Mike Viscuso, co-founder and CTO of Carbon Black, points to the Xdedic dark web marketplace, where you can connect with criminals who offer up already compromised servers on a platter. "Authorized sellers provide compromised systems and credentials for the systems in bulk to the marketplace," says Viscuso. "The marketplace operators then validate access to the system and record details about it, such as the antivirus used, browsers available, whether the system is virtualized, and the physical characteristics of the system like the CPU model and speed, amount of RAM, and the OS installed."
Service with a smile
Any wary IT pro who's tangled with consultants and contractors knows that deals can go sour even when the business is above board. How can you be sure that you'll get what you pay for when you're dealing with, well, actual criminals? The dark web also provides plenty of ways to establish honor among thieves. Ross Lasley, chief geek at The Internet Educator, says that many web defacements are proofs of concept, perpetrated by hackers to show they have the skills and access for the real jobs.
Users also have access to Yelp-style reviews of products and services (this tutorial on buying from the AlphaBay market gives a glimpse). And then there are business incentives. "Sellers on these forums are incentivized to not engage in fraud or deceptive practices, because their reputation as legitimate sellers is at stake and therefore their ability to continue selling and making money would be jeopardized," says Armond Caglar, principal with Liberty Advisor Group. "Some professional sellers request that any complaints or inquiries be first resolved directly with the seller over encrypted channels first, so that the seller would have time to redress a grievance prior to a buyer officially publishing a negative review."
Caglar explains that there are even mechanisms for resolving disputes and fixing problems that any IT pro would recognize: "Some of the more professional marketplaces have a mechanism in place for buyers and sellers to submit trouble tickets, which could include complaints about a buyer or a seller. If there is a dispute with an unhappy customer, theoretically that person could submit a trouble ticket and complain, and the Bitcoin they used to purchase the good would not be released to the seller."
Grown up, but not well-behaved
From one point of view, this is a fascinating transition, and it says volumes about how the practices of modern business have arisen to meet the real needs of buyers and sellers. But none of it mitigates the illegal and dangerous nature of what happens on the dark web. If anything, the message here is that criminals are getting more efficient. It may be that the only thing worse than hacking services for sale online are hacking services for sale online in a frictionless marketplace that let those with ill intent harness the skills of advanced programmers with some Bitcoin and a single click.
Sign up for CIO Asia eNewsletters.