Today, the dark web coupled with the TOR browser is jumbled in a myriad of conspiracy theories with a negative image associated with it. This wasn’t though how it was supposed to be initially. Originally built with the intention of ensuring individuals globally can access the internet with anonymity, many have used these features for their own illegal advantages contributing to what we see now.
This has resulted in a huge segment of its users engaged in the buying and selling of illegal and fraudulent commodities through marketplaces exclusive to the dark web.
Concerning the general perception that surrounds it, the vast majority usually believe that stolen data through breached databases and drugs are what make up the bulk of these items. The truth, however, is far from it. Due to the highly sensitive nature of these items, people have been led in falsely believing so.
To debunk this with objective research, Terbium Labs – a digital risk protection company – has released a new report [PDF] that breaks down these so-called activities into 6 distinct categories to give a trend view of the items being sold at large on the dark web.
To do this, 3 leading marketplaces that can be considered “big-box” compared to the real world were analyzed comprising of “The Canadian HeadQuarters”, “Empire Market” and “White House Market with the following results being obtained:
1- Fraudulent how-to guides which include tutorials on performing malicious activities were the most sold at 49%. An example would be “how to open a fraudulent account at a specific financial institution”. These listings had an average price of $7.88 consisting both of individual ones and collections.
2- Personal data was at 15.9% comprising of names, phone numbers, addresses, email addresses, and social security numbers with an average price of $8.45.
3- Nonfinancial accounts and credentials at 8.2%. These include accounts of services like Netflix, those that do not lead to any financial harm.
4- Credentials of financial accounts such as that of Paypal, Stripe & other banking mediums at 8.2%.
6- Fraud tools and templates at 8%. These available for $2-$274 with an average price of $52 can include fake apps that can be used as trojans upon purchase and website templates that can be used to imitate legitimate websites for phishing attacks.
7- Payment cards at 7% which can lead to unauthorized charges. Ranging from $18 to $200, these are more than accessible now with the ability to inflict substantial financial harm.
In summation: This revelation may be in a sense comforting as exposed data sold obviously has a more immediate and tangible effect but on the other hand, we cannot discount the long term effect of the majority fraudulent guides being sold as it allows script kiddies and even novices to move into the world of unethical hacking.
Even if this may not hurt larger corporations as they are at a threat realistically from more sophisticated actors, small to medium-sized businesses (SMBs) can suffer from the lack of security infrastructure in place. A very basic example is of a commonly found guide that teaches people ” on how to export an organizations’ current policies”. As this requires no prior knowledge, it can be done by any layman greatly increasing the risk of criminal activity.
To combat this though, companies and businesses can use cybersecurity firms or in-house employees to scour the dark web and purchase any guide that appears relevant to their company. This way, as the researchers state, “they can change the affected internal policies immediately and thereby, render that fraud guide useless.”