Thursday, 2024 November 28

No honor among thieves: Why the dark web is having a trust crisis

“I don’t trust society to protect us,” said Michael Corleone in The Godfather. Now it looks like criminals on the dark web don’t even trust the underground marketplaces they’ve been relying on to trade stolen credit card accounts.

Researchers at Trend Micro, a Tokyo-based security firm, have found that vendors and their customers in the dark web have essentially descended into a climate of suspicion after the FBI and Europol took down a string of major dark web marketplaces last May. At the time, it also appeared that owners of Wall Street Market—one of the seized sites—were planning an exit scam to make off with over USD 14 million worth of cryptocurrencies held in escrow between sellers and buyers.

None of these occurrences have done much to nurture confidence among anonymous cybercriminals.

“Since 2015, one of the biggest changes in cybercriminal underground marketplaces is the erosion of trust,” said Tony Lee, head of consulting in Hong Kong and Macau at Trend Micro.

“There is no honor among thieves in these marketplaces, and this has impacted how they buy, sell, and communicate.”

Read this: Tokopedia investigates data leakage, allegedly 91 million user accounts compromised

Researchers say that in the aftermath of crackdowns, they’ve yet to see dark web users converging on any single dominant marketplace like before. Users commonly write on forums dreading about the possibility of yet another exit scam or law enforcement takedown. Of the remaining functioning sites, many are facing DDoS attacks, where hackers cripple a site by flooding its server with excessive internet traffic. Some users even suspect that law enforcement is behind them.

That’s not to say that dark web traders have given up. Rebuilding trust—even in one of the darkest places on the web—is essential for an underground economy that generates an estimated USD 1.5 trillion each year, dwarfing the revenue of some of the world’s richest companies.

Notably, some dark web users are now shifting their businesses to the regular internet. Some even accept payments through PayPal on shopping platforms. Many are also using Discord, a chat app popular among gamers, to directly message each other.

The goods and services on offer have evolved with time, according to the researchers.

Deepfakes—an AI technology that can replace faces in a video—have garnered more interest from criminals who realize their nefarious potential. Trend Micro expects attackers will soon start attaching embarrassing fake videos to ransomware to extort money from victims.

Read this: Weibo breach puts account info of over 500 million users on sale on dark web

Fake social media likes are another hot item. 1,000 Instagram likes can go for just 15 US cents, said the researchers. The same number of YouTube likes cost more, around USD 26.

As smart home products and fitness trackers become more popular, they’ve also become new targets. Some criminals are known to hack into Fitbit accounts to request replacement devices under the brand’s warranty program and resell them at cheaper prices. Others rent out IoT botnets, which are networks of smart appliances that are under control by hackers.

To help ensure that criminals get what they pay for, the community has set up its own policing tool. A new site called DarkNet Trust checks how reputable a seller is. And instead of having escrows, some marketplaces now allow walletless transactions, which lets a buyer directly pay the vendor. The marketplaces earn a monthly commission instead of transaction fees.

Trust might be in short supply in the dark web now, but it doesn’t mean that cybercriminals are disappearing. If anything, they’re simply looking for a new way to rebuild their business. . . until law enforcement catches up with them again.

This article was originally published by Abacus News.

MORE FROM AUTHOR

Related Read