eCommerce fraud is increasing at a faster rate than ever before, with a 45% increase in schemes like EMV and account takeover fraud, and a 26% rise in fraud rings banding together to leverage their individual skills to exploit several touchpoints in the customer journey.
Fraudsters have traditionally used the dark web to buy and sell information but today, much of the information needed to perpetuate eCommerce fraud is also available on the grey web.
Vague, Visible and Available
In the Part 1 of this series, we interviewed Ido Rozen, Cyber Researcher at SecuredTouch, and established that the dark web can be a murky den of criminality that often treads the line between an illicit marketplace and a ‘how to hack’ forum. In Part 2, Ido described how cyber researchers use information gleaned from the dark web to stay one step ahead of fraudsters.
In this, the third part of the series, we again turn to Ido to ask him about a partially hidden but relatively easily accessible part of the internet commonly used by fraudsters: the grey web.
Can you describe what the grey web is and what it’s typically used for?
The grey web is actually a collection of forums and websites that operate on the visible web, which means that it can be accessed by anyone. The grey web connects people who are interested in perpetrating acts which are of either borderline legality or blatantly illegal. For example, downloading copyrighted material such as music, movies, TV shows, games or software, Netflix credentials, hacking guides, etc. Usually, the nature of these “criminal” acts is vague and doesn’t draw any great attention from law enforcement agencies.
What about the anonymity factor? What part does it play in the grey web?
While carrying out activities that don’t raise suspicion by law enforcement agencies, the need to be anonymous is almost non existent. By comparison, you need several anonymization tools to enter the dark web, and when you’re there, you have the feeling that you can do whatever you want. Considering the high level of anonymity, this is almost true. Therefore, on the dark web you can find drug or weapons dealers, trade illegal pornography or even order an assassination, things that are impossible to do on the grey net.
How does the grey web differ from the dark web in terms of appearance? Does it have rooms and levels like the dark web?
Both the grey web and the dark web share a similar focus on semi-legal or illegal activities, and the grey web usually tries to deliver the feeling of “surfing the dark web”. But, since the grey web is readily accessible and easy to use, you don’t encounter the same difficulties you do when accessing the dark web (for example: The need for a special browser and anonymization software), and anyone can just dive in.
Are there specific benefits to the grey web from the fraudster’s perspective?
The major benefit of the grey web is its accessibility. It’s not hidden, anyone can see it, access it and respond to things happening on it. For example, it’s the perfect place for a fraudster to easily share tips and exploits about eCommerce fraud with others who may not have access to the dark web. It is also a perfect place to post downloadable material with embedded malware. If an unsuspecting victim downloads the proffered material, the fraudster will gain access to his or her device via the embedded malware.
Is the grey web well known to fraudsters?
Yes, and it’s a great place to learn and to practice. As a new fraudster searching for hacking tutorials and guidance, or for fraudulent material, you’d probably be directed to areas of the grey web which may sometimes serve as a passage to the dark web.
What are the main topics discussed on the grey web?
The most popular ones are ‘cracking tools’- software used for password cracking, tutorials on how to crack, hack or perpetrate fraud, money making schemes, coding tips, and illicit marketplaces (although the variety of illicit material is much narrower than on the dark web), as can be seen in the following screenshots.
Can you tell us about an interesting case that you came across?
Once, as I was looking for methods to protect an eCommerce vendor we were working with, I came across a huge dead drop (a cache, left there to be accessed later by someone else with no trace to the first party) of breached accounts from that very vendor; almost twenty thousand accounts from a period of under two weeks. This is a vendor with a net worth of over 3.5 billion dollars. They have over 3.5 million web sessions a week, and an in-house fraud team.
How does SecuredTouch apply the knowledge learned on the grey web to help protect against more looming eCommerce fraud threats?
Fraudsters are always self-improving but so is the fraud prevention community. While the grey web serves as a guide book for the fraudster, it also serves as a cheat-sheet for the security researcher. By watching how fraudsters interact with each other, or by interacting with them ourselves, we learn more about how they use the grey web both for information and for access to the dark web. Sometimes, we learn from them what information they have about clients we are protecting, and use that information to our client's benefit. (hint: see previous question, if you missed it)
Is the grey web something we should keep an eye on?
Definitely. The grey web holds a great deal of information, and your credentials are probably there right now. Click this link to see if you have been compromised by a data breach, and don’t be surprised if you have!
* * *
We hope you have enjoyed this interview with Ido Rozen, Cyber Researcher at SecuredTouch, and learned something about the way fraudsters use the grey web to share exploits about eCommerce fraud and build their reputation before heading to the dark web.
Please stay tuned for further installments of this series, more insights on the dark web, eCommerce fraud and fraudsters, and how SecuredTouch’s technology can help you quickly identify and stop fraudsters attempting to infiltrate or defraud your company.