Dark Web Forums: the Underbelly’s Underbelly

Next: This Week: Dark Web Chats and User Error...
Previous: This Week: Scams "R" Us and Police Database...
Yes, hello? This is dog.
February 08, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

The dark web is known for a few things - drugs, fraud, scams, and far too many poorly designed webpages. But underneath those notorious markets and carding sites lies a community that just wants to talk - about anything and everything.

Forums on the dark web tend to be small, niche communities. Some are attached to larger markets and discuss vendors and leave reviews; others chat about world news, cryptocurrencies, financial markets, and computer programming.

But there are even smaller forums and boards with more nefarious purposes. These forums have conversations on hacking, doxing, insider trading, drug recipes, and more. And although many of these topics are front and center on some of the dark web’s most popular markets, transactions are incredibly more secluded in independent forums, which is why they pose a unique threat.

A member may advertise that they have insider trading information, or a stolen database in their possession. Interested? They’ll only discuss further details privately through encrypted communications. Without direct contact, you’re unable to glean additional information that would otherwise allow you to determine the offer’s credibility.

In fact, one forum currently has an “Insider Trading” thread that’s been live for over two years. The thread’s contains a myriad of posts consisting of merger and acquisition rumors, various business relationships, and users expressing their desire for more information. Indeed, more than a dozen forum members posted their email addresses along with offers to “give a good donation” or “pay handsomely for good information.”

Picture1.png Picture2.png

Another member may post that they’re seeking the help of a hacker, and are willing to pay for their services. Again, beyond a few replies consisting of solely of an email address on an encrypted service, there won’t be any more details for prying eyes to read. Left only with these few random emails in hand, mapping threat actors and their perspective clientele becomes an insurmountable task.

The lack of information in these less-patrolled corners of the dark web can be boring at times, and alarming at others. But that’s how the members want it to be.

RELATED ARTICLES
analysis March 20, 2019
Trends and Projections: Shifting Law Enforcement

For the first post in the Trends and Projections series, we unpack the increased law enforcement attention toward cyber-enabled fraud and the shift in resources allocated to taking down dark web communities trading compromised...

analysis January 24, 2019
Collection #1: Why You Should Care but Not Panic

January is not yet over and 2019 has already brought us the second biggest collection of stolen data in history. Unlike traditional data breaches, Collection #1 is actually a massive collection of smaller credential...