Dark.fail includes links to dark web markets. A scammer tricked a domain registrar into transferring ownership of the domain with a fake document.
A scammer used a fake court order to convince a domain registrar to transfer ownership of a domain that lists dark web drug markets, and then used that to point the sites to their own copies of the markets designed to steal peoples' bitcoin.
Hackers often make lookalike sites of dark web markets, but the use of a fake court order is unusual. It bears some similarity to how scammers use fake trademarks to convince Instagram to transfer ownership of valuable usernames.
"I had 2FA and PGP enabled on that account. I am not an idiot when it comes to security," Dark Fail, the pseudonymous admin of the site dark.fail which was a victim of the hijacking, told Motherboard during the account takeover late last week.
... After the domain hijack, the attacker replaced each link with a phishing site, according to a message on dark.fail posted after Dark Fail regained control of the domain.
"Each site looked real but instead shared all user activity with the attacker, including passwords and messages.
Dark.fail was registered with the privacy-focused domain registrar Njal.La, which in turn uses the registrar Tucows for .fail domains
read more (vice)
A scammer used a fake court order to convince a domain registrar to transfer ownership of a domain that lists dark web drug markets, and then used that to point the sites to their own copies of the markets designed to steal peoples' bitcoin.
Hackers often make lookalike sites of dark web markets, but the use of a fake court order is unusual. It bears some similarity to how scammers use fake trademarks to convince Instagram to transfer ownership of valuable usernames.
"I had 2FA and PGP enabled on that account. I am not an idiot when it comes to security," Dark Fail, the pseudonymous admin of the site dark.fail which was a victim of the hijacking, told Motherboard during the account takeover late last week.
... After the domain hijack, the attacker replaced each link with a phishing site, according to a message on dark.fail posted after Dark Fail regained control of the domain.
"Each site looked real but instead shared all user activity with the attacker, including passwords and messages.
Dark.fail was registered with the privacy-focused domain registrar Njal.La, which in turn uses the registrar Tucows for .fail domains
read more (vice)
Last edited: