Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

10/26/2017
04:15 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Dark Web Marketplaces' New Home: Mobile Messaging Apps

Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.

In the wake of government shake-ups and high-profile compromises of several very popular marketplaces on the Dark Web, criminals are continuing to pivot, looking for easy but under-the-radar alternatives for connecting buyers and sellers on the cyber black market.

According to several new research reports out this week, mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another. Researchers posit that increased popularity in these tools can at least partially be attributed to market disruption due to government action to take down AlphaBay's $500,000 per day marketplace and infiltrate the other heavy-hitting Hansa Marketplace in the aftermath of that takedown.

"With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business," write security researchers with threat intelligence firm Sixgill in a recent report on next-generation Dark Web markets. Their analysis shows that criminals may be trending toward some of the more decentralized peer-to-peer marketplaces that were once the mainstay of the Dark Web at its inception, depending once again upon IRC channels and individual vendor sites more heavily. Where things may be changing compared to bygone days is an increased reliance on mobile venues. Sixgill specifically cited the increased use of the messaging app Telegram as an example of this.

"With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade," they write. "Regional and international groups across the world are using the application to spread their merchandise with P2P sales. Users can find illegal drugs that can be delivered within hours all the way to stolen credit card information for sale." 

Another report from IntSights confirms Telegram's surge in popularity and offers up evidence that it is just one of several mobile messaging apps being co-opted by the criminal element to facilitate stealthy communication and commerce. Overall, IntSights says that it has witnessed a 30x increase in mobile dark web activity over the last year and it believes that as many as several hundred thousand users are taking advantage of these channels for illegal purposes.

IntSights researchers say the app rising most quickly in popularity is Discord, which is signing up Dark Web users nine times as fast as other apps such as Telegram and Whatsapp. They say that these trends in mobile apps is part of an ongoing push that has the Deep Web going shallower but which presents challenges to the security community in monitoring activity due to the use of a more distributed system of communication.

"As hackers seek distributed networks over the existing more centralized platforms, more advanced solutions are required for collecting and analyzing the abundance of data," they write.

Of course, all of this is part of the ongoing evolution of the very organic cybercrime economy. Regardless of the takedown of AlphaBay and Hansa and regardless of the shift to mobile, the Dark Web itself is still a thriving and chaotic miasma of illegal activity. One estimate from Trend Micro research earlier this year pegged the Dark Web--a subset of which is referred to as the Deep Web--as containing 550 times as much data as the Surface Web.  And another piece of research earlier this month from Carbon Black's Threat Analysis Unit (TAU) found that the Dark Web marketplace for ransomware alone is growing at an annual rate of more than 2,500%.

"The availability of these services has allowed underground ransomware to hide effectively, making attribution and takedowns by law enforcement extremely difficult," wrote Rick McElroy and Sean Blanton of Carbon Black. "If takedowns do happen, they happen over months or years of hard work."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
8/30/2018 | 11:08:15 PM
hi
Mobile messaging apps are really a lifesaver when we want to communicate with friends and family and even co-workers at an instant. However, when they are being used for a different purpose that involves the dark web, it seems that even crooks need all the help they can get. They are running a business too and they sure know how to do it the easy way. Obviously they would want to stay as economical and efficient as possible regardless of the type of business that they are running.
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9016
PUBLISHED: 2020-02-16
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVE-2020-9013
PUBLISHED: 2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
CVE-2020-9007
PUBLISHED: 2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVE-2020-9012
PUBLISHED: 2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVE-2019-20456
PUBLISHED: 2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.