The German Public Prosecution Service confirmed that a bunker functioning as an illegal cyber center had ties to a right-wing dissident movement and possibly to WikiLeaks. These revelations came to light when the main suspect – Herman Johan Verwoert-Derksen (60), also known as ‘Johan X.’ – reacted to his criminal case for the first time.

According to German media, the employees of the cyber center saw the hosting of servers for dissident groups as a lucrative endeavor. One group is specifically mentioned: Generation Identity. That right-wing movement has chapters in several European countries, such as France, Germany, Austria, and the United Kingdom.

Through encrypted messages, an employee of the bunker communicated with a member of Generation Identity. For just thirty euros a month, the cyber bunker would host a cloud server for the group. A very competitive price because other tenants paid hundreds of euros a month for the same service. That may indicate that the employees of the bunker had some degree of sympathy for the ideology of Generation Identity.

The cyber bunker offered a host of IT services, without requiring contracts or personal details. Furthermore, the bunker hosted many websites on the dark web involved in the distribution of drugs, weapons, and even child pornography. The center was also connected to dark web markets such as Wall Street Market, Cannabis Road, and Flugsvamp 2.0. Moreover, massive cyber attacks were conducted from the bunker, sometimes targeting a million routers at the same time.

In 2013, Johan X. – the head of the organization – bought the former NATO bunker located in Traben-Trarbach, a town in Western Germany. In secret, he converted the former bunker into an underground data center. In addition to the main suspect, the police arrested twelve other men, all German and Dutch nationals. They claim to provide a high degree of privacy and thus do not know illegal content was hosted on their servers.

In 2002, Johan X. was involved in a similar case, running a data center in the South West of the Netherlands. His customers were mostly legal pornographers. The police also discovered an ecstasy laboratory in the same building, although he was never convicted in that case.

Johan X. claims to be a victim of political persecution. He believes the German authorities only showed interest because his data center hosted the servers of WikiLeaks. The public prosecutor denies those allegations, stating that investigators did not found any server belonging to WikiLeaks. Furthermore, WikiLeaks is not even mentioned in the indictment.

Regardless of the outcome, (former) employees of Johan X. are already making plans for a new data center. Several countries showed interest, including Bahrain, Moldova, Zimbabwe, and Vietnam.

The post Darknet bunker plot thickens: ties to right-wing dissidents and WikiLeaks appeared first on Rana News.

The FBI paid a non-profit organization focused on unmasking child predators $250,000 for access to a series of hacking tools, according to public procurement records viewed by Motherboard.

The news provides more insight into how the FBI obtains some of its hacking tools, or so-called network investigative techniques (NITs). The contract also highlights the close relationship between private parties and the FBI when hacking suspects. Facebook, for example, previously bought a hacking tool for the FBI to use to unmask one of the social network's users who was aggressively targeting minors on the platform.

The procurement record says the FBI's Child Exploitation Operational Unit (CEOU) is "purchasing a set of NITs." The contract dates from June 2020.

The NITs "have been demonstrated for OTD and CEOU and which have the capability, if activated, of providing the true internet address of the subject," the product description continues, referring to the Operational Technology Division, a part of the FBI that carries out hacking operations. The latter half of the product description is cut-off, but reads in part "of providing the true internet address of the subject even when hidden behi," presumably referring to whether the target is behind a proxy or anonymization network.

Do you produce NITs for the government? Do you know someone who does? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The non-profit that the FBI paid for the NITs is called the Innocent Lives Foundation (ILF).

"We unmask anonymous child predators to help bring them to justice," the organization's website reads. "We use Open Source Intelligence Gathering (OSINT) methods to identify child predators. Once we have gathered the appropriate amount of information to confirm the identification of the predator, that file is then submitted to law enforcement," the website continues.

The ILF includes a board of directors, various corporate roles such as a Chief Operating Officer, and a number of volunteers who are accepted by invitation only, the website reads. In 2019, hacking conference DerbyCon selected the ILF as one of the featured non-profits of the conference, and provided the charity with more than $25,800 in donations, the ILF website adds.

U.S. law enforcement's umbrella term of network investigative technique has previously encompassed a wide range of different technologies and approaches. In some investigations NIT has referred to a booby-trapped Word document that once opened phoned home to an FBI controlled server, revealing the recipient's IP address. At the higher end, the FBI has deployed non-public exploits that break through the security protections of the Tor Browser. 

In a phone call with Motherboard, Chris Hadnagy, founder, executive director, and board member of the ILF declined to specify what sort of tool the NITs were, nor whether the charity developed the NITs itself or sourced them from another party.

At one point a company that sources zero-day exploits and then sells them to governments offered $80,000 for an attack targeting Firefox, which the Tor Browser is based on. That company, Exodus Intelligence, later provided a Firefox exploit to an offensive customer; a law enforcement agency deployed it to visitors of a dark web child abuse site, Motherboard previously reported.

Law enforcement agencies have used NITs to investigate financially-motivated crime, bomb threats, and hackers. Most prolifically, the FBI has deployed NITs in child abuse investigations, particularly on the dark web. Among other large scale cases, in 2015 the FBI hacked over 8,000 computers in 120 countries based on one warrant. Some judges threw out evidence in subsequent cases as they ruled that the judge who signed the warrant did not have the authority to do so. The campaign, dubbed Operation Pacifier, led to the arrest of 55 hands-on-abusers and 26 producers of child pornography, as well as recovering 351 children, according to a report from the Department of Justice Office of the Inspector General. 

The report also mentioned how between 2012 and 2017 the FBI’s Remote Operations Unit, which is part of the OTD, was largely responsible for the development and deployment of dark web solutions. 

"However, over the past 2 years, its dark web role has eroded due to budget decreases and an increased prioritization on tools for national security investigations. This has resulted in the operational units seeking tools useful to dark web investigations independently without a mechanism to share the product of their efforts," the report added.

The FBI declined to comment.

Update: This piece has been updated with a response from the FBI.

Subscribe to our cybersecurity podcast CYBER, here.