Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/23/2015
07:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Child Exploitation & Assassins For Hire On The Deep Web

'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.

On the Deep Web, users can anonymously buy U.S. citizenship, accept ransomware payments, have their Bitcoins laundered, and even hire and pay assassins, according to a report from the Trend Micro Forward-Looking Threat Research Team.

Trend Micro global threat communications manager Christopher Budd describes it as a "census report" of the Deep Web, based upon data gathered over the past two years by the company's Deep Web Analyzer. The tool essentially acts like a webcrawler, collecting URLs linked to TOR- and I2P-hidden sites, Freenet resource identifiers, and domains with nonstandard TLDs, and extracting content, links, email addresses, and HTTP headers from them.

Simply put, the "Surface Web" is the part of the Web that is indexed and reachable with search engines, and the "Deep Web" is the part of the Internet that is unindexed. The "Dark Web" is a subset of the Deep Web that can only be accessed with specialized equipment, where connections are made between trusted peers -- including TOR, Freenet, or the Invisible Internet Project.

The Deep Web, says Budd, is like the speakeasies of the 1920s. "You could find what you wanted, but you had to know where to go looking," he says. 

"The Dark Web is kind of Mos Eisley," he says, referring to the land in Star Wars that Obi-Wan Kenobi described by saying 'You will never find a more wretched hive of scum and villainy.'

One of the most gruesome things the researchers came across on the Dark Web: assassins. One assassin group calling itself C'thulhu advertises for a variety of services, including rape, "underage rape," maiming, bombing, crippling, and murder. The group even included a base price sheet ranging from $3,000 for "simple beating" of a "low-rank" target to $300,000 for murdering a high-ranking or political target and making it look like an accident.

More common than murder, though, were cybercrime and child exploitation. Trend Micro identified 8,707 pages they dubbed "suspicious," examined the "Surface Web" sites that those sites linked to, and found that most fell into three main categories: 33.7 percent were disease vector (drive-by download) sites, 31.7 percent were proxy avoidance sites (to help attackers duck around firewalls, for example), and a striking 26 percent were child exploitation sites.

"We haven't really seen a lot of people talking a lot about Deep Web/Dark Web and child exploitation," Budd says. "And I think that is a much more tangible problem" than assassins, for example.

The researchers also found cybercriminals using anonymization tools in novel ways. Attackers are beginning to use TOR for hosting their command-and-control infrastructure, bundling the TOR client with their installation package. The Vawtrak banking Trojan has used it for this purpose.

TorrentLocker, a CryptoLocker variant, uses TOR to host payment sites and accepts payment in Bitcoins. 

This is striking to Budd, because while TOR used to be "the province of experts building their own tools," the fact that ransomware operators are actually getting regular, unsophisticated users onto the Tor network to make payments means that the tools are getting more usable and that the ransomware operators are doing a better job with their documentation and support.

"I think it stands to reason," he says, "we'll see the Deep Web and Dark Web be further integrated into malware operations."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
AlexS763
50%
50%
AlexS763,
User Rank: Apprentice
6/23/2015 | 8:09:28 PM
SARA:
THANKS.

ALEX RADEMAKER

MONTEVIDEO

URUGUAY

 

SOUTH AMERICA
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
6/24/2015 | 7:03:50 AM
Difficult
The deep web is a difficult thing to quantify existing. It needs to, as it has plenty of uses outside of horrific crimes (legally and morally), but it's hard not to argue for better ways of finding those behind the terrible sites out there. 

The only problem is that weakening Tor would have a big knock on effect on innocents that use it as a way to communicate safely when being watched by tyranical regimes, so it's difficult to know what to do. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/24/2015 | 7:41:42 AM
Ease of Use
For me, that last nugget is the most interesting. TOR and methods similar use to be something that was outside the comprehension of the non-techie. But as stated, if ransomware victims are using it to make payments then its introducing more and more people to the deep web. However, I would have to think that the payment functionality introduced is much more simple than some of the other intricacies involved with TOR, etc.
Kevin Runners
50%
50%
Kevin Runners,
User Rank: Apprentice
6/25/2015 | 8:41:00 AM
Re: Ease of Use
The terrifying fact is that it's sooo simple to access the Deep Web using Tor... You don't have the feelign to break the law when you go on.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/25/2015 | 12:36:07 PM
Deep and Dark web
Obviously people use web anonymously and they want to feel safe while they are trying to hide something from rest. Internet has lots of benefits but it comes with these types of cost such as being a vehicle to do unethical and illegal stuff, which is unfortunate part of it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/25/2015 | 12:40:05 PM
Re: Difficult
I agree. When we start using TOR for unethical and illegal purposes, that will cost us shutting down  the service all together. There are reason whew need to encrypt our communication, it does not have to be about doing something wrong.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/25/2015 | 12:42:03 PM
Re: Ease of Use
I agree, ate the same time once you set the TOR up it is not going to be difficult for non-technical people using it I would say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/25/2015 | 12:44:36 PM
Re: Ease of Use
I hear you. Using TOR does not mean you break the law. That is not different that doing PGP for your email communication with your friends. It becomes a problem if we use TOR for illegal and unethical purposes.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
6/26/2015 | 1:22:26 PM
Re: Ease of Use
@Dr. T  It's a shame, that great privacy technologies get a bad name because they're being used by criminals. Hopefully enough good guys use encryption to help it resist the same stigma.
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...