A dark web forum is a website or online community where users can openly discuss unlawful topics. Such illegal operations frequently involve peddling personally identifiable information, illegal imports of products or drugs, corporate undercover activities, preparations for physical violence, security flaws and phishing kits, and even human trafficking and child pornography. Markets where illegal goods and services are bought and sold can also be found in dark web forums.
For example, Top-tier forums like XSS and Exploit are home to more experienced hackers like initial access brokers. It’s well known that hackers on dark web forums circulate zero-day exploits to other threat actors and train others to use them.
Who can operate Dark Web Forums?
Anyone has the right to own and operate it. The Onion Router (TOR), Invisible Internet (I2P), and ZeroNet are some hidden darkness that dark web sellers use to shield their unlawful activities from the FBI and avoid legal repercussions for their crimes.
How do Dark Web Forums perform activities?
Typically, they are organized into multiple subdomains, each covering a particular subject such as
- Planning for physical attacks
- Personal information (PII) sales
- Malware-as-a-service software distribution
and other criminal endeavors could fall under this category. They are only accessible using specific encrypted web browsers and are hosted on darknets. In most cases, these groups do not have moderators and have members from all around the world.
Network of like-minded cybercriminals.
Many would-be hackers get their start in the underground web. It gives you access to a network of like-minded cybercriminals, where you can share experiences, learn from one another, and plot new attacks. Even inexperienced hackers can use this data to launch their frauds.
A home for cybercriminal activities.
Hacker gangs, freelance hacking jobs, and even Ransomware-as-a-Service have all found a home on the dark web in recent years. These services provide new hackers with practically turnkey hacking kits for a fee. When unprofessional hackers group with other, more seasoned hackers, they can launch successful attacks despite having fewer resources and less understanding.
Big opportunity to frequently start careers.
Hackers frequently begin their careers through phishing. It’s one of the most typical cyberattacks nowadays, and it’s frequently the precursor to ransomware and other forms of extreme malware.
Ninety-one percent of cyberattacks today start with a phishing email, according to recent studies. Phishing attempts have skyrocketed over the past few years, and this trend suggests that an increasing number of would-be hackers are learning how to transmit phishing material effectively.
The Unauthorized Distribution of Credentials and “Phishing Kits”
There are a few ways the dark web forums contribute to the expansion of phishing. These include the sale of stolen credentials and ready-to-use “phishing kits.” It is widely believed that criminals make money through ransomware to blackmail victims. Even though this is frequently the case, hackers can also negotiate with one another and trade stolen data on the dark web.
One such case is the 2022 discovery of a massive data leak involving Meta, Apple, and Discord.
Use of exploit in a protocol to steal information.
An organized group of hackers used an exploit in a protocol called Emergency Data Request to steal sensitive information from these well-known tech firms. Government personnel can quickly use an EDR to get private information in a time-sensitive situation.
In this attack, the hackers purchased stolen email credentials on the dark web and utilized them to make their fake EDRs appear more credible. Someone else launched a phishing assault, stole the credentials, and sold them for a couple hundred bucks each.
Ready-to-use “phishing kits” for inexpert hackers.
Expert hackers are aiding the circulation of phishing by making phishing easier for beginners to do. Ready-to-use “phishing kits” allow even inexpert hackers to start a successful phishing attack. You may buy this kind of malware instrument on the dark web.
The Dark Web is a Community for Cybercriminals.
Cybercriminals can meet, create alliances, and share tactics through the dark web forum, which serves as a community for them. This social element provides a common ground for hackers, which may contribute to the expansion of phishing and cybercrime.
Hackers can freely publicize harmful, unethical information to the dark web’s high level of anonymity. Hackers of today can use cryptocurrency to do entirely anonymous monetary transactions.
What are the different types of dark web forums that fuel cybercriminal’s activities?
