nethone fraud ocean hero background
Share

At the beginning of 2021, a Russian group from the Darkweb started a very interesting project. They called it Dark News Magazine. It’s a monthly publication about the Darkweb, hacking, hackers, the drug industry, Darknet history, Darkweb services and generally about the underground criminal part of the Internet. I came across it during my studies of the darkweb and I'll present a description of some of the content here. It's an interesting snapshot of the culture and communities in and around the un-indexed internet. a review of a new publication for the darkweb lifestyle dark news magazine nethone fraud blog post Dark News Magazine was created as a free magazine for Russian language Darkweb criminals. As it can be accessed without charge, it is natural that organizers would want to get money by advertisements. At the time of this writing they have published three monthly editions. Introductory information about the first issue was published at the beginning of January on one of the biggest Russian Darkweb forums.
commercial cocaine DNM 02 edited Above: an ad in Dark News Magazine for a cocaine vendor from the Hydra darknet market.

After comparing the January and February editions of the magazine, some improvements are immediately noticeable. In newer editions, there are more ads and content. Looking at the 2nd issue, one could say that the project is evolving - they have more writers and more groups willing to pay for advertisements in magazines. I can't say anything about the third issue because I couldn’t get the March edition because of project owners problems with their domains.
An interesting thing in this magazine is the QR code on every page. Such a code can be scanned with a mobile app. By scanning you will receive a Dark News Magazine TOR address. On commercial pages there are also QR codes with vendor shop addresses (we hid all of the QR codes because we don’t necessarily want to help them get more clients).
The first issue had 24 pages, although only 15 contained content. The remaining 9 pages contained ads or have other informative purposes. Among the content part in the first number there were things that I was expecting to find and articles about things that for me were completely out of place. In the first category there was: hacking service descriptions, review of Darknet search service (they wrote about Recon about which I also wrote a year ago https://nethone.com/post/darknet-reddit-makes-search-engine-for-darknet-markets) drugs and Darknet history. What I wasn’t expecting was an interview with Blackart, the man who is a Darknet graphic designer who has already made graphic projects for over 200 illegal Darkweb shops. first number cover edited Above: the cover of the January issue.

Blackart – a graphic designer for the Darkweb

According to the article, Blackart started his work as a designer in a normal company in 2013. In 2016 he started using Darknet Markets as a casual customer. All he was doing was buying drugs, nothing more. But later he started to think about extra designer jobs. In this matter he contacted a drug shop in RAMP (you can read about the RAMP Darknet Market previous article), one of his favorite shops for drugs. At this time, most vendors on darknet markets (dnms) used simple graphics and fonts. Some of them used poor animated icons. Blackart could tell that they were obviously made by somebody without any proper graphic skills.

After the RAMP dnm seizure in 2017, Blackart went to the market that since then is number one in the Russian Darkweb – Hydra. As he claims, the Darkweb designer was rather new to the profession at this time and his income was pretty good – even 200k rubles per month. By the end of 2019 Hydra vendors used his service with joy and he had a stable income. Then the Covid-19 pandemic struck the world and it hurt the Darkweb economy also. Drug vendors’ problems with their shipments at borders and a growing overall lack of confidence forced them to limit their marketing budget. (Yes, don’t forget that criminals look at their activity from a business perspective. They invest, employ other people, make risky moves, make profit or loss like normal business people, but they probably lack empathy or morality). Since the pandemic started, the article’s hero has earned at best only 60-80k rubles monthly.
blackart edited 2 Above: an interview with darkweb graphic designer Blackart.

When asked about the biggest constant problems in his job, Blackart said something similar to other Darkweb players – lack of credibility and swindles. However it can be ironic, criminals that trick other criminals are not unusual. Sometimes vendors don’t pay for his work, so he usually accepts payments in 2 steps. The first after making the overall graphic concepts and the second after the job is done. His clients sometimes say that everything is ok after the first step and then they go dark. Also, criminal vendors in the Darkweb are not eternal and from time to time the administrators of dnms make exit scams, are busted or quietly disappear. Blackart also talked about his own problems with DNM Hydra. He claims that he has very poor support from market moderators. Although there is a special category on the market for designer services, he can’t write about it on a Hydra forum. Once when he wrote about it on a market forum, he got a permanent ban because of “spam.” And his old account with many positive opinions went to hell and he had to create a new one.

At the end, the “redactor” asked Blackart about more private matters: which drugs he uses, what he is looking for in the future, or did he think about other activities like drug trafficking. The designer admitted that in the current world situation it’s hard to plan anything and he is too paranoid to get involved in the drug business.

At this moment, Darkweb design services are easy to find in the Russian speaking Darkweb; in the English zone, it is much less popular. Currently on the Hydra DNM there are nearly 150 services under this category, but there are no listings for anyone called Blackart.
hydra design 2

Currently on Hydra there are over 150 graphic design services. This is a great example of how the Darkweb cybercriminal environment is diversified. Most of these designers probably only do graphics, so they are far from the stereotypical hacker - a dangerous cybercriminal who deceives peaceful Internet users. They are criminals who "only" make graphics for other Internet criminals: drugs shops, carding shops, shops with stolen accounts etc. They do not hurt anyone and maybe somebody would say that they don’t do anything obviously wrong. But still, by taking dirty money payments from criminals and paying provision to darknet market administrators they are taking part in money laundering.

