Research: Using Darknet Forums by Black Hat Hackers During Crisis Periods (Darknet Marketplace Shutdown)
Darknet marketplaces are growing at a rather rapid rate. These marketplaces are not only markets for illegal and illicit drugs, but they are also places where hackers are selling various hacking tools and offering hacking as a service (HaaS) for anyone who can pay the predetermined price in cryptocurrency. The black hat hacker market evolved from being merely a playground for individuals fueled by ego and notoriety to a marketplace that is sometimes even more profitable than darknet illicit drug trading. Understanding how these black markets operate is an extremely complex process for many reasons including because they are geographically widespread, segmented, and hidden under the cloak of Tor, anonymization techniques, and advanced cryptographic features.
A recently published book dove into how black hat hackers process information available to them and react during periods of crises. The book offered a preliminary study that examined darknet forums shortly after the shutdown of two darknet marketplaces: Hansa and Alpha Bay. Content and network analysis of conversations taking place on these forums concluded that black hat hackers mostly engaged with thorough information processing during the studied period and were highly skilled at developing collective solutions via sharing security recommendations and developing alternative means for conducting their trading. On the other hand, the study also showed that distrustful and anti-social communications were even more exaggerated during periods shortly following marketplace shutdowns. Analysis of network communications taking place on these forums showed that not all forum members were influenced by crisis events, i.e. darknet marketplace shutdowns, as only black hat users were the most affected during these periods. The study proves that even though darknet forums may host a highly diverse, resilient, group of users, crisis events have the potential to render these communities vulnerable via fueling internal distrust.
Darknet hacking forums:
Even though darknet hacking forums are not ideal places for conducting trades of hacking tools and selling hacking services, the shutdown of darknet marketplaces was found to be shortly followed by a flourish in the communications taking place on these forums. Lack of tools, such as escrow services, which are indispensible for conducting trades on the darknet, renders the usage of forums for the trading of hacking related tools and services more or less insecure for both buyers and sellers. However, the shutdown of Hansa and Alpha Bay was followed by an increase in the usage of darknet forums for building relationships between sellers and buyers of hacking related tools and services.
KickAss is one of the darknet forums that are extensively used by hackers during crisis events, i.e. darknet marketplace shutdowns. KickAss is by far one of the most popular darknet hacking forums that specialize in malware, zero day exploits, hacked accounts, and much more. Network analysis showed an increase in the number of visitors using this forum, following the shutdown of Hansa and Alpha Bay. The forum is not only a place for black hat hackers, but also a place for ethical hackers that seek to learn how to protect themselves online, conduct penetration testing, and shield their surface web sites against malicious adversaries.
HackerPlace is another deep web forum that was extensively used by black hat hackers during periods of crisis events. Even though the forum is highly restricted in terms of communications, especially since users of the forum cannot communicate directly nor talk with each other there, black hat hackers used it to share valuable information that could help them survive the crisis events.
ODay is one of the most specialized black hat hacking forums available on the darknet which helped black hat hackers exchange information following the shutdown of Alpha Bay and Hansa darknet marketplaces. This is due to a very important reason – ODay is not only a deep web black hat hacking forum, but it is also a marketplace. Users can buy and sell exploits. Interestingly, the forum boasts its very own currency which can be bought using bitcoin and then used to buy exploits and various hacking tools and services. ODay witnessed a great increase in the number of users and a marked rise in its usage as a marketplace for HaaS. The great thing about the forum is that it has a feature that enables users to test exploits before actually buying them. Moreover, the forum includes reviews and feedbacks that help filter out the best tools and sellers.
Even though darknet marketplaces are increasingly becoming a preferred market for black hat hackers where they can easily sell their hacking tools and services, the shutdown of these marketplaces does not represent the end of the world for black hat hackers. Research has shown that black hat hackers shift to darknet forums not only to exchange information that can help them survive these crisis periods, but also to utilize them as alternative marketplaces to market and sell their hacking tools and services.