1 2 3 20

After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police

Earlier this month authorities seized the Dark Web marketplace AlphaBay, an online black market that peddled everything from heroin to stolen identity and credit card data. But it wasn’t until today, when the U.S. Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: For the past month, Police in The Netherlands have been operating Hansa Market, a competing Dark Web bazaar that enjoyed a massive influx of new customers immediately after the AlphaBay takedown.

The normal home page for the dark Web market Hansa has been replaced by this message from U.S. law enforcement authorities.

U.S. Attorney General Jeff Sessions called the AlphaBay closure “the largest takedown in world history,” targeting some 40,000 vendors who marketed a quarter-million listings for illegal drugs to more than 200,000 customers.

“By far, most of this activity was in illegal drugs, pouring fuel on the fire of a national drug epidemic,” Sessions said. “As of earlier this year, 122 vendors advertised Fentanyl. 238 advertised heroin. We know of several Americans who were killed by drugs on AlphaBay.”

Andrew McCabe, acting director of the FBI, said AlphaBay was roughly 10 times the size of the Silk Road, a similar dark market that was shuttered in a global law enforcement sting in October 2013.

As impressive as those stats may be, the real coup in this law enforcement operation became evident when Rob Wainwright, director of the European law enforcement organization Europol, detailed how the closure of AlphaBay caused a virtual stampede of former AlphaBay buyers and sellers taking their business to Hansa Market, which had been quietly and completely taken over by Dutch police one month earlier — on June 20.

“What this meant…was that we could identify and disrupt the regular criminal activity that was happening on Hansa Market but also sweep up all of those new users that were displaced from AlphaBay and looking for a new trading plot form for their criminal activities,” Wainwright told the

media at today’s press conference, which seemed more interested in asking Attorney General Sessions about a recent verbal thrashing from President Trump.

“In fact, they flocked to Hansa in droves,” Wainwright continued. “We recorded an eight times increase in the number of human users on Hansa immediately following the takedown of AlphaBay. Since the undercover operation to take over Hansa market by the Dutch Police, usernames and passwords of thousands of buyers and sellers of illicit commodities have been identified and are the subject of follow-up investigations by Europol and our partner agencies.”

Alexandre Cazes, standing in front of one of four Lamborghini sports cars he owned.

On July 5, the same day that AlphaBay went offline, authorities in Thailand arrested Alexandre Cazes — a 25-year-old Canadian citizen living in Thailand — on suspicion of being the creator and administrator of AlphaBay. He was charged with racketeering, conspiracy to distribute narcotics, conspiracy to commit identity theft and money laundering, among other alleged crimes.

Law enforcement authorities in the US and abroad also seized millions of dollars worth of Bitcoin and other assets allegedly belonging to Cazes, including four Lamborghini’s and three properties.

However, law enforcement officials never got a chance to extradite Cazes to the United States to face trial. Cazes, who allegedly went by the nicknames “Alpha02” and “Admin,” reportedly committed suicide while still in custody in Thailand.

Online discussions dedicated to the demise of AlphaBay, Hansa and other Dark Web markets — such as this megathread over at Reddit — observe that law enforcement officials may have won this battle with their clever moves, but that another drug bazaar will simply step in to fill the vacuum.

Ronnie Tokazowski, a senior analyst at New York City-based threat intelligence firm Flashpoint, said the actions by the Dutch and American authorities could make it more difficult for established vendors from AlphaBay and Hansa to build a presence using the same identities at alternative Dark Web marketplaces.

Vendors on Dark Web markets tend to re-use the same nickname across multiple marketplaces, partly so that other cybercriminals won’t try to assume and abuse their good names on other forums, but also because a reputation for quality customer service means everything on these marketplaces and is worth a pretty penny.

Tokazowski said even if top vendors from AlphaBay/Hansa already have a solid reputation among buyers on other marketplaces, some of those vendors may choose to walk away from their former identities and start anew.

“One of the things [the Dutch Police and FBI] mentioned was they were going after other markets using some of the several thousand password credentials they had from AlphaBay and Hansa, as a way to get access to vendor accounts,” on other marketplaces, he said. “These actions are really going to have a lot of people asking who they can trust.”

“There are dozens of these Dark Web markets, people will start to scatter to them, and it will be interesting to see who steps up to become the next AlphaBay,” Tokazowski continued. “But if people were re-using usernames and passwords across dark markets, it’s going to be a bad day for them. And from a vendor perspective, [the takedowns] make it harder for sellers to transfer reputation to another market.”

For more on how the Dutch Police’s National High Tech Crimes Unit (NHTCU) quietly assumed control over the Hansa Market, check out this story.

