Cyber-Criminals Work Around Road Blocks

Though somewhat deterred by the major takedown of two popular underground marketplaces, cyber-criminals have found alternative solutions that are growing more popular, according to new research from Digital Shadows

A new report, Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Agefound that the cyber-criminal community has only been slightly quieted by the Operation Bayonet takedown of AlphaBay and Hansa, which forced tens of thousands of vendors and buyers to find new places to conduct business. Mistrust and fear have contributed to the decline of centralized marketplaces, as has the significant cost factor involved in establishing a new market.

Rather than investing in new marketplaces, criminals are focusing their processes and procedures on improving marketplace security and trust in existing sites. These tactics include blockchain DNS, user vetting and site access restrictions, domain concealment, and migration to chat and peer-to-peer (P2P) networks.

Vetting and limiting the user base is an additional challenge for site operators, who need to ensure only reputable and genuine users have access, particularly since forum users are skeptical of each other, aware that law enforcement can be posing as sellers. 

To confront the issues of trust, communities have created a forum life cycle, a process by which administrators can limit new users’ access to a forum through mechanisms such as posting limits and area access restrictions.

Moving away from the centralized marketplace in favor of a more diffuse model was trending even before Operation Bayonet, and criminals are now using Telegram to conduct transactions across decentralized markets and messaging networks.

"Over the last six months, the Digital Shadows analyst teams have detected over 5,000 Telegram links shared across criminal forums and dark web sites, of which 1,667 were invite links to new groups," the report said. These covered a range of services, including cashing out, carding and cryptocurrency fraud.

Rick Holland, CISO and VP of strategy at Digital Shadows, said, “The FBI takedown has for now made the dark web marketplace model less viable. As it stands, the marketplace model appears to be in decline, but it would be naive to assume that law enforcement efforts such as Operation Bayonet have drastically reduced cyber-criminal risks to both businesses and consumers." 

"Instead," he continued, "as recent developments have shown, cyber-criminals have taken to incorporating new processes, technologies and communication methods to continue their operations. The barriers to entry have shifted upwards and criminals are more likely to be deceived by each other. However, cybercrime ‘will find a way.’”

What’s Hot on Infosecurity Magazine?