Avoiding Arrest: Cyber Criminals Share Dark Web Secrets

On the Dark Web there are many secrets to be found, including insights into what criminals say and do if they are caught.  Recent research conducted by the Digital Shadows threat intelligence team explored the discussions between black hat hackers and the exchanges made in how to avoid jail, including advice about what do to when they are on law enforcement radars and they come to the prospect of arrest. 

In particular, Digital Shadows gathered information on the the idea, in which law enforcement "will not care" if the US or EU are targeted, but the moment any former Soviet Union nations are involved, they will "hunt you down." 

It appears that in Russia cyber criminals live a relatively peaceful life, but attempting to go abroad is more risky as they are much more likely to be arrested. One poster said that the "best country" to be in is Russia, but "under appreciation and low wages drove him to participate in unethical and criminal behavior." 

Operational security (OPSEC) practices are also widely discussed, with forum users exchanging ways to avoid arrest and stay anonymous. Numerous threads mention everything from virtual to physical security options, but one common topic of discussion, in particular, is widely debated.  

Hard drive encryption or deletion is sometimes cited as a way to stop law enforcement investigations in their tracks, however, not every forum user is so sure, with one saying, "if it were all as simple as that then major cases would never be solved." Early mistakes in criminal careers also appear to be causing some sleepless nights, with poor OPSEC when starting out being a difficult issue to remedy. 

"Many a threat actor's downfall stemmed from poor OPSEC practices when they first decided to don the black hat, such as using a spouse's email address, forgetting to mask their IP, or letting their real name and address slip," one Digital Shadows researcher commented.

In addition, discussions have taken place over collaboration. While many believe that other dark web forum users will "sell out" each other, others say that forging ties with others in the criminal industry can push threat actors up the pecking order.  

Digital Shadows noted that allegations are flying thick and fast that English-speaking criminal forums and marketplaces are becoming little more than police honeypots. Some forum users said that "sooner or later," law enforcement will obtain information on them, and others relayed concerns over potential police violence on arrest. 

Others appear, at least online, to have a rather bullish attitude to the prospect of prosecution at all. Laws worldwide are still catching up with the evolution of cyber crime, and for some, corrupting law enforcement and saving enough to pay bribes and avoid prosecution is a possibility. One forum user wrote, "a good lawyer knows the law, a better one knows the judge."  

According to threat researchers at  Cisco Talos "Cyber criminals, just like the organisations they target, must always have one eye on their security practices... There are so many things for them to worry about and ways they can slip up..It must be pretty tiring. Threat actors must keep looking over their shoulders, fixing past mistakes, and coming up with new ways to beat the technology used to track them."

Experts say that while there are ways to trace activity on the dark web, police officials always require special training and specific information about the activity.

Security researcher Karan Saini at India's Centre for Internet and Society said, “Attempting to track unconventional online behaviour would call for development of new methods, along with formal training for those involved, especially if malicious actors are using the Tor network to carry out illicit activities instead of the clear web”

Digital Shadows:     Talos:     ZDNet:     Economic Times:     Journal of Criminal Law:    Image: Unsplash

You Might Also Read: 

Inside The Deep & The Dark Web:

 

« New Cyber Security Measures To Protect US Energy
Facebook's Internal Content Rules Revealed »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.

TENEX

TENEX

TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security.