Identifying Cybercriminals on the Dark Web.

[Fixxx]

Who is a cybercriminal? Why is he dangerous?​

Cybercriminals are individuals who commit illegal, unlawful acts using information and telecommunications technologies, computers and networks. Currently, this direction is very popular and relevant. It's much easier to find and prosecute a basic courier/driver/any person working in the "field" than to find a criminal of this type. Starting from random factors of the meeting, ending with the complexity of deanonymization, even with basic knowledge of cybersecurity of the criminal. Speaking about the scale of the levels of such individuals, we can start with the ordinary "cyber hooligan" - who, using his knowledge and basic software, is able to obtain various information from his victims, using them for his own purposes, up to entire cybercriminal groups capable of carrying out a complete takeover of the infrastructure of states for the possibility of control and application of any actions.

Example of cybercrimes and it publicity.​

I won’t look too far ahead and will give an example of the work of one group: NET-WORKER ALLIANCE.
Recently, he laid down the infrastructure of Estonia and then the Netherlands. Here is a news summary:

Hackers from the NET-WORKER ALLIANCE team carried out a large-scale attack on Estonian infrastructure. The following Estonian enterprises have been put out of action: Estonian Marine Fleet, Port of Sillamae, ACE Logistics, the largest retail chain of construction stores Bauhaus, the Baltic marketplace Euronics, the largest food delivery service Takeout, three of the country's most popular media outlets. The oldest publication Postimees lasted only 15 minutes. Afterwards, it put its domain up for sale. It's even surprising that no one is trying to put up the slightest resistance. Over the past five days, the list of targets has included the national airline, a helicopter company, a seaport, a European bureau and a whole bunch of other things. The infrastructure is critically important for the country, but they don't want to protect it. After the cyber army worked on the food delivery service and sent it "into hibernation", all related sites of this company throughout the Baltics crashed. The final chord was the complete removal of the largest online store of the construction trade network from the Internet space. NET-WORKER ALLIANCE, in five days of its adventures in Estonia, caused financial damage in the amount of at least 15.3 million dollars to the budget of Estonia

Methods for detecting cybercriminals.​

Spending time on the Internet, searching for information, I found an interesting title of one article which I want to quote:

Hackers are no longer invincible!​

In the summer and fall of 2021, the world watched the end of one of the dark web’s most influential cybercrime groups, REvil. The hackers from REvil carried out their first truly major attack in 2020; in just 12 months, they managed to become both the main stars of the dark web and their place in the FBI’s reports. The group’s appetite grew with each passing month. Their victims included tech giants Acer and Apple, the world’s largest meat supplier JBS, and IT giant Kaseya. The latest attack compromised up to a million computer systems, including those of the US Army and Navy, the Air Force, and NASA. Even Lady Gaga and Madonna were tangentially affected. The ransom amounts that appeared in the correspondence with the extortionists reached tens of millions of dollars. In the summer of 2021, REvil suddenly disappeared from the darknet without a trace. By that time, the hackers had become a topic of discussion at the level of the heads of the US and Russia. REvil briefly resurfaced in September, but just a month later it was gone for good. The famous hackers themselves became victims of a hacker attack. But it was not their competitors who carried it out, but the FBI, a number of US secret services and their partners from other countries. The cybercriminals were arrested soon after.

This thriller with elements of a spy action movie was covered with bated breath by all the world's leading media outlets, from Reuters to Forbes. Even in the middle of the last decade, it was hard to imagine something like this. Information about hacks of large companies and leaks of personal data used to be of interest only to narrow specialists. But cybercrime is gaining momentum every year and now it is the number one topic. In just a year and a half since the start of the pandemic, all records of previous years in the number of successful cyberattacks have been broken. The anti-record of 2020 was 86 percent of companies around the world to one degree or another became victims of hackers. This year's figure is slightly lower - 81 percent. The Darknet, luring with promises of easy money, is still quickly filling the army of adherents. This year, the number of cybercriminals has doubled compared to before. There is nothing surprising about this: technology has become too important a role in people's lives, which means hackers are on the alert. They are constantly looking for a gap through which to penetrate the information systems of corporations and major facilities. At the same time, in order to use the services of hackers, you no longer need to develop malicious programs yourself, sit at night over lines of code and hide under a hood, like in American action movies of the 90s. And to carry out a DDoS attack on a competitor, you don’t even need to know what a DDoS attack is: hired hackers for an acceptable fee will choose an attack method, plan it and cause maximum inconvenience to almost any organization in the world. That is why it's impossible to talk about the end of the darknet or a reduction in the threat. But what should really bother anyone who sees the darknet as a formidable force is the constant turmoil of groups and their relative short-lived nature. The number of notable groups that have actually existed for many years is very small and the myth of their invincibility has been destroyed by the history of the REvil group.

Cybercrime Investigation Methods.​

I will describe to you what happens when you become interesting to structures: initially they will start collecting all open information about you - this includes, for example, the accounts from which you communicated, the phone numbers linked to them, the wallets to which you received payments, the output notes of the addresses from which the activity was carried out. Next, each of the points is tracked in order to de-anonymize you: the connection is checked, requests are made to providers, VPN services that were used in the work, the chain of transactions is tracked from the wallet to which the funds were received to the final recipient. In addition, there are more complex techniques. For example, a TOR connection doesn't mean that you will not be contacted. In the work, they also use factors such as tracking access to the network, for example, you start work every day at 10:00 and finish at 16:00, the structures can form a schedule of visits that will gradually narrow the circle, which can ultimately lead to you. It's not a fact that they will use all their capabilities for deanon on you, since many options require a lot of effort and financial investment, but you cannot exclude this factor and feel 100% protected at all. They also track people based on information that is publicly available about a person; if it intersects with your dark activity - then if they find matches, they can also find you.

​

I will describe what's worth paying attention to.​

This is the basics that everyone should know:​

• Don't aim for the stars - go towards your goals gradually;
• Use only trusted sources for your VPN and Proxy servers;
• Not a single fragment of your dark activity should intersect with your real life;
• Before you try to start applying something in your work, study every available nuance;
• Carefully monitor your money transactions, use reliable currencies, mixers, exchange, while using reliable exchangers.
• Look for information from authoritative sources, from people with a long-standing reputation. Ask for advice, pay for consultations.

Draw your own conclusions from the information you collect. Your safety is your own concern!