Mobile

10/26/2017
04:15 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Dark Web Marketplaces' New Home: Mobile Messaging Apps

Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.

In the wake of government shake-ups and high-profile compromises of several very popular marketplaces on the Dark Web, criminals are continuing to pivot, looking for easy but under-the-radar alternatives for connecting buyers and sellers on the cyber black market.

According to several new research reports out this week, mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another. Researchers posit that increased popularity in these tools can at least partially be attributed to market disruption due to government action to take down AlphaBay's $500,000 per day marketplace and infiltrate the other heavy-hitting Hansa Marketplace in the aftermath of that takedown.

"With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business," write security researchers with threat intelligence firm Sixgill in a recent report on next-generation Dark Web markets. Their analysis shows that criminals may be trending toward some of the more decentralized peer-to-peer marketplaces that were once the mainstay of the Dark Web at its inception, depending once again upon IRC channels and individual vendor sites more heavily. Where things may be changing compared to bygone days is an increased reliance on mobile venues. Sixgill specifically cited the increased use of the messaging app Telegram as an example of this.

"With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade," they write. "Regional and international groups across the world are using the application to spread their merchandise with P2P sales. Users can find illegal drugs that can be delivered within hours all the way to stolen credit card information for sale." 

Another report from IntSights confirms Telegram's surge in popularity and offers up evidence that it is just one of several mobile messaging apps being co-opted by the criminal element to facilitate stealthy communication and commerce. Overall, IntSights says that it has witnessed a 30x increase in mobile dark web activity over the last year and it believes that as many as several hundred thousand users are taking advantage of these channels for illegal purposes.

IntSights researchers say the app rising most quickly in popularity is Discord, which is signing up Dark Web users nine times as fast as other apps such as Telegram and Whatsapp. They say that these trends in mobile apps is part of an ongoing push that has the Deep Web going shallower but which presents challenges to the security community in monitoring activity due to the use of a more distributed system of communication.

"As hackers seek distributed networks over the existing more centralized platforms, more advanced solutions are required for collecting and analyzing the abundance of data," they write.

Of course, all of this is part of the ongoing evolution of the very organic cybercrime economy. Regardless of the takedown of AlphaBay and Hansa and regardless of the shift to mobile, the Dark Web itself is still a thriving and chaotic miasma of illegal activity. One estimate from Trend Micro research earlier this year pegged the Dark Web--a subset of which is referred to as the Deep Web--as containing 550 times as much data as the Surface Web.  And another piece of research earlier this month from Carbon Black's Threat Analysis Unit (TAU) found that the Dark Web marketplace for ransomware alone is growing at an annual rate of more than 2,500%.

"The availability of these services has allowed underground ransomware to hide effectively, making attribution and takedowns by law enforcement extremely difficult," wrote Rick McElroy and Sean Blanton of Carbon Black. "If takedowns do happen, they happen over months or years of hard work."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Apprentice
8/30/2018 | 11:08:15 PM
hi
Mobile messaging apps are really a lifesaver when we want to communicate with friends and family and even co-workers at an instant. However, when they are being used for a different purpose that involves the dark web, it seems that even crooks need all the help they can get. They are running a business too and they sure know how to do it the easy way. Obviously they would want to stay as economical and efficient as possible regardless of the type of business that they are running.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.