SIMonline

Service receive & sending SMS

Selling SSL / TLS Certificates on Dark Web

109   |     /   Security
Selling SSL / TLS Certificates on Dark Web
SSL, TLS certificates and related services can be easily obtained on dark web sites, according to an academic study sponsored by Venafi, a company specializing in the protection of cryptographic keys and digital certificates.



Our site for receiving SMS will help you become an anonymous on the network and not give out a personal mobile number to suspicious sites during registration.

The study, conducted by researchers from the University of Georgia in the USA and the University of Surrey in the USA, is based on data collected from 60 marketplaces hosted on the Tor network and 17 websites on the I2P network.

Researchers found that five trading sites located on Tor (Dream Market, Wall Street Market, BlockBooth, Nightmare Market and Galaxy3) offer a stable supply of certificates and related services. The SSL search on these trading floors yields almost 3,000 results, which is much more than the number of results for ransomware (531 mentions) and “zero day” (161 mentions).

Some marketplaces, such as Dream Market, specialize in selling certificates and related services. SSL / TLS certificates can be very useful for cybercriminals, including spoofing websites, eavesdropping on traffic, data theft, and setting up fraudulent e-commerce sites.

In addition to the certificates themselves, some sellers offer various services, including after-sales support, domains that have been active for a long period of time - these so-called "outdated domains" make a fraudulent website more legitimate - and integration with legal payments like WebMoney, Yandex Money, PayPal, Stripe, Square and others.

The prices of certificates offered on dark web sites usually range from 260 to 1600 dollars. However, the researchers found one seller who offers certificates from reputable certification authorities for $ 2,000, as well as fake documentation that can help someone create a website for the company.

“This study found clear evidence of the rampant sale of TLS certificates on the dark network,” said Kevin Bocek, vice president of security and threat analysis at Venafi. “TLS certificates, which act as identifiers for trusted computers, are certainly a key part of cybercriminal toolkits such as bots, ransomware, and spyware. There is much more research to be done in this area, but each organization should be concerned that the certificates used to establish, maintain trust and confidentiality on the Internet are exposed to weapons and sold as goods for cybercriminals. ”

Venafi published one report (PDF)
https://www.venafi.com/sites/default/files/2019-02/Dark-Web-WP.pdf
titled “SSL / TLS Certificates and Their Distribution in the Dark Network.” However, only preliminary results of the study are presented in this report, and the company says that we should expect two more reports.

Similar news


PDF Signature Vulnerability

Researchers have warned that many popular PDF viewers and online verification services contain vulnerabilities that can be used to make unauthorized changes to signed PDF documents without losing their signature.

Windows servers are vulnerable to DoS attacks, Microsoft warns

Microsoft told users that Windows servers running IIS are vulnerable to denial of service (DoS) attacks based on malicious HTTP / 2 requests.

Cyberattacks using the WinRAR ACE archive

WinRAR, a popular data compression tool used by more than 500 million users around the world, is vulnerable to serious vulnerabilities that could allow arbitrary code execution through specially created ACE archives.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved