Mastodawn

Samppa Kytömäki Mar 11, 2024

If you bought or sold something on the darknet bazaar Incognito Market, you may be in for a surprise. Apparently Incognito is now extorting all of its former users, saying that depending on their vendor level, not having your info leaked could cost between $100 and $20,000.

BrianKrebs Mar 11, 2024

BTW, this mass extortion attempt comes just days after Incognito pulled an exit scam. So, this is a double whammy for users and vendors.

https://cointelegraph.com/news/bitcoin-monero-reportedly-stolen-darknet-market-exit-scam

Millions in BTC, XMR possibly stolen after reports of darknet market ‘exit scam’

Darknet marketplace Incognito is being accused of an “exit scam” which could mean dark web users are out millions in Bitcoin and Monero.

Cointelegraph

BrianKrebs Mar 11, 2024

The Incognito homepage now includes a list of vendors by name, indicating in green which vendors have supposedly already paid to keep their customer data from being published.

Goblin Mar 11, 2024

@briankrebs Does that mean that shady people with no morals actually act accordingly?

I`m like totally surprised...

Jonas Mar 11, 2024

@briankrebs
Good to know that *checks notes* AmphetamineCowboys care about their customers!

doragasu Mar 11, 2024

@magnetic_tape @briankrebs AmazonCrime seems a lot more privacy friendly than regular Amazon 😂

Weltzeitgeist Mar 11, 2024

@briankrebs lmao. 😂

Harald now @ treehouse.systems Mar 11, 2024

@briankrebs No honor among online slum lord criminals

BrianKrebs Mar 11, 2024

The full story I filed on this is here

https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/

Incognito Darknet Market Mass-Extorts Buyers, Sellers – Krebs on Security

watchtower Mar 11, 2024

@briankrebs your LinkedIn link needs to be scrubbed btw, if you click on it it shows a login with your name and email address.

BrianKrebs Mar 11, 2024

Just realized I've been posting about Incognito Market all morning without explicitly stating what it is. It's mostly a narcotics market. When you sign up for a new account, you're greeted on the landing page w/ an ad for 5 grams of heroin.

Brutha_analog Mar 11, 2024

@briankrebs I'm in! J/k!🤣

@briankrebs OH NO

Huubje Mar 11, 2024

@briankrebs what do the heroine reviews say? My friend isn't interested unless it's 4+ stars.

alex Mar 11, 2024

@briankrebs how is their web design so good 😭

epiPelagic Puck Mar 11, 2024

@briankrebs
So it's the Amazon of drugs? Treats delivered to your mailbox instead of buying off the street. Much safer, right? Oops.

JohnOCFII Mar 12, 2024

@briankrebs Is that a good price? Couldn’t track it on camelcamelcamel.com

BrianKrebs Mar 11, 2024

Stole this meme posted on my LinkedIn page by a reader

Mighty Orbot Mar 11, 2024

@briankrebs now that’s a novel way to create a retirement pension.

Ben from CDS Mar 11, 2024

@mighty_orbot @briankrebs That depends on who was selling, there are going to be a good few organisations with whom it will solve your need for retirement funds in a rather more final way.

cultdev Mar 12, 2024

@glenatron @mighty_orbot @briankrebs yeah this is pretty brazen…if they’re smart they’ll have removed those accounts before going live with this little stunt. otherwise… 😬

Troed Sångberg Mar 11, 2024

@briankrebs That's absolutely awesome. Outlaws 101.

Kenneth Mar 11, 2024

@briankrebs
Play stupid games, win stupid prizes.

Epiphanic Synchronicity Mar 11, 2024

@briankrebs Gosh, I knew Incognito Mode in Chrome wasn’t all that private, but sheesh, I never thought Google would do anything like this…

CautionWIP (he/him) 🏳️‍🌈🇨🇦🕎Mar 12, 2024

@EpiphanicSynchronicity @briankrebs Anybody who can’t reliably commit to “don’t be evil” is pretty much cleared for any and all possible shenanigans, tbh..

@[email protected]Mar 11, 2024

@briankrebs wait ... what ever happened to honor among thieves! These thieves have no honor!

Knut Branson Mar 11, 2024

@ozoned @briankrebs they're giving thieves a bad reputation.

missed_sla Mar 11, 2024

@briankrebs You mean to tell me that a darknet drug and crypto marketplace is less than honest?

Shark Attak Mar 11, 2024

@briankrebs
Sad times, when you can't even trust your pusher anymore.. *shakes head*

Ether Diver Mar 11, 2024

@briankrebs someone is gonna get murdered over this. Maybe several someones.

Andreas K Mar 11, 2024

@briankrebs
There is no honour among thieves.

katzenberger Mar 11, 2024

@briankrebs So you're expected to press »Purge records« and pay US$ 5,000 for that - right after having read »And by the way, your messages and transaction IDs were never actually deleted after the "expiry"«? 🤔

Ravindra Kanodia Mar 11, 2024

@katzenberger @briankrebs if I were the operator, I would only release the records of those who paid. Presumably that's where the good stuff is anyway.

Jonathan Mar 11, 2024

Don't pay for the first purge. Wait for the "real" second one, for sure, and just pay for that one 🤡

Ravindra Kanodia Mar 11, 2024

@briankrebs what a pleasantly old-school crypto scam

Christina Lekati Mar 11, 2024

"Never wrestle with a pig. You both get dirty and the pig likes it" 🙃

THIS ACCOUNT HAS MOVED Mar 11, 2024

@briankrebs ha ha ha ha ha

Dan Q Mar 11, 2024

@briankrebs I am simultaneously amazed and unsurprised.

Unsurprised that a darknet marketplace would pull this. Seems exactly in their MO.

And amazed that sellers and buyers would share enough unencrypted information that extortion would be a significant threat to them!

Sure, a marketplace can (and in this case, has) steal all the money stored with them, but my understanding was that sellers and buyers communicated with one another mostly over PGP/GPG?

Possibly I just don't understand how these things work in practice!

laurence Mar 11, 2024

@dan @briankrebs Sounds like:
Incognito market encouraged people to use PGP. They listed public keys (never mind the issues that can come with that).

They also had a built in "encryption" feature for those who didn't want to learn how to use PGP. It would encrypt your message server side with the vendor's public key.

Anyways, I guess they were recording those messages' plaintext. Those who used PGP are fine.

peterb Mar 11, 2024

@briankrebs OMG why did nobody warn me that criminals weren't trustworthy

Alopece Mar 11, 2024

@briankrebs Well, ok. But I'm going to need an iron-clad, pinkie-promise that you won't decide to publish my data anyway or just give it to the police in exchange for leniency, after which I would be guilty of conspiracy to conceal evidence as well on top of whatever else. No, you know what? A DOUBLE PINKIE PROMISE!

Räucherkäse Mar 11, 2024

@michaelvcooper1 @briankrebs

Claire Mar 11, 2024

@briankrebs this is kinda hilarious but also bad but also kinda hilarious

AskPippa🇨🇦Mar 11, 2024

@briankrebs Criminals exploiting criminals. I mean, there can't be many non-criminal reasons to have used this service.

Andy Mar 11, 2024

@briankrebs Anyone buying and selling on the dark web probably deserves to be taken for a ride. Does the extortion issue really come as a surprise?

Michael Kohne Mar 11, 2024

@briankrebs Love it when the bad guys turn on each other.

Ilgaz Mar 11, 2024

@briankrebs They are basically extorting a really big number of real life criminals at the same time.

This is like wondering around in New York streets in the 1920s and shouting you will tell the police about every single mob transaction& boss identity.

I don't think the people involved will carry on the conversation "online".

Kevin Lyda Mar 11, 2024

@briankrebs lolz. Who could have guessed.

Androcat Mar 11, 2024

@briankrebs This is to be expected, really.

coldclimate Mar 11, 2024

@briankrebs At least these info stealing criminals are open about it.

Francis ☑️Mar 11, 2024

@briankrebs If their first act is a massive breach of trust, how could you trust these people to live up to.their side of the extortion bargain?
(Pray I do not alter the deal any further, a la star wars).

Killa Koala Mar 11, 2024

@briankrebs Might be time to get the EU involved, this has to be a violation of their privacy laws at least. I guess the DMA doesn't apply as heroin and stuff are physical goods, which seems like a loophole TBH.

Alan Mar 11, 2024

@briankrebs ahh the free market of Libertarian utopias

Q.H. Stone Mar 11, 2024

@briankrebs Why would you pay, knowing that they’ll just do this to you again later down the road?

Andy Mouse Mar 11, 2024

People are just used to saying "yes, accept, OK" without thinking. They are used to giving their private data to random strangers as long as there's a pretty logo to look at.

Gmail and Outlook are examples. Can you imagine the extortion going on there? Except instead of being exorted, you get extracted to a prison camp instead.

As if this behaviour is only done by 'those criminals' whom you have entrusted with all of your data, your music habits, your other habits, your location at all times, your looks at all times, your medical records and your dick pics. Just sit tight and wait...

Mike Ferdinando Mar 11, 2024

@briankrebs Wow! Apparently even the cybercriminals are getting into the enshitification racket!!

Comrade elronxenu Mar 12, 2024

@briankrebs Extort me once, shame on you.
Extort me twice ... you won't get extorted again.

Comrade elronxenu Mar 12, 2024

@briankrebs They lied about deleting your data, they lied about keeping your data confidential ... who says they aren't lying about deleting your data *now*?

Pxl Phile Mar 12, 2024

@briankrebs No Honor among thieves, I guess

jnbhlr Mar 12, 2024

@briankrebs one time fee or subscription based modell?

Kieran McGuire Mar 12, 2024

@briankrebs feels like whoever's behind this is betting an awful lot on nobody knowing who they are. If you're a seller (or a big-time buyer), you have no guarantee that your data would be deleted as promised. In fact, you have very recent proof they're untrustworthy.