Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

Notes from the Underground: A Multi-Part Investigation into the Cybercriminal Dark Web

The other day, I heard a staggering fact: At any given time, there are upward of one million people in the sky. That amounts to roughly the population of Dallas, all soaring forward at 30,000 feet to their next destination.

It got me thinking about other corners of the world that are just as bustling, but equally unapparent to the naked eye. One that matters a lot to us is the cybercriminal underground.

Most people will never dip as much as a toe in the dark web. After all, it's not indexed by traditional search engines and requires special software to connect to - an intimidating combination. Yet it's thriving and industrious in ways that are unimaginable to many. In fact, some estimates place the dark web, which allows users to stay anonymous, some 400 to 550 times the size of the "surface internet."

While many consider the dark web a black-market playground for the depraved and sinister (and a haven for whistleblowers and activists), it also functions in many relatable ways to environments you are used to. For security professionals especially, understanding how the cybercriminal underground operates and the end goals of its inhabitants (who happen to be your foes) is pivotal to staying ahead of today's sophisticated threats.

It's the old Sun Tzu "Art of War" philosophy: To defeat the enemy, you need to know the enemy. The goings on of the dark web offer an enlightening crash course into the tactics, methods and purpose of cybercriminals - insight that can be incorporated into your defenses. However, most security professionals don't personally have the time or resources to seek out this information, plus experts recommend even knowledgeable individuals avoid accessing this region of the internet due to its risks.

But at Trustwave, it's our job to wade into enemy territory. That's why we are bringing you a multi-part series that investigates the inner workings and subtleties of the dark web - and why and how they matter to you. The first part was released on Friday by our elite SpiderLabs team:

"Code of Honor"

Synopsis: Contrary to what many may believe, the dark web is governed by written and unwritten rules, and is a place where reputation matters above all else. Our SpiderLabs researchers plunged deep into the cybercriminal underground to understand how order and integrity is maintained among the felonious, from how to conduct business to where to make charitable (yes, charitable) contributions.

Here is a sneak preview of the next two parts, which will arrive in the coming weeks.

"The Underground Job Market"

Synopsis: This will offer examples of how recruiting works in the cybercriminal underground, from drug running, to hacking, to corporate infiltration.

"The Underground Laundry Machine"

Synopsis: This will describe the various schemes (many of them seemingly legit) that are used to launder money.

Stay tuned for much more to come!