While the FBI was able to take down a number of popular Dark Web sites including the Silk Road 2, it seems the wide-ranging attacks targeted mostly fake sites.
Friend of TC Nik Cubrilovic has taken a closer look at the sites the FBI attacked and found that 153 of the 276 them were spam sites or clones.
“Of the 153 clone or scam sites, 133 were clones and 20 were scam or phishing sites,” wrote Cubrilovic.
What are clones? A bot called Onion Cloner [TOR Link] spent a number of months copying the UIs of popular sites. Hackers then used these clones to grab logins and passwords of popular dark web sites. This means that in addition to a few legitimate sites, the dragnet approach to take downs has attacked a number of outright fakes.
“For the following sites, the clone or fake version was seized while the real site remains live: Cannabis UK, CStore, Dedope, Executive Outcomes, FakeID, Fake Real Plastic, Hackintosh, Pablo Escobar Drug Store, Real Cards Team, Smokeables, Zero Squad. Some of these sites were mentioned in the FBI press release or court seizure notice as having been taken down when in fact the clones were seized.”
Interestingly, a number of legitimate personal websites were also taken down but went unmentioned in the FBI’s press release or court filings. Most damning, the FBI took down a Jihadi donation site clone on one TOR address while leaving the real site up and running.
Cubrilovic is asking site admins to contact him regarding their sites in order to assess how the FBI found and shut down the affected sites. It is clear that the federal cops were using techniques more familiar to the Keystone variety.