/cloudfront-eu-central-1.images.arcpublishing.com/prisa/JLX4IXAS25BVBICTHHWJ3AT5IY.jpg)
Offer of a malicious program in a 'dark web' forum.Check Point
On the
dark web
, murders are contracted, illegal weapons and drugs are traded, child pornography is distributed, robbery, kidnapping and extortion are carried out, or infrastructure is destroyed.
It is the most hidden world on the internet.
But even in this thickest mud, in this society of crime, there are norms and rules.
“They have their morals, although we must never forget that they are criminals,” warns Sergey Shaykevich, director of the Check Point Threat Group during the meeting of the multinational cybersecurity company CPX Vienna (Austria).
The same prolific crime on the web — “84% of scams are online,” according to Juan Salom Clotet, chief colonel of the Cybersecurity Coordination Unit of the Civil Guard — organizes charity collections, celebrates holidays, establishes invulnerable objectives, It reproaches inappropriate behavior and has its own
judicial
system .
The best-known web, the open one, is accessed with the most popular browsers and, although it seems immense, like the surface of the sea, it is only 5% of the internet.
Below are the deep waters, the
deep web
, which represents the rest of the network and houses information that should not be accessible or is not wanted to be.
Marc Rivero,
Lead Security Researcher
at Kaspersky, explains that “the
deep web
encompasses any part that is not indexed by traditional search engines, including sites that require authentication and private content.
In contrast, the
dark web
is a specific subset of the
deep web
that is characterized by the use of anonymous networks to hide the user's identity and website location.
It is often associated with illegal activities.”
“On the
deep web
there are legitimate and not so legitimate uses.
On the one hand, there are communication spaces, such as reporting platforms that allow information to be shared safely in some countries, free and uncensored anonymous social networks, and support groups for people with problems.
It also provides access to restricted information, such as academic or government documents not publicly available, as well as specialized forums that facilitate the exchange of knowledge between experts on specific topics.
In addition, it is used for entertainment and leisure, with digital content marketplaces that offer anonymous access to books, music, movies and other resources, as well as online games of chance that allow play without legal or geographic restrictions, and communities of specific interests. that connect people with unusual hobbies,” adds Rivero.
The benthic zone of this ocean of data, the deepest, is a minimal part, but it houses a criminal network that, according to María Jesús Almanzor, CEO of Cybersecurity and Cloud at Telefónica Tech, launches “90 million cyber attacks in the world that represent a cost of 10.5 billion euros.”
“If cybercrime were a country, it would be the third largest economy in the world, only behind the United States and China,” she warns.
This area is the one that Sergey Shaykevich investigates “with computers separate from the [cybersecurity company he works for] and with all possible precautionary measures,” as he explains.
This work is essential because this is where most malware is developed, sold and distributed.
Distribution of a malicious program on a dark web forum. Check Point
To enter these two layers (deep and dark) browsers such as Tor, Subgraph, Waterfox, I2P - Invisible Internet Project are used.
The name TOR, the most popular, is the acronym for
The Onion Router
and its allusion to the onion
serves
to explain how it works: the browser connects randomly to a known entry node to access the Tor circuit, made up of intermediate nodes to which the encrypted information reaches in layers to finally reach the server. final.
It is easy to use and, at all times, intermediate traffic is anonymous and cannot be traced.
Its most vulnerable points are the entry and exit doors.
“Tor was not designed for crime,” as Deepan Ghimiray recalls at Avast, but it was not long before crime took advantage of its advantages.
Silk Road
was one such dark web marketplace that launched in 2011 and was shut down by the FBI two years later.
Its creator, Ross Ulbricht, alias
Dread Pirate Roberts,
is serving a life sentence for money laundering, computer hijacking and narcotics trafficking conspiracy.
“Accessing the
dark web
may not be difficult in technical terms, as it simply requires downloading and installing a specialized browser.
However, it is important to note that it is not a safe space.
By browsing it, you expose yourself to a series of risks, such as
malware
that can infect a device with viruses or
ransomware
.
There are also many scams on the
dark web
, so it is important to be cautious, understand the risks involved and take precautions to protect yourself, such as installing a trusted security solution, a
firewall
and using a VPN to protect the privacy,” warns Rivero, a Kaspersky researcher.
Exams and interviews to be a criminal
Shaykevich explains that, once inside, going to the sewers of the web requires “an invitation or endorsement from a consolidated member of the criminal mafias or being subjected to an investigation by their members.”
Rivero specifies these premises: “Some forums are public and allow anyone to register, while others are more exclusive and require a more strict selection process.
In general, methods such as invitation by existing members or administrators are used, where the recommendation of people already within the community is relied on.
Additionally, some forums may require users to complete an application form or go through an interview to assess their suitability.
Others may ask to demonstrate their knowledge on a specific topic through exams or test posts, or to be recommended by users with a good reputation on the
dark web
.”
If you overcome these filters, the underworld of the Internet is surprisingly similar to the surface world.
“They have their own
chats
[conversation applications] and also use hidden Telegram channels to contract services or even to advertise their achievements, exposing the names of victim entities,” adds the Check Point researcher.
More information
A conviction between 'dark web' mafias brought down the group of cybercriminals that attacked the Seville City Council and thousands of entities
The specialist of this last security company details that they have a kind of arbitration system to settle disputes between users, such as the one that put an end to the largest extortion organization (LockBit) due to discrepancies in the distribution of the ransom for a kidnapping.
In the forums, there was a first trial, an appeal and a final conviction.
“After this, it is very difficult to work with them again because they lose reputation and this is the most important thing on the
dark web
,” he comments.
In this underworld there is everything and it is possible to find the data of any regular user of the surface internet (Google One allows you to know if your accounts have been compromised or appear on the dark web).
The pages are not sophisticated: there is no need for a market strategy.
And they also have forums and conversation applications typical of the everyday world.
Shaykevich recalls the case of Conti, a kidnapping and extortion group supposedly dissolved after a leak, which once had “a structure of 200 people and physical offices in Moscow.”
“We analyzed the
chats
that were leaked and there were everything from notices of newly painted doors, so that users would not touch them, to requests to stop talking about
malware
[malicious programs] in the building's cafeteria.”
“The dark world is not that different from the real world,” he adds.
“They celebrate parties, stop for vacations and even take collections for orphanages.
There are human beings behind;
criminals, but they have children and some of them consider themselves moral.
Some
ransomware
groups promise not to attack hospitals and veto any attack on countries that formed the former Soviet Union.”
“But we must remember,” the researcher insists, “that they are criminals.”
Attacks on institutions such as hospitals are among the worst regarded operations in a world where successful robberies and kidnappings are published as part of the publicity strategy.
“Being a
hacker
is a real business and there is no integrity.
They persecute people, kidnap and extort.
But when it is done against a hospital, it is the most terrible thing in the world because you can kill someone for money,” says Francisco Criado, one of the vice presidents of Check Point, of North American nationality with parents of Latin origin.
You can follow
EL PAÍS Tecnología
on
and
X
or sign up here to receive our
weekly newsletter
.
Subscribe to continue reading
Read without limits
Keep reading
I am already a subscriber
_