Thanks to REDDIT and KrebsOnSecurity for this valuable information



MySpace – an embarrassing lack of security

If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site. Security researcher Leigh-Anne Galloway posted details of the flaw on her blog after months of trying to get Myspace to fix it — and hearing nothing back from the company.

The flaw came from Myspace’s account recovery page, which was meant to let people regain access to an account they’ve lost the password to. The page asked for the account holder’s name, username, original email address, and birthday. But it turned out, you really only needed to know someone’s birthday in order to gain access to their account.

The account holder’s name and username are both publicly listed on their profile page. And Myspace’s account recovery form didn’t actually check to see if you entered the correct email address. The Verge tested the flaw on a newly created dummy account and was able to confirm this. That meant the only detail you actually had to know is the account holder’s birthday, and in a lot of cases, that isn’t exactly hard to find with a little bit of research.

As soon as you provided that info, Myspace logged you into the account, prompting you to set a new password and giving you the ability to change the account’s associated email address and birthdate, letting you steal that account for good.

Of course, at this point, it’s not like all that many people (anyone?) are still using Myspace. Many years after being crushed by Facebook, Myspace moved away from being a social network and pivoted into being a news aggregator and a series of profile pages for musicians. You’re supposed to be able to play music from those pages – some people have success with this and many others complain it doesn’t work. I tested it myself and found it works fine in Internet Explorer 11.

Time Inc. purchased Myspace last year, mostly just so it could get some associated ad technology.

Even though people aren’t using Myspace much anymore, its poor security practices still matter, since it’s not alone in being so lax about account protections. Myspace is an example of the kind of sloppy security many sites suffer from, poor implementation of controls, lack of user input validation, and zero accountability. If there is a possibility that you still have an account on Myspace, I recommend you delete your account immediately.


Instantly protecting all your Internet connected devices automatically

It seems that lately we’re always talking about different ways to protect ourselves and computers from hackers, and phishing schemes. Wouldn’t it be nice if there was a way to automatically protect every device in your home?

Fortunately, there is just such a product – one that will automatically protect your laptops, desktops, smartphones, tablets, DVR’s game consoles, TV’s, literally anything that connects to the internet.

Let’s talk about OpenDNS.
OpenDNS is a company and service which extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering in addition to DNS lookup, if its DNS servers are used.

The company hosts a cloud computing security product suite designed to protect customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

Today we’ll concentrate on Family Shield from OpenDNS. FamilyShield is different from the majority of parental controls software choices parents are faced with. For starters, Family Shield is free to use. And when set up on your wireless router, FamilyShield does more than block adult content on computers; it blocks it on Wi-Fi devices like the iPod Touch or the Nintendo DS and on video game consoles like Xbox and Wii. In addition to blocking adult content, FamilyShield also blocks proxies and anonymizers, which are how enterprising/tech-savvy kids often get around parental blocks. Because FamilyShield leverages the OpenDNS content filtering system, the list of sites being blocked is constantly updated, 24/7. These updates happen automatically, in the cloud, without requiring any changes on the user’s end. Last but not least, because it runs on the global OpenDNS network, it will make your household Internet faster and overall more reliable. With the OpenDNS perfect 100 percent uptime record, you won’t have to tolerate annoying, intermittent Internet outages anymore. This, of course, is in stark contrast to parental controls software that is often known for slowing down your Internet experience. On August 27, 2015, Cisco acquired OpenDNS for $635 million in an all-cash transaction, plus retention-based incentives for OpenDNS. Cisco said that it intended to continue development of OpenDNS with its other cloud-based security products, and that it would continue its existing services. OpenDNS’ business services were renamed as Cisco Umbrella; while the home products retained the OpenDNS name.

For additional information as well as instructions for setting this up in your home go to:

PennyBackup – Safe, Secure Offsite backup

penny-backup-logoAre you concerned about Ransomware and the very real possibility of forever losing your important files and photos? Do you have a safe, secure and always up to date offsite backup for all your desktops and laptops? That level of data backup has been historically out of reach to users at a price that’s affordable – until now!

Say HELLO to PennyBackup. The name in fact reflects their pricing model and their backend service is built on time tested, enterprise level solutions. Even better, PennyBackup safeguards your data with 50GB of FREE backup storage which includes enterprise level security and encryption.

Secure, Reliable, Remote Data Backup at a fractional of the cost. No other backup service focuses their attention on every facet of data backup: security, reliability and fast data restoration…

Unlimited laptops & PCs. They don’t charge per device– so all your desktops, workstations and laptops can be protected.

Security and reliability always come first. We use best-in-class, enterprise-level software and hardware, with AES-256 Encryption. We are also HIPAA and HiTech Certified.

Super fast backups and restores. Unlike other providers, we provide RTO & RPO analytics on how quickly you can recover your data.

How is PennyBackup different than the competition?

  • PennyBackup is HIPAA and HiTech Act and FIPS Certified + SOC Audited. The highest levels of third-party oversight.
  • They have superior customer service. They’ll help guide your installation and setup — talk to a real, live person at no extra charge.
  • PennyBackup gives you weekly analytical reports on your backup status to predict your recovery time from loss of data. Data recovery is fast, regardless of your data connection.
  • Your data is protected by Asigra – a leading data and backup recovery solution that has been on the front lines in the battle against data theft for over a quarter of a century.
  • PennyBackup starts where it left off. Internet connection lost? Computer powered down before the backup was completed? No worries. PennyBackup will start right where it left off at saving you valuable downtime and frustration.

Compare PennyBackup with the other guys!

Get your FREE account here:


Need MORE offsite storage? With PennyBackup you start with 50GB of free storage, plus premium, LIVE support to help with installation and setup! Need more space? Additional storage costs just $0.05/mo per 1GB. At that cost, another 50GB of storage would cost you a whopping $2.50 per month. It would be very difficult to beat these costs – I recommend you give it a try and test it out.

What is WannaCrypt ransomware and how to stay safe

WannaCrypt Ransomware, also known by the names WannaCry, WanaCrypt0r or Wcrypt is a ransomware which targets Windows operating systems. Discovered on 12th May 2017, WannaCrypt was used in a large Cyber-attack and has since infected more than 230,000 Windows PCs in 190 countries now.


WannaCrypt initial hits include UK’s National Health Service, the Spanish telecommunications firm Telefónica, and the logistics firm FedEx. Such was the scale of the ransomware campaign that it caused chaos across hospitals in the United Kingdom. Many of them had to be shut down triggering operations closure on short notice, while the staff were forced to use pen and paper for their work with systems being locked by Ransomware.

How does WannaCrypt ransomware get into your computer

As evident from its worldwide attacks, WannaCrypt first gains access to the computer system via an email attachment and thereafter can spread rapidly through LAN. The ransomware can encrypt your systems hard disk and attempts to exploit the SMB vulnerability to spread to random computers on the Internet via TCP port and between computers on the same network.

Who created WannaCrypt

There are no confirmed reports on who has created WannaCrypt although WanaCrypt0r 2.0 looks to be the 2nd attempt made by its authors. Its predecessor, Ransomware WeCry, was discovered back in February this year and demanded 0.1 Bitcoin for unlocking.

Currently, the attackers are reportedly using Microsoft Windows exploit Eternal Blue which was allegedly created by the NSA. These tools have been reportedly stolen and leaked by a group called Shadow Brokers.

How does WannaCrypt spread

This Ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as EternalBlue which was reportedly stolen and misused by a group called Shadow Brokers.

Interestingly, EternalBlue is a hacking weapon developed by NSA to gain access and command the computers running Microsoft Windows. It was specifically designed for the America’s military intelligence unit to get an access to the computers used by the terrorists.

WannaCrypt creates an entry vector in machines still unpatched even after the fix had become available. WannaCrypt targets all Windows versions that were not patched for MS-17-010, which Microsoft released in March 2017 for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 and Windows Server 2016.

The common infection pattern includes:

  • Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit. Reports say that the malware is being delivered in an infected Microsoft Word file that is sent in an email, disguised as a job offer, an invoice, or another relevant document.
  • Infection through SMB exploit when an unpatched computer can be addressed in other infected machinesThe worm functionality in WannaCrypt allows it to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable PCs. This activity results in large SMB traffic data coming from the infected host, and can be easily tracked by SecOps personnel.How to protect against Wannacrypt
  • Once WannaCrypt successfully infects a vulnerable machine, it uses it to hop to infect other PCs. The cycle further continues, as the scanning routing discovers unpatched computers.
  • WannaCrypt has rapid spreading capability
  1. Microsoft recommends upgrading to Windows 10 as it equipped with latest features and proactive mitigations.
  2. Install the security update MS17-010 released by Microsoft. The company has also released security patches for unsupported Windows versions like Windows XP, Windows Server 2003, etc.
  3. Windows users are advised to be extremely wary of Phishing email and be very careful while opening the email attachments or clicking on web-links.
  4. Make backups and  keep them securely
  5. Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt so enable and update and run Windows Defender Antivirus to detect this ransomware.
  6. Disable SMBv1 with the steps documented at KB2696547.
  7. Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
  8. Enterprise users may use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run.

To know more on this topic read the Technet blog.

