Skip to main content

Dark web, ransomware & WannaCry

November 24, 2017 | Expert Insights

Beyond the reach of search engines lies the dark web hosting information to help a new breed of cyber criminals commit crime unchecked. Ransomware, which demands payments after launching a cyber attack has become a rising trend among hackers looking for a quick payout.

Background

The dark web is unindexed web that is only accessible by means of special software. This allows users and website operators to remain anonymous or untraceable. Many access the dark web through Tor, a free software that enables anonymous communication.

One of the biggest online black marketplaces used to be Silk Road. Launched in 2011, it became a popular platform for illegal drug trade. In October 2013, the FBI shut down Silk Road and arrested Ross William Ulbricht on charges of being its pseudonymous founder, "Dread Pirate Roberts.” He has been sentenced to life imprisonment without the possibility of parole. In 2017, the 33-year-old’s appeal was denied.

Illicit trade and illegal activity is rampant on the dark web. In July 2017, two of the largest marketplaces in the “dark web”, Alphabay and Hansa, were shut-down in a joint effort by the US Department of Justice and Europol. Alphabay reportedly had more than 200,000 users and made a $1bn in revenue annually.

Ransomware – WannaCry

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction.

On 12th May, a cyber-attack hit 150 countries and has affected approximately 200,000 computers as of 15th May. The hack is being termed as the biggest cyber-attack that has ever occurred and is ‘unique’ since the ransomware is being used in combination with a worm (WCry). This means that if a computer is infected by the malicious software, the infection could spread to a number of other computers automatically, through a network.

Many institutions across the world like UK’s National Health Service (NHS), FedEx, Deutsche Bahn and Spain’s Telefonica were hit. Marcus Hutchins, a 23-year-old researcher, accidentally found and activated the “kill switch” that helped end the attack. At the time, Hutchins wanted to be anonymous and called himself MalwareTech. However, his identity was revealed by the media and he was subsequently lauded for his actions.

 

Analysis

Silvino Schlickmann Jr, Director, Cyber Crime Directorate, INTERPOL, was one of the esteemed speakers at Synergia Conclave – Security 360 and he provided his perspective on one of the key challenges of the 21st century.

Schlickmann Jr said that a number of factors has the world to the stage that we are in right now in terms of cyber security. He stated that everyone is aware of the consequences of the recent spate of cyber attacks. One of the key aspects relies on cooperation and Schlickmann Jr noted that industry and academic institutions are extremely important for this. He said that the most important factor  lies in the intersection between the criminals who engage in “traditional crimes”, being able to get access to cyber infrastructure. He said, “Imagine if you are a drug dealer and you are very aware of where to get the products and how to sell to your audience and how to interact with your competition, but you may not be the best person to deal with cyber space. Nowadays, because of the existence of these platforms, it’s easier for you (drug dealer) to combine some of your expertise with somebody else’s expertise and do something entirely new. And that’s why we are seeing such an effect on points of sale.”

He also noted that cryptocurrencies are one of the most important developments one sees in cyber space. He stated that it seems “good and easy but you don’t know exactly happening below that.” He said that there are at least 1,000 well established cryptocurrencies and these can made that much more harder for law enforcement to trace.

He explained that cyber criminals don’t have to conduct the crime all by themselves. They can outsource a lot of the expertise to other people and hackers and buy modules to successfully conduct cyber crimes. He said, “And that’s absolutely what’s happening with ransomware.”

Cyber criminals can scale their activities across the world and that’s what makes them dangerous. Schlickmann Jr said, “You’re not targeting your neighboring bank…you can target anybody.” He said that everyone is a target, irrespective of who they are and there will always be soft targets.

Assessment

Our assessment is that protecting perimeters is not enough when it comes to cyber crimes. Governments and law enforcement agencies must prepare for a new reality where cyber attacks pose a threat to not only individuals but also the sovereignty of nations. Cyber crimes are more potent than traditional crimes as they can be scaled up to cover regions across the world.