Typosquatting Thrives on Dark Web


Cyber crooks may be making a small fortune by typosquatting onion domains and scamming dark net market users. One group of cybercriminals boasted that they were retiring from the practice after making 200 BTC ($760,000) over four years from Tor-based typosquatting. Although claims made by criminals should always be viewed with scepticism, threat intel firm Digital Shadows reckons that the 800 domains the fraudsters claimed to have in their network are plausible, based on the frequency of the appearance of a sign-off note from the scammers on confirmed typosquatting domains. Creating a typosquat domain for a clear web site is fairly straightforward: Miscreants use a variety of techniques, ranging from using similar looking characters – such as a lowercase ‘L’ to replace a capital ‘i’ – or registering domains with Punycode characters that, when rendered in a browser, look similar to the Latin alphabet. Onion addresses are generally long strings (between 16 and 56 characters) featuring numbers and letters – resembling something closer to a hash value rather than a regular surface web address.

Image Source: www.digitalshadows.com

For example, if someone wanted a .onion domain to include the word ‘test’, Shallot would generate many different private keys until the associated domain includes ‘test’ at the beginning of the string. The length of time taken to generate a matching key is dependent on how many characters a user is seeking to match in the resulting domain. The technique opens the door to brand impersonation and domain squatting on the dark web. The threat of typosquatting domains is significantly higher for criminal markets on the dark web, in particular, because .onion domains for these sites are intentionally complex and complicated. They’re called “hidden services” for a reason. For example, a legitimate domain for the Tochka/Point Marketplace – tochka3evlj3sxdv.onion – had a doppelgänger typosquat domain at tochka3evevasc32.onion.

Image source: www.theissue.com

Source: Digital Shadows

Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #deep_web_links #Tor_.onion_urls_directories #Deep_Web_Sites_Links #Dark_Web_Links_Hidden_Wiki #Dark_web_directories


Please enter your comment!
Please enter your name here