelligence groups, and various Inspector General groups. The Air Force Office of Special Investigations is the executive agent of DC3.

DC3 also hosts a popular annual Digital Forensics Challenge.

Not sure at this point if it is just a technical problem, scheduled maintenance or possibly the work of hacktivists. Though a quick search of the normal hacktivist news feeds didn’t net anything.

We will post an update as soon as we know more.

Exploits found in Java 7 Update 11 just Released to fix Zero-Days

Java Setup

Those that rushed to deploy the latest Java update to plug remote exploit vulnerability woes aren’t done yet. Looks like the exploit still exists in the new version and can be exploited by two new security vulnerabilities.

Security Explorations company founder and security researcher Adam Gowdiak released the warning today on Seclists.org Full Disclosure:

“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21).

…As a result, two new security vulnerabilities were spotted in a recent version of Java SE 7 code and they were reported to Oracle today (along with a working Proof of Concept code).”

This is a serious concern as many companies need Java and can’t just simply “turn it off”. Hopefully another security update will be released soon.