It’s becoming simpler for wannabe cybercriminals to catch a portion of the billions of dollars lost through fraud happening every year. All you really need is some Bitcoin knowledge, some free tools and no moral qualms taking from others. My recent investigation into the dark web market shows that strong malware, phishing pages, password-cracking software for famous brands, and an inconceivable cluster of other hacking devices are being sold on the internet (the dark web to be precise) for only a couple of dollars each. While we have been browsing the web for quite a long time, most of us are ignorant about the whole web, which contains a great deal of stowed content that isn’t noticeable to average internet users.
When using the web every day, we surf the surface web, also known as the clear web. In this blog post, we are zeroing in on the base layer of this iceberg. This layer is popularly called the dark web.
The illegal things sold on the dark web may be modest and simple to purchase namelessly, but freshman fraudsters will not know how to utilise them adequately and without getting found out, right? Wrong.
With thousands of hands-on practical courses and step-by-step guides, it takes around 2-3 hours to understand how to use a hacking tool and start your journey in the field of cybercrime.
These highly encrypted sites (Dream, Wall Street Market, Empire) active on the dark web, which can only be accessed using the Tor browser, permit crooks to secretly sell hacking software, alongside a wide range of other stash, including illegal medications, leaked confidential information, and weapons.
What’s on Sale?
Phishing Pages
With phishing as one of the most successful cyberattack vectors, it's not surprising that ambitious black hat hackers are selling phishing pages for many famous brands, including, Facebook, Amazon, Netflix, and PayPal. These pages regularly go for about INR 150 each. And if you need to buy a manual for how to do it, you can get one for just INR 50.
Trojans
Probably the most remarkable things we found available to purchase on the dark web were remote access trojans (RAT) with a normal requesting cost of just INR 500. This horrendous strain of malware permits hackers to take remote admin access to the victim’s PC. Not only would they be able to log all keystrokes and access private files like photos, videos and other official documents (which can be used for identity theft), it’s also shockingly normal to involve these RATs in spying on the victim’s webcam.
Cheap Hacking Tools
Other pocket hacking instruments that we tracked down included keyloggers (INR 200) and WiFi hacking scripts (INR 250).
There are also tools available that can be used to hack bitcoin wallets and steal all money without leaving a trace.
What’s interesting, and disturbing, is an eminent shift towards an assistance model. As some of these tools and software are available on the clear web for an expensive price, the merchants active on the dark web are providing the same tools at a cheaper rate with features like a lifetime customer support guarantee.
Cybercrime Consultation
The dark web offers a successful career in cybercrime. Beginner to expert level resources are available for anybody needing to figure out how to perform crimes like online fraud, identity theft, know your customer (KYC) fraud, and loan fraud, with all the required tools sold as a bundle.
For example, if you want to make a career in cybercrime, you can purchase a course for around INR 2000 and start right away with hands-on practical hacking. These courses come with all the tools required to perform the hack with a how-to guide.
HackTown
HackTown is a website active on the dark web made to teach individuals on cybercriminal procedures, accordingly prepping them to become proficient cybercriminals. All resources on the site revolve around hacking-for-benefit with an accentuation on techniques needed to pull off fruitful fraud cyber-attacks.
As per data posted on the site's homepage, the site offers courses that are loaded with information and abilities needed to effectively target people and associations.
The homepage also shows a roadmap into becoming a degree holder in cybercriminal activities. It explains about different programs offered by HackTown. These programs of study vary from a diploma in carding to achieving a professional cybercriminal degree.
The accompanying courses are presented on the site:
OPSEC Course
This course teaches information on the procedures utilised in hacking Wi-Fi organizations and operations security (OPSEC) which happens to be the initial step a client takes in their excursion to turn into a prepared cybercriminal.
This course also has a requirement section that needs to be fulfilled. This requirements section tells you how to stay away from the radar of law enforcement agencies.
Network and MiTM Attacks
If you have been able to hack your neighbor’s Wi-Fi or your beloved café, and you’re not certain where to hit straight away, this classification of HackTown courses perfectly suits you. From overhauling your abilities to permit you to put your recently purchased ransomware for some practical use.
There are many other courses available on HackTown for very cheap. The section for paid members allows access to premium hacking courses, too.
Multiple courses show step-by-step guides to exploit home routers to gain access to the devices connected to them. There are tools and procedures to hack printers, android devices and commit credit card/debit card frauds.
What should be done?
“Capacity building and social awareness are two of the most important factors which can be helpful in combating dark web crimes. Such cases can/should be investigated and solved with multiple approaches,” says Shri. Ashish Tiwari, who is an IPS officer of the UP Cadre. He is a graduate of the Indian Institute of Technology (IIT) Kharagpur, with B. Tech. (H) and M. Tech in computer science and engineering. As an engineer, he believes in innovation and advancement and has fostered an application to carefully deal with police deployment, e-leave management, local area policing and different errands. He has started numerous innovation drives to acknowledge SMART policing, which have been standardised at the state level and have impacted millions of Indian citizens.
He says, “Building capacity requires understanding the threats and developing a way to mitigate them. The only way forward is for the government to institutionalise more capacity-building initiatives like Online Capacity Building Programme on Cyber Law, Crime Investigation and Digital Forensics under the National eGovernance Division (NeGD). The government must take steps to ensure that the law enforcement agencies are well trained to handle common cybercrimes efficiently. There must also be more initiatives aimed towards handling cyberattacks on a larger scale to prevent attacks that pose a threat to the critical information infrastructure (CII).”
On the other hand, it is important to spread awareness among youth and make them understand IT and cyber laws.
The primary step for such anticipation is training pointed toward building up more noteworthy mindfulness and information regarding unlawful internet content and cybercrime among kids and teens, just as guardians and teachers. These days as many children and teenagers have smartphones, exceptional consideration ought to be paid to smartphones and other internet-connected devices.
Guardians should spend time with their kids on their internet-based exercises, know the apps used by them, help the kids comprehend and manage their private/personal data over the internet, instruct them on the risks of meeting people they do now know, and so on.
“Schools and colleges should start awareness campaigns and workshops to teach students about cybercrimes and digital footprints. It is important for students to understand that it is impossible to hide behind the monitor and commit crimes over the internet. A cybercriminal always leaves a digital footprint and will be caught someday. Therefore, they shouldn’t indulge in any such activity,” says Ashish.
Today the internet is accessible to almost everyone. With all the advantages taken into consideration, the technology will inevitably be abused in one way or the other. Besides HackTown, many dark web forums teach hacking and are a hub for hacking tools, malware, trojans, ransomware, cracked accounts, etc.
The dark web has become a mystery among youth which makes it one of the most popular subjects in information technology and cybersecurity. It is important to understand that the dark web is not a fun place to visit. The dark web contains a lot of unindexed data that may or may not be dangerous but surely shouldn’t be accessed by children who do not understand the various risks.
About the author: Rahul Pandey is a Cybersecurity Researcher and a Cybercrime Investigator. He works with the officers of Uttar Pradesh Police on Cybercrime Investigation. He has been a district topper and also received Director General’s merit award for academic excellence. Rahul Works with multiple NGOs all over India to promote Cybercrime Awareness and to empower students, families, communities and society with prevention and intervention skills to reduce cybercrime.
Doing so, Rahul has been recently awarded with The Karmaveer Chakra Award, which is a global civilian honor given by the international confederation of NGO (iCONGO) in partnership with the United Nations to the people across the globe for relentless courage and unleashing extraordinary potential.