Frauds and Criminality among the Dark Net

By Graham King, Julian Kosmides

May 2, 2020

7 min read

What is the Dark Net

The Dark Net or more commonly known by the public as the "Dark Web" is a collection of encrypted websites that allow the users to stay anonymous. Since the users are able to stay anonymous, many illegal activities occur on the Dark Net. These activities include drug sales and purchasing, sites for finding hitmen, sites for sex trafficking, and even sites selling human organs. Drug and human trafficking are some of the more popular crimes that occur on the Dark Net. Moreover, personal information, whether private or financial, can also be found for sale on the Dark Net, with accompanying credit cards and social security numbers.

Fraud on the Dark Net

Fraudsters will purchase personal information from Dark Net market places. This information includes credit card numbers, social security numbers, full names, etc. With this information they will be able to steal one's identity and open accounts in one's name. Since 2013, more than 14.7 billion records have been reported lost or stolen, according to NBC in an article titled "Dark web monitoring: Useful way to fight identity theft or marketing hype?"

Examples of Dark Net Use

Illegal file sharing
Exchanging of illegal goods or services (including stolen financial or private data and a wide array of illegal and legal drugs)
Protesting dissidents and those seeking to bypass internet surveillance
Selling of stolen information
Identity theft
Download of movies before release date
Obtaining music before release date
Gathering of information on someone in order to blackmail them
Obtaining information on how to conduct specific criminal activity

Is it Illegal

The dark net allows users to remain anonymous through encryption so while it's not illegal to visit the dark web, it provides access to illegal activities.
Websites that exist on the dark net are encrypted this makes them difficult to track
While the Dark Net is not illegal to go on itself, users are advised to proceed with caution as the Dark Net is a breeding ground for illegal activity; one wrong click on a suspicious link could download risky information to one's computer that puts them in legal danger, or even could be used to steal ones information through scampages.

Identity Theft

"Dark web monitoring may be able to alert consumers that their stolen personal information is being offered for sale on the internet, but it can’t put the genie back in the bottle." - Susan Grant, Consumer Federation of America

Social Security Number: Identity thieves can use this information to obtaining credit cards in your name, impersonating you to get medical services, government benefits, or even in legal matters.

Passwords: Many people use the same password or a variation of the same password for all their accounts. This allows thieves to access a multitude of your accounts.

Victims of the Dark Net

The movie industry loses money through every illegal download.

Artists and recording companies suffer as the downloads of their music on the Dark Web don't contribute to the number of recorded sales.

Those who have their identity stolen have to deal with the IRS, police department, place all their cards on freeze, and tighten security on their accounts.

Many Dark Net sites even contain personal images or videos of individuals who are not aware of this distribution of content.

Sale of COVID-19 Vaccines or Cures

Sale of "COVID-19 patients blood or saliva" in order to "boost immune system"

Spread of false information on treatment and precautions.

"Fake coronavirus vaccines that claim to be 'fully tested and confirmed' continue to be listed on other popular dark web marketplaces" - Anthony Cuthbertson, Independent News

Fake distributors of ventilators and mask are taking large orders because of the demand. They keep the money and don't send the product because often the "distributors" don't actually exist.

This sale of fake cures and vaccines for COVID-19 is a type of fraud that puts the lives and wellbeing of the victims at immense risk.

covid-vaccine

Dark Net Threats and How to Find Them

Exploiting breached data - Breached financial and other personal data can also be published as a dox. Doxxing is an extensive PII breach targeted at a specific individual, usually on paste bins or anonymous doxxing sites on the deep and dark webs.
Scampages - Scampages are fraudulent webpages used to obtain personally identifying information. In the financial industry, scampage links are commonly sent via phishing email requesting the customer to login and/or verify account information.
Bank Drop - Skilled fraudsters are careful with bank drop activity to avoid being flagged, so they can be difficult to detect. Searching for the term "bank drop" using Beacon, a dark web discovery tool, discovered over 17,000 results across the deep and dark webs.
Counterfeit documents - Dark web marketplaces offer a variety of fraudulent documents, including bank statements, cheques, fake debit or credit cards, and counterfeit currencies. such as proving fake address, opening a fake PO box, or generating a fake net worth to commit mortgage fraud, for example. The Dark Net allows those seeking to purchase or produce fraudulent documents with an outlet of information and resources.
Criminal Planning - Perhaps the most powerful intelligence for financial institutions on the hidden internet is criminal discussions. Public deep and dark web discussion forums give banks access to current hacking strategies, many of which are adapted to circumvent physical or digital bank security measures. Financial security teams can use this information to make system changes or inform customers and personnel about up-to-date risks. However, these forums allow criminals and fraudsters to learn of new and improved methods of defrauding banks and organizations through the sharing of ideas and methods. Hackers seeking to commit digital bank fraud are able to learn from more experienced criminals that use the same web discussion forum or Dark Net community board.
Cloud Service attacks - Dark web users continuously share up-to-date information about cloud service exploits. Any data leaked from these exploits can also be posted on pastebins and dark websites. Finding this information as soon as possible is critical for a financial security team’s ability to mitigate cloud breaches in their early stages. Cloud breaches could compromise mass amounts of personal information that can lead to the stolen identities and information from, if a company is big enough, millions of individuals including customers and employees.
Internal Vulnerabilities/Human error - Accessing threat intelligence on the deep and dark webs keeps financial security teams up-to-date on security risks and what to watch out for. Educating bank personnel and employees about these risks, as well as cybersecurity best practices and fraud detection, helps institutions prevent breaches and other forms of financial fraud caused by human error. In fact, human error is much easier for attackers to exploit than computer vulnerabilities.

How to Prevent / What to do

Periodically change passwords.

Invest in protective services for your social security information life LifeLock.

If identity is at risk, contact the Social Security Administration, Internal Revenue Service and by placing fraud alerts on your credit files.

Try to keep highly personal information offline.

Use a VPN to hide IP address from hackers.

Don't trust all the information you read. Although many whistleblowers and activists utilize the Dark Web, one must be skeptical of all the information they encounter online.

Downloads for movies can contain viruses, it is safer to stream.

Limit the people you interact with over the Dark Web.

To Learn More About the Dark Net

https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html