This Week: Dark Web Jail Time and Facebook Buying Stolen Data

Next: The Rise of Hacking as a Service on...
Previous: Seasons Greetings from the Dark Web
"These bars can't hold me," he mused.
November 18, 2016

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

There are a lot of questionable practices online, and this week we saw a discussion on the ethics one of the most controversial practices – buying stolen data. Facebook recently announced that the it has been buying its users’ stolen credentials on the dark web in an effort to improve security. While some hail the move is innovative and proactive, others argue it encourages the theft of data and strengthens the market for stolen credentials. Meanwhile, a handful of netizens were served prison sentences, and over 400 million accounts were exposed in a breach of Adult FriendFinder.

Facebook Buying Credentials

At a conference in Lisbon last week, Facebook’s Chief Security Officer, Alex Stamos, revealed – rather casually – that the social media giant peruses dark web marketplaces, buying stolen credentials in an effort to improve security.

Facebook, like most companies with sound security practices, doesn’t store its users’ passwords in plaintext. Instead, they store hashes of users’ passwords. Hashes are produced by one-way, cryptographic functions; it’s significantly difficult, and sometimes impossible, to determine the original text when given only the hash.

What does this have to do with their latest dark-web dealings? When Facebook buys lists of logins from dark web vendors, they take those passwords and hash them in the same manner the site does when someone logs in. If the hash generated from the stolen data matches the hash in Facebook’s database for that user, then Facebook knows that user is at risk of being compromised.

Not surprisingly, this overwhelmingly affects Facebook users with weak and common passwords, and especially those who reuse those passwords across different sites and services. Facebook has since alerted millions of its users that their accounts have been compromised, encouraging them to craft stronger and more unique passwords for their accounts.

And although some may applaud this as an innovative effort to make security proactive, others are concerned about a dangerous precedent of paying cybercriminals, trafficking in stolen information, and fueling the market for compromised data.

In reality, data will always be at risk, and hackers will continue to grab the low-hanging fruit that are weak passwords. But perhaps buying the data outright isn’t the best solution, either, especially given the archives of credentials that are regularly leaked to the public. The cause may be noble, but it remains unsettling that the revenue could be used for even more harmful attacks.

Going Directly to Jail and Pay $50

Many dark web users turn to Tor for the anonymity. Because of the veil of anonymity, users believe they are less likely to be caught for criminal actions. Many people continue to get away with these activities, but a few people this week were not so lucky:

A 17-year old confessed to hacking UK ISP TalkTalk to impress his friends. He compromised 150,000 customer accounts and pled guilty to seven charges under the Computer Misuse Act.

A man who went to jail for 3 years after causing £27 million in losses in 2012. Now he is going back behind bars because he failed to declare a laptop that was gifted to him in Dubai, which he should have done under the UK’s Serious Crime Prevention Orders.

A German man received 22 months in prison for making 16 drug purchases on the dark web in 2013. The prosecution alleged that all purchases were of significant quantity and wanted him charged with drug trafficking. The defense, however, demonstrated that the size of the packages and money spent on purchases did not necessarily result in a large volume of drugs - at least, not a large enough volume to warrant trafficking charges.

Two men were also arrested in Romania for buying 50 grams of amphetamine on the dark web from the Netherlands.  The men had the package shipped to the address of an acquaintance who gave his permission after being convinced the package would only contain phone parts.

Zachary Ruiz, or “Mr. Mouse,” received a sentence of 4 years in prison and 3 years of probation for counterfeiting and conspiracy in Las Vegas.

One more thing: Criminals Find Friends Through FriendFinder

This week, 412 million accounts were exposed in a breach of the FriendFinder network of sites. Nearly 340 million users were stolen from AdultFriendFinder alone, while 62 million were stolen from, and 7 million were taken from Much of the sites’ information was stored in plaintext, meaning anyone who gained access to the database could read the passwords without any decryption. Among the stolen accounts were previously deleted accounts and many accounts with the password “12345.”

analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...