Parts 1, 2 and 3 of our Cybercrime Underground the cybercrime series mentioned a number of the concepts and definitions around cybercrime, and how cybercriminals collaborate in cybercrime forums in shopping for and promoting malicious tools and providers. This newest report in our cybercrime sequence will present a glimpse of the darknet markets the place cybercriminals purchase and sell knowledge which have probably been stolen straight by compromising sufferer computer techniques or by the result of a large database compromise. This blog focuses on explaining what darknet markets are, common fee mannequin used, the type of digital data being purchased and bought in the darknet markets and their typical prices. The objective of this weblog is just not to provide an exhaustive record of all of the services and products being sold in the darknet markets however to shed light on how cybercriminals are using the darknet markets to trade with impunity. It is important to grasp the impact to the growing variety of cybercrime campaigns and how the stolen information is monetized by the cybercriminals as a result of demand in particular PII data in the darknet markets.

Many articles and research published by the knowledge safety industry focus on how cyber assaults could be broken down in phases which is broadly known because the cyber kill-chain model. Darknet markets additionally play two important roles in the general assault kill-chain. First these markets permit cybercriminals to buy tools that are then utilized in particular phases of the kill-chain. For example: Malware creation and exploit tools that are sold within the darknet markets assist cybercriminals in the course of the 'weaponization' and 'exploitation' part of the kill-chain mannequin respectively. The last phase of the kill-chain mannequin 'Actions on Objectives', specify the objective or goal of an adversary. Second, darknet markets allow cybercriminals to achieve their objective of making financial profit by selling the information which may have seemingly been stolen from victim pc methods. It's also worth noting that not all digital knowledge being offered in the darknet markets are gained from the result of successful cyber attacks. Insider knowledge theft can end up in a darknet market as properly. Insiders with the data and know-how on delicate information can assist in creating faux identification products which look authentic. For instance a former Australian police officer was arrested in November 2016, for creating and promoting fake police IDs, security and maritime passes in a darknet market.

The darknet markets as we speak have elevated in numbers as well because the variety of users- one among the first reasons has been the anonymity the darknets provide to the customers to perform their illicit and illegal trades as effectively as the decentralized architecture offered by the Tor network which makes it increasingly troublesome for law-enforcements to take actions against darknet markets.

Darknet markets are websites that are hosted on the deep-web and may be accessed typically using the Tor network. The services and products that are bought and bought within the darknet markets can range from stolen credit-playing cards, personal info & ID scans, personal credit reports, operating accounts of online fee methods, electronic mail accounts with stolen credentials, counterfeit gadgets, malware & exploit kits, drugs and also weapons, among other unlawful products.

Access to Darknet Markets:

Darknet markets are hidden websites which cannot be accessible utilizing common browsers or engines like google as they don't have an actual DNS title. Most darknet markets have a .onion TLD suffix which states that it is a hidden service and may solely be reachable by the TOR network. A .onion site consists of sixteen alphanumeric characters adopted by a .onion TLD. The 16 characters might embody letter from 'a to z' and numeric numbers from '1 to 7'. Below is a syntax of a .onion hidden service.

SYNTAX: [digest].onion

The digest is the base32 encoded worth of the primary eighty bits of a SHA1 hash of the id key for a hidden service. Once Tor sees an handle in this format it tries to connect to the desired hidden service. Many darknet market users additionally use a VPN community to add an extra layer of privacy to cover their source.

Figure 1 High-level depiction on how darknet markets are accessed using Tor

Payment Model:

The cost course of in the darknet markets has followed the process which was utilized by the "Silk Road", one of the primary and greatest identified darknet markets. Purchases in the darknet markets are typically made utilizing virtual currencies like Bitcoin. An individual who desires to purchase a product in the darknet market must credit score his/her darknet market account with Bitcoins to make purchases in the darknet market. The purchaser purchases and moves Bitcoins to the darknet user account used by the buyer and makes the specified buy. Once the purchaser has initiated the acquisition, the respective value of the purchase in Bitcoins from the purchaser's account are held within the darknet market's escrow till the order has been accomplished. Once the purchase order has been completed, the Bitcoins are launched to the seller (Vendor). The figure below exhibits a flowchart of the payment mannequin being utilized in darknet markets.

