The revived version of AlphaBay requires users to pay only in Monero cryptocurrency and is available through I2P.
The administrator of the underground marketplace AlphaBay, using the pseudonym DeSnake, is back to work. More than four years ago, the US Department of Justice announced the closure of AlphaBay. Thai police have arrested 26-year-old website administrator Alexander Cazes in Bangkok, and the FBI has seized control of AlphaBay’s central server in Lithuania, neutralizing the underground market. But the fate of one key black market player was never resolved – the second AlphaBay administrator, alias DeSnake.
DeSnake has now relaunched AlphaBay under its leadership. According to the administrator in an interview with WIRED, he left unscathed after the collapse of AlphaBay and intends to revive the former glory of the underground market.
The revived version of AlphaBay requires users to buy and sell goods only with the Monero cryptocurrency, which is much more difficult to trace than Bitcoin. AlphaBay’s dark web site is now accessible not only through Tor, as it used to be, but also through the less popular I2P anonymity system.
DeSnake said his work computers run an “amnesiac” operating system, such as the security-focused Linux distribution Tails, which is not designed for storage. According to the administrator, it does not store any compromising data on hard drives or USB drives, either encrypted or unencrypted. DeSnake has also prepared a USB-based “emergency shutdown” device designed to wipe the memory of his computers and shut them down in seconds if they ever get out of his control.
But all of these technical and operational defenses may be of less importance than geographic. According to DeSnake, he is in a non-extradited country, out of the reach of US law enforcement.
DeSnake wants to attract users with the promise of an as yet untested system, which it calls AlphaGuard. The system allows users to withdraw their funds even if the authorities seize control of AlphaBay’s servers again.
As DeSnake describes, AlphaGuard automatically leases and configures new servers if it detects that AlphaBay is shutting down. The administrator claims that AlphaGuard will automatically hack into other websites and host data on their servers, providing users with “exit codes” that they can use to save the cryptocurrency stored on AlphaBay.
DeSnake is also in the early stages of implementing a fully decentralized market system. In this scheme, programmers and server operators will receive a portion of the profits from the hosting markets, which form a vast dark web without a single point of failure.
Hundreds of malicious Tor nodes are used to de-anonymize users
Malicious servers were added to the Tor network on an ongoing basis, and there were hundreds of them.
Since at least 2017, a mysterious attacker (or group), tracked by cybersecurity experts as KAX17, has been adding malicious servers to the Tor network, acting as entry, intermediary, and exit nodes. How thinks a security researcher using the pseudonym Nusenu, the campaign aimed to de-anonymize users.
Nusenu, which itself is the Tor node operator, discovered malicious activity in 2019, but says KAX17 has been in effect since at least 2017. According to Nusenu, malicious servers with no contact information were added to the Tor network on an ongoing basis, with hundreds of them. At its peak, the network included over 900 malicious servers.
In general, servers added to the Tor network must contain contact information (such as an email address) so that Tor administrators or law enforcement agencies can contact node operators in the event of misconfiguration or reports of abuse. Despite this rule, servers without contact information are often added to the network, mainly to maintain their numbers.
KAX17 servers are located in data centers around the world and are mostly configured as exit and intermediary nodes, with only a small number of them operating as exit nodes. As Nusenu notes, this is strange enough, since most attackers who manage malicious nodes configure them as exit nodes, which allows them to modify the traffic. For example, the BTCMITM20 group managed a network of thousands of malicious exit nodes to attack users visiting cryptocurrency-related sites.
According to the researcher, KAX17 collects information about users connecting to the Tor network, and then determines their routes. Nusenu reported its findings to the Tor Project last year, and the servers were removed from the network in October 2020. Soon after, another group of exit nodes appeared in Tor with no contact information, but whether it was associated with KAX17 is unclear.
In October and November 2021, the Tor Project also removed hundreds of KAX17 servers. Neither Nusenu nor the Tor Project have speculated yet on who is behind KAX17.
US State Department employees’ smartphones underwent hacker attack
The iPhones of at least nine Ugandan US State Department employees have been hacked by spyware from Israel’s NSO Group.
US diplomats in Uganda have been targeted by a software tool developed by the Israeli firm NSO Group. If the fact of espionage against employees of the US State Department is confirmed, serious problems await the developer of the “master keys” for the iPhone.
Spyware, developed by the Israeli company NSO Group, has been used to hack iPhone smartphones by at least nine US foreign policy officials. This was reported by Reuters, citing sources. As the newspaper notes, this is the largest known hacking of the devices of American officials.
According to the agency, the hackers were only interested in department employees who either worked at the US Embassy in Uganda or dealt with issues related to the situation in this country. So far, it has not been possible to find out exactly who hacked the smartphones. In turn, the NSO Group said that they do not have information that their equipment was used for the cyberattack. The company also said that it is interested in cooperation with all governments and is ready to provide the required data.
As reported by Bloomberg, the fact of hacking was confirmed by Apple, which sent appropriate notifications to the victims.
As previously reported, Apple went to court in November and wanted to obtain a permanent injunction against the use of software products, services and devices by the NSO Group.
Microsoft has recalled changes in Windows 11 that made it difficult to change the default browser
The new Windows 11 developer build now offers a simple button to switch default browsers.
Microsoft has revoked changes earlier in Windows 11 that made it difficult to change the default browser. As reported by The Verge, a new test build of Windows 11 now allows users to set Chrome, Firefox, and others as their default browser with a single button.
Earlier this week developer Rafael Rivera discovered new changes in Windows 11. Instead of changing individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, Windows 11 now offers a simple button that lets you switch default browsers similar to Windows 10.
Microsoft has confirmed that the changes were intentional and are currently being tested.
“In Windows 11 Insider Preview Build 22509, released through the developer channel on Wednesday, we have optimized the ability for Windows Previewers to set the default browser for apps that register for HTTP, HTTPS, .HTM, and .HTML,” said VP of Marketing for Windows Aaron Woodman.
As previously reported, Microsoft is making a huge effort to increase the number of users on its Edge browser. In the middle of last month, Microsoft blocked certain methods to quickly change the default browser in Windows 11. The blocking was implemented in Windows 11 developer build 22494 and directly affected EdgeDeflector, which is used by hundreds of thousands of people. As Microsoft admitted to The Verge, the blocking was intentional.
Microsoft is still testing new changes in Windows 11 to make it easier to switch the default browser, but when they will become available to users is unknown.
Apple, Samsung and Xiaomi smartphones cannot do that. There was a video with the disassembly process of the modular Fairphone 4 and strength tests
The modular and most maintainable smartphone Fairphone 4 fell into the hands of blogger JerryRigEverything. In this case, we are...
Google makes life easier for Android TV owners by adding the ability to install apps from a smartphone
Google has made life easier for Android TV owners. These users can now install applications on their TVs directly from...
Computer in “credit card” format. Qualcomm develops Qompute Card concept despite Intel’s failure
Qualcomm is reportedly developing a concept called the Qompute Card. It involves placing all the basic elements of a PC...
Samsung has unexpectedly released One UI 4.0 on Android 12 for its two-year-old flagships. The beta version was received by devices of the Galaxy Note10 line
Samsung has unexpectedly released the beta version of Android 12 with One UI 4.0 for the Galaxy Note10 smartphones. Both...
Security4 days ago
Windows Defender scares sysadmins with false Emotet detection
Components6 days ago
Tesla Model Y 2022 gets AMD Ryzen processor instead of Intel Atom, auxiliary battery and laminated glass
Security3 days ago
Ex-Ubiquiti employee posing as a hacker may be imprisoned for 20 years
Headphones7 days ago
iPhone, iPad, Apple Watch, MacBook, AirPods and other Apple appliances have risen in price by 25% after the dramatic collapse of the national currency in Turkey