The recent crackdown on popular dark web markets AlphaBay and Hansa is driving cyber-criminals to migrate to messaging apps to carry out their nefarious business.
An IntSights Cyber Intelligence threat report, Messaging Applications: The New Dark Web, suggests that apps like Discord, ICQ, Skype, Telegram and Whatsapp offer a convenience mobile platform for criminals, given the availability of group chat. IntSights analyzed thousands of black markets, text storage/paste sites, hacking forums, IRC channels, apps and social media pages, and discovered a steady increase in threat actors inviting cyber-crime forum users to join their messaging groups.
The company estimates that up to hundreds of thousands of users of prominent mobile messaging apps are using them to trade stolen credit cards, account credentials, malware and drugs, as well as exchanging hacking methods and ideas.
In some cases, the dark web marketplaces themselves are leveraging mobile messaging and mobile apps. For instance, in July an advertisement for a new Russian black market, dubbed Matanga, started making the rounds via Jabber, a messaging XMPP-based application. Matanga, which sells a variety of drugs, stolen credit cards, SIM cards and other illegal merchandise, created a dedicated Android app that connects to TOR utilizing ORbot, thus giving mobile-first clients easy access to the services of the dark web from their devices.
“The anonymity promised by dark web networks such as TOR and i2p was the key reason for their popularity among cyber criminals,” said Guy Nizan, IntSights CEO and co-founder. “Now that the dark web is no longer safe for hackers and threat actors, they are moving to messaging platforms and brazenly conducting their illicit activities on the same apps that millions use every day.”
The import of the research is that today’s black market is accessible to anybody with a cell phone, which could lead to a proliferation of low-level cybercrime conducted by amateurs. In the past, cyber-criminal communication required an individual to have somewhat specialized equipment and knowledge.
“While the traditional dark web proves to be less-dark than believed, hackers move to the surface web, using platforms such as social-media and mobile apps,” the report noted. “While more traditional forms of communication required an individual to have at least a basic level of knowledge of which sites to visit and how, in addition to the use of a dedicated browser over a desktop computer, today’s black market is accessible more than ever, with the tap of a finger over a portable pocket-held device. This could prove to cause a proliferation of low-level cybercrime, that is conducted by less qualified perpetrators.”
The report also concluded that the monitoring of online criminal activity will become much more challenging as threat actors move from large and centralized black markets and forums to small, closed and distributed networks based on social media groups and/or messaging apps.