We produced a series of blogs reporting from the SolarWinds MSP Empower event in Amsterdam… Here’s Jamie Barrtlett’s key note on trends in the Dark Web.
The keynote for Day Two highlighted British journalist Jamie Bartlett, author of The Dark Net, examining some of the trends in the Dark Net and looking at how these will influence the future of cybercrime.
A Guardian review of his book describes the Dark Net as “the underworld of the Internet: a secret, encrypted cyber-realm where everyone is anonymous and users have complete freedom. A product of the libertarian ‘cypherpunks’ in the early 1990s, who believed an encrypted Internet would result in a more free and open society.”
Today, as Jamie explained in his presentation, the Dark Net has moved beyond its connection with having cocaine and cannabis delivered to your door and is now most synonymous with anonymous marketplaces where the tools of cybercrime can be bought and sold. These markets use crypto currency and encrypted messaging to create a secure, fully functioning market, offering a high-quality product for a good price.
Lowering the barriers to entry
“What that does is lower the barriers of entry into all sorts of criminal behaviour,” explained Jamie. “There has been an explosion in the ready availability of personal data on the Dark Net. One of the big trends of the past two years is that a lot of the marketplaces that were about drugs are now about stolen credit card info, alongside stolen passwords and user names. These marketplaces have become one of the most important places where the trade in stolen information now goes.”
Having said that, Jamie also highlighted some of the good sides to the Dark Net. “Some of the technical developments are really useful if you’re a journalist or a human rights activist, or have a lot of reasons to worry about who’s monitoring you,” he explained.
However, Jamie believes things in these marketplaces are changing. “In the past three to six months, we have seen authorities pushing hard against these marketplaces, so they are now in a state of flux,” he said. “The people running the sites have definitely been rattled, they have shut down some of the sites and have certain key individuals under investigation.”
Ultimately, this means the Dark Net is at a turning point. “We don’t know which way it’s going to go at the moment,” said Jamie. “It could be that the authorities will really manage to nail them, but my suspicion is actually that they are about to re-evolve again into an even more decentralized Block-Chain based system that is going to be even harder to shut down.”
Jamie went on to focus on some specific trends from the past few months, including the rise of crypto mining as a service. “The rise of crypto currency has made mining the ‘coins’ a very lucrative thing to do; however, the rising cost of electricity and computing power has made the whole thing more expensive,” he explained. “This has given rise to a trend of stealing CPU space to do the mining. This increasingly is a service that is available on the Dark Net.”
This led to Jamie looking forward and trying to speculate about the future. “What the Dark Net does is democratize access to various forms of criminal activity, such as low-level credit card fraud, low-level data exfiltration, crypto coin mining on stolen computer spaces, purchasing malware and ransomware. It’s now so easy, anyone can do it,” he said.
The economics of cybercrime
This isn’t your top of the range Stuxnet worm infiltrating government departments, this is basic stuff—but stuff that is still very lucrative. “The Dark Net has made it so easy to access all the tools of the cybercrime trade that anyone can run a cyberattack from their bedroom in a way that was not possible five years ago,” Jamie explained. “What this means, is that for companies worried about cybercrime, this is now a battle that is always on and always evolving. The reality is that companies, big or small, are equally at risk, as this is for most attackers simply an automated process of trawling to try and get whatever they can wherever they can.”
Another area many of those battling cybercrime tend to forget is the pure economics. “If you’re a young person in Macedonia, it’s quite big incentive and quite rational to think about firing out ransomware to companies,” said Jamie. “You can find the latest software off the Dark Net and send it out. Your average income as a 24-year-old in Macedonia is probably around $200 a month—you could earn that in a day if you get lucky with some ransomware. This can be a rational way of thinking about making money.”
And as Jamie pointed out, if we see these marketplaces evolve to use block-chain- based technologies, that is going to make them completely impossible to close down, whether they’re on the Dark Net or the Light Net. That means there is no way the authorities can get on top of and stop that, so the ease with which cybercrime tools can be accessed is not going away.
Changing the way we think about risk
“When it comes to things like ransomware and the evolution of cybercrime as a service, preparedness is everything,” said Jamie. “The reality is, you’re going get attacked at some point, so you need to be ready and have a response in place—from having a consumer-facing response, to having backup systems in place.”
Jamie continued: “We need to understand just how ‘on it’ these people are and how lucrative things like crypto mining are. If you thought your computer wouldn’t be interesting to anyone, you’re wrong. When you’re at lunch, criminals can be using your computer as part of a DDoS attack or using its CPU power for mining crypto currencies. Your computer can be an important resource for criminal activity.”
Jamie also showed just how many criminal sites there are out there selling company data that has been exfiltrated—demonstrating that it’s not just thrown together; this is often a very professional service that looks like a proper and legitimate business marketplace.
Jamie was also really keen for people to understand the effect of the continued automation of cybercrime. “Increasingly, hackers are just sending out software to check for weaknesses that are then paired against known exploits. This means that a lot of the time, hackers don’t know who they’re targeting, they’re just looking for weaknesses and exploiting them wherever they find them,” he explained. “As things like machine learning come into the industry, it will come to crime as well, and these will up the game further when it comes to finding and exploiting vulnerabilities. Companies will have to be vigilant 24/7. It’s no longer going to be a case of you being unlucky if you have a weakness that’s found, the way things are going, if there is a weakness, it will be found by a Machine Learning algorithm. This calls for a whole new way of thinking about risk.”
Jamie continued: “At the top level, there is constant innovation, cybercriminals are always looking for the latest ways of getting around stuff and make that commercial. When a weakness is found, they can turn around an exploit in a day, as they’re working 24 hours a day to do this.”
This blog was written by three-sixty for SolarWinds MSP and published on their blog