The report, published by Trend Micro, is a sort of “census report” of the Deep Web, based upon information gathered over the past two years by the Trend Micro Deep Web Analyzer. The Deep Web Analyzer is described by the experts of the security company as a web crawler that scan the hidden services and resources collecting URLs of TOR- and I2P-hidden websites, Freenet resource identifiers, and domains with nonstandard TLDs, and extracting content information of interest (i.e. Links, email addresses, and HTTP headers).
The researchers at Trend Micro identified 8,707 pages they dubbed “suspicious,” examined the “Surface Web” sites that those sites linked to, and discovered that the majority of them fall into the following categories:
- Disease vector (drive-by download) sites (33.7%).
- Proxy avoidance sites (31.7%).
- Child exploitation (26%).
Let’s walk through the report, starting to analyze the site content and language used to try to figure the possible origins of their users.
The English is the prevalent language fro the content crawled by the experts, nearly the 62 percent of website analyzed of 3,454 scouted domains are in English followed by Russian (228 domains) and French domains.
By analyzing the principal black markets, the experts tried to profile principal operators, even if the operation is very hard the results are very approximative in my opinion. The analysis revealed that the principal illegal activity remains related to the sale of drugs and chemicals.
“Top 15 vendors across all marketplaces showed that light drugs were the most-exchanged goods in the Deep Web. This was followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts. This data backed up the idea that a majority of Deep Web users—at least those who frequent the top marketplaces—go there to purchase illicit drugs.” states the report.
The researcher discovered many suspicious websites on the Dark Web proposing assassinations services, they included the price list of a criminal group calling itself C’thulhu. The services, including rape, “underage rape,” maiming, bombing, crippling, and murder. The prices are ranging from $3,000 for “simple beating” of a “low-rank” target to $300,000 for murdering a high-ranking or political target and making it look like an accident.”
The report also confirms the exploitation of resources in the dark web to hide command and control infrastructure of a number of malware, including the Vawtrak and Dyre banking Trojan, and the Critroni ransomware.
Image credit, Dennis Redfield.