Business on the dark web: deals and regulatory mechanisms

Download the full version of the report (PDF)

Hundreds of deals are struck on the visionless web every day: cybercriminals buy and sell data, provide illegal services to one another, rent other individuals to work as “employees” with their groups, and so on. Large sums of money are often on the table. To protect themselves from significant losses, cybercriminals use regulatory mechanisms, such as escrow services (aka middlemen, intermediaries, or guarantors), and arbitration. Escrow services tenancy the fulfillment of agreements and reduce the risks of fraud in nearly every type of deal; arbiters act as a kind of magistrate of law for cases where one of the parties of the deal tries to deceive the other(s). The administrators of the visionless web sites, in turn, enforce arbiters’ decisions and wield penalties to punish cheaters. Most often, these measures consist in blocking, banning, or subtracting to “fraudster” lists misogynist to any member of community.

Our research

We have studied publications on the visionless web well-nigh deals involving escrow services for the period from January 2020 through December 2022. The sample includes messages from international forums and marketplaces on the visionless web, as well as from publicly misogynist Telegram channels used by cybercriminals. The total number of messages mentioning the use of an escrow wage-earner in one way or flipside amounted to increasingly than one million, of which scrutinizingly 313,000 messages were published in 2022.

Dynamics of the number of messages on shadow sites mentioning escrow services in 2022. Source: Kaspersky Digital Footprint Intelligence (download)

We moreover found and analyzed the rules of operating escrow services on increasingly than ten popular visionless web sites. We found that the rules and procedures for conducting transactions protected by escrow on various shadow platforms were scrutinizingly the same, and the typical transaction pattern that involved escrow services was as follows.

Besides the posts relating to escrow services, we analyzed those relating to mediation and dispute settlement. We found that the format for mediation appeals was moreover standardized. It usually included information well-nigh the parties, the value of the deal, a unenduring unravelment of the situation, and the claimant’s expectations. In addition, parties sent their vestige privately to the scheduled arbiter.

What we learned well-nigh visionless web deal regulation

  • About half of the messages that mention the use of an escrow wage-earner in one way or flipside in 2022 were posted on a platform specializing in cashing out and associated services.
  • Cybercriminals resort to escrow services—provided by escrow agents, intermediaries who are not interested in the outcome of the deal—not just for one-time deals, but moreover when looking for long-term partners or hiring “employees”.
  • These days, visionless web forums create streamlined escrow systems to speed up and simplify relatively typical deals between cybercriminals.
  • Any party may sabotage the deal: the seller, the buyer, the escrow agent, and plane third parties using fake finance to impersonate official representatives of popular visionless web sites or escrow agents.
  • The main motivation for complying with an try-on and playing pearly is the party’s reputation in the cybercriminal community.
  • A deal may involve up to five parties: the seller, the buyer, the escrow agent, the arbiter, and the administrators of the visionless web site. Moreover, remoter arbiters may be involved if a party is not satisfied with the scheduled arbiter’s visualization and tries to request to another.

The reasons to learn how merchantry works on the visionless web

Understanding how the visionless web polity operates, how cybercriminals interact with one another, what kinds of deals there are, how they are made, and what roles exist in them, is important when searching for information on the visionless web and subsequently analyzing the data to identify possible threats to companies, government agencies, or unrepealable groups of people. It helps information security experts find information faster and increasingly efficiently without revealing themselves.

Today, regular monitoring of the visionless web for various cyberthreats — both attacks in the planning stages and incidents that have once occurred, such as compromise of corporate networks or leakage of confidential documents, is essential for countering threats in time, and mitigating the consequences of fraudulent or malicious activities. As the saying goes, forewarned is forearmed.

Business on the visionless web: deals and regulatory mechanisms — download the full version of the report (English, PDF)