Staying On Top Of The Hacker Underground
Understanding the Darknet
The Cyber Crimes Center (C3) within ICE provides computer-based technical services that support domestic and international investigations included in the Homeland Security Investigations (HSI) portfolio of immigration and customs authorities. It is responsible for finding and targeting all cybercrimes within HSI jurisdiction. C3 includes the Cyber Crimes Unit, Child Exploitation Investigations Unit and Computer Forensics Unit. Cybercriminals can also hijack websites to change or delete content or to access or modify databases without authorization. Of course, products and services for payment card frauds are among the most commercialized commodities; it is quite easy to find stolen credit card credentials, Credit card number generators and so on.
The darknet is a part of the internet that is not indexed by traditional search engines. It is often associated with illegal activities due to its anonymous nature, making it a haven for various cybercriminals.
They usually use English, at least on large mainstream dark web markets, to increase the reach of their offering. From this second-language communication (among other things) comes many unique ways of writing, specific words, and unique mistakes. Similar to mainstream ecommerce platforms, trust in a vendor is important and actors want to keep that trust to keep selling products, sometimes at a premium price due to a high quality or reputation.
These marketplaces operate with a structure similar to that of legitimate e-commerce platforms, complete with user reviews and ratings. The operators behind “IntheBox” marketplace are closely connected to developers of major mobile malware families including Alien, Cerberus, Ermac, Hydra, Octopus (aka “Octo”), Poison, and MetaDroid. Such malicious scenarios are designed identically to their legitimate counterpart applications but contain fake forms which intercept the logins and passwords of the victim. In addition to that, the mobile malware enables criminals to intercept 2FA code sent via SMS by the bank or to redirect an incoming call containing verification details.
Ransomware attacks have been rapidly increasing over the past few years, and I believe one reason for this increase is the fact that cybercriminals are being paid out. For instance, in 2019, Riviera Beach City in Florida got their systems hacked by cybercriminals, and they end up paying out 65 bitcoins, which was equivalent to $600,000, to the attackers as ransom. In 2017, the Korean web hosting firm Internet Nayana ended up paying $1.14 million in ransom payments, which is considered to be the biggest ransomware payout to date.
Eternos will be available on AspaNET, but it is uncertain if it will also be available on other darknets (like TOR and I2P) or if it will be an AspaNET exclusive. For trouble-free operations it should have infrastructure that will handle Eternos and other new projects. As the Hydra crew will be its operator, its maintenance budget will be coming from criminal activity. If Russian authorities have something to do with it, they would have the possibility of extending their surveillance with this network. So it is possible that it will be another international darknet, but probably made and controlled in cooperation with the Russian intelligence services. According to the announcement, AspaNET can bypass Internet censorship and filtering made by the Chinese Golden Shield Project and the Russian Sovereign Internet.
How Do Cybercriminals Use Darknet Markets?
A decade later, researchers from Massachusetts Institute of Technology (MIT) opened the dark web to people outside of the military. The invention of cryptocurrency helped the dark web flourish, because it added a new layer of anonymity to transactions. In January 2021, a police sting on the German-Danish border resulted in the arrest of a 34-year-old Australian who is alleged to have operated one of the world’s largest illegal online marketplaces.
Bitcoin have been the most well-known cryptocurrency however new currencies are emerging such as Zerocash, which claims to be a privacy-preserving version of its predecessor. It has also provided an opportunity for dissidents and journalists living under authoritarian regimes to communicate with others beyond their borders. Users have relative anonymity when accessing the darknet using browsers such as Tor (The Onion Router, known as such due to the layers of encryption that surround and obscure the data being passed back and forth when it’s used). The genesis of Tor was in the research of three US Naval Research Laboratory scientists.
Cybercriminals utilize darknet markets for a variety of illicit activities. These markets facilitate transactions that are largely untraceable, providing a safe haven for purchasing and selling illegal goods and services. Here are some common ways they exploit these platforms:
1. Selling Illegal Goods
- Narcotics: Drugs are among the most commonly sold items, with a wide variety available.
- Stolen Data: Personal information such as credit card numbers, social security numbers, and login credentials can be bought and sold.
- Counterfeit Items: Cybercriminals use darknet markets to sell fake passports, ID cards, and other counterfeit goods.
- Weapons: Some darknet markets offer firearms and other weapons, which can be purchased with relative ease.
2. Providing Illegal Services
- Hacking Services: Skilled hackers offer their services to infiltrate businesses or steal data for a fee.
- DDoS Attacks: Cybercriminals can be hired to launch distributed denial-of-service attacks against specific targets.
- Fraud and Identity Theft: Services to create fake identities and execute fraud schemes can be found.
3. Money Laundering
Darknet markets often use cryptocurrencies like Bitcoin to facilitate transactions. This offers a layer of anonymity, making it easier for cybercriminals to launder their money. Techniques used include:
- Tumblers: Services that mix different cryptocurrencies to obscure their source.
- Peer-to-peer exchanges: Allowing for trades of cryptocurrencies to further complicate tracking efforts.
4. Anonymity and Security
The anonymity provided by the darknet is one of its primary attractions for cybercriminals. Key elements that enhance this anonymity include:
- Cryptography: Strong encryption methods protect communications between buyers and sellers.
- Darknet Browsers: Tools like Tor mask users’ IP addresses, making it difficult to trace activities back to individuals.
Common Darknet Markets
Several darknet markets have gained notoriety for their size and the variety of illegal products and services they offer. Some key examples include:
- Silk Road: One of the first and most infamous darknet markets, now defunct.
- AlphaBay: Resurrected after being taken down; continues to operate under a different brand.
- Dream Market: Known for a wide range of products and services.
FAQs
What is the significance of cryptocurrency in darknet markets?
Cryptocurrency provides anonymity for transactions, making it harder for authorities to track financial activities related to cybercrime.
- In addition to technical skills, collaboration and communication abilities are highly valued in the ransomware job market.
- There are various means by which legitimate organizations can protect themselves from hackers.
- The anonymity provided by the dark web and cryptocurrencies makes it difficult to track down vendors and buyers, and this is a problem that will require a concerted effort from law enforcement, governments, and the private sector to address.
Are all darknet markets illegal?
While many darknet markets focus on illegal goods or services, not all activities conducted on the darknet are illegal. Some may involve legal content but operate in a manner that requires privacy.
How do law enforcement agencies combat cybercrime on the darknet?
Agencies employ various methods to combat cybercrime, including:
- Infiltration: Undercover operations to gather information.
- Seizing Domains: Taking down illegal markets and seizing their digital assets.
- Collaboration: Working with international organizations to track and apprehend offenders.
Conclusion
The darknet serves as a significant platform for cybercriminals due to its inherent anonymity. Understanding how these individuals operate can help strengthen prevention methods and inform law enforcement strategies to combat such illicit activities.
