Credit Cards on the Dark Web Black Market

Mark Twain used to write for the 150 year old The Atlantic magazine. So did lots of other well-known writers. Now the staid old publication has written some cybersecurity news. The Atlantic is known, or was known, for publishing what is called the long-form-narrative article. That means long articles written for people who actually like to read. These are typically 2,000 to 30,000 words long. Now everyone wants all their news in a Tweet and few people read long articles. I met The Atlantic publisher John Sullivan at an event a few years ago where he talked about the future of his magazine, which was and is losing money, as do most publications these days. Someone in the audience said he was one of those Tweeter-type readers who said there was no future in the long form narrative. Mr Sullivan agreed and said that he was going to focus less on the magazine in the future and more on the web site. I challenged both Mr Sullivan and the audience member on that and was very much surprised when Mr Sullivan backed away from his position. I reminded him that the people still do read the long form narrative and cited the famous cases of long form narratives of John Hersey’s “Hiroshima” and Truman Capote’s “In Cold Blood” that made a lasting impact on our culture. I felt pretty good having made this rich, genteel aristocrat recant what he just said.


The News from The Atlantic
This week The Atlantic is writing about how hackers are stealing Netflix accounts and selling them on the dark web. You sort of wonder why someone would want to do that as Netflix is dirt cheap already. Still people are doing that. The Atlantic says that Netflix said you are advised to go into your Netflix account and click Sign Out of All Devices. But just changing your password would be the easiest way to defeat this.

netflix accounts on hansa marketplace

When journalists write about hacking and the Dark Web like this they usually do not actually go onto the Dark Web to illustrate what they are talking about. But we are security writers, so we will do that here.

Netflix Accounts on the Dark Web
The Dark Web is that portion of the internet that you can only access with the Tor Onion browser. With Tor you can access web sites with the .onion suffix, like Hansa which is a search engine for onion sites. There you can buy everything from drugs, stolen credit cards, hire hackers, or buy kiddie porn. There are no DNS records for these websites, since they are not purchased from any domain registrars.

Here is Hansa:

hansa marketplace

If we type “Netflix” into the search engine, it shows ads for Netflix stolen account credentials priced in both dollars and bitcoin.

hansa marketplace selling netflix accounts

How They Stole That
Hackers have stolen Netflix credentials using both malware and phishing attacks. Google and everyone else needs to do more to educate people about phishing since this is so common and since there is no security awareness training for regular and vulnerable internet users, like your aged parents, who need to be told of the dangers of the internet. Only employees of a company get security training, if they bother to do that, as they should.

As you know the phishing attack is when someone sends an email out that is cleverly disguised to look like something legit, like the Netflix account setting page. The unwitting victim enters their password or credit card information there. Antispam engines are supposed to block such things. But at my email provider, for example, Zoho mail, their anti-spam and anti-phishing system over the past few weeks has fairly broken down. I am getting lots of emails now saying I have gift coupons waiting for at Macy’s or Amazon and I just need to click to redeem my award. I reported this to their support people, but nothing has changed, yet.

Symantec reported on the Netflix theft and explained that hackers are using the phishing approach to install Infostealer.Banload on victim’s computers which is designed to steal banking credentials. So not only has the victim given away their Netflix password they are giving away their banking account information too. That will no doubt end up being sold on the Onion market as well.

So if you read this send your parents and friends a link like this one, to educate them about falling victims to phishing scams. Send them this one too from Google on how to set up two-factor authentication.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal