When we talk about the dark web it’s easy to think of it as an amorphous malevolent blob. But new research from Recorded Future reveals some key differences between dark web communities in different parts of the world.
The company’s Inskit Group of researchers has actively analyzed underground markets and forums tailored to Russian and Chinese audiences over the past year and has discovered a number of differences in content hosted on forums, as well as differences in forum organization and conduct.
The findings show that Russian-speaking cybercriminals value money above all else. Their fora don’t have much room for socializing or camaraderie. The sites are very much places of business, not community centers. Respect and trust are built on successful financial transactions, and the reliable, consistent forum members rise to the top of their trade, while those with lesser consistency are given poor ratings.
Chinese forums, by contrast have a strong ‘geek spirit’ — many of them need members to engage with a post, either through leaving a comment or personal message, before being able to purchase or trade malware. Daily interaction with a forum may also be a requirement of maintaining membership.
There are differences in organization too, with Russian criminal forums being fairly compartmentalized and professional. In China things are different, partly because VPNs have to be officially licensed, so it’s difficult to anonymously search the web or find international hacking sources outside the Great Firewall. Payment methods are different too, thanks to China’s ban on cryptocurrencies. Language plays a major part as well, with posts on Russian sites mainly in Russian and English, with a little Chinese overlap. Whereas Chinese sites are predominantly Chinese language only.
The report’s authors note that, “The hacker cultures of China and Russia each have their own unique genesis and have evolved to take advantage of their respective regional circumstances. Understanding the differences within these communities is essential to grasping the respective threats they currently pose and the manner in which these threats may evolve.”
You can read much more about the findings on the Recorded Future blog.