The state of the dark web: Insights from the underground



Lately, dark web actors have one more worry: getting caught by law enforcement. Tracking dark web illegal activities has been a cat-and-mouse game for authorities, but in the end, they often catch their adversaries and seize the dodgy money. On the night of the 2020 presidential election, for example, US government officials managed to empty out a $1 billion Bitcoin wallet recovering funds linked to Silk Road, seven years after the market’s closure. Silk Road was a popular underground marketplace dealing in illegal goods and services such as narcotics, hacking for hire, and contract killing.

Cybercriminal group closure and exit scams

Events like these have compelled cybercriminals to plot new strategies, which sometimes involves closing shop and cashing out before they get on the feds’ radar. In October 2020, the Maze ransomware group, which has breached hundreds of companies including Xerox, LG, and Canon, shut itself down over a six-week period stating they had retired their activities. However, experts have suggested this is likely a façade. Ransomware operators often shut one operation down to join another rather than exit the business completely. 

“In recent years, the dark net has dramatically changed, quite organically, due to increased organized criminal organizations’ use of anonymous forums and marketplaces, the increased presence of young YouTube inspired ‘criminal wannabes,’ and naturally, the subsequent increased presence of law enforcement and their attempts to infiltrate, de-anonymize, and take down such groups and hidden services,” says Mark Turnage, CEO of DarkOwl, a dark web search engine.

Dark web becoming a recruiting channel

According to Turnage, the dark web has evolved into an intermediary ground where cybercriminals minimally interact to poach new members for their group. They then move communications to private, encrypted channels such as Telegram, Jabber, and WickR. “Malware developers and financial fraud [criminals] rely less on dark net marketplaces for distributing their exploits and instead levy black hat forums across the deep web and darknet to establish their brand, develop clout across the community, and recruit new members,” says Turnage. “Many criminal organizations use the dark net merely to vet potential affiliates, particularly in the ransomware-as-a-service industry, and their [co-conspirators].”

Turnage says that DarkOwl has seen more technically savvy criminals increase their use of alternative decentralized dark nets and meshnets such as Lokinet and Yggdrasil. He attributes this to the short lifespan of dark net marketplaces and services across Tor and server seizures by globally coordinated law enforcement agencies.

Moving marketplaces from Tor nodes to private messaging services may also come with technical advantages, such as distributed denial of service (DDoS) protections. These technical safeguards may lure dark web admins as underground marketplaces like Empire have been forced to shut themselves down following DDoS attacks by other cybercriminals in rather ironic extortion attempts. Empire’s abrupt exit has also rendered its so-called “escrow” guarantee void, prompting some patrons to label the closure an “exit scam.”

Copyright © 2021 IDG Communications, Inc.


Source link