Security Experts:

Pandemic-related Supply Chain and Money Laundering Woes in the Dark Web

Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. The callous criminal effect has been obvious in the rise of corona-themed scams, phishing and malware -- but individuals, shops and supplies in the underground are just as affected as their legal counterparts.

Researchers from Trustwave have found that the underground mirrors the overground -- some people seek to make money from the crisis, others ignore it, and still others offer genuine help, information and advice to forum members. Virtual shelves in the shops are stocked with new products, from disinfectants to masks at $10 each (almost certainly a scam), and even coronavirus vaccines (certainly a scam).

At least two vaccines were found. One, from a current stock of five, was offered for $120. The second was offered for 'only' $5,000 (with a 'cure' offered at $25,000). The higher-priced vaccine was supposedly from someone with access to an Israeli lab that is mass-producing it for distribution in the next ten months. But it is strictly payment (in bitcoin) before delivery: "There is no way to be in contact with me before buying. After the payment I will send you an email about the delivery process." It mimics what seems to be a common attitude in the darknet: 'why shouldn't we take money from fools?'

But heartfelt advice is also offered, such as 'Please don't use your iPhone to self-diagnose COVID-19... I have seen one too many stories this weekend about seemingly healthy, young people being hit with COVID-19 and dropping dead within a week's time...'. A specialist Cannabis store announced it was temporarily closing, and provided a link to harm reduction advice for substance users: "Be prepared for involuntary withdrawal... stock up on things you may need to manage your substance use and practice harm reduction."

Even the ethics of making money off the crisis is questioned: "How do you feel about people who earn panic around the coronavirus (fake announcements on Avito, phishing, etc)?" The first response was, "To speculators and scammers, negatively." But then, highlighting the nuanced attitude towards ethics that seems common in the underground, this person added that it wasn't always wrong in all circumstances.

And just like the rest of us, underground forum members are hungry for genuine information. In one case a member had heard chatter on Facebook and WhatsApp "that the Irish Govt will be shutting down the country very suddenly from Monday morning." Concerned about fake news, he asked, "Has anyone got some solid evidence of what's going to happen in Ireland?"

Elsewhere, other underground members have tried to ease the stress of lockdown by sharing multiple links to free online exhibitions, courses and libraries -- even with the warning, "Be careful - some services may deduct the full cost of a subscription after a free period."

Perhaps the biggest single problem for the underground has been a similar shock to business. Some shops have closed while others struggle to maintain the supply chain on one side, and customers on the other. Some have taken a gung-ho attitude: "We are not afraid of corona epidemic. We are working!"

Others are more cautious. One asks for customers' patience over slightly delayed deliveries, "so I can limit my time outdoors. Stay safe everyone! Wash your hands!" The same store warns of the longevity of the virus on certain surfaces. While stressing that the store owner wears gloves and a mask and uses alcohol when packing, he comments, "it would probably be wise to not eat your mushrooms for 9 days just to be safe."

Money laundering through illiquid goods has suffered through the worldwide reduction in the circulation of goods. A common approach from the underground traders has been to carry on, but with new conditions. One approach is to continue trading, but at a reduced price for the goods. Another has been to switch payment from the receipt of the goods to the onward sale of the goods.

The picture of the dark web underground painted by Trustwave's research shows an almost exact mirror of 'legitimate' society. It is a sub-culture of human beings responding to the pandemic and its effects in a manner similar to our own, but without the inhibition of respecting the law, and with a different view of morality and ethics. Like everyone else, they seek to counter a reduction in income by exploring other avenues to earn some money. Many are concerned over the welfare of their fellows. Some discuss the ethics of using a global crisis to scam people, while others believe there is little wrong in taking money from fools regardless of the circumstances.

But however humanizing this research may be, it is important to remember that for every member of the underground reacting in a manner that might seem reasonable, there are many others who are using pandemic fear for phishing, scamming, and malware distribution.

Related: Hacker 'Ceasefire' Gets Little Traction as Pandemic Fuels Attacks 

Related: A Guided Tour of the Asian Dark Web 

Related: Keeping it on the Down Low on the Dark Web 

Related: Meet Kilos, a New Search Engine for the Dark Web 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.