The February issue of Dark News Magazine

The second issue has 29 pages among which there are 25 with content. Ads are again mainly from drugs vendors, but article subjects are much more diversified and numerous. Articles are about: drugs (including bakery recipes with cannabis and list of the biggest drug seizures in Russia in 2020), gambling, graffiti designer, Mexico organized criminal groups, and safe communicators. But the most interesting are Darkweb threat actors catalog and an interview with travel carder. Below you can find a summary of the last one. second number cover edited Above: cover of the February edition of Dark News Magazine.

Blue Sunset – travel carding and hotel carding services

The interview with vendor "Blue Sunset" is evidently a sponsored article, which is very interesting taking into account air travel limits caused by the pandemic. The “Redactor” conducting the interview is taking the role of an old client. He mentions how he orders travel service. Everything in the interview is extraordinary, as Blue Sunset has many clients and he remembers them all. Conversation begins with an expansive description of a party in some Asiatic exotic country made by one happy customer. In my opinion they overdo it with the “high life” narration: drugs, parties lasting several days in a 5-star hotel, women dancing on tables and doors opened in every room to prevent anyone from going to sleep. And everything is described in street slang with maybe a little too much use of the word “bro." That shows what kind of people this advertisement article is directed at: young, drug party participants, who would like to “live fast and die young.”

Blue Sunset claims to have made over 3000 reservations. Although his “brand” is not very old, as it showed up in spring 2020, he probably worked under another brand before. According to his offer on one Darkweb forum, he sells hotel/ villa rent/ apartment rent/ for 30-35% of its real price. Flight tickets cost 45-60% and car rent cost 40-45% of its real cost. In the hotel case the minimum real cost of service is 50.000 rubles, so for the fraudster the minimum income is 15.000 rubles. For flight it is 40.000 and 20.000 rubles. He can also provide counterfeited travel documents, but here the price is not precise. He accepts payment in BTC, Qiwi, Yandex Money (these 3 are rather standard for Russian Darkweb criminals), Visa and Mastercard credit cards, Western Union transfers (these 3 are, at the time of this writing, less common). As the main communication channel with new clients he uses Telegram. We can assume that he is quite popular looking at his 9 imitators on Telegram. The most popular fraudster services attract the most imitators.
Blue Sunset forum1 page 2020 04 27 edited Above: the Blue Sunset offer on the famous Darkweb Russian forum. Main part of the offer is the price list. According to the topic owner his service has more than 1300 positive recommendations.

In the interview, there is a description of ordering Blue Sunset service. The carder admits to using many tactics to get air tickets and hotel reservations: he uses stolen credit cards or Paypal accounts or hacked accounts (from travel websites) with reward points. Blue Sunset claims that he always frauds air tickets exactly in departure and hotel on the first booking day. Thanks to short-term cancel, risk is minimized.

Blue Sunset also responded to one of the most asked questions in the travel carding business – is using carded hotels and flight safe for his clients? Even on fraudster forums, especially non-Russian, many users have doubts about fraudulent travel service, underlining one crucial thing: what if you bought a carded hotel room, you are already in this hotel and the credit card payment is canceled? As you might predict, he claims that this is more safe than people think. This interview is his commercial after all.

Sunset pointed out that prison is the worst case scenario here, and only if nobody covers the canceled payment. If a client has money with him, he can do it in a hotel. If not, the travel service will try to do it. As he said: “they phone you and inform you about payment problems and ask to go to hotel reception during the day. They could worry and ask the hotel security service for help, but they never react drastically from the start. They wouldn’t run into your room with guns and demand to surrender.” But he admitted that there are states where the situation could be much worse and most travel vendors don’t fraud travel to them. These are: China, Hong Kong, Thailand and the United Arab Emirates. “Redactor” mentioned Sunset competitor named “Just do it” who got not quite happy feedback from one client on a forum. He posted a photo piece of paper with “Thanks for holidays Just do it” with prisoners and prison in the background. We could wonder if Blue Sunset paid extra to Dark News Magazine for making black PR of his competitor. blue sunset first page edited Above: interview with carder Blue Sunset from Dark News Magazine.

Carder talked also about some security measures. He doesn't keep client information after the reservation is completed. He claims that every single piece of information about certain clients is kept only on one device. That would mean that he had to communicate with clients and make carding from the same device. That brings many interesting questions about his modus operandi. Does he use 1 device for 1 action and then throw it away? Criminals call such devices “burner” phones or laptops. Or does he use that 1 device for multiple carding attempts? Then he would need to take some steps and use software for deletion of his previous deeds on equipment. I leave it as food for thought.

At the end of the interview, the “redactor” asked a very interesting question. Why don’t fraud travel services advertise on social media and in the Clearnet? Why don't they try to get more clients, who want to pay less for their holidays? Blue Sunset has no doubt--It is safer to stay in the shadows. This type of service is not familiar for people outside Darkweb and you don’t hear about it in casual videos about Darkweb in Youtube. Their resellers also know about it and adapt to discreet rules. At the end he made one important statement, however we have no proof that this is true. According to him, some part of last minute travels in legal tour agencies comes from services like Blue Sunset. blue sunset third page edited Above: such photos are a typical way that happy clients recommend fraud travel vendors. It can be found on every forum topic or Telegram channel made by such vendors. Of course this interview also had to include it!

Live fast and die young? The future of Dark News Magazine

The project's future is not clear. In the beginning they were making progress and the second edition was better than the first. But the third one was not accessible because project domains stopped working before mid-March. And it’s not only domains: the project owner stopped showing on the forum after 13th March. His latest posts were about a new issue and problems with project websites. He managed to show a new cover and informed that problems will be solved soon. 3 weeks passed and nothing was solved. Is it the end of this brand new criminal press initiative? We will see.

At this moment, this is all we could get for the March edition: dark news magazine march


Share

Financed by: