You’ve probably heard that criminals leverage the assets of the dark web to commit their crimes, but how does this happen? How do criminals access the dark web? What information do they find there? How does it help them commit crimes?
This guide explains the basics of this process. Here’s what you need to know about the role of the dark web in financial crime.
What is the dark web?
The internet has several layers. The surface web is indexed by Google, and it can be accessed by anyone with an internet connection. For example, this website is on the surface web.
The deep web is not indexed by Google, and it requires special software or credentials to access. For instance, when someone signs into their bank account portal or their email account, they are accessing a part of the deep web, and in fact, most of the internet exists in this layer.
The dark web can only be accessed through the Tor Browser which was created by the U.S. Naval Research Lab in 1995, and it routes traffic through multiple nodes with encryption at every layer similar to an onion. While some people use the dark web for legitimate reasons such as political dissidence or private communication, it is heavily used by cybercriminals.
What types of financial crimes happen on the dark web?
Criminals use the dark web to buy and sell payment card data as well as full identity packs for identity theft. They also sell “cybercrime as a service” which can include the tools to commit cybercrimes or hacker services.
How do criminals access information on the dark web?
There are search engines on the dark web, but they tend to provide results that are repetitive, irrelevant, or lead to timed-out connections and errors.
To effectively find information to commit financial crimes on the dark web, users need to know where they’re going, and they generally start by finding information on the surface web — in fact, security researchers often consider the forums used by communities of cybercriminals on the surface web to be part of the dark web for just this reason.
Once they have an idea of where to go, both seasoned and aspiring criminals head to forums and marketplaces where they can obtain information or get guidance on how to commit cybercrimes. These sites are usually invite-only, and they often only allow admission to people from certain parts of the world or with the right political alignment. In other cases, they require payment for entry, proof of crimes committed, or a connection with an existing member.
As people use different forums and marketplaces on the dark web, they find out about other sites to visit.
What types of criminal sites are on the dark web?
The dark web has two types of sites for criminals: forums and marketplaces. Like their e-commerce counterparts on the surface web, marketplaces connect buyers and sellers, and they may also include a partner forum.
Forums, in contrast, may be used to coordinate sales but don’t have e-commerce functions. On these sites, criminals tend to discuss their tactics and techniques.
What type of culture does the dark web have?
As you can imagine, criminals are often unscrupulous. They scam and rip off each other all the time on the dark web. This creates a culture of distrust, and as a result, many sites have strict admission policies and require visitors to have a certain amount of reputation points.
To earn reputation points, criminals have to prove that they are only interested in scamming third parties and not other criminals on the dark web. They gain points as they establish their criminal personas and engage on different sites on the dark web. Over time, individual criminals create networks of criminals who work together to share stolen data.
What happens to stolen data on the dark web?
Stolen data is sold and resold multiple times on the dark web during its life cycle. Typically, it’s the most useful to criminals near the beginning of its lifecycle, and this is also when it’s the hardest and most expensive to obtain. As it becomes more widely available, the data is less expensive, but it’s also less useful for criminals.
For example, if a criminal steals someone’s Social Security Number, it is worth more before the victim notices the number has been stolen, and it becomes less useful over time as the victim puts holds on their credit bureaus reports or takes other efforts to safeguard their identity.
Initially, the stolen data may be sold or traded among friends. Then, it may be posted for sale on a forum with a very strict membership policy, followed by a forum with a lower bar to entry and eventually a forum that’s open to anyone. Finally, the data may be posted for free on a paste-bin site which is simply a site where users can share text easily.
How can financial institutions protect themselves?
Financial institutions need to use a multi-pronged approach to protect themselves against cyber threats, and in addition to investing in fraud detection solutions and anti-fraud training for their employees, they also need to work with fraud prevention and detection provider who monitors the dark web to learn about new and emerging threats.
At SQN Banking Systems, we partner with Q6 Cyber to take a proactive and dynamic approach to cybersecurity that involves monitoring the dark web as well as hacker forums, social media, and other public and restricted data sources to collect actionable threat intelligence that improves the cybersecurity environment of all our clients.
To learn more about how our tools and solutions can help to protect your financial institution from cyber threats, contact us today.