The initial WannaCrypt attack may have been stopped, but we should expect a newer variant to strike more furiously moving forward, so stay safe and secure.

Our Immediate Recommendations are to AVOID clicking on any attachments sent to you via Email. EVEN IF THEY APPEAR TO BE LEGITIMATE!

Although the first wave of this Ransomware was stopped we are already seeing new variations if it hitting computers around the world. Finally – If you see the message as shown in this email blast, it’s already too late for you – IMMEDIATEL SHUT DOWN YOUR COMPUTER and call support.

Additional Information United States Computer Emergency Readiness (US – Cert Alert (TA17-132A)

Special thanks to The Windows Club for this information:

Security Alert – WannaCry Ransomware

WannaCrypt Ransomware, also known by the names WannaCry, WanaCrypt0r or Wcrypt is a ransomware which targets Windows operating systems. Discovered on 12th May 2017, WannaCrypt was used in a large Cyber-attack and has since infected more than 230,000 Windows PCs in 190 countries.


How does WannaCrypt ransomware get into your computer?

As evident from its worldwide attacks, WannaCrypt first gains access to the computer system via an email attachment and thereafter can spread rapidly through LAN. The ransomware can encrypt your systems hard disk and attempts to exploit the SMB vulnerability to spread to random computers on the Internet via TCP port and between computers on the same network.

Our Immediate Recommendations are to AVOID clicking on any attachments sent to you via Email. EVEN IF THEY APPEAR TO BE LEGITIMATE!

Although the first wave of this Ransomware was stopped we are already seeing new variations if it hitting computers around the world. Finally – If you see the message as shown in this email blast, it’s already too late for you – IMMEDIATEL SHUT DOWN YOUR COMPUTER and call support.

ACTSmart Support Team

Another Possible Facebook Identity Theft Scam

Be careful posting about the 10 concerts you’ve attended. Before you join in with the social media crowd and let everyone know about the first concert you attended, you might want to think twice — hackers would love to have this information.

This past week, one of the most popular Facebook posts had people asking friends to figure out which of 10 concerts they didn’t really attend — and their answers have often been accompanied by a comment noting the first concert they ever attended. This is a common security question — along with the name of the street you grew up on or your first job — and it’s the sort of information that hackers can use to break into your online ID.

The best advice in this type of scenario is to ignore the game and not to answer those questions, just delete the concert posts or set them to private. Don’t make those kinds of answers about your life public. It’s just not worth it.

This particular Facebook game probably started as good-natured fun but as it grew in popularity, it signaled hackers that good, readily available online information was there for the plucking.

This type of exposure calls into question the still popular use of security questions, which are most often used by banks and other financial institutions to guarantee your identity.

A common bank security question asks your mother’s maiden name. As an alternative, use a password application to generate secure passwords comprised of numbers, letters and symbols that would make no sense to anyone, and store them within your chosen password manager. These types of passwords will never be guessed by anyone so it better protects your online identity.

Another Facebook user says he deals with security questions by answering them with lies. “First kiss: Farrah Fawcett”, “Favorite Color: polka dot”, Street You Grew Up On: banana”, “Mother’s maiden name: thermostat.”

The only challenge with this solution is remembering all your “little lies” if the time comes and you need to have your password sent to you.

Take our advice and just say no. Don’t get caught up in the ever changing Facebook game of the week.

Chrome and Firefox Phishing Attack

Very important for anyone using Chrome or Firefox as their primary Internet browser!

There is a new phishing attack that is receiving a lot of attention today in the security community. This new attack is capable of using domain names that are identical to known safe websites.

As a reminder:

A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be a trusted site. Simply visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker. This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer, Microsoft Edge or Safari browsers.

What Can You Do?

Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This release should be available to the general public within the next few days

For Firefox, do this:

In your firefox location bar, type ‘about:config’ without the quotes.

Do a search for ‘punycode’ without quotes.

You should see a parameter titled: network.IDN_show_punycode

Change the value from false to true.

Unfortunately this attack makes it impossible to tell if you are on a safe site or a malicious site by looking at the location bar in your browser. Until Firefox and Chrome fix their vulnerabilities you need to be very ever vigilant. Please manually check for your chosen browser updates until this is resolved.

Wordfence security has published a public service announcement that provides a working demonstration using a health care website. They also let you know how to fix the issue if you use Firefox and what to do if you are using Google Chrome.

You can find the full post on their blog…


Are RoboCalls Taking Their Toll On You?

If you’re like most people, you happily answer your home phone hoping perhaps it’s a friend or family member only to hear seconds of silence…. before you realize your mistake.

Few things can be more annoying than answering the phone while you’re in the middle of something — and then being greeted by a recording or perhaps a sales person trying their best to sell you something you don’t want or need.

The FCC says, If you receive a robocall trying to sell you something (and you haven’t given the caller your written permission), it’s an illegal call. You should hang up. Then, file a complaint with the FTC and the National Do Not Call Registry.

I’m all for following the FCC’s directions but if I followed their reporting steps for every unwanted robocall, I’d be spending all my free time filling out reports and forms trying to stop something I never opted in for in the first place.

Now there’s another way to try and beat these callers. Say hello to NoMoRobo!

How does Nomorobo work? Nomorobo uses a feature known as “Simultaneous Ring”.  When simultaneous ring is enabled, your phone will ring on more than one number at the same time. The first device to pick it up gets the call and the other phones stop ringing.

So, when the Nomorobo number is enabled as a simultaneous ring number it is the first number to screen the call. If it’s a legitimate call, the call goes through to your number. If the call is an illegal robocaller, Nomorobo intercepts the call and hangs up for you. Your phone will ring once letting you know that the robocall has been answered and stopped.

WHAT HAPPENS WHEN NOMOROBO BLOCKS A CALL? When NoMoRobo blocks a call it gives them a message saying we have blocked the call. The message requests that the caller re-enter the phone number of the person they are calling. If by chance a legitimate caller gets stopped they will know the number to enter. RoboCalls and RoboSales people have no idea what number was dialed so they can’t respond and they get disconnected.

WHO CAN USE NOMOROBO? The NoMoRobo service works with phone lines provided by Verizon FIOS, Comcast Xfinity, AT&T, Vonage Time Warner and a host or other landline providers.

WHAT DOES NOMOROBO COST The best thing about NoMoRobo is that the service is absolutely FREE for landlines. This makes it pretty much a no brainer for many of us. They also have a version that works on mobile phones as well which only cost $1.99 per month. If you have one of those phone plans that charge for minutes, then this $1.99 could save you money if you get numerous RoBoCalls on your cell. I’ve just started getting these unwanted calls on my cell recently and it seems they are becoming much more frequent as time goes by.

For more information and to sign up for either the free or paid service here’s the link to their site:

I’ve only just signed up so my “first hand” experience is limited. There are other Call Blocker technologies out there but they all cost some amount of money. NoMoRobo is the only FREE service currently available.

Landmark FCC Privacy Rule Reversed

Internet providers now just need a signature from President Trump before they’re free to take, share, and even sell your web browsing history without your permission.

The House of Representatives passed a resolution last Thursday overturning an Obama-era FCC rule that required internet providers to get customers’ permission before sharing their browsing history with other companies. The rules also required internet providers to protect that data from hackers and inform customers of any breaches.

The resolution was first passed by the Senate last week and now heads to the president, who’s expected to sign it. At that point, there’ll only be a vague baseline of privacy rules governing internet providers and some promises from them not to misbehave.

It’s hard to see this as anything but a major loss for consumers.
While reversing the FCC’s privacy rules will technically just maintain the status quo — internet providers have actually been able to sell our web browsing data forever (it’s just not a thing we think about all that much) — they were about to lose permission to keep doing it, unless they got explicit consent or anonymized the info.

This is an increasingly important issue as Americans spend more and more time online — and keep more and more devices with us at all times. Internet providers can see what sites you visit and what apps you use, and they can see how long you’re using them for. That information is extremely revealing, and it’s easy to imagine most people would prefer to keep their reading habits private.

So why did Congress block the rules from being implemented?
Republicans bought into internet providers’ arguments that the rules discriminated against them and could confuse consumers. The rules would prevent internet providers from selling your web browsing history even though, the argument goes, websites like Google and Facebook would remain free to do the same thing. ISPs say that’s unfair and makes it hard for consumers to understand who gets to see their browsing data.

Internet providers want to pretend they’re just like Google and Facebook
But the argument is extremely misleading, if not outright wrong: Google and Facebook can’t see your web browsing history, they can only see what you click on while you’re on their own websites or on websites connected to their ad networks. Meanwhile, internet providers get to see a bit of nearly everything you do and visit; and even with the rules in place, they have every right to build the kind of ad-tracking websites that Google and Facebook have built. It’s just hard work, and they don’t want to do it.

Here’s a link to more information as well as a list of the 265 members of congress who sold us out to ISP’s and how much it cost to buy them.

It’s important to note that the communications industry has always been one of the largest lobbying groups in US history; internet providers and the telephone companies before them were notorious for spreading wealth across the aisle.

Special thanks for background info from THEVERGE.COM – one of our favorite information resources.

1 2 3 20

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: