While many of Darknet users use these networks for legal reasons, such as increased security through anonymity, most of the services that are hosted in TOR network’s “.onion” addresses are usually illegal, unethical or borderline legal. The few licit services include, for example, whistle-blowing and political platforms that protect users from persecution by oppressive regimes.
Threats on the Dark Web
Darknets are utilized for all types of illegal activities that can be imagined. Black markets have taken advantage of TOR and Bitcoin infrastructure. With their help, the volume of online drug sales has increased exponentially and some counterfeit products can be purchased in bulk. Also, various digital goods can be purchased from these markets including personal information, credit card numbers and step-to-step crime instructions. Furthermore, Darknets are also used by hacktivists and terrorists.
Figure 1. Search Results, Drugs & Chemicals category
Figure 2. Search Results, Fraud category
Some of the products and services sold through Darknet are more often scams than real. For example, weapons are usually scams if they’re not sold through a 3rd party marketplace. Even then, there’s a high chance that they’re not genuine since the prices can out-weigh 3rd party marketplace security deposits.
Figure 3. Search results, Weapons>Pistols categories
Malicious services are also offered through Darknet. Hackers, scammers, money launders and counterfeiters offer their services through Darknet markets. It is sometimes possible to find local language forums where people crowd-source crime planning, post job adverts, and search for employment. Some of the common things people are hired for include debt collection, smuggling, distribution, front/dummy, and assault.
The business models for crimes that are organized through Darknet are usually those that are most commonly typical for cyber-crime. This can be referred to as Crime as a Service (CaaS). Criminals who operate in this way are specialized in their fields of expertise and provide services to each other. This can maximize profits and minimize risks. Even training and consulting services are offered to criminals.
Darknet 3rd party markets can be very lucrative enterprises, but they are the most visible form of crime in Darknet, which makes them the prime targets for law enforcement and financially motivated hackers. What is interesting is that the product that the marketplace owners are actually selling is trust – without the help of these marketplace service providers, there are very little methods to make sure that someone anonymous will deliver the product/service you pay for. It is in the market service providers’ interests to make sure that the information, transactions, and anonymity of their users are secure. Some of the service providers make claims that they have audited their services and infrastructure with the most expensive security consultants available.
Figure 4. Screenshot of a specialized website offering consulting services for criminals
The Dark Web and Intelligence
The Dark Web is a possible Intel source for identifying threats and has several other uses. However, it is difficult to find real content from a sea of false information and scams. If you’re able to understand the phenomenon and the culture, you should be able to reap some of the benefits.
Accessing the Dark Web from a corporate network is not safe. If there is an interest in using it for gathering intelligence, one should assess the need for precautions, such as setting up a specified Darknet-only computer with a dedicated connection, i.e. mobile prepaid internet connection. Threats, such as phishing via cloned websites, are more commonplace in Darknet. Many of the illegal users use bitcoins for transactions making them tempting targets for financially motivated hackers and scammers. For a long-term solution for light usage, one should set up an appropriate operating system. Tails Linux is a good alternative. Its benefit is that it doesn’t allow writing anything on drives and it wipes the memory after each use.
Surfing through Dark Web content for threat information is not all-inclusive, as the more sensitive aspects of crimes are discussed person to person. Our professionals at Centry are currently exploring different mitigation options that are related to the digital underground, and would be delighted to discuss the topic further.