Dark Web Forums: the Underbelly’s Underbelly

Next: This Week: Dark Web Chats and User Error...
Previous: This Week: Scams "R" Us and Police Database...
Yes, hello? This is dog.
February 08, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

The dark web is known for a few things - drugs, fraud, scams, and far too many poorly designed webpages. But underneath those notorious markets and carding sites lies a community that just wants to talk - about anything and everything.

Forums on the dark web tend to be small, niche communities. Some are attached to larger markets and discuss vendors and leave reviews; others chat about world news, cryptocurrencies, financial markets, and computer programming.

But there are even smaller forums and boards with more nefarious purposes. These forums have conversations on hacking, doxing, insider trading, drug recipes, and more. And although many of these topics are front and center on some of the dark web’s most popular markets, transactions are incredibly more secluded in independent forums, which is why they pose a unique threat.

A member may advertise that they have insider trading information, or a stolen database in their possession. Interested? They’ll only discuss further details privately through encrypted communications. Without direct contact, you’re unable to glean additional information that would otherwise allow you to determine the offer’s credibility.

In fact, one forum currently has an “Insider Trading” thread that’s been live for over two years. The thread’s contains a myriad of posts consisting of merger and acquisition rumors, various business relationships, and users expressing their desire for more information. Indeed, more than a dozen forum members posted their email addresses along with offers to “give a good donation” or “pay handsomely for good information.”

Picture1.png Picture2.png

Another member may post that they’re seeking the help of a hacker, and are willing to pay for their services. Again, beyond a few replies consisting of solely of an email address on an encrypted service, there won’t be any more details for prying eyes to read. Left only with these few random emails in hand, mapping threat actors and their perspective clientele becomes an insurmountable task.

The lack of information in these less-patrolled corners of the dark web can be boring at times, and alarming at others. But that’s how the members want it to be.

analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...