Users of the dark web, where customers can mail order any drug imaginable, don’t only have to worry about the cops. Hackers and scammers are constantly looking to empty unsuspecting shoppers’ digital wallets, typically by tricking them into handing over usernames and passwords.
But events have come full circle for one of the dark web’s most notorious thieves, known as Phishkingz. Over the past few days, a hacker has targeted Phishkingz, figured out what appears to be his real identity, and attempted to extort him. The case highlights how people who hide behind pseudonyms online can sometimes be unmasked, especially due to their own, sloppy mistakes.
“He probably saw the thread I made on Reddit and shit himself,” the attempted extortionist, who goes by the handle InsanityDRM, told The Daily Beast.
The dark web is a small collection of websites that use special software, called Tor, to hide the physical location of the website’s servers. This means law-enforcement agencies have a harder time tracking down who is hosting a dark-web site. This technology, along with the pseudo-anonymous currency bitcoin, has facilitated dozens of online marketplaces, which offer drugs, and sometimes weapons and stolen data.
Phishkingz runs an elaborate network of fake marketplaces designed to look exactly like the originals, but with a key difference—when a customer logs into the fake market, the site sends their login details to Phishkingz. He can then log in and try to steal the target’s bitcoins.
But what separates Phishkingz from other dark-web hackers is that he is not hiding in the shadows. Far from it, Phishkingz taunts his victims publicly on Reddit, and flexes his muscles in media interviews.
“I dominate the phishing scene on the dark web,” he said in a recent interview with news site Deep Dot Web. In that interview, Phishkingz claimed, perhaps optimistically, to have made over $1 million targeting users of AlphaBay, which until recently was the largest marketplace on the dark web.
With that notoriety, Phishkingz has made some enemies.
“I noticed how much he was flexing on the [Trade Route] subreddit,” InsanityDRM, the extortionist, told The Daily Beast. Trade Route is a typical dark-web market that vanished recently.
Phishkingz was “acting like he’s a boss,” InsanityDRM said.“Figured I’d knock him down a peg or two.”
In short, InsanityDRM followed some of the crumbs Phishkingz had left online. During his Deep Dot Web interview, Phishkingz mentioned he hacked a dark-web market called Trishula. So InsanityDRM says he hacked Trishula himself, found Phishkingz’s login details, and cracked his password—the name of a football club and a number.
The Daily Beast independently obtained a copy of the same dark-web marketplace database, which was already publicly available, and confirmed that Phishkingz’s password was the same as the one InsanityDRM claims to have discovered.
According to InsanityDRM, Phishkingz used this same password on Reddit and Jabber, an online chat service. To prove he had access, InsanityDRM contacted The Daily Beast from Phishkingz’s account.
InsanityDRM then searched through other hacked databases for people using the same password. He found a match with someone registered on several sites focused on credit-card fraud, using what appeared to be their personal email address. That led to a Facebook account, which also used the same password a number of years ago.
InsanityDRM tried, unsuccessfully, to extort Phishkingz with these discoveries for around $10,000. The person believed to be behind the notorious scam identity has since deleted or increased the privacy settings on his Facebook, and did not respond to a request for comment. InsanityDRM also believes Phishkingz runs Onion.top, a website that allows people to connect to dark-web markets without using Tor, but which appears to tamper with the content of visited sites.
InsanityDRM says he has already provided all of the information to the authorities.
As Motherboard reported, an IRS agent contacted InsanityDRM asking for more details. InsanityDRM shared screenshots of alleged conversations he had with this agent with The Daily Beast.
“Yeah I provided them with his info,” InsanityDRM said. The IRS agent declined to comment.
Even though dark-web marketplace users may have little legal respite—it’s unlikely someone buying heroin is going to complain to the police when a thief steals their bitcoin—authorities have previously arrested people who hack dark-web customers. Last year, Michael Richo was charged in connection with his own scheme to steal bitcoins using phishing pages. Richo obtained more than $365,000 and more than 10,000 usernames and passwords, according to the Justice Department, and he later pleaded guilty.
“I wonder if he’s finally on the run,” InsanityDRM said of Phishkingz.