Avoiding Arrest: Cyber Criminals Share Dark Web Secrets

Uploaded on 2021-03-29 in GOVERNMENT-Law Enforcement, FREE TO VIEW, TECHNOLOGY--Hackers

On the Dark Web there are many secrets to be found, including insights into what criminals say and do if they are caught.  Recent research conducted by the Digital Shadows threat intelligence team explored the discussions between black hat hackers and the exchanges made in how to avoid jail, including advice about what do to when they are on law enforcement radars and they come to the prospect of arrest. 

In particular, Digital Shadows gathered information on the the idea, in which law enforcement "will not care" if the US or EU are targeted, but the moment any former Soviet Union nations are involved, they will "hunt you down." 

It appears that in Russia cyber criminals live a relatively peaceful life, but attempting to go abroad is more risky as they are much more likely to be arrested. One poster said that the "best country" to be in is Russia, but "under appreciation and low wages drove him to participate in unethical and criminal behavior." 

Operational security (OPSEC) practices are also widely discussed, with forum users exchanging ways to avoid arrest and stay anonymous. Numerous threads mention everything from virtual to physical security options, but one common topic of discussion, in particular, is widely debated.  

Hard drive encryption or deletion is sometimes cited as a way to stop law enforcement investigations in their tracks, however, not every forum user is so sure, with one saying, "if it were all as simple as that then major cases would never be solved." Early mistakes in criminal careers also appear to be causing some sleepless nights, with poor OPSEC when starting out being a difficult issue to remedy. 

"Many a threat actor's downfall stemmed from poor OPSEC practices when they first decided to don the black hat, such as using a spouse's email address, forgetting to mask their IP, or letting their real name and address slip," one Digital Shadows researcher commented.

In addition, discussions have taken place over collaboration. While many believe that other dark web forum users will "sell out" each other, others say that forging ties with others in the criminal industry can push threat actors up the pecking order.  

Digital Shadows noted that allegations are flying thick and fast that English-speaking criminal forums and marketplaces are becoming little more than police honeypots. Some forum users said that "sooner or later," law enforcement will obtain information on them, and others relayed concerns over potential police violence on arrest. 

Others appear, at least online, to have a rather bullish attitude to the prospect of prosecution at all. Laws worldwide are still catching up with the evolution of cyber crime, and for some, corrupting law enforcement and saving enough to pay bribes and avoid prosecution is a possibility. One forum user wrote, "a good lawyer knows the law, a better one knows the judge."  

According to threat researchers at  Cisco Talos "Cyber criminals, just like the organisations they target, must always have one eye on their security practices... There are so many things for them to worry about and ways they can slip up..It must be pretty tiring. Threat actors must keep looking over their shoulders, fixing past mistakes, and coming up with new ways to beat the technology used to track them."

Experts say that while there are ways to trace activity on the dark web, police officials always require special training and specific information about the activity.

Security researcher Karan Saini at India's Centre for Internet and Society said, “Attempting to track unconventional online behaviour would call for development of new methods, along with formal training for those involved, especially if malicious actors are using the Tor network to carry out illicit activities instead of the clear web”

Digital Shadows:     Talos:     ZDNet:     Economic Times:     Journal of Criminal Law:    Image: Unsplash

You Might Also Read: 

Inside The Deep & The Dark Web:

 

« New Cyber Security Measures To Protect US Energy
Facebook's Internal Content Rules Revealed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.