Faceless.cc Socks5 rental possibly Seized

DarkNetGuard

Senior Contributor
VIP
Joined
Jan 21, 2023
Threads
51
Post Replies
54
Status
offline
Last seen
https:/krebsonsecurity.com/2023/04/giving-a-face-to-the-malware-proxy-service-faceless/

Pretty much everything "important" on kreb's article, those who are too lazy to read, he and he's contacts basically doxed the owner and published a lot of information about the guy. Even though he is Russian, it's still not nice to have your data published like that. You might already know how this can possibly affect to people who has used the website but let's get into that in a second.

I have been "researching" these type of shops/markets, whatever you wanna call them for years. I honestly thought LuxSocks and Faceless were ran by same people because for example because both were opened at around same time, both frontend and "backend" were very similar at least in my eyes. And of course, both sites never sold Russian bots.

So I could say pretty certain that he won't run the site for long and that would be right thing to do and for him to get rid of all user data and logs. Last time when Krebs wrote similar article about a proxy shop named 911.re, it got shut down a few days after but that could be because they claim to get hacked which I honestly believe. They hosted whole interface on a Windows server 2008 + with a simple Shodan search everyone could access to some backend stuff because of open ports and I believe it was some email software with most likely multiple known exploits.

Take care and sorry about the messy post, remember to take your OPSEC seriously guys and that involves not using same usernames/passwords anywhere, even on sites like these that could seem meanless at the time you are registering
 

Fraudbox

Junior Contributor
VIP
Joined
Mar 18, 2022
Threads
33
Post Replies
60
Status
offline
Last seen
Thanks for the great article and summary.

Russian actors do tend to take opsec somewhat lightly due to the fact that they're protected under their own judiciary roof (крыша). Western LEA will never be able to touch them unless FSB wants to cooperate and take them down (see REvil arrests), or they leave the country.

We should also not forget that the CIS scene has an unwritten rule to never target their own countires, regardless of what the action is. A large chunk of providers of malicious services will have it in their ToC as you've mentioned. More advanced tools have IP filters or scanners for detecting RU keyboard layouts which put them to sleep.

Faceless is still run under the iSocks account on some forums, grab your popcorn and let's see how this plays out. I imagine they might be eaten by their environment with competition capitalizing on this.
 

DarkNetGuard

Senior Contributor
VIP
Joined
Jan 21, 2023
Threads
51
Post Replies
54
Status
offline
Last seen
Thanks for the great article and summary.

Russian actors do tend to take opsec somewhat lightly due to the fact that they're protected under their own judiciary roof (крыша). Western LEA will never be able to touch them unless FSB wants to cooperate and take them down (see REvil arrests), or they leave the country.

We should also not forget that the CIS scene has an unwritten rule to never target their own countires, regardless of what the action is. A large chunk of providers of malicious services will have it in their ToC as you've mentioned. More advanced tools have IP filters or scanners for detecting RU keyboard layouts which put them to sleep.

Faceless is still run under the iSocks account on some forums, grab your popcorn and let's see how this plays out. I imagine they might be eaten by their environment with competition capitalizing on this.
Oh just to make clear that I am not Krebs or anything related to him, I just like to read his stuff but honestly not a fan of him doxing people like that.

But yes, will be interesting to see what happens and which shops get targeted next
 

Cloakedup71

Established Contributor
Regular Member
Joined
Mar 28, 2022
Threads
1
Post Replies
36
Status
away
Last seen
what i dont get is if the doxes are real how tf do they run for so long? dudes have to be millionaires by now for sure

my guess is they try to run the their services somewhat "legal" to use the money in RU

also its easy enough to get bots but they still not smart enough for basic opsec like what lmao
 

DarkNetGuard

Senior Contributor
VIP
Joined
Jan 21, 2023
Threads
51
Post Replies
54
Status
offline
Last seen
what i dont get is if the doxes are real how tf do they run for so long? dudes have to be millionaires by now for sure

my guess is they try to run the their services somewhat "legal" to use the money in RU

also its easy enough to get bots but they still not smart enough for basic opsec like what lmao
I think they bought the bots or some exploits for getting them from forums like Xss. Of course it takes a lot skill to build an functioning service like that but maybe not so smart looking to buy that exploit from someone who can possibly get access to them after. Anyways this is indeed a bit tricky situation for them, but most likely they dont seem at least too hurry shutting down everything because they live in Russia (I believe).

Was wondering too if they would had ended up getting their stuff from Genesis.Market , because of timing of this article
 

Users who are viewing this thread

Top