The rapid increase in the popularity of the dark web (Sanctuary Market) marketplaces in the recent years has drawn in the attention of two perfectly contrasting sides- the criminals and the law enforcement authorities. The anonymous nature of these platforms provides a good amount of safety to the online criminals. Simultaneously, the law enforcement agencies have upgraded their efforts to fight with these criminal activities that have been facilitated over the dark web.
The latest case in this daily belongs to one of the well known dark web marketplaces named as the Sanctuary Market that recently has become the victim of a cyber attack. The Market was hacked by an infamous hacker bearing the pseudonym “Cipher0007”. The Sanctuary Market was one of the growing markets of the dark web platform and was best known for the deals of the illicitly acquired digital information and the malicious tools such as a malware. The digital information makes up the maximum of the Sanctuary Market although there exits categories like drugs and gun sales.
The cyber attack could easily be carried out due to an injection flaw of the SQL, with the help of which the attacker could completely take over the the Market. SQL injection implies to a method that is mostly used to attack the data-driven applications like the databases. Often the hacker inserts malicious SQL statements into the entry fields for the execution like the dumping of the contents of a particular database to the hacker’s end. This is most probably what happened with the Sanctuary Market.
The Cipher007 exploited the SQL injection flaw and introduced a shell on the server of the Market. With this backdoor creation, the hacker was able to gain access to the certain sections of the backend. Finally, Cipher 0007 dumped the private key used for the .onion URL for the Sanctuary Market.