What You Need to Know About Cyberattacks — Part 3

Cyber Security 101, Terminology, Actors, Solutions: Deep Web, Dark Net, Hacker Groups, Bitcoin

Part 1 and 2 should’ve given you a good idea of how hackers stage and attack your systems and what they want to achieve once they're in there.

So who are these bad actors, and where do they conduct their business? Where do you find the Dark Net? What’s the difference between the Deep Web and the Dark Net? What’s the role of Bitcoin in this scenario?

The Deep Web

Looking for a new healthy recipe, want to repair your boiler, find that book your co-worker told you about? Go on Google, DuckDuckGo, or for the special people Bing, and they’ll list thousands of sites to visit.

Search engines are our map to the public internet (Surface Web). Many people aren’t aware that there’s a vast uncharted part of the web that you can’t find on this map.

To travel the Deep Web, you’ve got to know where you’re going. You navigate it the same way adventurers explored new continents: by word of mouth and handwritten maps passed on through dubious channels.

If you have no idea what you’re doing, it can be dangerous. The natives aren’t all friendly.

However, not everything on the deep web is illegal. You can also find traditional sites such as business intranets, webmail platforms, databases, online banking, or social media platforms.

To access services on the Deep Web, you have to know where they’re located. So you either need the URL or the IP address of the site you want to visit.

IP addresses are like the GPS coordinates of the internet, while the URL is the postal address. Both take you to your destination, but URLs are more familiar and easier to use for most people.

Once you’re at your destination, you need to know the secret word. A password or other form of authentication will be required to enter the site.

The Dark Net

There is an even more secretive part of the internet accessible only through the Tor network.

Even in this dank part of the net, not all activity is related to cyber criminality. There are lots of people who require complete privacy.

Think of journalists researching critical stories, dissidents and political activists looking for confidential communication channels, and your run-of-the-mill tin foil hat wearers.

The Tor network was designed to make sure no one watches your internet activity. It’s like a series of labyrinths designed to lose anyone stalking you and to make it impossible to track your steps.

In the previous part, we discussed how encryption is used to make data unreadable to onlookers. For anonymity, the journey through the TOR network is encrypted.

But, since the last stretch (exit hop) between the Tor network and the final station might not be encrypted, there is a small privacy hole.

So, for your journey to be completely untraceable, you’ll have to make sure to add another layer. Virtual Private Network (VPN) Services like ProtonVPN integrate directly into the Tor Network to add additional security.

Once inside the Dark Net, accessed through labyrinths, protected by obfuscated connections and secret words, you’ll find forums to discuss more or less illegal topics.

Escrow services facilitate the “safe” exchange of money for illicit goods and the black markets where criminals sell them.

You'll find regular villains hawking deviant porn, drugs, weapons, human trafficking, or fake identities.

Then there are cybercriminals offering stolen (credit card) data, all types of malware, DDoS for hire, and financial services.

When you think about the services on the Dark Net, imagine huge eBay or Amazon-like marketplaces for illegal goods and activities.

Cybercriminals today expect professionalism. Sites like Cybsploit have support teams and success guarantees.

Your DDoS attack or the malware you bought didn’t work as promised? Ask for your money back. The sellers have a reputation to lose. There is a lot of money to be made, but there’s stiff competition.

Need input on a project you’re working on? Want to test the malware you just wrote for feasibility? The Dark Net is the place to find kindred spirits and work together on your next exploit.

Hacker Groups

Just like Ocean wouldn’t have been able to pull off the casino heist without his 10 buddies, hackers need communities of specialists with different skill sets.

These distributed groups operate together under iconic or slightly ridiculous group names, like “Legion of Doom,” “Masters of Deception or “Lizard Squad.”

The most well-known hacker group is Anonymous. Their face masks are immediately recognizable. They’ve become a symbol of freedom and resistance.

Since their attacks target political figures, foreign governments, organizations, and religious groups they consider criminal or corrupt, the public sees Anonymous as a hacktivist group, not as cybercriminals.

However, the tools they use to reach their goals are identical. They’re a hacker group known for DDoS cyber attacks.

Other groups are in it solely for the money. It’s a big business. For example, the recent high-profile Colonial pipeline hack that led to people transporting gas in plastic bags was run by the hacker group DarkSide.

DarkSide cashed in 4.5 Mio USD in bitcoins from this attack alone.

Since last August (2020), the hackers responsible, DarkSide, have made at least $90m in ransom payments from about 47 victims,

Why Bitcoin?

TLDR: Bitcoin is the preferred currency of criminals because it’s not regulated by governments, decentralized, and recipients of transactions are difficult to trace and convict.

Bitcoin allows to rapidly move large amounts of money to recipients that are hard to identify. Consequently, no one knows to who the ransom payment is addressed.

Despite popular assumptions to the contrary, bitcoin transactions are fully traceable. All transaction details are stored on a public ledger (the blockchain) accessible to anyone.

Bitcoin is pseudo-anonymous. Even though a transaction is traceable, the owner of a particular bitcoin address remains anonymous. You can create as many Bitcoin addresses as you like, use them once, and discard them.

While you need identification and supply personal details when opening a classic bank account, getting a bitcoin wallet doesn’t require any information.

In combination with private surfing over encrypted VPN channels and the Tor network, anonymous bitcoin wallets mask your identity and location. Add mixers or tumblers, and presto, it’ll be very difficult to tie the transaction to you.

Difficult, but not completely impossible. Highly visible ransomware attacks like the Colonial Pipeline hack or the memorable DDoS attack on ProtonMail in 2015 stir law enforcement agencies from their peaceful slumber.

In both cases, the attacks were so destructive the involved hacker groups were hunted by the FBI, Europol, and local law enforcement specialists in a massive global effort.

Some Armada Collective actors were traced and arrested after a month-long hunt triggered by the ProtonMail incident.

DarkSide started paying backs some of the ransom and announced they would shut down operations to escape apprehension.

Realistically, most of these groups will lie low for a short while only to resurface under another name when the dust has settled.

Cyber Crime is a well-organized business with vast financial resources and a lot of brainpower at its disposal.

But so does the other side. Security is one of the fastest-growing businesses in Tech and one of the most interesting places to be at the moment.

In the next part, we’ll look at the defense systems that are being developed to keep hackers at bay.