UPDATED 23:44 EDT / MAY 30 2017

INFRA

Research finds hackers like to hack other hackers on the ‘dark web’

Hackers like to hack other hackers.

That bit of poetic justice is the main takeaway from new research published by security firm Trend Micro Inc. that studied the actions of hackers who operate on the dark web.

The company set up a number of “honeypots,” that is, decoy server setups to gather information, to gain some knowledge of the attack landscape within the dark web. That’s the network of sites and marketplaces, reached primarily through the anonymity software Tor, that specialize in selling products and services used by hackers along with other illegal goods.

The four honeypots included setting up sites that imitated services that are regularly found on the dark web. They included a site that pretended to be an invitation-only black market for stolen goods, a blog that pretended to offer custom criminal services, and two that pretended to be a private FTP service and an underground forum.

The researchers ran the honeypots for six months and also listed the sites on traditional search engines to attract further attention. The results proved that hackers indeed like to hack other hackers. Within the first two months of operation, the honeypots were attacked 170 times, with a number of attacks actually coming from the public Internet via the Tor2Web service. The majority of attacks saw hackers adding web shells to the honeypot service, giving them the ability to run system commands.

“Our key finding is that organizations operating in the Dark Web seem to be attacking each other,” Trend Micro Senior Threat Researcher Macro Malduzzi said in a blog post. “Our honeypot was set up to mimic underground services like VIP marketplaces and forums run by ‘shady’ organizations and/or individuals.”

Attackers accessing the honeypots attempted to undertake a variety of actions. Some simply tried to deface and subvert the business to promote a competitor website. Others attempted to hijack and spy on communications. In the case of the fake FTP service, hackers attempted to steal confidential information from the server.

“There is no honor among thieves” may be a biblical quote, but it appears to be just as relevant thousands of years later.

Image: Trend Micro

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.