Think You Know About the Underground Economy? Think again!
People tend to think they understand the underground economy pretty well. It’s basically a bunch of websites where hackers, fraudsters and the like can trade stolen credentials and otherwise conduct cybercrime…right?
That’s true, but there are a LOT of misconceptions about the underground economy floating around out there, so we’ve decided to clear up some of the most common ones.
Here are the three misconceptions about the underground economy we encounter most frequently:
1. There is only one underground economy.
It’s easy to associate all illegal activities on the web to one underground economy. Whether it’s “Silk Road” or “Dark Market,” websites dealing with illegal stuff are all part of “the underground,” right? Wrong.
There isn’t one underground, but several. The underground economy we refer to is the one dedicated to identity theft. But there’s also an established underground economy dedicated to the illegal trading of drugs online, a separate underground that has its own rules, members and resources. For the most part, the two “undergrounds” don’t mix; you don’t generally see vendors of credit card data offering their goods in the likes of “Silk Road” and vice versa. There are no drugs offered in “carding” circles.
The dichotomy doesn’t only exist between drugs and identity theft. Malware developers, for example, also have their own underground circles. Here, there is some overlap with the underground economy relating to identity theft. After all, Trojan horses created by malware developers are powerful tools for identity theft and there’s a great market for them in fraudster circles. However, they’re not an integral part of the economy.
Piracy, pedophilia, hacktivism and other types of cybercrime all have their own separate circles. They may intersect in one way or another at certain points, but for the most part they’re completely separate.
2. The underground economy is organized crime.
In some cases we’ve seen the underground economy described as organized crime. While it’s indeed very organized, it can’t quite be characterized as organized crime. Although certain organized crime groups can participate in the underground economy, within the economy they are simply another member.
This isn’t to say all members are born equal. Verified vendors are much more respected in the underground economy than regular members. Also, members need to follow rules set by forum administrators. However, neither administrators nor verified vendors have an actual say on what the regular members should do or work on. It’s a free market, and each member is working for his or her own benefit.
3. The underground economy exists only in the Dark Web.
One of the most common misconceptions is that the underground only exists in the “Dark Web.” The reason for this misconception stems from a misunderstanding of the term “Dark Web.” The “Dark Web” refers to any web page that hasn’t been indexed by search engines. In that sense, the internal networks of organizations are also part of the “Dark Web,” as is the content of forums that require registration. The opposite of the “Dark Web” includes sites that can be found on Google or Bing, and is called “the Visible Web.”
Many confuse the “Dark Web” with anonymity networks such as TOR (The Onion Router). The purpose of anonymity networks is to mask the identities of their users. They were designed to protect the identities of dissidents who live under totalitarian regimes. Some anonymity networks also offer the ability to mask the identity not only of the user, but also of the servers that provide information to the user.
Anonymity networks may seem like a great solution for fraudsters seeking to remain anonymous while being active in the underground economy, and indeed there are underground forums that are only available on TOR. However, the majority of the underground economy is still in the “normal” web—it’s simply a “Dark Web.” In other words, if you know where to go, even without any anonymizing tools, you’ll be able to reach most of the underground sites. If you don’t know where to go, though, you won’t find most of them listed on Google.
So… Why doesn’t law enforcement shut down the underground economy?
Major parts of the underground economy don’t use anonymizing tools. Some of them can even be found on Google. So why doesn’t law enforcement simply shut them down? Typically, this question is only asked by someone who doesn’t believe the underground economy even exists…
First, websites in the underground economy do get shut down. However, this only happens after law enforcement is able to apprehend the person behind the site, and potentially some of the site’s users. Considering law enforcement’s goal is to apprehend criminals, it would be worthless to shut down these sites without knowing who uses or operates them, and enable these cybercriminals to set up shop elsewhere in places that are even harder to access. Until an arrest can be made, there’s value in keeping these sites alive, since they are an invaluable source of intelligence.
In some cases, law enforcement doesn’t only shut down a site, but rather uses their access to collect valuable intelligence on the site’s users who are oblivious that a law enforcement agency is running it.
Second, the fact that a website isn’t hosted in an anonymous network doesn’t mean it’s accessible to western law enforcement agencies. Sites can be hosted in places such as Iran and Russia that aren’t exactly known for their collaboration with western agencies. In some cases, the servers are hosted in a “bulletproof hosting service.” These are hosting services that are operated by fraudsters for fraudsters. Whenever they receive a request from a foreign law enforcement agency, they simply toss it to the bin, making the takedown even more difficult.
The underground economy has existed for over ten years. It has known a lot of ups, downs and changes, and, unfortunately, it will most likely continue to exist as long identity theft is a lucrative business.