Cyber criminals use messaging apps to locate new hideouts after dark web market crackdown

A police crackdown on dark web markets such as AlphaBay and Hansa is driving cyber criminals to use mobile messaging apps to locate anonymous new hideouts from which to operate, a report by security researchers published on 25 October showed.

Representative Image. Pexel

Representative Image. Pexel

A study by Israeli threat intelligence software firm IntSights shows a 30-fold increase in dark web activity using smartphone-based messaging apps over the past year.

Several hundred thousand users are estimated to be trading stolen credit cards, account credentials, malware, drugs or to share hacking tricks over the dark web, a portion of the internet that lies beyond the reach of search engines and where user activity is largely anonymous and untraceable.

Recruitment invitations into these underground markets have spiked upward over mainstream mobile messaging apps such as Facebook’s WhatsApp, Telegram and Microsoft’s Skype, IntSight said.

But it is Discord, a lesser-known, two-year-old messaging app popular with video gamers, that is becoming the “go-to app” for mobile dark web discussions, where thousands of links into criminal forums were tallied up by IntSights, it said.

“Cyber crime is a commodity today: Anyone can do it,” said Alon Arvatz, IntSights’ co-founder and chief product officer, said during an interview at the Reuters Cyber Summit in Tel Aviv this week.

A spokeswoman for San Francisco-based Discord said the company had not seen the report but would consider responding once it had. WhatsApp was not immediately available to comment, while a Microsoft spokesman declined to comment. Telegram founder Pavel Durov did not respond to a request for comment.

“Today’s black market is accessible more than ever, with the tap of a finger over a portable pocket-held device,” the study said. “This could prove to cause a proliferation of low-level cybercrime, that is conducted by less qualified perpetrators”.

Traditional dark web markets required would-be users to know which sites to visit and how, using a special browser, all of which required no small amount of technical sophistication.

IntSights said hackers are turning to smaller, closed networks on social media and mobile messaging apps instead of traditionally open, moderated dark web forums because such groups can be easily set up, shut down and relocated via apps.

Messaging Underground 

IntSights identified 9,046 dark web invite links sent via Discord by criminal groups run from Brazil and one in Turkey.

That represents 8.7 times more cyber crime discussion links than found on Telegram, which is popular among Russians, Uzbeks, Brazilians and Iranians. Discord was 20 times more popular than WhatsApp, used by Brazilian, Indian and Nigerian criminal groups and nearly 30 times more than Skype, which is used in Brazil.

The findings are based on data scraped from thousands of black markets, document dump sites, hacker forums, chat channels, messaging apps and social media pages over the 12 months ending in July 2017. IntSights used the number of invitation links into dark web discussions as a proxy for how active criminals were across different messaging platforms.

Andrei Barysevich, a director with Recorded Future, another threat intel firm, said more and more of the biggest dark web forums have been taken offline this year, either by police or for as yet unknown reasons, in often murky circumstances.

A coordinated international police campaign in July led to the shutdown of AlphaBay and Hansa Market, two of the three top criminal marketplaces on the dark web. Several Russian dark markets and cybercurrency exchanges also have disappeared this year, Barysevich said. Two more markets appeared to have been shuttered earlier this month, he added.

“It seems that law enforcement has been working very hard,” he said in a phone interview.

However, he cautioned that while smartphone messaging apps may make it easier for criminals to make initial contact, researching what to buy, cloaking one’s identity and transacting business remains largely dependent on computer-based tools.

Barysevich said the use of messaging apps is likely to be a form of back-up communications in case a particular market is shut down. “It is crucial for vendor and buyer to be online all the time,” he said of how mobile apps makes such contact easier.


Published Date: Oct 26, 2017 08:07 am | Updated Date: Oct 26, 2017 08:07 am