From xxxxxx <[email protected]>
Subject Shadowboxing and Geopolitics on the Dark Web
Date December 19, 2022 7:40 AM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
[The takedown of a Russian darknet marketplace exposed cracks
within the cyber-criminal underworld — and the global effort to shut
down these digital black markets.]
[[link removed]]

SHADOWBOXING AND GEOPOLITICS ON THE DARK WEB  
[[link removed]]


 

Mohar Chatterjee
December 11, 2022
Politico
[[link removed]]


*
[[link removed]]
*
[[link removed]]
*
*
[[link removed]]

_ The takedown of a Russian darknet marketplace exposed cracks within
the cyber-criminal underworld — and the global effort to shut down
these digital black markets. _

, ITSveronica

 

When Russia invaded Ukraine in February, a notorious cyber-criminal
group called Conti declared its “full support” for President
Vladimir Putin
[[link removed]].
Three days later, a pro-Ukraine member of Conti leaked logs detailing
the group’s plans to follow that up with action, saying Conti’s
leaders had “lost all their shit.”

The logs revealed a startling new dimension to the evolution of one of
the world’s biggest cyber-criminal collectives: These groups were
splintering along geopolitical lines — nationalist agendas were
infiltrating a cybercrime operation that had, until now, been
ruthlessly profit-driven.

And that’s making the shadowy world of the so-called darknet
marketplaces — where criminals trade in computer hacking tools,
stolen data, narcotics and money-laundering services — even more
dangerous and difficult to rein in. Cyber-criminal groups are
abandoning rules that governed these marketplaces and using the
malware they trade on these platforms to go after more sensitive
computing systems connected to critical infrastructure and government
services of the countries they deem enemies.

“You’ve got kind of an ideological cyber operation occurring
between what I would call willing participants,” said Adam Meyers,
senior vice president for intelligence at cybersecurity technology
company CrowdStrike. “We’re seeing the proliferation of offensive
cyber operations to more and more nation-states.”

_Want to know more about the efforts to police darknet marketplaces?
We’ve got a 10-episode podcast for you. For the debut of the
POLITICO Tech podcast, Mohar Chatterjee digs deeper with the
regulators, enforcers and lawmakers trying to rein in this corner of
the dark web. __Check it out here_
[[link removed]]_._

In September, researchers from Google and IBM noted the same dynamic
[[link removed]].
Conti’s hacking tools were being used in cyberattacks against
Ukraine in what the researchers called an “unprecedented blurring of
lines.”

On the dark web, this new environment arose, in part, due to a law
enforcement success: In April, German authorities shut down Hydra —
at the time, the world’s oldest and largest darknet marketplace, and
one of the places where Conti bought and sold data and hacking tools,
according to the logs.

Groups like Conti had always been relatively platform agnostic,
willing to make the jump to the next big platform and go on with their
business. When the FBI shut down Silk Road, the world’s first modern
darknet marketplace, in October 2013, that paved the road for
AlphaBay, a darknet market that grew to be 10 times bigger than its
predecessor.

But when Hydra disappeared, its former administrators quickly filled
the void with a multiple new, smaller darknet marketplaces and forums
[[link removed]], setting the stage for what András
Tóth-Czifra, a senior analyst at the cyber threat intelligence firm
Flashpoint, calls a “war of the marketplaces” on the
Russian-language darknet.

And those marketplaces are not just in conflict with the law, they are
in ideological conflict with each other, divided along pro-Kremlin
and pro-Ukraine lines
[[link removed]].

Washington is worried about these groups, but also struggling to find
solutions.

Rep. Jim Himes (D-Conn.), who chairs the House subcommittee on
national security, international development and monetary policy, said
that the criminals who make use of darknets are particularly dangerous
because they need relatively few resources to hack and compromise
massive computing systems in the U.S.

Rep. Jim Himes speaks during a House Intelligence Committee hearing on
Commercial Cyber Surveillance as Chair Adam Schiff listens, Wednesday,
July 27, 2022, on Capitol Hill in Washington. | Mariam Zuhaib/AP Photo

“It is the ultimate asymmetric threat,” Himes said.

And regulation is especially difficult when we’re talking about the
technologically complex world of the dark web, he says.

“Everybody understands bridges, right? Nobody understands Monero,”
Himes said, referring to the hard-to-track cryptocurrency that’s
becoming the default for darknet marketplaces.

And police and law enforcement agencies are also still playing
catch-up, operating with significant technological and diplomatic
handicaps that hinder efforts to take down vast, decentralized
cyber-criminal operations.

At the same time, the cyber criminals on these platforms are
constantly improving their operational security. Many newer
marketplaces have mandated the use of Monero and increasingly use
encrypted communication tools.