Figure 2 Payment model of Darknet Markets

Common Types of data Bought & Sold:

Darknet markets provide many forms of illegal merchandise to be offered. This blog won't cowl all of the product sorts being available in the darknets but cover a few of the most typical types of knowledge/ companies that are transacted by cybercriminals in the darknet markets. A few of the varieties which we will talk about in this weblog are:

1. Credit Cards/ CVV numbers2. Credit Score Reports3. Passport Scans4. Driving license Scans5. Document scan templates6. Compromised account credentials7. Malware/ Exploit kit services

Credit Cards:

It isn't a shock to see ‘credit cards’ being bought in the darknet markets as they're additional used to commit fraud and are also utilized by cybercriminals to finance their requirements and make profit. There are a number of methods wherein credit score cards are stolen - a few of that are phishing scams, ATM skimmers and in addition by people within the industry who have access to buyer credit card information. Credit card fraud has been costing the monetary trade billions of dollars and because of the high number of credit card frauds, the monetary trade might discover it overwhelming to research each fraud incident and should solely tend to deal with circumstances the place the cost of the fraud could be very high. The cybercriminals / fraudsters are effectively aware of this problem and attempt to carry out their fraud actions by transacting small number of transactions on each card to keep away from being detected by anti-fraud programs. The under snap shot was taken from a bank card gross sales ad at a darknet market where a seller also provides recommendation on making less amount transactions per card to keep away from getting detected.

Figure three Seller advises patrons to make low transactions to keep away from detection

The standard cost of credit score playing cards being bought within the darknet markets can range from USD $1 to $25 for every card. The price is larger if there is a confirmed excessive steadiness or if it is a premium card (platinum, business, corporate, gold). A few of the costs might be a lot higher if they come in a bundle and can also embrace how-to tutorials on making probably the most out of the credit score playing cards to conduct fraud.

Figure 4 beneath reveals some of the latest bank card sales listings on a darknet market.

Figure 4 Credit card listings on a mega darknet market

Credit Score:

Stolen identities are in big demand in darknet markets as they allow cybercriminals to conduct fraud utilizing real identities of people who could have been victims to phishing/malware assaults or organizations holding PII knowledge of their customers getting breached. Credit Score experiences are one of the highly traded PII (personally identifiable info) in the darknet markets. A credit rating report is an evaluation report of the credit score worthiness of a person and the credit score rating depends on the credit files of an individual. Financial organizations use credit score reviews to evaluate a client’s credit score history which is used to approve loans. Credit experiences aren't solely utilized by monetary organizations but many others like governments, insurance, and lots of other organizations which require a credit score historical past to process a request. The price of the credit score lists will depend on the score of the report, with the upper score stories going for the next value. Figure 5 and 6 beneath shows two examples of credit score report listings which are being offered on a darknet market. A credit score rating of 750+ costs USD $50 in one of many listing and one other itemizing reveals a score between 720 and 820 would range between USD $ 49.50 to $100.

Figure 5 Example credit report listing on a darknet market

Figure 6 Example credit report itemizing at a darknet market

Passport / Driving License Scans:

Identity paperwork like passport and driving license scans are also in excessive demand as they can be utilized to commit fraud which might range from opening financial institution accounts, PayPal accounts, purchasing real property, and perform some other transactions which may require a scanned copy of a passport or a driver’s license for verification. Many developed nations have a robust digital architecture with public providers being obtainable online where such scanned copies can be utilized to process and transact providers by utilizing real identities that are being sold in the darknet markets, further fuelling the opportunities to commit fraud. Even growing nations are not immune to those threats- Nations like India are investing closely in reworking its digital structure to supply public providers electronically and encourage residents to use the web and the net providers being provided. Given Personal Identifiable Information (PII) data are used in lots of such providers, these kind of knowledge are in demand within the darknet markets as they can be used to conduct multiple sorts of fraud.

Figure 7 Listings displaying passport and ID scans of India and UK being offered on a darknet market

Document Scan Templates:

Another type of itemizing which is sort of regular within the darknet markets embrace however are not restricted to templates of passports, driving licenses, SSNs, financial institution statements, utility bills, credit playing cards, tax statements and bill receipts of different vendors. Figure 8 is an example of a sample of an Australian passport template which has the identical passport ID particulars but has completely different pictures of people. The seller of the beneath template also shares that any details in the passport including the photograph might be modified and it will still look legitimate. The seller supplies full editable variations of the template in .psd format which is an Adobe Photoshop document format. The vendor also supplies download links to cracked variations of Adobe Photoshop so the consumers can use the .psd information with out needing to buy a licensed copy of the software program. Each .psd template offered can cost between USD $20 to $100. However, many listings have these templates being bought in bundles as properly- For instance a listing of 9 templates for Canadian documents consisting of passport scans, bank statements, bill documents and utility bills is selling on a discounted price of USD $387 the place the original price would have exceeded $500 if purchased individually.

Figure eight Scanned templates of Australian passports being listed at a darknet market

Compromised Account Credentials:

Credentials of many on-line providers which embrace banking, telco, social media networks and plenty of more are being hear within the darknet markets. Figure 9 exhibits some of the listings of compromised accounts being sold at a darknet market.

Figure 9 Compromised credentials being sold at a darknet market.

Malware / Exploit Kit Services:

There are many kinds of malicious instruments and companies being offered within the darknet markets, some of which we have already shared in part 2 of our cybercrime underground series. Figure 10 below shows an inventory on a darknet market for a Ransomware and BTC stealer setup service the place a vendor offers the instruments and in addition configures it for the purchaser.

Figure 10 Ransomware service being listed on a darknet market

Impact:

The global value of cybercrime has been on an alarming rise with the estimated loss to be in billions of dollars, with some reports indicating that the general loss might be in trillions. A big portion of this value can be attributed to the fraud carried out resulting from stolen PII data, some of which we've got coated on this blog. For instance- In Asia, Australia has been impacted the most as a result of identity crimes with an estimated loss of AUD $2.2 billion yearly. The Australian Federal Police additionally point out that id crime has been a key enabler to 'organised crime' which in flip has been costing Australia AUD $15 billion dollars annually. This actually exhibits the vast impression nations and organizations are going through because of the id and PII data being stolen, bought, and offered in the darknet markets.

Conclusion:

Darknet markets have allowed cybercriminals, fraudsters and criminals who trade in weapons, medicine and unlawful products to commerce without a lot concern of getting caught due to the anonymity supplied by the deep-web. Though it may be troublesome to identify the perpetrators who're managing or utilizing the darknet markets for their revenue, global legislation-enforcement companies are repeatedly working to carry the criminals behind the darknet markets to justice and the number of successful circumstances has been rising where many criminals behind the darknet markets have been arrested. Large proportion of web and online service customers are sometimes unaware of the threats within the digital world and are inclined to not observe common on-line safety measures to safe their personal information or their techniques, which finally outcome in their private data being stolen and traded in darknet markets, the place the information are additional used to commit fraud. It's imperative to have an understanding on how these criminals operate and the type of knowledge being traded to better safe ourselves.

Organisations should observe business requirements on securing knowledge and implement safety applied sciences to forestall cyber attacks and reduce the danger of information being stolen and traded within the darknet markets. Palo Alto Networks Next-Generation security platform provides a holistic resolution to guard the digital approach of life by safely enabling purposes and stopping known and unknown threats throughout the community, cloud and endpoints. For more information on the next-era safety platform visit right here.