The Dark Web is where the sunshine of regulated commerce doesn’t apply. Here you can find criminals selling weapons, illegally harvested organs and child pornography, for example. Here is also where hackers sell the sensitive information they’ve stolen from organizations, and offer new tools and methods that will help fellow hackers pull of their next cybercrime.
This is the second in a three-part series about the motives, tools and communities of hackers. We first looked at the motivations of hackers by interviewing one. Now we’ll look at the tools and services that are easily available to hackers so they can work their trade. We’ll review how they get and use these tools and services so you can get a first view of what the mysterious dark web looks like.
The Real Deal
Accessible through Tor and hidden from the view of casual internet users, The Real Deal is an underground marketplace that specializes in the illicit goods and services that make hackers money. It has more than 40,000 registered users who can anonymously sell products, including hacking exploit kits, stolen databases, and, not to mention, illegal drugs.
The Real Deal’s “zero-day” page recently listed nine security vulnerabilities. Some of them claimed to infiltrate Microsoft Office, steal Apple ID passwords and access mobile applications. The site also opens the door to a marketplace where vendors sell WordPress passwords and stolen credit card information. We have good news to report: in September, The Real Deal died by its sword, at least temporarily, when it came under cyberattack.
Open Hacking Lab
Launched in August, Open Hacking Lab (OHL) could be the first Dark Web source selling Office 365 passwords. “r3s15tanc3,” the anonymous administrator of OHL, says he (or she) is selling global admin level accounts, meaning they grant access to an entire organization’s resources, email accounts and Office 365 global settings panel. But that’s not all OHL offers: Amazon Prime, iCloud and Microsoft accounts can be had for a price.
The Anti-Phishing Working Group (APWG) – a global coalition fighting cybercrime – found that phishing increased 250% from the last quarter of 2015 through the first quarter of 2016. These attacks hit hard the retail-service sector. The increase is connected to the proliferation of free phishing kits that are available on the Dark Web. Anyone with a smattering of IT experience can download a freebie and soon start a phishing attack. With so little investment required, and so much to be gained, it’s no wonder phishing kits are a hot item on the Dark Web.
Ransomware is one of the most profitable and popular forms of malware going round. A recently popular ransomware tool on the Dark Web has been MarsJoke Ransomware Mimics CTB Locker, which was distributed through a large-scale email campaign that is targeting state and local governments and educational institutions in the U.S. Also to be found on the Dark Web: Princess Locker, which encrypts a victim’s data and then demands a hefty ransom amount of 3 bitcoins.
The Dark Web itself, specifically Tor, enables hackers to hide their identities when performing DDOS attacks. Tor lets hackers anonymously communicate with the victims of DDOS attacks and demand ransomware in the form of Bitcoins. Earlier this year, a teen in the U.K. pleaded guilty to selling DDOS tools such as Dejabooter, Vexstresser, netspoof and Refinedstresser on the Dark Web. His tools were responsible for crashing websites throughout the U.K. and Europe. In a most recent incident, two Israeli young men are suspected of running an attack service called vDOS which they used to help orchestrate more than 150,000 DDOS attacks over the last two years.
Now, this only scratches the surface of what’s out there. The tools and services of the Dark Web can’t be easily cataloged. New ones constantly replace old ones discovered by cybersecurity experts, and there’s just so much available under the cloak of anonymity on the Dark Web that it’s difficult to find each and every trick of a hacker’s trade.
Concerned? Yeah, unfortunately the Dark Web should scare you.