We’ve frequently talked about how limited-access networks such as the Dark Web is home to various cybercriminal underground hotspots. Hosted and accessed via the Tor network, these sites house underground marketplaces that sell various good and services, which include cryptocurrency laundering, hosting platforms for malware, and stolen/counterfeit identities. My colleagues have already published plenty of material in other blog posts and papers, including the recent entry titled Below the Surface: Exploring the Deep Web.
What is less covered is the attack landscape within the Dark Web. Are these sites subject to their own hacking attempts and DDoS attacks? What are the sizes and characteristics of attacks within the Dark Web? This is what we have learned: these attacks are surprisingly common within the Dark Web, and are frequently carried out manually and aimed at subverting or spying on the services run by other cybercriminals.
Together with Onur Catakoglu and Prof. Davide Balzarotti from EURECOM, we published a paper titled Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem that discussed this matter at the 32nd ACM Symposium on Applied Computing. More recently, we presented our findings at the APWG eCrime 2017 Symposium on Electronic Crime Research.