The activities of cybercriminals on the dark web forums are one of the most significant challenges facing society today. Cybercriminals can use the Internet for illegal operations such as the purchasing and selling of drugs, pedophilia, the hiring of hitmen, forgeries, piracy, and even acts of terrorism.
There are many forums available, but I will discuss some of them.
- Russianmarket[.]gs
Similarly to Genesis Market, Russian Market is a sizable, well-respected Deep Web forum that trades in botnet logs. In addition to malware logs, Russian Market offers compromised carding data, RDP (remote desktop protocol) instances, credential stuffing malware, other related services, and commodities.
- RaidForum
Media attention was drawn to RaidForums after several high-profile massive leaks were posted there. The database promotes the sale of private database leaks and breaches through an interactive marketplace forum.
Over a thousand new users join daily, and the site sees over four thousand total posts daily (this includes threads and replies). As of this writing, over 2.5 million threads have been created in the forum.
- Genesis[.]market
Regarding automated marketplaces where users can buy access to information stolen from infected devices, Genesis Market is among the most trusted and widely used options. To be competitive, Genesis offers some constantly updated logs; for example, if a victim changes their password, the updated credentials would be delivered to the person who acquired the botnet log.
Members are given a private browser and a plugin for that browser to use in their attempts to forge the digital signature of the victim’s device.
- Nulled forum
In 2016, a database belonging to the Nulled forum was compromised and disclosed to the public. The database contained information such as PayPal email addresses, passwords, purchase history, and invoices. Law enforcement used the leak to uncover the identities of hackers and cybercriminals who used the service.
It is one of the largest recognized forums for illegal content, such as leaks, pen tests, and money-making scams. There are premium and VIP-only subforums on the forum.
- 4chan forum
Originally a forum dedicated to the Japanese anime animation style (movie and TV), 4chan eventually expanded to include more mature material. The ability to post on 4chan without revealing one’s identity is a major selling point compared to other message boards.
It’s also possible to establish a time limit on posts so that they’re no longer visible once that time has passed, making it impossible for users or authorities to track them down. Thus, 4chan has received much attention in the media for being where people may find child pornography, cyberbullying, harassment, and even death threats.
- FreeHacks forum
Regarding hacking communities, FreeHacks is right up there with the biggest and best of them. Russian hackers and cybercriminals share information and pool their expertise to advance their field.
- Hacktown forum
Hacktown is a digital learning environment. The main topic of their training programs is ethical hacking for financial gain. The forum aims to provide budding hackers and cybercriminals with the information they need to hone their craft and carry out fraudulent attacks, phishing campaigns, and other malicious endeavors.
- Crackingking forum
Hackers can find helpful courses and tools on the Cracking King community forum, an online resource. In addition to this, you will be granted access to their marketplace and will be able to obtain information regarding data leaks as well.
- Breached[.]to
Breached is the new home of the highly diverse threat actors who used to frequent the old RaidForums. Most participants in this forum are new threat actors (also known as “script kiddies”) who rely on the work of others to conduct destructive assaults.
There is more public trading, sharing, and selling of hacked data on this forum than in any other forum/Marketplace. Breached has over 134,000 users and is controlled by a highly regarded administrator after the arrest of the former RaidForums administrator, Omnipotent.
- Cryptbb forum
Cryptbb, which debuted in 2017, was initially a closed hacking forum that only accepted users who had completed an interview. It has a reputation for being one of the most stringent forums due to its application requirements.
- XSS forum
The online community DamageLab rebranded itself as XSS after several unfortunate events. The site is highly known in the cybercriminal scene. It offers talks on illegal themes, the majority of which are related to hacking and money fraud. Hidden within the forum are other areas and discussions that can only be accessible by those who have paid for a premium membership.
Are we never going to get rid of DWFs?
Forums on the dark web aren’t going anywhere anytime, just like illegal activity isn’t going away anytime soon. Unfortunately, it is normally the case that when one forum on the dark web is removed or shut down, another one becomes available.