Crooks Reused Passwords on Hansa and Dream, so Dutch Police Hijacked Their Accounts after running Hansa for a month

Currently, the infosec community and former Hansa vendors themselves have spotted two ways in which Dutch authorities are going after former Hansa vendors.
Police gain access to Dream accounts via password reuse

In the first, Dutch investigators have taken the passwords of vendors who have the same usernames on both the old Hansa Market and the Dream Market — today’s top Dark Web marketplace after the seizure of the Hansa and AlphaBay marketplaces.

If vendors reused passwords and they didn’t activate 2FA for their Dream Market accounts, authorities take over the profiles, change passwords, and lock the vendors out of their shops.
The second method of operation spotted by the Dark Web community involves so-called “locktime” files that were downloaded from the Hansa Market before Dutch authorities shut it down on July 20.

Under normal circumstances a locktime file is a simple log of a vendor’s market transaction, containing details about the sold product, the buyer, the time of the sale, the price, and Hansa’s signature. The files are used as authentication by vendors to request the release of Bitcoin funds after a sale’s conclusion, or if the market was down due to technical reasons.

According to people familiar with Hansa’s inner workings who shared their knowledge with Bleeping Computer, Hansa locktime files were usually just a simple text file.

Source: Crooks Reused Passwords on the Dark Web, so Dutch Police Hijacked Their Accounts

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply