The Dark Web: A Day In the Life of a Fraud Researcher, Part 2

March 6, 2019

In the first part of this series of blog posts, we interviewed Ido Rozen, Cyber Researcher at SecuredTouch, and established that the dark web can be murky den of criminality that often treads the line between an illicit marketplace and a ‘how to hack’ forum. This part takes a deeper look at the fraudster’s modus operandi, and some of the cases Rozen has encountered on the job.

What do you look for when researching patterns of suspicious indicators?

We usually look for details that can indicate a fraudulent device or a fraudulent session. For example, a device that has no name, or multiple credit cards used on the same IP address. Tracking a potentially fake IP address can be a useful signal for detecting fraudulent behavior.

Can you give another example of these behavioral indicators?

Let’s say someone is trying to attack an mobile shopping app, by using stolen credit cards. They’ll use a script to see if their numbers work. At the same time, they’ll also try to disguise their device as a regular phone, or several different phones. If we see that someone is entering information on a phone in specific fields, without any mistakes, or if we see many actions in a short period of time, we might suspect this is being done by a script, and not a person.

Read More on Behavioral Biometrics: Trends, Threats, & Fraud Prevention 

You sometimes masquerade yourselves as hackers. Can you tell us about an interesting case that you came across?

About two months ago, while researching bots, I got into a conversation with a fraudster on the dark web. He was having problems trying to break into a specific web site. It turned out this was actually a site I was trying to protect!

That’s incredible. What did you do?

I asked him if he knew how to make captchas. In the end, I got him to actually send me a script of what he was doing and realized that he was taking advantage of a very serious vulnerability on the site I was trying to protect. Naturally, after this, we were able to block the vulnerability immediately, and he was none the wiser.

What can you tell us about the exchange of hands?

Folks on the dark web who try to get their hands on usernames and passwords don’t necessarily want to carry out the next step of actual fraud. They sell these credentials to other fraudsters so that they can’t be traced back to the crime. For example, if a criminal got hold of several keys to houses in your neighborhood, he will test and match each key to a specific household but he has no interest in going in a stealing things, he leaves that to the burglars. He will sell the key to the right house. The same goes for a fraudster on the dark web; they sell certain credentials that will allow another fraudster to gain entry into a site, so the exchange of hands minimizes the risk of getting caught.

Given the magnitude of criminal and/or terrorist activity on the dark web, you’d think there would be greater law enforcement or monitoring.

There is, but they’re not looking for fraud per se. If a social networking site was breached, for example, and it usernames and passwords were leaked, law enforcement wouldn't care as much. By and large, law enforcement is far more interested in terror related activities or evidence of paedophilia and human trafficking.

Lastly, how has the dark web changed over the last decade or so, and what do you predict for the foreseeable future?

The dark web has become more anonymous because people are trying harder to cover themselves. People are more cautious now and afraid of criminal activities being traced directly back to them. Assets that used to be free, such as credit card lists and software programs, have to be bought today. In the future, I foresee a longer validation process before a fraudster can undertake criminal activities and get a piece of the action.

We hope you enjoyed reading about some of the experiences of Cyber Researcher Ido Rozen. Going “behind enemy lines” and finding out what goes on in the dark web helps us stay ahead of the game, since this is where a lot of the fraudulent activity is coming from.

In the next part of this series we’ll talk more specifically about eCommerce fraud and some of the measures we are taking to combat one of the biggest threats to online retail today.

Learn More with Our Frictionless Fraud Detection Whitepaper

Recent Posts

4 Reasons to Prioritize Mobile Fraud Prevention in 2021
Peak Season 2020: Account Takeover is Here to Stay and Other Takeaways
It's Time We Confront These Common Myths About Behavioral Biometrics
[Infographic] Breaking Down the Fraud Flow of Account Takeover
Emulator Fraud-as-a-Service: The Threat Landscape Continues to Evolve

Follow Us