A new paper titled Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence presents "an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet".
The paper itself is an interesting one, but I wanted to focus on a small part of it - "building a social network across forums/marketplaces using username"
It has long been known that vendors maintain their name across multiple marketplaces and forums in order to retain customers and not have to re-validate themselves as a good-standing vendor.
However, this tendency means that vendors are easy to track and associations are easy to build
In most cases, the vendors are trying to advertise/discuss their products on the forums, demonstrating their expertise. Using these integrated graphic representations, one can visualize the individuals’ participation in both domains, making the right associations that lead to a better comprehension of the malicious hacker networks.
By analyzing these connections the paper was able to identify 751 users belonging to more than two marketplaces or forums.
Additionally, the paper provides an example of a vendor that is active in 7 marketplaces and 1 forum the researchers found that the vendor offers 82 malicious hacking related products and discusses these products on the forum. The vendor has an average rating of 4.7/5.0, rated by customers on the marketplace with more than 7000 successful transactions, indicating the reliability of the products and the popularity of the vendor.
So should vendors be building their brand? There are arguments on both sides. On the one hand having to rebuild a reputation on every site is intensive work, and on the other there are many adversaries will likely be adopting techniques like those in the paper to identifying and build cases against vendors across marketplaces.
Until the reputation problem is solved I suspect this kind of identification will be possible.
According to the paper, the authors are in the process of transferring their technology to a commercial partner, so whatever the outcome of of this study it should be clear to many that the trend of dark web crawling and research is set to continue.