Searchlight's Darknet Blog

Is all press good press? DarkSide, Colonial Pipeline and Ransomware-as-a-Service

Published on 20 May 2021 by Louise

This article explores the darknet structures and relationships sustaining the ransomware ecosystem, and enquires whether the consequences of DarkSide's attack against Colonial Pipeline will affect the continued growth of this lucrative cybercriminal enterprise.

Zero-day exploit in Accellion FTA leads to data compromise of multiple companies

Published on 03 Mar 2021 by Louise

This article evaluates the recent slew of data breaches suffered by a range of major organisations as a result of vulnerabilities in the soon-to-be-retired Accellion File Transfer Appliance, as well as the implications of suspected involvement by notorious ransomware gang Cl0p.

Covid-19 and the darknet: deceit, disinformation and disruption

Published on 06 Jan 2021 by Louise

Since the beginning of the coronavirus pandemic, darknet actors have exploited the heightened sense of fear and uncertainty for financial and even political gain. In tandem with the much-anticipated rollout of vaccines for the disease in multiple countries worldwide, actors have renewed efforts at Covid-related fraud, disinformation, and cyber-espionage.

The quest for Monero deanonymisation and potential impacts on darknet markets

Published on 02 Dec 2020 by Louise

Monero, often hailed by darknet users as the most private cryptocurrency available, has recently been the subject of efforts by security researchers to deanonymise and trace its transactions. How will Monero's potential traceability affect the illicit trade that occurs on darknet markets?

Darknet market landscape more volatile - and lucrative - than ever

Published on 28 Oct 2020 by Louise

Recent trends of law enforcement shutdowns and exit scams by popular marketplaces have made the Western darknet market landscape increasingly volatile, with no single platform dominating in terms of volume. This multipolarity, combined with the rise of cryptocurrencies such as Bitcoin, has contributed to the number of active markets on the darknet reaching record levels.

Darknet interference in the 2020 US presidential election

Published on 28 Oct 2020 by Louise

Many sources are concerned what impact darknet-related activities will have on the 2020 US presidential election. Potential threats range from ransomware attacks against local government databases, far-right schemes to spread misinformation regarding mail-in ballots, phishing emails targeting election officials and large amounts of US voter registration data for sale on the dark web.

Finnish psychotherapy centre data breach: hackers blackmail individual patients

Published on 28 Oct 2020 by Louise

Hackers gained access to thousands of confidential records for patients of private Finnish psychotherapy centre Vastaamo, reflecting a broader trend of poor cybersecurity across global healthcare systems.

Have COVID-19 Health Organisations been hacked?

Published on 27 Apr 2020 by Illy

Pastebin and Twitter are actively removing files containing thousands of email addresses and passwords, allegedly belonging to various health organisations involved in the fight against COVID-19.

Thousands of hacked Zoom accounts for sale online

Published on 27 Apr 2020 by Illy

Zoom is a video conferencing service that has raised to prominence throughout the start of this year. However, due to various security and confidentiality concerns, the service has faced backlash.

Whoops, looks like something went wrong.

1/1 Swift_TransportException in AuthHandler.php line 181: Failed to authenticate on SMTP server with username "notifymcgoo@gmail.com" using 1 possible authenticators

  1. in AuthHandler.php line 181
  2. at Swift_Transport_Esmtp_AuthHandler->afterEhlo(object(Swift_Transport_EsmtpTransport)) in EsmtpTransport.php line 332
  3. at Swift_Transport_EsmtpTransport->_doHeloCommand() in AbstractSmtpTransport.php line 118
  4. at Swift_Transport_AbstractSmtpTransport->start() in FileSpool.php line 149
  5. at Swift_FileSpool->flushQueue(object(Swift_Transport_EsmtpTransport)) in SwiftmailerServiceProvider.php line 95
  6. at SwiftmailerServiceProvider->Silex\Provider\{closure}(object(Request), object(TemplateResponse), object(Application))
  7. at call_user_func(object(Closure), object(Request), object(TemplateResponse), object(Application)) in Application.php line 387
  8. at Application->Silex\{closure}(object(PostResponseEvent), 'kernel.terminate', object(TraceableEventDispatcher)) in WrappedListener.php line 61
  9. at WrappedListener->__invoke(object(PostResponseEvent), 'kernel.terminate', object(EventDispatcher)) in EventDispatcher.php line 184
  10. at EventDispatcher->doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.terminate', object(PostResponseEvent)) in EventDispatcher.php line 46
  11. at EventDispatcher->dispatch('kernel.terminate', object(PostResponseEvent)) in TraceableEventDispatcher.php line 133
  12. at TraceableEventDispatcher->dispatch('kernel.terminate', object(PostResponseEvent)) in HttpKernel.php line 77
  13. at HttpKernel->terminate(object(Request), object(TemplateResponse)) in Application.php line 598
  14. at Application->terminate(object(Request), object(TemplateResponse)) in Application.php line 565
  15. at Application->run(object(Request)) in Application.php line 97
  16. at Application->run() in index.php line 12
Uncaught Exception: Swift_TransportException

