Do you have five euros? You can go on the dark internet to buy a virus (and you will have money left over) | Digital Transformation | Technology

[ad_1]

cream_ph (Getty Images)

“Very good seller … Recommended 100%”, “I found the tutorial very simple”, “This guy is legit”, “5/5 Great service”. It could be your typical Amazon reviews, perhaps for a seller of coffee pods or dishwasher tablets. But not. The praised services cannot be found on the mainstream internet, they are only accessible from browsers like Thor, which lead to the dark web or dark internet. What’s more, what these anonymous users have bought is not even legal: it is the Trojan known as Zeus Botnet, which allows you to steal banking credentials and use the network of infected computers (known as botnet) to commit malicious actions. And it costs less than three euros.

“There are different types of sellers of malware [programas informáticos maliciosos]. Normally, the more specialized ones are more expensive, ”explains researcher Carlos H. Gañán, from the Cybersecurity group at the University of Delft (Holland), who has shared the aforementioned examples with EL PAÍS. In its selection there are offers for all budgets: Zeus Botnet samples range from a few cents to just over 30 euros, but there are also services that exceed 1,000 euros.

The catalogs are as varied as the prices. According to a review by security firm Armor, the most economical option for those with the necessary knowledge is to separately purchase basic tools such as exploits that take advantage of vulnerabilities to access foreign systems, samples of ransomware (computer hijacking virus) or code to extend the reach of botnets like Zeus. “You have the entire supply chain. You can buy a package in which the criminal does everything to you, or a particular part of the crime, ”Gañán says. “You can contract from the entrance part of the malware even the mules that will put the money in your account or the mixer that reduces the traceability of cryptocurrencies ”.

More elaborate services include platforms designed to allow a denial of service (DDoS) attack to be launched with just a few clicks and set the cost based on the volume of machines involved in overloading the servers or the duration of the offensive. “It’s quite simple: you pay with bitcoin, with currency or even with a card and they give you access to a panel where you can do whatever you want. You put the URL, the time and the type of attack “, he summarizes Marc rivero, Senior Security Researcher for the Kaspersky GReAT team. According to the expert, it would be possible to launch a “quite large” attack for about 90 euros.

See also  JK Rowling attacks Labor leader Keir Starmer after he says 'trans women are women'

These “digital goods” to do evil are increasingly demanded and offered on the dark internet, long known as the market for the sordid: from weapons to drugs, through child pornography. “Physical products are more complicated because you need an address to send them to. Too easy sell software because you can receive it anywhere in the world and with total anonymity ”, explains Gañán. In addition, the competition between providers brings their uses and customs closer to those of any seller who tries to gain a foothold in an e-commerce platform: they establish customer service channels, improve the experiences of their users, care about their good name and adjust your prices. “If you are a beginner, you have no reputation. Those are the ones that normally offer the lowest rates ”, adds the expert.

In addition, the cheapening of malicious computer services also contributes to the expansion of the digital ecosystem. Just seven years ago and according to data from IoT Analytics, there were about 3,600 million devices connected to the Internet of Things, which includes activity wristbands, surveillance cameras or virtual assistants, among others; in 2020 they exceeded 11.3 billion. When those machines are not adequately protected, they are easy prey for attackers looking to access or build a network. botnet. “Also, keep in mind that if these devices are in a large company or in a university, they have a lot of bandwidth,” explains Rivero.

There are less computerized proposals, such as “sinking someone’s business.” For just over 150 euros, the victim will be overwhelmed by a tsunami of telephone spam, will receive unsolicited shipments at their premises (for example, pizzas) and will appear in advertisements that damage their reputation. You can also buy cloned credit cards and PayPal credentials whose value is determined by the funds available in the associated accounts. Personal data such as full name, date of birth, address, country, telephone number, social security number or driver’s license would be for sale for about 20 euros for a Spanish citizen and for almost 50 for a British one. If what we are looking for is a training course that provides us with skills such as accessing the administration panel of a router and find the right targets in your network, just over 100 euros is enough. “And there are also free tutorials,” emphasizes Gañán.

See also  London kids photograph their disappearing council estate

If a layman can launch a cyberattack, can he also avoid the consequences? According to Gañán, given that the main interest of the security forces is to identify the operators of these markets to root out the problem, sellers and buyers remain in a moderately discreet background. The key is to take all measures that preserve the identity of the buyer. Rivero, who has seen cases of employees who end up badly in a company and seek revenge with a computer attack, argues that absolute anonymity is not so easy to achieve. “This type of thing usually ends badly because the inexperienced person ends up leaving a trace,” he says.

Success not assured

In 2019, a team of researchers from the University of California, San Diego delved into the dark web to test different email and social media credential stealing providers. They hired 27 criminals and only five of them did their job. “The market had low volume, poor customer service, and multiple scammers,” the study sums up.

The need to build a system of minimal trust in a criminal market justifies the appearance of comment models like the ones we find on Amazon. The operators of the large markets previously controlled who accessed their platforms, admitting only those who carried a recommendation from another seller or buyer. “Now since there is so much competition, they basically ask you to pay an amount. If you pay it, you are welcome ”, says Gañán. Trial versions are also offered such as those that allow us to enjoy a week of access to a platform of streaming.

See also  Friday headlines: M8 chaos after two-vehicle crash and 'lava' field in Scottish town

But even the best practices do not ensure lasting business. The history of the black markets of the dark internet is full of fallen leaders. Every so often a new closure of “the largest illegal store” in this part of the network that cannot be accessed from conventional search engines reaches the headlines. The last one was DarkMarket: “This dark internet market has been closed down,” read the sign left by the authorities on the site’s page. Next to the message, the fairy that the portal used as its logo appeared under a fly swatter.

According to Europol, in the latter great bazaar some 2,400 vendors offered their goods and services to almost half a million users. Since its inception in May 2019, DarkMarket amassed at least € 140 million trading drugs, counterfeit money, stolen credit cards and, of course, malicious programs. Before they fell Silk Road, Alphabay or Empire Market. Yet this secluded digital souk continues to bustle with buyers and sellers. “As soon as one closes, another appears”, Gañán sentence

You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our newsletter semanal.



[ad_2]
elpais.com

Related Posts

George Holan

George Holan is chief editor at Plainsmen Post and has articles published in many notable publications in the last decade.

Leave a Reply

Your email address will not be published.