I’ve spent a copious amount of time on the Darknet this year in a quest to gain more understanding on how cybercriminals think. I’ve been studying their communities, how they operate in the Darknetmarkets (such as Silk Road), perusing their forums, analyzing their marketing techniques, and contemplating how they justify their criminal activities. It’s been fascinating, and at the same time, disconcerting.
It has been fascinating because I have learned so much about OPSEC (operational security), and my learning curve has even risen above this exhaustive DarkNetNews Guide. The knowledge-base collection on privacy and security that is available on the Darknet simply blows my mind. Even though we have Google, security researchers, tech journalists, geeks, ethical hackers, and a wealth of infosec knowledge at our fingertips, on the clearnet, it’s difficult to keep up with all these data-centric technological innovations and the insecurity in security that many of these advanced technologies entail. On the Darknet, cybercriminals seek technologies that will keep them completely anonymous and secure. Shrewd cybercriminals question their goals. They want to, first and foremost, avoid being identified. They do their research. The technologies they choose to access the Darknet will be one that decreases their chances of being identified. They most likely use a Linux-based system (never a Mac or Windows system) and a good VPN. They also research their choice of hardware. They secure the applications that they run over TOR and encrypt “sensitive” communications. They always have more than one identity and pay strict attention to how they present themselves both in public and private arenas. Most importantly, they never commit the cardinal sin of confessing any personal information that could connect them to their real-life identities.
Presentation in anonymity
An astute cybercriminal will always have multiple pseudonyms at his or her disposal. These virtual personalities are carefully crafted and cultivated to fit specific scripts within the cybercriminal ecosystem. The wisest of the wise will never share the identities of their various pseudonyms with any connections online or offline. Let’s use the cunning personalities of jebhat and egrep as an example of what I am attempting to portray here: Jebhat has a great sense of humor and creates typos and grammatical errors everywhere he posts. He pays careful attention as to to how he presents himself in the public and private spheres. He usually plays devil’s advocate and is quick to light fires in forum brawls. Egrep is quite serious, and when she talks, it’s all about code or tech-related subject matter. She has impeccable spelling and grammar. She is gracious, introverted and adept but often appears stoic and frequently idles. Do you think anyone would think these two characters are one and the same? Clearly, nobody would suspect that these two dissimilar personalities belong to one mastermind.
The oldsters or seasoned cybercriminals are exceedingly clever – they champion OPSEC. They learn from the mistakes of others – those who have fallen before them. It’s like that old Russian expression: “The wise man learns from someone else’s mistakes, the smart man learns from his own, and the stupid one never learns.”
What I find so disconcerting about the entire Darknet scene (aside from obvious crime-related activities) is what appears to be an influx of noobs. I receive infrequent jabbers requesting quick hacks and I can tell by the tone and the lingo, that the person on the other end of my jabber is possibly in high school. One jabber last week went like this: “How much you charge to hack? Thirsty here.” So, I am sitting on the other end of my jabber thinking is this a kid or a seasoned crim trying to profile me? I have no clue who I am actually dealing with at this point. So, I respond that since I don’t know what the hack involves, I can’t really answer the question. He then sends me a link to a social media profile and a game handle on the clearnet, and it is a link to a high school kid’s profile and my little buddy wants a game hack. Next, I call my friend and ask her to find out from her teenage daughter what “thirsty” actually means. That was easy enough. It meant desperate. So, this kid is desperate for me to hack a gaming account for him or someone is toying with me. At this point in the game, I simply tell him no. He spends another ten minutes whining at me about the needed hack. Fade to black. I exit jabber and disappear. It’s not just on jabber that these fledgling striplings appear front-and-center. They are all over Darknet forums and social platforms. This concerns me. Not only because they could potentially be mentored by virtual cybercriminal daddies, but because there is a huge pedo-factory of predators lurking in the background.
So very clever
The wise often sit back wondering how to deal with this new generation of youthful invasion. Many cybercriminals may have wives, husbands and children of their own, and perhaps there is a conflict of conscience going on here. Others are ready, willing and able to provide some form of mentoring. Nevertheless, truth still rears it’s ugly head – because in so many ways, their methods to secure their digital world is so much simpler than ours. Update: One of my identities was compromised in the Darknet and I am now receiving doxing threats. More details to follow.
About the Author: Bev Robb (@teksquisite) has a B.S. in Sociology from Southern Oregon University and is a self-employed IT consultant. She runs Teksquisite Consulting, a blog about technology, infosec and social media. Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.