His name is Alex Hoden, he is an expert in cyber intelligence and together with his Hold Security team he became the Robin Hood of the Dark Web.
22 December 2022 15.20
This Christmas, the Ukrainian cyberintelligence expert Alex Holden He is risking his life for his country. This Mequon, Wisconsin resident became the Robin Hood of the Dark Web. why? because your team HoldSecurity has hacked into one of the largest online drug markets in Russia, called Solaris, and has diverted cryptocurrency owed to traffickers and site owners to a charity, Enjoying Life, which provides humanitarian aid throughout Ukraine.
Holden, who left kyiv as a teenager in the 1980s in the aftermath of the Chernobyl nuclear disaster, would not reveal how he did it, but said he was able to gain control of much of the Internet infrastructure that powered Solaris. , of various administrator accounts that managed the illicit bazaar, the source code of the website and a database of its users; as well as the drug delivery places.
Holden showed Forbes multiple screenshots of access to Solaris administrator accounts and the “master wallet,” and a Ukrainian cybersecurity expert confirmed that the screenshots did indeed appear to show access to Solaris backend accounts.
Because money was flowing in and out of the wallet quickly, it rarely contained more than 3 bitcoins, worth $50,000, Holden said. That meant there wasn’t a huge amount to siphon off, although he did manage to snag 1.6 bitcoin, worth $25,000, and I sent it to enjoying life.
Enjoying Life co-founder Tina Mikhailovskaya confirmed that the nonprofit had received the donation, stating that all contributions went directly to the elderly, families and internally displaced people who suffered from the Russian war.
Holden now has a significant cache of information about Solaris users and operations, which he believes could be used to identify the whereabouts of any Russian cybercriminals who are using the site to fuel their operations.
It has also maintained control over various parts of the market, thus far undetected. By going public through Forbes, he wants to scare the owners into shutting down the site. The attack also has a political overtone. “Maybe the Russians without their drugs will take a sober look at their country and do something,” he said. “Maybe the Kremlin won’t defend their country’s drug trade and solve the drug problems instead of invading the Ukraine.”
The Killnet connection
The attacks could have repercussions beyond the drug trade on Russia’s dark web. You can destabilize one of Solaris’ partners: a group of hackers known as the Killnet. Launched earlier this year, Killnet first offered to take down websites for a fee by flooding them with traffic, commonly known as a hack attack. distributed denial of service (DDoS).
But after Russia invaded Ukraine, Killnet became a team of patriotic mercenary pirates, vowing to attack Ukrainians and their supporters. It then attacked the websites of US airports, the National Geospatial-Intelligence Agency, and various state government websites with DDoS attacks.
His European targets included the Eurovision song contest, the Estonian government and the Italian National Institute of Health, according to reports. While these attacks were successful in slowing down or preventing access to the websites of the targeted organizations, they had minimal impact compared to the Ukrainian IT Army, which has targeted several big-name Russian organizations including Sberbank and the Moscow stock exchange
Holden is willing to hinder Killnet in any way he can, and his infiltration of Solaris offers him an avenue, as the bag has numerous ties to the Russian hacker group. Over the summer, the latter carried out DDoS attacks against Solaris’s main rival, Rutor, which had become the leader of Russia’s underground drug market after another bazaar, Hydra, was shut down in March. Analysts at US cybersecurity firm ZeroFox said earlier this year that it appeared that Solaris was paying for Killnet’s DDoS services.
Killnet’s own management has also spoken out about supporting Solaris. In an interview with the Russian publication RT in October, one of Killnet’s founders, known as KillMilk, said that his band had the “tremendous support” of the “daring and strong team” at Solaris. After pledging to hack US government agencies in response to US support for Ukraine, he said he had known the Solaris team “for a long time.”
Andras Toth-Czifra, an analyst at the cyberintelligence firm Flashpoint, has been following Killnet’s operations for the past year. He noted that shortly after the RT interview, the hackers said in a Telegram post that they had received financial contributions from Solaris. “It was basically an ad placed on the Killnet channel,” Toth-Czifra said.
Holden, who believes Killnet is funded by drug money from Solaris, added that “maybe cutting this connection will take some fuel out of Killnet’s garbage fire.”
Note published in Forbes US.