For sale: Netflix login code for 2.25 dollar

For sale: Netflix login code for 2.25 dollar

Maastricht researchers on the dark web

09-06-2022 · Background

Just after the cyber-attack on Maastricht University in December 2019, a group from the Faculty of Law and the department Data Science and Knowledge Engineering thought: what if we ourselves went looking for personal data belonging to our own employees and students that may have landed on the dark web? Scans of diplomas or login details, for example. Wandering around illegal market places, the team was able to make a thorough analysis of all kinds of ‘merchandise’ on offer.

On 5 February 2020, during a symposium in which the Maastricht Executive Board revealed all about the cyber-attack for which eventually almost two hundred thousand in ransom was paid, the story was: no, most likely no personal data fell into the wrong hands, but further investigations were required. “We didn’t expect that any sensitive data is going around on shady websites, but we were not sure,” says Jerry Spanakis, assistant professor at the department of Data Science and Knowledge Engineering (DKE). He and his colleagues decided to ‘dive’ into the dark web, a part of the Internet that is not directly accessible. Weapons, drugs, pornography, counterfeit money but also personal data are sold there illegally. And it was the latter that the team was looking for. What would the market places look like where banking data, passport details and login codes are sold? How much virtual money does this entail? Billions of euros?

Burner laptop

It was a whole new world for the Maastricht researchers. Spanakis: “I had previously seen images of the dark web, but I myself had never gone there.” Safety was important, a solid research protocol was set up, “we would not search for ‘Maastricht University’, or make our own names known, we didn’t want to attract too much attention. We just wanted to get a good picture.” They also didn’t use their work computer, but a so-called burner laptop that in principle is being used for a single task. Spanakis: “We had just had the hack, just imagine if something were to happen again. That was certainly not the idea.”

Big Blue

With the search for data belonging to students and employees at the back of their minds, they decided to carry out “a systematic analysis” of all ‘products’ that they could view. They found no fewer than 29 thousand, on twelve different market places with names such as Big Blue, White House and Deepsea. “You can compare it to Amazon, eBay or People put things on offer (under a pseudonym), write an ‘advertising text’ to go with it and put a price tag on it. You can find a lot: user names and passwords, quite a lot of login data for Netflix subscriptions, login data of bank accounts, credit card details, passport information.” In the paper that they wrote about the study, there are a number of examples. Seller ‘Eleven’ offers 14 thousand Netflix login data for 2.25 dollar each. What else did they find? Manuals ‘how to hack’ or ‘how can I get a free iPhone’. Seller ‘Jim’ helps you with the latter for just 5 dollars. The researchers came up with, a rather euphemistic, collective name e-learning.

Prison sentence

The difficult thing about the dark web market places is that from one day to another they can disappear, says Spanakis. Taken down by the police or ‘cleared’ by the initiator who feels that things are getting too hot under his feet. “During our research, two market places disappeared.” To secure their ‘study material’, the researchers took snapshots. This is done by means of scraping, a technique that allows you to scrape information from a web page and copy it to a file on your own computer. They then tried to make sense of the gigantic amount of data. How? By searching for certain keywords, such as e-mail, card, hacking, fraud, and dividing everything into categories. Next, the law experts linked it to a maximum prison sentence, in accordance with the Cybercrime Convention and Dutch law. “It provides an image of how much cybercrime there is and how this compares to the price that is being asked. It is speculated that turnover on the dark web market places amounts to billions, but we counted a total of less than 500 thousand dollars. Data is cheap.”


It was “an interesting, but limited study”, Spanakis concluded, “a kind of pilot, but a lot of follow-up research is possible. You can find reviews of sellers, just like on and eBay, but what is that trust based on?” They also noticed that many sellers operate on various market places. “They may use a different pseudonym, but looking at the use of the language in the advertisement text, we were able to establish that it most likely concerned the same person. A PhD student is now carrying out further research into that. We also didn’t go to the discussion forums where people ask all kinds of questions. It would be interesting to see how they communicate. But we would need a separate research protocol for that, in collaboration with the police, so that you don’t do anything stupid.”

Oh yes, that research into UM data on the dark web, did anything come of that? “Found nothing, at least in the places where we were.”


Author: Wendy Degens
Categories: news_top, Science
Tags: cyberattack,attack,dark web,darkweb,data,instagram

Add Response

Click here for our privacy statement.

Since January 2022, Observant only publishes comments of people whose name is known to the editors.