Uncaught Exception: Swift_TransportException .

Swift_TransportException in AuthHandler.php line 181:
Failed to authenticate on SMTP server with username "notifymcgoo@gmail.com" using 1 possible authenticators 

                    if ($authenticator->authenticate($agent, $this->_username, $this->_password)) {
                        return;
                    }
                }
            }
            throw new Swift_TransportException(
                'Failed to authenticate on SMTP server with username "'.
                $this->_username.'" using '.$count.' possible authenticators'
                );
        }
    }

Google this Exception

Stack trace

# 1 \Swift_Transport_Esmtp_AuthHandl …::afterEhlo(Swift_Transport_EsmtpTransport)
[root]/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php # line 332
# 2 \Swift_Transport_EsmtpTransport::_doHeloCommand()
[root]/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php # line 118
# 3 \Swift_Transport_AbstractSmtpTra …::start()
[root]/vendor/swiftmailer/swiftmailer/lib/classes/Swift/FileSpool.php # line 149
# 4 \Swift_FileSpool::flushQueue(Swift_Transport_EsmtpTransport)
[root]/vendor/silex/silex/src/Silex/Provider/SwiftmailerServiceProvider.php # line 95
# 5 Silex\Provider\SwiftmailerServiceProvider::Silex\Provider\{closure}(Request, TemplateResponse, Application)
# 6 call_user_func(Closure, Request, TemplateResponse, Application)
[root]/vendor/silex/silex/src/Silex/Application.php # line 387
# 7 Silex\Application::Silex\{closure}(PostResponseEvent, "kernel.terminate", TraceableEventDispatcher)
[root]/vendor/symfony/event-dispatcher/Debug/WrappedListener.php # line 61
# 8 Symfony\Component\EventDispatcher\Debug\WrappedListener::__invoke(PostResponseEvent, "kernel.terminate", EventDispatcher)
[root]/vendor/symfony/event-dispatcher/EventDispatcher.php # line 184
# 9 Symfony\Component\EventDispatcher\EventDispatcher::doDispatch([array], "kernel.terminate", PostResponseEvent)
[root]/vendor/symfony/event-dispatcher/EventDispatcher.php # line 46
# 10 Symfony\Component\EventDispatcher\EventDispatcher::dispatch("kernel.terminate", PostResponseEvent)
[root]/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php # line 133
# 11 Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher::dispatch("kernel.terminate", PostResponseEvent)
[root]/vendor/symfony/http-kernel/HttpKernel.php # line 77
# 12 Symfony\Component\HttpKernel\HttpKernel::terminate(Request, TemplateResponse)
[root]/vendor/silex/silex/src/Silex/Application.php # line 598
# 13 Silex\Application::terminate(Request, TemplateResponse)
[root]/vendor/silex/silex/src/Silex/Application.php # line 565
# 14 Silex\Application::run(Request)
[root]/vendor/bolt/bolt/src/Application.php # line 97
# 15 Bolt\Application::run()
[root]/public/index.php # line 12

Request data

content (empty)
languages en_US
en
charsets (empty)
encodings br
gzip
acceptableContentTypes text/html
application/xhtml+xml
application/xml
*/*
pathInfo /news
requestUri /news
baseUrl (empty)
basePath (empty)
method GET

