Hackers resort to all sorts of means to get into a target’s computer network, steal data and hold it for ransom. Besides, they sell ransomware, malware, and a wide variety of malicious software on the SaaS (software-as-a-service) model.
While some demand ransom from the victim, others sell the data on the dark web. When it comes to selling or buying the data acquired illegally, they expect all fairness in the world.
Cyber security experts stumbled upon the existence of scores of escrow accounts and other ‘regulatory mechanisms’ in the dark web that ensure fair money transactions.
There are even well-regarded ‘arbiters’ who step in no time to resolve disputes in terms of non-payment or quality of data, if any.
Escrow arrangement
An escrow account is run by a third party with whom money is deposited and held till the transaction is completed to the conditions agreed upon.
“The buyer may not pay for a service or goods, the seller may take the money and disappear. Oftentimes, the same data is sold several times. Even if the ad claims there will be a sole buyer, after a few months the seller may put the data up for sale again or post it on public or private resources,” an expert with the cybersecurity solutions company Kaspersky said.
That a whopping one million messages with a mention of an escrow arrangement found on various forums show the prevalence of this payment arrangement in the dark web.
“One-third of them were published in 2022 alone. And, half of them were posted on a platform specialising in cashing out money and services related to this activity,” the report ‘Business on the dark web’ by Kaspersky said.
The escrow service may be specially organised and supported by a dark web platform. Such services may be provided by a third party who is not interested in the results of the arrangement. Besides guaranteeing the transfer of money after the sale and the quality of the consignment, these escrow agents protect the confidentiality of personal and financial information of the two sides.
Some popular forums in the dark web themselves run their own escrow services. They rope in one or more ‘experienced forum participants’, who have a reputation as reliable intermediaries, to run the escrow service. There are also independent escrow agents in the dark web community, the report says.
Some deals may fail
Despite such arrangements like these, some deals, particularly when the deal size is huge, might fail. “The seller may provide incorrect or outdated and public data under the guise of up-to-date information or not fulfill the service promised,” the report points out.
For example, a dark web forum user offering more than 600 bank cards for sale in an auction format, judging by the comments of another user, sold them fabricated information.
Mind it, it is a shady world of pirates. No one, including an escrow service, can be trusted. The report talks about an incident where an escrow agent vanished into thin air with $170,000 in four days.
“The administrators hounded him, caught him, blocked him, and made him repay the amount. Though he paid back the money in question, he lost his credibility forever in the dark realms of the web,” the report said.
To protect themselves against fraud, the sellers are found to be selling data in certain parts and take advance payments.