January 22, 2019 • Zane Pokorny
The internet has connected the world arguably more than any technology before it in history, but it’s also divided us, throwing the cloak of anonymity over our communications and enabling us to hide our true intentions, ideologies, and identities behind a computer screen. Nowhere is this more true than on the dark web, the internet’s locked cellar door that rattles and rasps in the late hours of the night. Mention the dark web and imagery of a vast and nefarious underground network is summoned for many. It’s a den for creeps and criminals, digital boogiemen, and hackers in hoodies, all united only by their amorality and dark intentions.
Okay, enough campfire-side ghost stories. Is all that about the dark web really true? Or are there some serious misconceptions about it that some of us in the cybersecurity industry pass along with a wink and a smile to drum up hype?
To find out, threat analysts on Recorded Future’s research team, Insikt Group, spend time on the dark web and get to know the communities there a little better. Cyber threat intelligence is all about getting the information and context you need to sort through threats, prioritize the most urgent ones, and respond to them as quickly as possible — and one of the best ways to do this is to get into the minds of your opponents, understanding their tactics, techniques, procedures, and motivations from the inside.
A basic human desire: be loved, admired, respected. Be of worth. This is the root of the ego, and if we can risk being overly reductive for the sake of brevity, the root motivation of everything we do.
Turns out, cybercriminals are people too.
That’s one of the things that Andrei Barysevich, director of advanced collection at Recorded Future, found when he spent time trying to get to know some of the regulars in certain dark web spaces he monitors.
“When we actually ask them, ‘What’s the main motive? What drives you in cybercrime?’ only a handful of them told us ‘money,’” he says. “Most of them were saying that it’s an ultimate target, it’s an ultimate goal, it’s knowing that it is very hard to achieve. And once they know that they’ve done it, that gives them a great sense of achievement.”
After spending some time on certain forums on the dark web, asking questions and getting to know the community, researchers at Recorded Future sometimes try cozying up to one of their new friends.
In one case, our researchers asked to interview a more prominent hacker they had gotten to know, appealing to his ego in order to convince him to share his insights at the risk of saying anything incriminating.
The ego play worked. “We need to remember, these guys live in a completely different world,” says Barysevich. “Very few of them can actually share what they do on a day-to-day basis, right? With their friends, with their families. So they want to, especially if they’re successful.”
“If you’re not doing well, then it’s fine, you don’t want to share that, but if you’re doing very, very well, and people actually respect you and you want to brag about this, then who else are you going to talk to?”
There are many motivations for crime, and thus many lenses through which criminals perceive themselves and justify their actions. Does the hungry beggar who pilfers bread from a shop see himself as a lowly thief, or someone doing what he needs to do to survive? Does the white-collar embezzler see herself as a selfish crook, or a clever businessperson who just happened to be in the right place at the right time?
Cybercriminals are no different, according to Barysevich. “When we ask them, ‘Do you see yourself as a criminal? Do you see yourself as a hacker?’ they tell us, ‘Don’t call us hackers. We are pen testers.’”
“We ask them, ‘Aren’t you stealing data from companies? Aren’t you stealing money from people?’ they respond, ‘Well, it’s not our fault that their systems are insecure. We’re doing them a favor.’ They will have some sort of justification for what they do.”
“Obviously, not every bad guy decides to become a bad guy,” he explains. “It’s just unfortunate that in some countries, socioeconomic reasons also impact the decisions why people go into cybercrime. They didn’t have a place where they can apply their skills to make decent living, so the only venue they could take was the dark web.”
So what actually is (and isn’t) the dark web? It’s still a fairly new term, one that didn’t really get used until less than a decade ago. To Barysevich, it makes more sense to refer to it as the “criminal underground.”
“Nowadays, people think the dark web means Tor,” he says. “So everything, every resource which is on a Tor network is automatically the dark web.”
In reality, that’s not quite the case. Barysevich explains that many criminal forums, underground communities, marketplaces, and chat rooms predate the creation of Tor by years, and only some of them have migrated to Tor networks. To Barysevich, the “dark web,” in general, means it’s a space or community on the internet that’s “not readily accessible to regular people.” It includes sites that are not indexed by web crawlers like Google, which often means that you need to know the exact place where a site on the dark web is located and need to know people there who will vouch for you to get access.
It’s because this definition could equally apply to what many people refer to as the “deep web” that Barysevich prefers to think of the dark web as the criminal underground. The differences between the deep and dark web are not so much technological as teleological — if you’re on a site that isn’t indexed or is otherwise hard to get to, you might just be on your company’s private network or a site behind a paywall. That’s run-of-the-mill deep web territory. If you’re in one of those hard-to-find kinds of places and you and everyone else there is also up to no good, you just might be on the dark web.
The dark web is an outsize area of focus among many in the cybersecurity community, but misconceptions still pervade. Using threat intelligence to keep an eye on these spaces can provide essential context to prevent an attack or see who is talking about your organization. It’s threat data that you can’t find anywhere else.
“Every day is a battle,” says Barysevich. “A battle against cybercriminals, against fraudsters; companies do what they can to protect their own enterprises, protect their customers, protect their own employees, and if you’re able to have this visibility into the dark web, it allows you to be one step ahead of the bad guys.”
That’s why we wrote an e-book, “10 Things About the Dark Web You Probably Didn’t Know,” addressing many of these misconceptions and giving you a better picture of what’s really out there. It’s short and it’s free, so download your complimentary copy today.