THE dark web is a criminal marketplace where anyone can buy anything, from credit card details to ransomware.
Like with all retail destinations – legal or illicit – there are well-known suppliers and “bestsellers”.
1
These dark merchants can earn up to $25million in just six months, according to Raj Samani, chief scientist at Rapid7 and a special adviser to the European Cybercrime Centre.
Speaking to The Sun, Samani said: “Exploits are what you would use to break into a company.
“Now if we think about some of the more higher-end exploits, like a remote code execution attack, this can make as little as $75,000 (£60,000).
“That might sound like a lot, but remember you’re buying a vulnerability into a device that many companies use.
“Once you’ve broken into that organisation you can then go out and demand whatever number you want, and apply it to other organisations.
“The [earnings of] more professional outfits are of tens and millions, and one group has claimed billions.”
When cybercrime first spiked during the Covid-19 lockdown between March and August 2020, Samani and a team of others at McAfee tracked the Bitcoin wallet of hacker group Netwalker.
They saw Netwalker’s operation had raked in an eyewatering $25million (£20million) in ransom paymentsin that period.
Most read in Tech
Ransomware payments often circle the $50million figure, according to Samani.
But earlier this year, another ransomware gang Clop sought up to $100million for the data it stole during the MoveIT Transfer attacks – which targeted over a thousand companies including the BBC, British Airways and Boots.
It’s not yet clear whether Clop has received a dime of what it ransomed.
Meanwhile, state-sponsored organisations are thought to raise much more.
North Korean government-affiliated cyber gang Lazarus is understood to have raised up to $2billion from cyberattacks on cryptocurrency operators and overseas banks, a report compiled by a panel of the U.N. sanctions committee on the country revealed in 2019.
In terms of so-called bestsellers, Samani explained that there are no limits to what products and services can be sold on the dark web.
It really is “everything you can think of. And I think that’s the scary part,” he said, because anyone from anywhere in the world can commit a cyberattack.
It’s precisely this that makes cyber crooks so hard to catch.
While Samani has been involved in a number of dark web busts, the anonymity gained from operating inside this criminal underbelly is what makes justice difficult.
“The challenge about identifying and catching criminals and then holding them to account is entirely dependent on where they live, where they are,” Samani continued.
“We’ve done multiple take-downs, and luckily we have the Cybercrime Centre in The Hague… We are seeing more people being held to account but certainly not everybody because some of these attacks are being done in countries where we don’t have great relations.”
It’s not an unpunishable crime, however, as these crooks get caught out eventually.
Namely, when they’re on holiday or passing through airports, according to Samani.
Like when French cyber gang member Gheorhe Mirzac, 32, was arrested at Heathrow Airport in 2017 for his part in a malware attack on UK ATM machines three years prior, fleecing Brits out of £1.5million.
Samani encouraged web surfers to engage with the No More Ransom project if anyone is ever affected by ransomware or cybercrime.
The project has up to 150 free decryption tools for ransomware that mean “people don’t have to deal with the consequences of paying criminals to get their data back.”
It also helps organisations like Europol keep track of attacks and build profiles on perpetrators.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
