Light Dark
January 26, 2022 By David Bisson 2 min read
News

The darknet community uses its own underground justice system to solve disputes that arise between one cyber criminal and another.

Crime and punishment for cyber criminals

In this underground justice system, a ‘case’ begins when two parties experience a disagreement. Analyst1 gave the example of a threat actor having purchased compromised network access from an initial access broker who had already sold that access to someone else. The buyer responded by asking for a refund, but the seller refused to fulfill their request.

The buyer can then choose to initiate action against the seller. First, they open a thread on a dedicated sub-forum. There, they provide details including a brief of the claim, the nickname of the defendant and the defendant’s contact information, such as their email address or Telegram profile. They must also provide evidence such as screenshots, receipts of cryptocurrency transactions and more to support their claim.

At that point, the accuser must wait for a forum administrator or other high-ranking authorized cyber criminal to accept the role of arbiter over the case. The assignment of an arbiter creates an opportunity for the defendant to present their side of the story and offer a counterclaim.

If the arbiter rules in favor of the defendant, then that’s as far as the case goes. There’s no need for reparations of any kind. But if the arbiter convicts the defendant, the party will be required to comply with the verdict. They have to compensate the accuser in a certain amount of time or risk being banned from the underground forum.

Over the course of the case, every forum member has the right to comment on the proceedings. But they serve no purpose other than bearing witness to the proceedings. They have no influence over the outcome of a dispute.

Cyber criminal laws: Avoid ransomware

Analyst1 noted that the cyber criminal justice system they observed has banned all cases involving ransomware-related topics and disputes since May 2021. It’s clear why when you look at what was going on with ransomware at the time.

Namely, following a security incident involving a pipeline company, the DarkSide ransomware group ceased operations. Someone seized control of its servers and drained them of the funds set aside for paying their affiliates.

XSS, a Russian cybercrime forum, announced around that time that it would no longer allow posts and threads pertaining to ransomware. Others followed suit. Exploit, another cyber criminal forum, announced that ransomware gangs could no longer use its threads to hire affiliates and/or advertise their programs, reported Bleeping Computer.

What this means to organizations

Cases in the cyber criminal justice system can help to provide insight into where digital attackers’ priorities lie. They show what attack techniques they might be using to target organizations.

In response, security teams might consider integrating darknet intelligence into their security programs. This can help organizations to anticipate emerging threats and protect themselves accordingly.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
December 19, 2023

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

August 16, 2023

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature