main

Security

Are Darknet Take-Downs Effective?

May 29, 2019 — by Daniel Smith1

darknet-960x540.jpg

Raids and take-downs have become standard on the Darknet as agents across the world continue to step up enforcement. While these take-downs are generally digital perp walks meant to remind the public that agents are doing their job, we have to ask, are they actually solving the problem?

Moreover, does the Darknet, specifically Tor, really matter in the grand scheme of things? No. Darknet marketplaces only provide a layer of protection. In fact, most of the items you find listed on any given Darknet marketplace can also find on normal Clearnet markets and forums. In reality, Darknet take-downs are only temporarily impacting, but do not prevent overall illicit activity.

For example, when you look at the sale of stolen data online you will find several major vendors that have sold databases throughout a variety of darknet marketplaces over the years. But databases containing PII and credentials are also sold on well-known Clearnet sites like Exploit, which is indexed by major search engines and has not been taken down to this day.

[You may also like: Understanding the Darknet and Its Impact on Cybersecurity]

DDoS-as-a-Service

When you look at attack services such as DDoS-as-a-Service, you will find that it was never a major player in Darknet marketplace, but during the rise of Mirai, a few vendors were found offering attack services with the newly publicized botnet. While vendors never fully adopted the use of hidden service, a few vendors sell overpriced DDoS services on Darknet marketplaces today. This is because most of the bot herders own and operate stresser services on Clearnet websites.

While Operation Power Off, a series of take-downs targeting the DDoS-as-a-Service industry, has been a major success in limiting the number of DDoS attacks, the powerful and customizable source code for IoT botnets like Mirai is still highly available. Because of this, the DDoS-as-a-Service market has become so over saturated that you can find entry-level vendors selling botnet spots with low bot counts on Instagram.

User advertises Mana Botnet on Instagram

More users with source code, more problems, no matter how many stresser services are taken down.

A Growing Criminal Landscape

In all, the digital marketplace, both on the clear and darknet, have allowed the criminal landscape to grow beyond street dealers with limited options and includes several new ways to make profit while not actually touching the products or services offered.

At the beginning of May, DeepDotWeb, a Clearnet site that listed current Darknet marketplaces and covered news related to the Darknet was raided and seized by law enforcement for referral linking. Most recently, news just broke that BestMixer, a multi-million-dollar cryptocurrency tumbler used to launder cryptocurrency was also raided.

As the tactics and techniques change, new avenues of profit will always open up.

At this point, it’s clear the landscape has changed dramatically over the last decade, and law enforcement is targeting the new ecosystem—but with limited success, in my opinion. Like low-level hackers, law enforcement is going for the low hanging fruit, and while it provides for great headlines and temporary impacts, it doesn’t truly solve anything and only creates more problems down range.

[You may also like: Darknet: Attacker’s Operations Room]

Stay Vigilant

I’ll leave you with an article titled, Libertas Market is Available Via I2P.

The use of hidden services (Tor) is only the beginning of the digital underground marketplace. Admin and vendors will continue to seek different methods to avoid law enforcement as long as demands and profits are high.

In other words, don’t fall into a false sense of security; the Darknet isn’t going anywhere anytime soon.

Download “Hackers Almanac” to learn more.

Download Now

HacksSecurity

5 ways hackers market their products and services

August 8, 2016 — by Daniel Smith1

Screen-Shot-2016-07-29-at-4.04.03-PM.png

Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.

Attack Types & VectorsSecurity

Darknet 101: An Introduction to The Darkest Places Online

April 27, 2016 — by Daniel Smith12

darknet-101-2-960x640.png

In my last blog, I talked a little about the general principles of the cyberattack marketplace.  Today, we will take a closer look at the Darknet. There is so much talk these days about the Darknet. It’s the stuff of crime novels – a hotbed of criminal activity where anything can be bought and sold.

While that is true, the Darknet also provides an anonymizing layer to journalists and activists around the world who fight for the freedom of information and privacy. It is often a place where they can securely and anonymously communicate with their contacts.