Headers

host ["bolt"]
connection ["close"]
user-agent ["CCBot/2.0 (https://commoncrawl.org/faq/)"]
accept ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]
accept-language ["en-US,en;q=0.5"]
accept-encoding ["br,gzip"]

Server

HTTP_HOST bolt
HTTP_CONNECTION close
HTTP_USER_AGENT CCBot/2.0 (https://commoncrawl.org/faq/)
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-US,en;q=0.5
HTTP_ACCEPT_ENCODING br,gzip
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SERVER_SIGNATURE <address>Apache/2.4.25 (Debian) Server at bolt Port 80</address>
SERVER_SOFTWARE Apache/2.4.25 (Debian)
SERVER_NAME bolt
SERVER_ADDR 192.168.80.2
SERVER_PORT 80
REMOTE_ADDR 192.168.80.3
DOCUMENT_ROOT /var/www/html/public
REQUEST_SCHEME http
CONTEXT_PREFIX (empty)
CONTEXT_DOCUMENT_ROOT /var/www/html/public
SERVER_ADMIN [no address given]
SCRIPT_FILENAME /var/www/html/public/index.php
REMOTE_PORT 35130
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING (empty)
REQUEST_URI /news
SCRIPT_NAME /index.php
PHP_SELF /index.php
argv []
Arguments: 
array:1 [
  0 => Swift_Transport_EsmtpTransport {
    -_handlers: array:1 [
      "AUTH" => Swift_Transport_Esmtp_AuthHandler {
        -_authenticators: array:3 [
          0 => Swift_Transport_Esmtp_Auth_CramMd5Authenticator {}
          1 => Swift_Transport_Esmtp_Auth_LoginAuthenticator {}
          2 => Swift_Transport_Esmtp_Auth_PlainAuthenticator {}
        ]
        -_username: "notifymcgoo@gmail.com"
        -_password: "6690823boyded"
        -_auth_mode: "login"
        -_esmtpParams: array:6 [
          0 => "LOGIN"
          1 => "PLAIN"
          2 => "XOAUTH2"
          3 => "PLAIN-CLIENTTOKEN"
          4 => "OAUTHBEARER"
          5 => "XOAUTH"
        ]
      }
    ]
    -_capabilities: array:7 [
      "SIZE" => array:1 [
        0 => "35882577"
      ]
      "8BITMIME" => []
      "AUTH" => array:6 [
        0 => "LOGIN"
        1 => "PLAIN"
        2 => "XOAUTH2"
        3 => "PLAIN-CLIENTTOKEN"
        4 => "OAUTHBEARER"
        5 => "XOAUTH"
      ]
      "ENHANCEDSTATUSCODES" => []
      "PIPELINING" => []
      "CHUNKING" => []
      "SMTPUTF8" => []
    ]
    -_params: array:8 [
      "protocol" => "tcp"
      "host" => "smtp.gmail.com"
      "port" => 587
      "timeout" => 30
      "blocking" => 1
      "tls" => true
      "type" => 1
      "stream_context_options" => []
    ]
    #_buffer: Swift_Transport_StreamBuffer {
      -_stream: &1 stream resource @1002
        crypto: array:4 [
          "protocol" => "TLSv1.2"
          "cipher_name" => "ECDHE-ECDSA-AES128-GCM-SHA256"
          "cipher_bits" => 128
          "cipher_version" => "TLSv1.2"
        ]
        timed_out: false
        blocked: true
        eof: false
        stream_type: "tcp_socket/ssl"
        mode: "r+"
        unread_bytes: 0
        seekable: false
        options: []
      }
      -_in: &1 stream resource @1002
      -_out: &1 stream resource @1002
      -_params: array:8 [
        "protocol" => "tcp"
        "host" => "smtp.gmail.com"
        "port" => 587
        "timeout" => 30
        "blocking" => 1
        "tls" => true
        "type" => 1
        "stream_context_options" => []
      ]
      -_replacementFactory: Swift_StreamFilters_StringReplacementFilterFactory {
        -_filters: []
      }
      -_translations: []
      #_sequence: 28
      -_filters: []
      -_writeBuffer: ""
      -_mirrors: []
    }
    #_started: false
    #_domain: "[192.168.80.2]"
    #_eventDispatcher: Swift_Events_SimpleEventDispatcher {
      -_eventMap: array:5 [
        "Swift_Events_CommandEvent" => "Swift_Events_CommandListener"
        "Swift_Events_ResponseEvent" => "Swift_Events_ResponseListener"
        "Swift_Events_SendEvent" => "Swift_Events_SendListener"
        "Swift_Events_TransportChangeEvent" => "Swift_Events_TransportChangeListener"
        "Swift_Events_TransportExceptionEvent" => "Swift_Events_TransportExceptionListener"
      ]
      -_listeners: []
      -_bubbleQueue: []
    }
    #_sourceIp: null
  }
]
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
Arguments: 
array:1 [
  0 => Swift_Transport_EsmtpTransport {
    -_handlers: array:1 [
      "AUTH" => Swift_Transport_Esmtp_AuthHandler {
        -_authenticators: array:3 [
          0 => Swift_Transport_Esmtp_Auth_CramMd5Authenticator {}
          1 => Swift_Transport_Esmtp_Auth_LoginAuthenticator {}
          2 => Swift_Transport_Esmtp_Auth_PlainAuthenticator {}
        ]
        -_username: "notifymcgoo@gmail.com"
        -_password: "6690823boyded"
        -_auth_mode: "login"
        -_esmtpParams: array:6 [
          0 => "LOGIN"
          1 => "PLAIN"
          2 => "XOAUTH2"
          3 => "PLAIN-CLIENTTOKEN"
          4 => "OAUTHBEARER"
          5 => "XOAUTH"
        ]
      }
    ]
    -_capabilities: array:7 [
      "SIZE" => array:1 [
        0 => "35882577"
      ]
      "8BITMIME" => []
      "AUTH" => array:6 [
        0 => "LOGIN"
        1 => "PLAIN"
        2 => "XOAUTH2"
        3 => "PLAIN-CLIENTTOKEN"
        4 => "OAUTHBEARER"
        5 => "XOAUTH"
      ]
      "ENHANCEDSTATUSCODES" => []
      "PIPELINING" => []
      "CHUNKING" => []
      "SMTPUTF8" => []
    ]
    -_params: array:8 [
      "protocol" => "tcp"
      "host" => "smtp.gmail.com"
      "port" => 587
      "timeout" => 30
      "blocking" => 1
      "tls" => true
      "type" => 1
      "stream_context_options" => []
    ]
    #_buffer: Swift_Transport_StreamBuffer {
      -_stream: &1 stream resource @1002
        crypto: array:4 [
          "protocol" => "TLSv1.2"
          "cipher_name" => "ECDHE-ECDSA-AES128-GCM-SHA256"
          "cipher_bits" => 128
          "cipher_version" => "TLSv1.2"
        ]
        timed_out: false
        blocked: true
        eof: false
        stream_type: "tcp_socket/ssl"
        mode: "r+"
        unread_bytes: 0
        seekable: false
        options: []
      }
      -_in: &1 stream resource @1002
      -_out: &1 stream resource @1002
      -_params: array:8 [
        "protocol" => "tcp"
        "host" => "smtp.gmail.com"
        "port" => 587
        "timeout" => 30
        "blocking" => 1
        "tls" => true
        "type" => 1
        "stream_context_options" => []
      ]
      -_replacementFactory: Swift_StreamFilters_StringReplacementFilterFactory {
        -_filters: []
      }
      -_translations: []
      #_sequence: 28
      -_filters: []
      -_writeBuffer: ""
      -_mirrors: []
    }
    #_started: false
    #_domain: "[192.168.80.2]"
    #_eventDispatcher: Swift_Events_SimpleEventDispatcher {
      -_eventMap: array:5 [
        "Swift_Events_CommandEvent" => "Swift_Events_CommandListener"
        "Swift_Events_ResponseEvent" => "Swift_Events_ResponseListener"
        "Swift_Events_SendEvent" => "Swift_Events_SendListener"
        "Swift_Events_TransportChangeEvent" => "Swift_Events_TransportChangeListener"
        "Swift_Events_TransportExceptionEvent" => "Swift_Events_TransportExceptionListener"
      ]
      -_listeners: []
      -_bubbleQueue: []
    }
    #_sourceIp: null
  }
]
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)
(Arguments not available. Raise debug_trace_argument_limit to see them)