in

Cybercriminals use intermediaries to protect their transactions

Even cybercriminals care about security too

USING the messaging app Telegram as the base of communications, and the social media forum Quora as the meet-up place, Danika (a female handle for a male operator) manages a ‘dark web middleman service,’ the job of which is to protect the parties involved in a transaction on the dark web from each other.

Over at the dark web, however, these ‘escrow services’ are less shielded openly offering services to ensure that any possible fraud between two parties, for example, a buyer of a database faulting on payment or a seller, not delivering the goods. The middleman becomes a guarantor, between buyer and supplier, assuring each other of the ‘legitimacy’ of the transaction.

“It is a hard world down at the dark web and someone has to referee for them,” Danika said in English. His day job, as an English language instructor has given him a working knowledge of conversational Japanese, Korean, Cantonese, Mandarin and Hokkien. Based in Sampaloc, Manila with a local VPN running on an expensive gaming computer Danika works out deals almost weekly. He describes his work like any other. “It is hard work protecting clients from each other. The hardest part is keeping away the security watchers and entrapments.” But it pays well raking in as much as $200 on a simple message exchange for a 400-name database costing $2000.

“Cybercriminal activities on the dark web are rampant, and various illegal transactions occur frequently. Escrow services have emerged alongside, but fraudulent activities related to them also occur frequently, disrupting the “order” of the dark web. This makes cybercriminals who create cybersecurity problems also have to worry about security issues,” Chris Connell, APAC Managing Director for Kaspersky said, amplifying Kaspersky latest research which reveals cybercriminals posted more than 1 million messages mentioning escrow services on the darknet between 2020 and 2022.

Kaspersky found the number of messages mentioning the use of an escrow agent (or other terms such as “guarantor”, “middleman”, “intermediary”, etc., designated to the same services) has amounted to more than one million from January 2020 to December 2022. These messages accounted for 14 percent of the total number of deal-related messages on various dark web resources. In fact, the share of deals with escrow services can be higher since cybercriminals often discuss detailed terms in person without specifying all the particulars in announcements and offers.

According to a Securelist report, the patterns of activities by escrow agents are quite structured and business-like.

“We found that the rules and procedures for conducting transactions protected by escrow on various shadow platforms were almost the same, and the typical transaction pattern that involved escrow services was as follows,” the Securelist report says.

The services analyzed include arbitration and dispute settlement. Moreover, the format for arbitration appeals was also standardized. It usually included information about the parties, the value of the deal, a brief description of the situation, and the claimant’s expectations. In addition, parties sent their evidence privately to the appointed arbiter.

It is a different kind of ‘zero trust’ existing on the dark web.

Kaspersky describes cybercriminals “caring about their own security, and do not want to become a victim of their ‘colleagues,’ thus when closing any illegal transaction, such as buying contraband, names, accounts, initial corporate accesses, they use intermediary services of escrow agents. It can be a human or an automatic system, developed to speed up and simplify relatively typical deals. For expensive or untypical cases, cybercriminals still engage a human intermediary.

Despite the rules of communication between cybercriminals on the forums and “dark web etiquette”, no escrow service protects against cheating. Apart from the cases when the buyer or seller changes their mind, one of the deal-breakers could be foul play. Both seller and buyer, as well as the escrow agent, can violate the deal arrangements, especially when it comes to large sums. With the help of Kaspersky Digital Footprint Intelligence, experts found a post accusing an official escrow agent of two shadow forums (including the popular one) of not paying a total of US$170,000 in four deals.

Since the dark web community becomes more complex and structured, developing self-regulation systems as it grows. Effective protection against cybercriminals means understanding how it operates, how cybercriminals interact with each other, what kinds of deals there are, and how they are carried out. Kaspersky Digital Footprint Intelligence team monitors the darknet to help companies track cybercriminal discussions and other types of activities to prevent incidents and mitigate risks related to data leaks.

For corporations to learn and secure their operations, access to Kaspersky Digital Footprint Intelligence is highly recommended. This provides updated information for security officers to promptly discover the potential attack vectors available to them, or be aware about existing threats from cybercriminals in order to adjust their defenses accordingly or take timely countermeasures and elimination tactics.

When in a dire situation subscribing to Kaspersky Incident Response service will help respond promptly to, and minimize the consequences, in particular, identify compromised nodes and protect the infrastructure from similar attacks in the future.

What do you think?

36 points
Upvote Downvote

Written by C.L Martin

Leave a Reply

Your email address will not be published. Required fields are marked *

German Police Raid DDoS-Friendly Host ‘FlyHosting’

incognito market logo

Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…