Darknet OpSec

Today, 24 August 2024, Pavel Durov, founder and CEO of Telegram, was arrested at Paris Le Bourget airport. The arrest took place as Durov was getting off his private jet, following a search warrant. The operation was conducted by the French secret services, according to unofficial sources, but this information remains to be confirmed.

I find it totally insane just how many people, including criminals, drug dealers, and the people from our favorite glowie honey pot forum, are still using Telegram. Telegram provides no fundamental security or privacy, unlike many other tools out there like XMPP via OTR.

The only reason so many of them use it is because they turn a blind eye to whatever happens on the platform. Similar to how kik was used by chomos to share cp. Technically against the ToS, but nobody gave a fuck to moderate anything. Both are similar enough to other social media apps and instant messengers, so any retard with a phone can install and use it, which itself is retarded.

France is fucked and the feds are going to be all over this one and who knows how much data they are going to extract. No idea if deleting your messages and account will do any good, but I sure as hell would do it.

Also look at some other tools, like Session, XMPP over OTR or SimpleX. Really, there are too many messengers out there that fulfill the same purpose. Use Tor, learn how to spin up VMs, and practice some decent opsec.

If you still want to use Telegram, at the very least use an SMS verification service or get an anonymous sim and pay in monero. Don't hand out your real fucking phone number like a retard and don't tie your identity to it, if you are sailing the high seas.

You can find SMS verification services on monerica.com and on KYCnot.me (Tor Link).

Link to dread post: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/d6a56794e6cd83ef8334

#telegram #arrest #xmpp #monero

Today, May 15, 2024, BreachForums, a notorious hub for cybercriminal activities, was taken down by the FBI and DOJ, with help from several international law enforcement agencies. While this is a big win for law enforcement, the real buzz is about the bold statement made by the threat actor known as USDoD. He’s promised to bring the forum back and keep the community alive.

I tried using standard notes, but it doesn't work with Tor on the safest settings, which defeats the purpose for me. It seems to me like the entire Proton suite at this point is targeting privacy normies for the most part. Really wondering whether Proton is going to copy Google and Microsoft completely and acquire other projects to build a productivtiy suite with office tools and video chat.

I've been trying to find some options for a separate project I have which needs to accept Monero. I found some open source projects, but this one seems to be easiest.

I'm putting together a spreadsheet that lists out different web hosting providers that accept crypto in some form or another. Additionally, it contains information on each of the providers, server locations, AUP, and other information that may be useful when choosing a provider.

It is a WIP, so I will be updating this on the go. Other criteria that will be added is located in the previous lemmy post https://lemmy.kikuri.moe/post/13.

I'm open to feedback and other recommendations that we could add to the spreadsheet.

DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.

In late January, the Bureau of Industry and Security of the US Department of Commerce published a formal proposal for a new KYC (Know Your Customer) rule regulating infrastructure as a service (IaaS) products, i.e., cloud infrastructure providers.

The KYC component in question here is the Customer Identification Program (CIP), among other requirements related to IaaS.

In the notice, which also calls for comments to be submitted by the end of April, the government agency cites the January 2021 Cyber Executive Order on “Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” and claims that a proposal is “a significant step” toward implementing it.

This order was issued by the Trump administration; but in the fall of last year, Biden’s White House issued its AI Executive Order that reports said requires foreign resellers of US IaaS services “to undertake almost identical KYC activities to those proposed in the Cyber Executive in relation to US providers.”

The department claims that the proposed rule was prompted by the desire to advance US national security interests, specifically targeting malicious foreign actors and hackers that cause damage either to critical infrastructure or said national interests.

If adopted, the rule would require US IaaS providers and those reselling their services abroad to “verify the identity of their foreign customers” and report to the department if those products are used to train large AI language models.

The minimum identification requirements include name, address, means and source of payment, email address, phone number, and IP address of a customer.

US IaaS providers who are found to violate the rule will face civil (money fines) and criminal penalties envisaged in the International Emergency Economic Powers Act – either a quarter of a million dollars or twice the value of a violating transaction, whichever is higher, while criminal consequences range from a fine of up to one million to 20 years in prison – or both.

The US government claims that US-run cloud servers are being used by malicious foreign actors for espionage, intellectual property theft, and targeting of critical infrastructure, and uses this argument to justify drafting the upcoming new rule.

It also complains that temporary registration “and ease of replacement for such services” makes it difficult for the government to track its targets.

And because currently, foreign resellers are not under obligation to track identity – US law enforcement finds it difficult to “obtain identifying information about malicious actors through service of compulsory legal process.”

Visa – one of the world’s two biggest payments processors – appears to be moving into biometric data-based authentication, at least according to a patent it has applied for. And Visa claims that this would be fully privacy-friendly.

Visa is in this way joining Mastercard, but also Microsoft and Google, who are all exploring ultimately similar methods, for the sake of what they say is preventing physical data theft, and abuse of deepfakes.

And Google’s, Apple’s and Samsung’s payment services already provide the so-called seamless payment experience – while Amazon app’s Just Walk Out replaces checkout with what’s said to be “a similar experience” to what Visa plans to achieve.

If Visa’s patent – designed, according to the giant’s filing, to provide “biometric templates for privacy preserving authentication” – is approved and implemented, the end result would be replacement of PINs with biometric identification.

The method would be used at ATMs, payment checkouts, and Visa made sure to note that the technology’s use can be extended to unlocking apartments or letting people into venues like theaters, amusement parks, etc.

These latter, non-payment scenarios would allow Visa to monetize the patent via licensing to other companies.

The rationale for using such a system is said to be to improve security of user information in physical spaces.

The patent states that the system would work by customers enrolling into the program which means creating “a biometric template” on their device.

This data is encrypted and signed, and that signature, rather than the biometric information, is used by “access device” to verify the signature.

This, Visa said in the filing, is what preserves privacy, since the templates are stored on the user device rather than “in some giant database.”

This appears to be the key point the company is trying to make with the proposed patent, and was careful to stress that security breaching of such databases results in “disastrous” consequences.

That’s because the use of biometrics is at once safer than that of PINs and passwords, but also much riskier, given that unauthorized access provides those behind a hack to a large amount of personal information.

New documents pull back the curtain on the federal government's shocking push for mass financial surveillance that reportedly targeted millions of Americans.

cross-posted from: https://lemmy.kikuri.moe/post/16

Keeping the data on your devices safe is a crucial part of practicing good digital hygiene and operational security, including keeping your data private from threat actors and ensuring data integrity. In times like these, if you want your data to remain private and secure, you will have to take additional steps to securing your data. Luckily, encryption tools like VeraCrypt make this process easy and mostly painless.

Ruling states that under Charter, there is 'reasonable expectation of privacy' associated with IP addresses