One can only wonder whether the information on the hard drive was encrypted or not…

The shut down plan follows arrest of one of its administrators, Cha0 (Cagatay Evyapan), by Turkish police earlier this month.

The whole story is covered in great detail this story on Wired’s Blog, Threat Level.  So, what’ next after DarkMarket.ws?

DarkMarket emerged after ShadowCrew.com was taken offline and I reckon it is not going to take long before another online community fills the void left by DarkMarket’s departure from the scene.

There are already a handful of other established online forums that cater to the needs of cyber criminals and new ones crop up all the time offering some high-value loot for those in need:

Fig. 1- A post on a DarkMarket wanna-be forum

Fig. 2: Same post, more details

Some of the more established forums would welcome the extra traffic that they generate from the less experienced DarkMarket users, looking for other market places to trade in:

Fig. 3: "Real-looking" credit cards packed with actual victim data are now being sold online.

Fig. 4: They sure do look "real"

Indepent trading sites are likely to see a surge in their business too as some of the cyber criminals are likely to deal direct without exposing any of their information on any online forums:

Fig. 5: One of the more "reputable" stolen credit card sales website.

Although none of the existing online hacker market places can truly replace the stature of DarkMarket, there is likely to be a surge in competition amongst the various online underground sites to try and reach the level of popularity that DarkMarket currently enjoys.

Any new community formed by the existing DarkMarket admins is likely to see stricter membership controls which probably served as the weak link for the forum; DarkMarket user-level access accounts were being retailed at competing forums privately for US$800 and above, just a couple of weeks ago.

It would be interesting to see what comes next after DarkMarket – and how the law enforcement agencies play catch-up with the notorious underground hacker market places.

The report states:

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western’s 1312 continental hotels since 2007.

Update (August 27 – 11PM +4GMT) – FOX News is reporting that Best Western has denied the extend of the hacking incident claiming the report by the Sunday Herald as “grossly unsubstantiated” and “largely erroneous.”

Best Western did, however, confirm that a hacker was able to penentrate its computer network in one of the hotels in Berlin and install a trojan on one of the computers designed to steal data.

The defendants come from U.S.; Estonia; Belarus; China, with one individual whose country of origin still remains unknown.

From the report:

Under the indictments, three Miami, Florida, men — Albert “Segvec” Gonzalez, Christopher Scott and Damon Patrick Toey — are accused of hacking into the wireless computer networks of retailers including TJX Companies, whose stores include Marshall’s and T.J. Maxx, BJ’s Wholesale Club, OfficeMax, Barnes and Noble and Sports Authority, among others.

The three men installed “sniffer” programs designed to capture credit card numbers, passwords and account information as they moved through the retailers’ card processing networks, said Michael Sullivan, the U.S. attorney in Boston.

We can speculate a plenty about the poor security deployed at the major retail stores that were affected, but what intrigues me the most, is not that they had wireless network and let their RF waves propagate far and wide, but that the affected stores did not learn from similar attacks that took place in the past.

Major card hacking rings today sell off the numbers to “wholesalers” who then go on to sell the numbers in the “retail market” by advertising the same on publicly available forums and IRC channels. A quick search on Google yields plenty of these postings:

Figure 1: Credit card nos. come cheap

Figure 2: Global credit cards nos.

Although the law is catching up with the card rings, it would do us all good if the available security technologies are implemented effectively and people trained to ward off social engineers.

Figure1: Skywards/Emirates account main page

Figure 2: Saved credit card information

Figure 3: Skywards member personal information

After going through the list, I reckon the accounts were compromised as a result of brute force attacks given the relative serial order of the listed accounts, and the inadequate authentication controls available on emirates.com.

Skywards members – update your passwords now!

Update (July 31,8:30 AM +4GMT): Emirates Airlines has acted swiftly to this threat and have added additional security measures on Emirates.com and Skywards.com websites:

Figure 4: Updated Skywards.com login page

Figure 5: Updated Emirates.com login page

A date of birth field is now required for authentication on both Emirates.com and Skywards.com websites. Additionally, client-side validation has been implemented (can’t confirm if this was available earlier though) that checks for valid Skywards membership number format.

A job well done – just what you would expect from a world-class airline!