Open Source Research - Debunking Rewterz' Claim of Discovering Telcos Data on the Dark Web

[Thread]

Rewterz published news on their website (10th April) that their 'Threar Intelligence Team' discovered a dark web forum wherein a cyber criminal was offering to sell telcos data of 115 million Pakistanis for 300 BTC.
Source: archive.vn/XohkA

Initially, I didn't bother looking up the claim through open sources, assuming Rewterz may have indeed observed the data on a dark web forum (Note to Self for the Future: Never trust local 'cyber threat' firms' claims).

A basic reverse-lookup of the news mentions a post on a platform called 'Raid Forums', apparently a gathering place for pseudonymous merchants to buy/sell data from various countries.

This was the URL of the thread, which does not exist anymore (couldn't archive before it was removed).

Attached is a screenshot and a photo of an updated message from the data seller on Raid Forums, preserved by experienced technical analysts (this post has also been removed), h/t to 'Hackology' and 'Ch Muhammad Osama'.

Observations:

1. Data seller used pseudonym 'superposition'.

2. Claimed that data is 'fresh', could not offer samples for verifying digital age.

3. Clarified that data is priced for BTC equivalent to USD 300, not 300 BTC.

4. Wanted to sell through a middleman to evade risks.

The 'superposition' username redirects you to user 'TallyHo', who, despite making only a handful of posts, was designated 'VIP member'. Clearly, 'superposition' (data seller) has been shapeshifting, see my attached video. Archived copy of profile: archive.vn/tu0ta

At the time of compiling this thread, 'superposition' alias 'TallyHo' (alias something else in the future) has removed all posts regarding sale of Pak citizens' telcos data. They may or may not put up another offer.

The preceding findings raise questions about the sensationalist and misleading claims by Rewterz, who said the data was being offered on the 'dark web'. We now know this data was being traded on the World Wide Web (clearnet). Why did Rewterz make such a claim?

Questions also exist pertaining to Rewterz' threat reporting mechanism and overall integrity of the 'reach' they claim to have, insofar as threat intel collection from the 'dark web' is concerned. Even a layman these days can differentiate between the dark web and World Wide Web.

This isn't to deny or refute past examples of confirmed data breaches, prominently CIA's HYDRA programme which had access to NADRA and the data spill caused by reckless integration of NADRA with apps developed by PITB under Dr Umar Saif's watch.

One has always been skeptical of the research methods and reporting accuracy of local 'cyber threat' firms, but the recent incident has hit a new low. Rewterz may have gained some media attention but should now regain their credibility and community integrity.

Tech journalists in Pakistan should independently verify such claims before giving them free publicity.

There are many skilled infosec analysts in Pakistan who can offer their expert comments. Always good to consult them.

For the record, my domain is OSINT, not infosec.

[End]

@threadreaderapp unroll