The darknet community uses its own underground justice system to solve disputes that arise between one cyber criminal and another.

Crime and Punishment for Cyber Criminals

In this underground justice system, a ‘case’ begins when two parties experience a disagreement. Analyst1 gave the example of a threat actor having purchased compromised network access from an initial access broker who had already sold that access to someone else. The buyer responded by asking for a refund, but the seller refused to fulfill their request.

The buyer can then choose to initiate action against the seller. First, they open a thread on a dedicated sub-forum. There, they provide details including a brief of the claim, the nickname of the defendant and the defendant’s contact information, such as their email address or Telegram profile. They must also provide evidence such as screenshots, receipts of cryptocurrency transactions and more to support their claim.

At that point, the accuser must wait for a forum administrator or other high-ranking authorized cyber criminal to accept the role of arbiter over the case. The assignment of an arbiter creates an opportunity for the defendant to present their side of the story and offer a counterclaim.

If the arbiter rules in favor of the defendant, then that’s as far as the case goes. There’s no need for reparations of any kind. But if the arbiter convicts the defendant, the party will be required to comply with the verdict. They have to compensate the accuser in a certain amount of time or risk being banned from the underground forum.

Over the course of the case, every forum member has the right to comment on the proceedings. But they serve no purpose other than bearing witness to the proceedings. They have no influence over the outcome of a dispute.

Cyber Criminal Laws: Avoid Ransomware

Analyst1 noted that the cyber criminal justice system they observed has banned all cases involving ransomware-related topics and disputes since May 2021. It’s clear why when you look at what was going on with ransomware at the time.

Namely, following a security incident involving a pipeline company, the DarkSide ransomware group ceased operations. Someone seized control of its servers and drained them of the funds set aside for paying their affiliates.

XSS, a Russian cybercrime forum, announced around that time that it would no longer allow posts and threads pertaining to ransomware. Others followed suit. Exploit, another cyber criminal forum, announced that ransomware gangs could no longer use its threads to hire affiliates and/or advertise their programs, reported Bleeping Computer.

What This Means to Organizations

Cases in the cyber criminal justice system can help to provide insight into where digital attackers’ priorities lie. They show what attack techniques they might be using to target organizations.

In response, security teams might consider integrating darknet intelligence into their security programs. This can help organizations to anticipate emerging threats and protect themselves accordingly.

More from News

Hack-for-Hire Groups May Be the New Face of Cybercrime

Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns. “We have seen hack-for-hire groups target human rights and political activists, journalists and other high-risk users around the world, putting their privacy, safety and security at risk,” Google TAG says. “They also conduct corporate espionage, handily obscuring their clients’ role.”…

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers. A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords…