Light Dark
January 26, 2022 By David Bisson 2 min read
News

The darknet community uses its own underground justice system to solve disputes that arise between one cyber criminal and another.

Crime and punishment for cyber criminals

In this underground justice system, a ‘case’ begins when two parties experience a disagreement. Analyst1 gave the example of a threat actor having purchased compromised network access from an initial access broker who had already sold that access to someone else. The buyer responded by asking for a refund, but the seller refused to fulfill their request.

The buyer can then choose to initiate action against the seller. First, they open a thread on a dedicated sub-forum. There, they provide details including a brief of the claim, the nickname of the defendant and the defendant’s contact information, such as their email address or Telegram profile. They must also provide evidence such as screenshots, receipts of cryptocurrency transactions and more to support their claim.

At that point, the accuser must wait for a forum administrator or other high-ranking authorized cyber criminal to accept the role of arbiter over the case. The assignment of an arbiter creates an opportunity for the defendant to present their side of the story and offer a counterclaim.

If the arbiter rules in favor of the defendant, then that’s as far as the case goes. There’s no need for reparations of any kind. But if the arbiter convicts the defendant, the party will be required to comply with the verdict. They have to compensate the accuser in a certain amount of time or risk being banned from the underground forum.

Over the course of the case, every forum member has the right to comment on the proceedings. But they serve no purpose other than bearing witness to the proceedings. They have no influence over the outcome of a dispute.

Cyber criminal laws: Avoid ransomware

Analyst1 noted that the cyber criminal justice system they observed has banned all cases involving ransomware-related topics and disputes since May 2021. It’s clear why when you look at what was going on with ransomware at the time.

Namely, following a security incident involving a pipeline company, the DarkSide ransomware group ceased operations. Someone seized control of its servers and drained them of the funds set aside for paying their affiliates.

XSS, a Russian cybercrime forum, announced around that time that it would no longer allow posts and threads pertaining to ransomware. Others followed suit. Exploit, another cyber criminal forum, announced that ransomware gangs could no longer use its threads to hire affiliates and/or advertise their programs, reported Bleeping Computer.

What this means to organizations

Cases in the cyber criminal justice system can help to provide insight into where digital attackers’ priorities lie. They show what attack techniques they might be using to target organizations.

In response, security teams might consider integrating darknet intelligence into their security programs. This can help organizations to anticipate emerging threats and protect themselves accordingly.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

December 9, 2024

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally. The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets. Who is exploiting the NGFW zero-day? As of now, little is known about the…

December 2, 2024

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature