You’ve seen a lot of posts about the forums but may be wondering how exactly they work? Today we’re going to explore the popular one, Reddit, as a gateway into the darknet, then explore some of the hidden forums where information is dumped, shady deals are made, and where meetings are arranged. Ultimately we will identify how this leads to the coordination of sabotage for an organization, usually private businesses.

Enter Reddit

During the data breach caused by Edward Snowden many people scrambled to find a way to maintain their privacy. Tor was the browser recommended to many people and its name became the go to. The popularity of Tor surged when Edward Snowden leaked sensitive information. On a forum site called Reddit there was a subreddit called ”/r/onions” where people often traded hidden services and darknet sites with each other. Prior to the Snowden leaks there were only 10,000 subscribers to this subreddit. After the snowden leaks that number surged to 30,000.

Today there are roughly 60,000 users subscribed to the subreddit.

Why is Reddit important to examine for the Darknet? Because Reddit is the go-to place for conversations and happenings on the Darknet. It’s something of an open secret. Most transactions on the Darknet are handled through Bitcoin, which is why in almost every ransomware case the hackers are often demanding their payment in the form of Bitcoin. We will discuss money on the Darknet in another article.

Conversations & Forums

There are now numerous subreddits dedicated to the Darknet (or Deep Web) where you can find out about data dumps, black markets, programming skills, asset trading, trafficking, and generally some pretty terrible stuff. People who use first use Tor often have no idea what to do or may be nervous about it, this is where Reddit comes in. On Reddit people often find all the introductory information they need to understand to successfully navigate and use the Darknet for their ends. Advice is shared and updated rapidly, it is to a point where even if an illegal market is compromised most Darknet users will know not to visit anymore in a matter of hours. What makes the conversations on Reddit and the Darknet unique is that they are for the most part anonymous. If a transaction is made, it is often between two people who have no idea who each other are beyond a user name.

The conversations on Reddit and Darknet forums are very transactional. Usually people searching for information or looking to hire someone for illegal services such as sabotaging a network or a person’s life. One of the most common requests on Reddit is cyber sabotage of someone’s life. However, what is dangerous are insiders on the Darknet who make requests to the community to understand how to find a hacker to work with.

Posts like the one pictured above are very common on Reddit and as you see with the number of comments there are plenty of strangers and con artists willing to lend a few words of advice. This is where a malicious actor becomes a significant insider threat. Often these relationships can last beyond the original project and into a full sabotage if that is the end goal of the insider.

Beyond job postings you can also find posts on darknet forums about data dumps for sale. Sometimes there are hidden auctions for the data or the data is just sold to whoever is willing to pay the price.

Above is an example of this practice. The forums are used for transactions of information free and paid. When data is put up for sale it is usually sold through marketplaces or high traffic forums. Sometimes potential buyers are directed to another hidden address or they a private chat is initiated to provide proof that the seller has the product they claim on their original post.

Hacker Development

Some people go on the darknet to also learn how to hack or test their skills. The forums provide an ever growing archive of information for would be hackers that are at times more rich in information than tutorials or videos. Under the cover of anonymity would-be hackers are able to develop their skills with eager potential clients if they wish. The poster above who was looking for a hacker to get company email credentials could be a hacker’s real-time test of their ability without the buyer ever knowing.

The takeaway from this article should be how Reddit is used as a gateway of sorts into the Darknet. It is on Reddit and 4chan where you can find out what is happening on the Darknet. However, to actually conduct transactions and see data dumps often you have to visit a darknet address (.onion). Insiders are your organization could easily be discussing a compromise of employee credentials or the sabotage of your organization in plain sight online. While Reddit and sites like it are home to more than 1 million subreddits, there are a narrow few where you can get a glimpse into people making requests for sabotage.

This post was originally published in IT Security Central and was reprinted with permission.