Omicron Market, a dark web market, was hacked and shut down by its PHP programmer
Recently, another English dark web marketplace, Omicron Market, was shut down, and the main reason for its closure was that it was hacked by a PHP programmer recruited by its administrator. Omicron Market was a small dark web marketplace that just went live a few months ago and should have never really gained too many users or vendors.
Like other dark web marketplaces, it ended up shutting down, but again Omicron Market was different from the others in that it was just starting out and shutting down. The most fatal reason was that the administrator of this market was not a good programmer, or even had no development skills, which meant he had to hire programmers to develop his dark web market.
The story, exclusively reported by "ODN", is divided into four segments: the first segment is "Omicron Market administrator hires PHP developer", the second segment is "Hacker applies for the job and hijacks Omicron Market's server", and the third segment is "Server is shut down". The third clip is "The server is shut down and the hacker expresses his disdain for the Omicron Market administrator", and the fourth clip is "The Omicron Market administrator makes a final statement".
Omicron Market administrator hiring PHP developers
I’m the admin of Omicron Market and I’m posting a good job what I’m looking for
PHP developer who is always online and communicates very well and who can implement ideas well who can develop new features who want to earn something and want to raise something big with me
Your job would be:
Fixed bugs on the server
Development of new features
Team ability if we have multiple team members
If you are willing to work with me, please contact me, you can earn a lot
The money from the market revenue will then be paid out monthly as soon as I have met you
This person is looking for PHP developers who are good at development and want to join the Omicron Market team, as we all know PHP is the most popular language in the world and there are many people who know it. So I guess a lot of people signed up to participate.
Hackers applied for the job and hijacked Omicron Market's servers
It seems that the administrator of Omicron Market found the person who developed PHP, but instead of "fixing the server bugs", the person decided to hijack the server. A week ago, he posted in the newmarkets section.
I’m sorry my programmer tricked me and stole omicron and he just stole everything
I’m sorry folks
He later added a simple explanation.
my market was destroyed i paid someone to program and they locked me out and blackmailed me etc
and deleted the whole server backups everything
Omicron Market administrators learned a valuable lesson, don't just hire unknown people on the dark web to work on your dark web marketplace, and more importantly, don't get involved in running a dark web marketplace without any knowledge of web development. As for the few users of Omicron Market, they should be thankful that it was banned by hackers and not by the police like many other former dark web marketplaces.
The hackers expressed their contempt for the rookie administrator
The Austrian gentleman from Grez who runs this site has whored out his singular server to several devs, many of whom have published the IP address of this server. The server listens on port 80, so it's accessible from the clearnet at an ipv4 address ending in 107.
I was able to make him think I was a senior php developer who would want to work for a small 300 euros. I got him to click 2 ip grabbers that gave me his real ip address and then had him ssh into a webserver that recorded his ip address. I actually had to guide him through how to use SSH… on his windows 10 laptop! What market admin uses microsoft spyware??
To be clear, he gave ROOT access to anyone pretending to be a dev.
The market is now down and only redirects to a nginx set up file.
Anyways, I copied the entire market. Let me say, it is not much more than your average eckmar's script. It suffered from severe issues like the cart.php throwing up a 404.
At this point its safe to assume Europol is aware of the situation and Flokinet has been informed of the server misuse.
If Omicron comes back online, its safe to say LE is running it…
The hacker expressed his contempt for the rookie admin.
It was much worse than you think. He put out several offers on jobs4crypto and hiddenservices (/u/Omicronmarket) asking for a php dev. He didn't learn his lesson the first time when some bloke he hired flaked on him after some work.
Anyway, the idiot wanted me to fix a myriad of problems stemming from the shitty design of the site that would amount to at least 14 hours of work. How much did he offer? 100-200 euros. I only managed to get him up to 300. For any admins out there, don't expect any serious devs to do work for that little. You're just begging to get scammed.
He had less tech knowledge than someone's grandmother. I had to walk him through step by step how to find cmd and ssh into the server HE owned. I tried explaining directories to him but he just couldn't wrap his head around how fucking FOLDERS work!
It gets worse. This man wanted to use Wickr to talk. WICKR! You know why? Because, as he put it, "it runs well on windows". _
I killed his market not for money, but because we couldn't have this shit stain ruining the DNM scene. I wanted to avoid another script kiddie market like Versus or WSM. Those market did well, but they either ended up getting their money stolen by hackers or by LE. That is the future that awaits these dumb fucks.
You're right that you can't treat this like a get rich scheme. Anyone who wants to have a market that stays up and stay out of prison needs to be a MASTER of security, development, and all other related fields. You need at least 10,000 to become a master at something. But today so many "admins" are choosing to spend 10 minutes learning and the remainder of those 10,000 hours in prison.
The hacker claims he accepted a job offer from a senior PHP developer for 300 euros and had the administrator click on a link to probe the IP, which provided him with the administrator's real IP address in Austria.
In his reply, the hacker said, "The Omicron Market admin uses yak.im to send unencrypted jabber messages where he speaks high level German. This guy didn't cover his tracks very well!"
The hacker continued, "When I offered to work for him, he gave me ROOT access to his FTP and SSH servers, which I immediately used to lock him down. Anyway, his server's IP address ends with 107. It was in Romania and I managed to get in touch with the hosting service."
Omicron Market appears to be hosted by Flokinet, a hosting company based in Romania.
The hacker also added that he had notified the hosting company and that he also wanted Europol to catch the administrator of Omicron Market (who apparently uses Windows 10 as his operating system).
The administrator of Omicron Market made a final statement
The administrator of Omicron Market made his final statement in Dread, "My final statement on Omicron Market".
I'm really sorry about what happened, my official programmer disappeared back then and I didn't want to give up omicron and therefore I was looking for a developer who would like to help me in my team, as I also told everyone on the support tickets that the market currently has bugs had to be remedied.
Then someone got in touch with me and I wrote to him for a while and he said he absolutely wanted to prove himself to me etc. and there were many applicants that I didn't all accept. That person made a nice impression on me and was capable of everything i gave him a small chance to tell me what the error is and he told me the cart.php.
He wanted the access data directly, but I hesitated because I didn't know the person and I didn't know who was behind it, so I continued to write to him to find out more. I told him some stories that I was in a very difficult situation in my live and I need him to help me to get ahead….
and one day i gave him access to my server but before that i connected to my vpn and i stayed connected to my vpn even when he said i should disconnect the vpn i didn't do it and clicked on his link with vpn sure it was stupid but he told me some story he had to make sure that it is not reachable from the clearnet. and i want to show you which updates i made
i paid part of his work in advance that he did anything at all and the server was never reachable from the clearnet that is an absolute lie. And suddenly he said I should log in to SSH but I also did it with vpn to be on the safe side
And suddenly he locked me out of my server and didn't have access to anything anymore and I thought shit what do I do now and he blackmailed me to the last I should pay $500 and I'll get omicron back again otherwise your data will go to interpool and that he worked for LE.
There was never any talk of me wanting to talk to him via wickr but via jabber OTR encrypted I paid close attention to that he says he had my ip and that the server was running on flokinet that's absolutely not true I don't even know anything about flokinet die I switched off the server myself for security reasons
I wrote to my hoster myself and told what happened and they said wait a minute and 1 hour later he was locked out of my server and before that I had deleted the logs all on the entire server and deleted the recycle.bin files.
The server was not switched off for me after that, for security reasons, I canceled the server myself so that it can no longer be reached and it is finally offline within 24 hours.
And if someone uses this script, it's not me, it's him because he copied the entire script from the omicron servers. I've always read your comments and finally give my opinion on it.
he doesn't have my real ip address but from the respective vpn where i was connected and i never spoke in high german because english is my language i just told him some stories so that it came across more credibly
Eventually he used my situation to blackmail me, but I didn't pay because he was sure he wanted more and more.
But I've also noticed that people believe lies and he's the celebrated dude that destroyed the omicron market.
we had a very fast growth in such a short time and i think it's a real shame that it has to end like this but don't worry.
i didn't give everyone access to my servers, you'll just be exploited if you're too honest and look for people who have what it takes
He told me he had to explain to me how to open cmd he just told me the command what to type
He told me from which country he comes from and wanted to know it from me and I told him some country and I also connected to the corresponding vpn that it comes across as more credible, I'm not that stupid either
If you want to know anything else I am at your disposal and this account will be deleted by me soon
I wish you a nice further time here in DN and take care of yourselves
Former Omicron Admin
To sum up: this is not the first time, there are too many unreliable trading markets on the dark web, especially small dark web markets with incompetent administrators, so you can see one joke after another, one dogged story after another.
The dark web market Omicron Market used to have the following V3 domain address.
For more dark web news, please follow "ODN".
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.