January 26, 2022 By David Bisson 2 min read

The darknet community uses its own underground justice system to solve disputes that arise between one cyber criminal and another.

Crime and punishment for cyber criminals

In this underground justice system, a ‘case’ begins when two parties experience a disagreement. Analyst1 gave the example of a threat actor having purchased compromised network access from an initial access broker who had already sold that access to someone else. The buyer responded by asking for a refund, but the seller refused to fulfill their request.

The buyer can then choose to initiate action against the seller. First, they open a thread on a dedicated sub-forum. There, they provide details including a brief of the claim, the nickname of the defendant and the defendant’s contact information, such as their email address or Telegram profile. They must also provide evidence such as screenshots, receipts of cryptocurrency transactions and more to support their claim.

At that point, the accuser must wait for a forum administrator or other high-ranking authorized cyber criminal to accept the role of arbiter over the case. The assignment of an arbiter creates an opportunity for the defendant to present their side of the story and offer a counterclaim.

If the arbiter rules in favor of the defendant, then that’s as far as the case goes. There’s no need for reparations of any kind. But if the arbiter convicts the defendant, the party will be required to comply with the verdict. They have to compensate the accuser in a certain amount of time or risk being banned from the underground forum.

Over the course of the case, every forum member has the right to comment on the proceedings. But they serve no purpose other than bearing witness to the proceedings. They have no influence over the outcome of a dispute.

Cyber criminal laws: Avoid ransomware

Analyst1 noted that the cyber criminal justice system they observed has banned all cases involving ransomware-related topics and disputes since May 2021. It’s clear why when you look at what was going on with ransomware at the time.

Namely, following a security incident involving a pipeline company, the DarkSide ransomware group ceased operations. Someone seized control of its servers and drained them of the funds set aside for paying their affiliates.

XSS, a Russian cybercrime forum, announced around that time that it would no longer allow posts and threads pertaining to ransomware. Others followed suit. Exploit, another cyber criminal forum, announced that ransomware gangs could no longer use its threads to hire affiliates and/or advertise their programs, reported Bleeping Computer.

What this means to organizations

Cases in the cyber criminal justice system can help to provide insight into where digital attackers’ priorities lie. They show what attack techniques they might be using to target organizations.

In response, security teams might consider integrating darknet intelligence into their security programs. This can help organizations to anticipate emerging threats and protect themselves accordingly.

More from News

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked.“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced.In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a widely deployed…

DOJ’s crackdown: A brief look at hacker group takedowns

3 min read - The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders. The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ's offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists. Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the…

Will watermarking save the 2024 election from a deepfake debacle?

3 min read - It seems like only months ago deepfakes were still just a curiosity. Now, deepfakes are a real and present danger. And in an election year, the influence of AI-manipulated content could be disastrous. During a recent Washington Post Live event, Anne Neuberger, deputy national security adviser for cyber and emerging technologies at the White House, commented on the rising risk of deepfakes. Incidents have already occurred, such as the recent fake-Biden robocall meant to discourage voters ahead of the New…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today