DarkDotFail has regained control of "dark.fail"

@Pygmalion - May 5 2021

Views: 175   Stars: 5

article image

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If you visited sites listed on the clearnet domain "dark.fail"
between April 29th through May 5th 2021 you were phished and should
rotate all credentials immediately!

DarkDotFail has regained control of the domain "dark.fail", the
Twitter account "@DarkDotFail", the Reddit account "/u/DarkDotFail",
and the email address "hello@dark.fail". Thank you Njalla for your
tireless work in getting our hijacked domain back. The attacker was
unable to get past 2FA on our Twitter, Reddit, and Email. They did
not access any existing messages nor servers. Emails sent to any
address @dark.fail during the attack were received by the attacker.
Our .onion site was not compromised. Our OPSEC is fully intact.

A phisher stole our domain and operated it for four days in a highly
sophisticated attack that bypassed all security protocols we had in
place, including 2FA. The attacker sent a fake German court order to
Njalla's partner Tucows and convinced them to transfer our domain to
Namecheap. They then listed 68 phishing replicas of real sites on
our domain, stealing an untold amount of cryptocurrency from these
sites' researchers and users. They also hijacked DarknetLive.com.

It took Namecheap four days to transfer our domain back to us.

Read @brokep's summary of what happened for more information:
https://twitter.com/brokep/status/1389314362561777665

Every site listed on the domain "dark.fail" from April 29th through
May 5th 2021 was a man-in-the-middle phishing proxy. Each site
looked real but instead shared all user activity with the attacker,
including passwords and messages. Cryptocurrency addresses displayed
on these sites were rewritten to addresses controlled by the phisher,
intercepting many people's money.

DarkDotFail's .onion address was not affected by this attack. No
phishing sites have ever been displayed there.

As long as we are maintain a clearnet mirror, we cannot fully promise that
this will not happen again. The domain name system is centralized and prone
to human error and deceit.

Always check /mirrors.txt and PGP verify it. Researchers that PGP verified
sites before interacting with them during this attack outsmarted the phish.

This unprecedented attack has set back our entire community. We are
implementing ways to rely less on the antiquated domain name system
used by the clearnet and to move to decentralized DNS alternatives.

We are infuriated that our trusted name was used for harm.

Devastated, motivated. Big changes are on their way.

DarkDotFail
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfW0DbC7R6OyjEztdZcgjJbAZcsUFAmCR9w0ACgkQZcgjJbAZ
csW8WRAArtcUkkIu/12fiFfv0gt7FDNM6shzwgBpb7DBOTX5P0PIm78V5wxB1VVB
dTBn43o9YRQY95prUnoZ1tYTC5Y+EmetvLgK/ZBaWiSS/pqMTvlIuIgKYInzz4ps
8ws6b+E/4WnhFmXuBeVz/CiL20sQum50hKTWRotFLlpAuxrMTr4VYrwAk1JZV96l
3c54dWg/aP4cXvtQCuiXL94iY/TNiXUJ+nxT/QJLSALh0PS2lhQtmPCgYKT6smnK
nUBB3o/S2y3McNue4NSisFA2Qw6qbrUh/LEBWRi9e8cCIdpkWcO809Y1lDpY+R+I
AKfxB072I54ZNuLuIG2iWwVftcTqBKmV0ePPubfc0nKzpkyzT/8LmhzWfk9bY/BV
I4WjJrDl4llbun2Ip8uUEugri95Frl3hLr21qipBML4fe6poqvrGepM2ZXlZpzwS
TAtc5uBZDE5XrOl3vGJetF/uBu+YQBPiFsxxXrUQvE7bzPnwB4wvGDJ3T6lIJXED
9MXpU4p+2Vk9VbBUIJL1L2lz9tpkCtNXAfwCkunipOZo+VPGbAeanKqtOn71UwqH
TYNJvKF3WoUh0mqQo3e49JJDgHSJjNO6+aYqJqJXobdycZBtjdwM9Oz+FMwwHw44
512S21KENWFm4JajVC8S3Qg0Uu9Im+X5HKsh2QffXs3K306pKEE=
=5CMK
-----END PGP SIGNATURE-----

------------------------------------------------------------


I am Pygmalion, a small psychedelics vendor.

You may reach me via email at pygmalion@infantile.us.
Please register your own E-Mail address for darknet purposes at http://oq7t5ihk4qew5t5s4zghicigokh2ktt575amirsbnilmyawpme6xmyyd.onion



Cheers

Comments

Jack (5 stars):
Good news. Thanks for writing.

Your comment

Name to display

Give stars to author (0~5 stars)

captcha image

Please input captcha text (case insensitive)