Author Archives: David Hétu

Where does stolen data go?

The recent indictment of 4 Chinese nationals gives us an opportunity to talk about a topic that touches everyone who has their personal or account information stolen: Where does stolen data go? You are in luck: to a script kiddie … Read More

The Truth Behind Joker’s Stash / Wawa Announcement

Over the past two weeks, all the leading news agency have reported that the millions of credit cards stolen at Wawa’s stores in the United States in 2019 have been put on sale on the dark web. While accurate in … Read More

What Does The “Free” in Free Food Really Means?

Hijacked accounts are one of the most common items available for purchase on the online illicit markets. On our blog, we’ve discussed in the past the issue of bank credentials being put up for sale. We now want to highlight … Read More

Trying Too Hard to Attract Buyers Can Backfire

Malicious actors face a difficult task in online illicit markets. How can they convince others that they are offering a high quality service (ex. selling stolen credit card numbers) without exposing themselves to arrest or providing their victims (ex. financial … Read More

46M cracked passwords – Are people getting better at securing their accounts?

A little over a year ago, malicious actors hacked the MyFitnessPal service. With 143 million users, this was one of the largest hack of credentials ever reported. Now, as Flare Systems is launching its leaked passwords check service, we present … Read More

The Changing Costs of Cybercrime

The Workshop on the Economics of Information Security generates year after year some of the best research on information security. This year is no different with the publication of a new paper on the costs of cybercrime. Here are the … Read More

Extracting Intelligence From Criminal Complaints

On May 3rd, law enforcement agencies announced that they had seized the servers that hosted the Wall Street darknet illicit market. They also arrested the market’s administrators. A copy of criminal complaint is now published publicly. Criminal complaints like these … Read More

What Can We Learn From The Bitcoin Address of a Darknet Illicit Market

The researcher Caleb (@5auth) recently discovered the bitcoin address that the darknet illicit market (Wall Street) administrators used to manage all the purchases made on their market. This leak demonstrates just how much intelligence can be gathered using our BitCluster … Read More

How Relevant Are Darknet Illicit Markets?

The lifespan of most darknet illicit markets is very limited. While some remain active for years, most only stay online for months. With the recent shutdown of Dreammarket and Wall Street, many people are currently asking themselves: are darknet illicit … Read More

Clustering banks based on the offenders targeting them

Banks are all in the business of protecting savings, loans and helping invest. As a result, banks commonly share many practices and tools. In this blog post, we demonstrate how malicious actors tend to target the same group of financial … Read More