Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

10/26/2017
04:15 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Dark Web Marketplaces' New Home: Mobile Messaging Apps

Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.

In the wake of government shake-ups and high-profile compromises of several very popular marketplaces on the Dark Web, criminals are continuing to pivot, looking for easy but under-the-radar alternatives for connecting buyers and sellers on the cyber black market.

According to several new research reports out this week, mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another. Researchers posit that increased popularity in these tools can at least partially be attributed to market disruption due to government action to take down AlphaBay's $500,000 per day marketplace and infiltrate the other heavy-hitting Hansa Marketplace in the aftermath of that takedown.

"With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business," write security researchers with threat intelligence firm Sixgill in a recent report on next-generation Dark Web markets. Their analysis shows that criminals may be trending toward some of the more decentralized peer-to-peer marketplaces that were once the mainstay of the Dark Web at its inception, depending once again upon IRC channels and individual vendor sites more heavily. Where things may be changing compared to bygone days is an increased reliance on mobile venues. Sixgill specifically cited the increased use of the messaging app Telegram as an example of this.

"With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade," they write. "Regional and international groups across the world are using the application to spread their merchandise with P2P sales. Users can find illegal drugs that can be delivered within hours all the way to stolen credit card information for sale." 

Another report from IntSights confirms Telegram's surge in popularity and offers up evidence that it is just one of several mobile messaging apps being co-opted by the criminal element to facilitate stealthy communication and commerce. Overall, IntSights says that it has witnessed a 30x increase in mobile dark web activity over the last year and it believes that as many as several hundred thousand users are taking advantage of these channels for illegal purposes.

IntSights researchers say the app rising most quickly in popularity is Discord, which is signing up Dark Web users nine times as fast as other apps such as Telegram and Whatsapp. They say that these trends in mobile apps is part of an ongoing push that has the Deep Web going shallower but which presents challenges to the security community in monitoring activity due to the use of a more distributed system of communication.

"As hackers seek distributed networks over the existing more centralized platforms, more advanced solutions are required for collecting and analyzing the abundance of data," they write.

Of course, all of this is part of the ongoing evolution of the very organic cybercrime economy. Regardless of the takedown of AlphaBay and Hansa and regardless of the shift to mobile, the Dark Web itself is still a thriving and chaotic miasma of illegal activity. One estimate from Trend Micro research earlier this year pegged the Dark Web--a subset of which is referred to as the Deep Web--as containing 550 times as much data as the Surface Web.  And another piece of research earlier this month from Carbon Black's Threat Analysis Unit (TAU) found that the Dark Web marketplace for ransomware alone is growing at an annual rate of more than 2,500%.

"The availability of these services has allowed underground ransomware to hide effectively, making attribution and takedowns by law enforcement extremely difficult," wrote Rick McElroy and Sean Blanton of Carbon Black. "If takedowns do happen, they happen over months or years of hard work."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
8/30/2018 | 11:08:15 PM
hi
Mobile messaging apps are really a lifesaver when we want to communicate with friends and family and even co-workers at an instant. However, when they are being used for a different purpose that involves the dark web, it seems that even crooks need all the help they can get. They are running a business too and they sure know how to do it the easy way. Obviously they would want to stay as economical and efficient as possible regardless of the type of business that they are running.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.