Communities on the Dark Web – Hackers

Initialement conçu pour garantir l’anonymat et contourner la censure, le dark web permet une liberté quasi-totale d’expression et d’action. C’est dans cet environnement anonyme que des hackers évoluent. Il n’est plus nécessaire d’avoir de solides connaissances techniques pour effectuer une cyberattaque. Désormais, il est possible d’engager un hacker ou de suivre un guide sur un forum. Les hackers à forte compétence opèrent désormais en groupe pour renforcer leurs connaissances, leur anonymat et factorisent leurs ressources.

Two types of hackers

The dark web contains both black hats and white hats: a white hat is an ethical hacker, while a black hat has malicious intent. But not everything is black and white, and some hackers are grey. They act ethically or not depending on the issue at stake. No matter which colour hat they wear, they are mainly found on blogs that discuss anonymity technology or official hacker conference sites.

Exemples of white hats

A veritable data economy

In the past 3 years, a real data economy has emerged. One of the main consequences is an explosion in the number of data leaks, along with the use of phishing as a vector for compromise.

There are now so many email addresses that phishing has become the most profitable way to compromise information systems. Isolated hackers acquire or buy entire databases of email addresses then launch phishing campaigns or conduct CEO fraud via spear phishing.

Example of a multi-country data sale

Hacker groups on the dark web seem to be getting stronger and are becoming more consolidated.

They are reaching targets, have websites for their activities, and publicise their actions as a communication tool. Their goal is to force victims to pay a ransom or contact them to prevent any leaks.

Suncrypt hacker group site

Nevertheless, even when their intent is malicious, not all hackers are profit-driven. This is clear from the many self-help forums that present hacking techniques and tutorials. They describe various compromise techniques in the form of guides or ready-to-use viruses.

Guides and tutorials offering various hacking techniques

Data is a precious company resource that hackers can easily exploit. This is why the sale of data or high-value-added services has become one of their main activities on the dark web.

Certain hackers conduct the cyberattack themselves to sell the data they obtain, while others simply want to damage a particular entity. The goal is always the same: use one’s knowledge or information to make money or cause harm.

Individual vendors scour forums to sell data they obtained via their own cyberattack or stole from others to make easy money. Hackers also release a sample or images of the data to confirm their veracity. This data is mostly email addresses that can be used to launch phishing campaigns. The stolen data market is driven by black hat activities.

The trade in stolen data is the result of black hat actions.

Excerpt from a forum selling data leaks

There are also hackers for hire. They will conduct a cyberattack upon request to compromise a designated entity using a specific method.

We have observed a real surge in the services offered on the dark web, which we will further describe in the chapter on ransomware as a service. It has become possible for anyone to request a hacker’s services. However, it is hard to know whether these platforms are scams or offer real services.

Examples of cyberattack services for hire

We have dealt here mainly with the activities of the black hats, but the white hats are just as present, although less visible at first sight.