Russia is the birthplace of the dark web, and its tech-savvy population includes some brilliant hackers. We talk to two researchers who will present a report on the topic here at Black Hat.
Mention the dark web to security experts and their thoughts necessarily turn to its birthplace-Russia. From simple hack-sharing site origins, Russia’s cybercrime ecosystem has grown to rival that of its government.
Ahead of releasing a report on the topic, Charity Wright, formerly with the NSA, and Ariel Ainhoren, Research Team Leader at IntSights, graciously summarized this evolution for us here at the Black Hat conference.
Origin of the Dark Web
“Russia has always been at the forefront of the dark web,” said Wright. “They created some of the first forums, and they’re the most technically advanced.”
The dark web isn’t what you might imagine, though. “Russia is known for drug trafficking; it’s the number-one dark web business,” she said. “The second most successful would be job boards for jobs in the Russian criminal underground. They look very vanilla, like a normal job posting, but [they’re] for very criminal work.”
She pointed to hackzone.ru, created in 1997, as one of the earliest dark websites. Carder.org followed a few years later. “It looks like Reddit or any other forum,” Wright said. “It’s a place for hackers to share ideas, and challenge each other. It’s also a marketplace for personal credit cards and more.”
A Tech-Savvy Population
The Russian population is very tech-savvy, Wright said; 76 percent use the internet, and 85 percent of that group is online for six or more hours per day. But 60 percent of the most visited sites are Russian. Laws have insulated Russians from foreign sites and companies that refuse to store data locally.
Still, you can get information from almost any government entity on the web, and it does not necessarily require using the Dark Web. “You can get a person’s driver’s-license picture, for example. If you want to know the history of where they’ve lived, just go to the Interior Ministry. If you have money, you get it,” Ainhoren said.
Ainhoren noted that in the Skripal poisoning case, the British government used these sources to buy information about suspects. “After that, the government cracked down,” noted Ainhoren. “We don’t know that was the reason, but we can speculate.”
Caging the Bear?
“The first and most lucrative generation of dark websites got taken down by international operations,” stated Wright. “The new generation includes such entities as Hydra, which has over 1,700 automated shops and is very successful. The government does not mind as long as they don’t interfere inside Russia.”
To prevent that interference, Russia has passed a series of restrictive laws. The Data Localization Law of 2015 required any companies storing data about Russian citizens to do so locally, within Russia. The VPNs and Anonymizers law of 2017 effectively banned any VPNs that didn’t give the government backdoor access.
Perhaps the culmination of this series of cyber laws is the Sovereign Internet Law, passed earlier this year and signed into law by Vladimir Putin. One stated aim of this law is to protect the Russian internet in case other countries try to cut off access. But as Ainhoren pointed out, this could just as well be used to insulate the Russian internet, similar to the great firewall of China.
“It’s interesting how the Sovereign Internet Law makes it difficult to stop cybercrime coming out of Russia,” said Wright. “It’s already hard enough to issue phishing takedowns on Russian sites. They don’t respond, they don’t have to.”
“They’ve had some trouble implementing the law’s infrastructure,” said Ainhoren. “They experimented with government-controlled routers and such, and it didn’t work. They’re still building out the implementation. Eventually, everything citizens do will be monitored.”
He pointed to a recent incident in which the government of Kazakhstan issued a notification to every citizen, ISP, and business instructing them to install an add-on that could read all traffic, including secure HTTPS traffic. There was a significant backlash. “It makes you think; could this have been a Russian experiment?”
Clearly, this new, wide-ranging Russian law will not contain the Russian bear. Rather, it will protect Russia against retaliation for cyber-attacks and put a microscope on any company that wants to do business in Russia.
Originally published at https://www.pcmag.com on August 8, 2019.