Sign in / up

back to article Net narks phishing AlphaBay drug logins in clever redirect attack

Netcraft security man Paul Mutton says net narks have spun up a fake version of Alphabay Market, a popular darknet venue, in a bid to steal login credentials. AlphaBay is the brainchild of Russian carders that emerged in 2014 following the fall of drug haven Silk Road. The HTTP site is cleverly assembled to mimic the login …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Ole Juul

    Who are the "net narcs"?

    If ever you wanted proof there is no honour among thieves, this scam proves it

    I had to look back over the article and the only way I can read this is that the "net narcs", who are the ones pulling this scam, are thieves. Is that intentional, or is the message a bit garbled?

    2 0 Reply
    1. Mark 85
      Reply Icon

      Re: Who are the "net narcs"?

      Historically, narcs were the narcotics division of the police force. Then it became the name used on those who snitched, turned-in, or "narced" on the users/dealers. I'm not sure what it means in this context. My impression that these are just a different level of scum who have no intent on tattling on anyone.

      4 0 Reply
      1. Ole Juul
        Reply Icon

        Re: Who are the "net narcs"?

        "My impression that these are just a different level of scum who have no intent on tattling on anyone."

        That's how I'm reading it, but it's not clear since the traditional meaning of "narc" is (as you say) generally a branch of law enforcement.

        3 0 Reply
        1. Graham Marsden
          Reply Icon

          @Ole Juul - Re: Who are the "net narcs"?

          That was what I was thinking: ie it's a site which has been set up by the authorities so they can get log-in credentials from crooks to allow them access to areas they'd normally find it difficult to monitor.

          Confusing terminology.

          5 0 Reply
  2. emmanuel goldstein

    SOUNDS LAME

    The HTTP site is cleverly assembled to mimic the login page for Tor and includes a CAPTCHA.

    I don't really understand how a site accessed over HTTP could possibly be mistaken for a Tor hidden service.

    And...

    AlphaBay has an effective anti-phishing counter-measure: all accounts feature a greeting phrase (defined by the user on account set-up) which only the real site displays.

    1 0 Reply
    1. Old Handle
      Reply Icon

      Re: SOUNDS LAME

      Hidden services are still HTTP, aren't they? It's just tunneled through Tor.

      As to the safety measure, what's to stop a fake site from checking the real one to find out what greeting that user should get?

      2 1 Reply
      1. emmanuel goldstein
        Reply Icon

        Re: SOUNDS LAME

        Hidden services are accessed through a .onion address.

        AlphaBay's address is pwoah7foa6au2pul.onion

        The phishing site is accessed over the public internet using the URL pwoah7foa6au2pul.me.pn

        See the difference. Duh!

        I can't be bothered to explain how the secret greeting phrase protocol combats phishing. Trust me, it works.

        3 1 Reply
  3. Matt Bryant Silver badge
    Meh

    Scum rips off wannabe scum.

    Meh.

    1 1 Reply
  4. Anonymous Coward
    Anonymous Coward

    Http alphabay is stupid but..

    The personal phrase doesnt really combat phishing, just gives you an early warning that youve already been phished. It only displays it after you log on so you already gave the phishing site your password before you even see it.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like