Revealing new research around the Russian dark web, Ariel Ainhoren, research team leader at IntSights told Infosecurity that local websites to Russia were a “unique part of the dark web” due to local laws and government influence.
Ainhoren pointed to several sites on the dark web, which he said “look like any other sites” and some of which are available on the surface web. He explained that the first website, hackzone.ru, was started in 1997 as there was a common Russian mentality to do things yourself. This, he said, led them to start their own discussion boards.
Another website, named Exploit.in. was started in 2005 and now has around 45,000 users. While only requiring a registration to use it, is available on the surface web. “It became an industry and became a pyramid,” Ainhoren said, saying that malware such as the Gandcrab ransomware was created on Exploit.in and distributed further via layers of middlemen.
He said: “It’s a business model. It started as a nice place to talk and switch ideas, and it is growing all of the time.”
Another website that Ainhoren showed Infosecurity had a thread with a working exploit for the Bluekeep vulnerability.
Asked if there were common rules among the users, Ainhoren said that there is an understanding of not attacking other Russians or Russian websites, or anything in the former Commonwealth of Independent States (CIS). In another case, a Syrian was hit with ransomware and after saying they were unable to pay the ransom, a filter was added so certain ransomware could not infect anyone determined to be from Syria.
“It’s an issue of nationality” Ainhoren said, saying that as we saw with the Crimea conflict, there is freedom to attack USA and European domains.
He also said that Russian authorities often turn a blind eye to these websites, and will not take them down as they “align with Russian government interest.”
He said that the Russian internet was built as a free network, and closed down over the years by a series of laws which restricted the freedom of the internet, and insisted on only using local VPNs and verifying SIM cards.
“For the dark web, it means a lot more anonymity. On one hand the government can turn a blind eye, and on the other close in on them and be more aligned with Russian interest,” Ainhoren said. “The dark web is a wealth engine that brings in money.”