The geopolitics of cybercrime

The Conti leak was only the first political standoff between these
gangs on new marketplaces after Hydra’s fall.

In August, outspoken pro-Kremlin hacktivist group Killnet attacked a
pro-Ukraine darknet discussion forum called RuTor, claiming it was run
by the Ukrainian Secret Service agents.

Flashpoint’s Tóth-Czifra said that’s the kind of action that had,
so far, been all but forbidden in the cyber-criminal underworld —
attacking a darknet actor affiliated with a former Soviet country.
Alphabay, for example, has guidelines saying the platform prohibits
any activity directed against Russia, Belarus, Kazakhstan, Armenia or
Kyrgyzstan.

That’s partly because there’s always been a somewhat political
dimension to keeping darknet marketplaces running, and that’s often
involved making nice with governments that will be lax with
enforcement.

“What Russia and some other countries do is look the other way,”
Himes said, describing gangs like Conti as “quasi-state actors”
that governments allow to operate because their attacks on rival
countries fulfill those governments’ political aims.

Before Russia invaded Ukraine, there’d been at least a few overtures
between the U.S. and Russia to tackle transnational cybercrime. In
July 2021, President Joe Biden held a phone call with Putin to try to
convince him to crack down on hacking collectives based in Russia.
While Biden threatened to take “any necessary action” to protect
U.S. critical infrastructure, he also said the two countries had set
up lines of communication about the issue.

But the last time Russian agents even nominally cooperated with their
American counterparts on a darknet law enforcement operation was in
April — 10 days after the Hydra bust and less than two months after
the Ukraine invasion. Russian authorities arrested Dmitry Pavlov on
charges of large-scale drug trafficking. Pavlov admitted to providing
servers
[[link removed]] for
rent as an intermediary, but denied direct involvement in the site’s
administration.

At the same time, the criminal gangs that use these marketplaces are
getting more brazen, using the hacking tools they buy on the platforms
for cyberattacks against bigger targets that could hobble governments.

By 2017, CrowdStrike’s Meyers saw the emergence of “what we call
big game hunting or enterprise ransomware” — referring to tools
hackers use to block access to a computer system until they get a
payment. These cyber-criminal actors had figured out they would get
better compliance for their ransom demands if their target’s cost of
going offline even for a few hours is steep, or if the compromised
data is particularly sensitive. “That’s really the sweet spot that
they’re looking for,” said Meyers.

Flashbpoint’s Tóth-Czifra said these higher-profile attacks meant
they were also less worried about governments coming after them.

“We thought that they would not target critical infrastructure or
industrial systems because of the fear of retaliation. And
then Colonial Pipeline happened
[[link removed]],”
he said, referring to the May 2021 cyberattack by an Eastern European
group called DarkSide on a major East Coast fuel pipeline that forced
the company to stop operations for six days. DarkSide said the attack
was not political.

The problem with regulation and enforcement

On the day Hydra fell, Treasury Secretary Janet Yellen issued an
ominous warning to the platform’s users. “You cannot hide on the
darknet or their forums, and you cannot hide in Russia or anywhere
else in the world,” Yellen said. “In coordination with allies and
partners, like Germany and Estonia, we will continue to disrupt these
networks.”

Yet most of Hydra’s cyber-criminal user base — vendors, buyers and
administrators — have thus far escaped prosecution.

Critics say that’s because law enforcement has been slow to adapt
[[link removed]] and
coordination between agencies and among governments has
been scattershot at best
[[link removed]].

Domestically, federal agencies have yet to settle on a cohesive
strategy to tackle cyber-criminal activity on the dark web — even
for illicit drugs, one of the areas where law enforcement has focused
intense effort.

That’s because the traditional methods to “follow the money” are
increasingly hard in a cryptocurrency-dominated world.

Former DEA agent Elizabeth Bisbee has been pushing since 2015 for
federal law enforcement to learn how to monitor cryptocurrency
transactions — one of the main methods of payment on these
marketplaces — in drug investigations.

Bisbee, who now heads U.S. investigations at the private blockchain
analysis firm Chainalysis, said internal advocacy for more cyber
support in DEA investigations during her tenure at the agency were
“met with hesitation.”

In a traditional law enforcement environment, concepts like digital
payments and cryptocurrency are still unfamiliar, she said. Bisbee
recalled the statements she’d often hear from law enforcement agents
struggling to adapt: “We run phone numbers, we do surveillance on
the street. What do you mean, we now have to do surveillance on a
computer? What does that even mean?”

Investigators sometimes lean on traditional techniques, like analyzing
phone call records on individual darknet market vendors when
they attempt to cash out their cryptocurrency gains
[[link removed]].

But that has its drawbacks. It takes a lot of hours to track down a
single vendor using traditional investigative techniques. Hydra had
more than 19,000 active vendors when its servers were seized.

Because of technological challenges and the cross-jurisdictional
nature of these investigations, it can take years to coordinate a
multinational law enforcement operation to take down a cyber-criminal
operation on the darknet. Hydra ran unfettered for seven years before
its servers were seized.

There has been progress in recent years. In the U.S., the DEA has
created a number of initiatives to tackle the online drug trade,
including a Joint Criminal Opioid Darknet Enforcement team formed in
2018
[[link removed]].
That same year, the DOJ led a multi-agency team that took down a
massive darknet marketplace
[[link removed]] where
child pornography was sold. And on the international front, the United
States signed an international law enforcement cooperation protocol
[[link removed]] to
combat cybercrime in May, after nearly four years of negotiation by
the DOJ and the State Department.

But the global network of cyber criminals has upped its game too.

In addition to use of cryptocurrencies like Monero and stronger
encryption, the new darknet marketplaces
[[link removed]] are
turning to built-in cryptocurrency “mixers” that increase user
anonymity by obscuring the origins of payments.

And a lack of regulation continues to help darknet marketplace
trading. Regulations on cryptocurrency vary widely around the world,
meaning marketplaces can move to a new country whenever one cracks
down
[[link removed]].
And the backlash against the August 2022 sanction
[[link removed]] of one
of these mixers
[[link removed]] — Tornado
Cash — has highlighted how difficult it is to regulate technologies
supporting user anonymity.

While federal regulators puzzle out how to regulate the
blockchain, Monero announced encryption upgrades
[[link removed]] in
August to improve user anonymity.

Adjusting to a changed landscape

So this newest generation of darknet marketplaces are sprawling
cyber-criminal enterprises with murky, nationalistic motivations that
have learned from the operational security mistakes of their
predecessors.

And they’re only getting more active. In the first half of 2022
alone, more than 236 million ransomware attacks were reported across
the globe.

“You have to understand that you are a target, whether it be from an
organized cyber-criminal group, from ransomware, or from a
nation-state trying to steal your intellectual property,” said Keith
Mularski, a former FBI cyber investigator.

And as these groups’ motivations change, the approaches to cracking
down on them likely will have to as well.

At the end of the day, the key to tackling these shadowy cyber
threats, Mularski said, is to understand the “person at the end of
that keyboard.”

_MOHAR CHATTERJEE is a POLITICO fellow._

_Mohar joins us out of Columbia University, where she received two
master's degrees in computer science and journalism. Simultaneously,
she was a senior fellow at the Brown Institute for Media Innovation,
leading computational journalism projects for NPR's California
newsroom and the Detroit Free Press. Her words have also appeared in
Wired. Previously, Mohar completed a residency at CERN in Geneva,
under the apprenticeship of filmmaker Leslie Thornton. And before she
was a journalist, Mohar completed her bachelor's degree at Caltech,
majoring in both mechanical engineering and business economics._

_This isn't her first D.C. rodeo — prior to POLITICO, she worked at
The Washington Post's newsroom engineering team on election modeling,
document forensics and facial recognition projects._

_POLITICO is the global authority on the intersection of politics,
policy, and power. It is the most robust news operation and
information service in the world specializing in politics and policy,
which informs the most influential audience in the world with insight,
edge, and authority. Founded in 2007, POLITICO has grown to a team of
700 working across North America, more than half of whom are editorial
staff. POLITICO Europe, its seven-year-old European edition has grown
to nearly 200 employees. In October, 2021, POLITICO was acquired by,
and is a subsidiary of, Axel Springer SE
[[link removed]]._

* Computers
[[link removed]]
* crime
[[link removed]]
* Internet
[[link removed]]
* Russia
[[link removed]]
* Ukraine
[[link removed]]
* United States
[[link removed]]
* geopolitics
[[link removed]]
* infrastructure
[[link removed]]

*
[[link removed]]
*
[[link removed]]
*
*
[[link removed]]

 

 

 

INTERPRET THE WORLD AND CHANGE IT

 

 

Submit via web
[[link removed]]

Submit via email
Frequently asked questions
[[link removed]]

Manage subscription
[[link removed]]

Visit xxxxxx.org
[[link removed]]

Twitter [[link removed]]

Facebook [[link removed]]

 




[link removed]

To unsubscribe, click the following link:
[link removed]
Screenshot of the email generated on import

Message Analysis

  • Sender: Portside
  • Political Party: n/a
  • Country: United States
  • State/Locality: n/a
  • Office: n/a
  • Email Providers:
    • L-Soft LISTSERV