Daily News
Black Hat Conference

Report finds previously unexamined cyber threats lurking in Asia’s ‘dark web’

August 08, 2018

LAS VEGAS. Cut-rate prices for powerful cyber attack tools, hacktivist sites with stolen bounty ranging from FBI and DHS personnel files to data from the cell phone of Paul Manafort’s daughter, and Chinese sites offering – for yuan, not bitcoins – a full gamut of illicit services and products were among the findings in a report released here today that offers a deep dive into the “dark web” in Asia.

The Dark Side of Asia: An Inside Look into Asia’s Growing Underground World” was released at Black Hat USA 2018 by IntSights, a cybersecurity firm with offices in Tel Aviv, Singapore, Amsterdam, Dallas and New York.

The report is the culmination of “six months of digging and digging” that goes beyond examinations of hacking commonly attributed to Russia, China and North Korea in order to examine the “dark … cyber society” in Asia that is rife with illicit products and services and poses serious national security threats, according to IntSight’s director of research Itay Kozuch.

Starting with research on the dark web in Japan and “expanding from there” into China, South Korea, Indonesia, Vietnam and other countries, the research offers a rare look into the criminal underworld operating on the web throughout Asia.

“These websites, nobody really knows them,” Kozuch told Inside Cybersecurity. “You need to know the language, the terminology. It takes a lot of time but now we’re in good shape.”

“We found a lot of things we’ve never seen before” on sites housed in China, for instance. “We found new malware, tools and techniques, all in Chinese. We found new [criminal] groups. Now we can better understand what’s going on in China. The research showed how much we don’t know and why Asia is the biggest threat for cyber attacks.”

One Chinese site offered distributed denial of service attacks powerful enough to “take down a government website” for less than $800. A Japanese language site was found bartering in prime military, political, scientific and technological intelligence. A Vietnamese “anonymous” group “publishes entire stolen databases, going to a different level of crime,” Kozuch said.

Its work included the 2016 leak of FBI and DHS employee databases and – this past May – a leak from the phone of Andrea Manafort, daughter of President Trump’s former campaign manager, Paul Manafort, who is now standing trial in federal court.

An Indonesian hacktivist group offers guidance on attack methods and provides malware as a “giveaway,” Kozuch said.

And, he said, “this is the tip of the iceberg.”

Kozuch said groups operating in the dark web are aware they are being monitored and “sometimes we get caught. But we know what we’re doing, how to disappear and how to be a fly on the wall. We provide the best early warnings we can provide.”

Finding the proper policy responses to these challenges is “complicated,” Kozuch said, and having “a top-notch security system is not enough.” He called for better and more meaningful information sharing as well as a commitment by corporations and others to “consume intelligence reports in order to understand the risks.”

“It’s not just technology, it starts with high-level risk assessments,” he said.

Info-sharing could be bolstered by “strong regulation” and mandatory incident reporting, he suggested, while adding: “The Asian dark web is huge and we’ve just started to understand how big it is. The threat is a lot bigger than we imagined.” – Charlie Mitchell (cmitchell@iwpnews.com)