How The War in Ukraine is Fueling Trade on the Dark Web

03/26/2022Darknet News, Europe, Russia

The war between Russia and Ukraine war is currently ongoing and continues to escalate. As a result, global tension continues to rise as the world watches. Multiple events unfolded since the first invasion on February 24th. Moreover, analysts realized that darknet forums are reacting to the situation.

The large-scale hybrid war involves both boots on the ground and cyberattacks. In fact, cyberattacks linked to Russia targeted Ukrainian sites even before the first Russian forces entered Ukraine. These attacks continued as the war developed. Also, counterattacks followed against Russian sites. Advanced Persistent Threat (APT) groups conduct a majority of this cyberwar. The groups include:

  • Hacktivists
  • Hacker groups
  • Known ransomware gangs like Conti and ComingProject.

Each of them has sided with either Ukraine or Russia over the past weeks. Additionally, most of these groups use the darknet as a safe space to coordinate attacks.

The Dark Web Platforms Used by Hacker Collectives

Most hacker collectives use platforms such as famous hacking forums and paste sites. In addition to that, others use chat applications such as Telegram.

What are these platforms used for?

  1. Revealing sensitive information belonging to the other side. This includes government agencies and groups that identify with either country.
  2. Discussions and planning of coming attacks. Most discussions include inciting and rallying people to attack either of the sides.

The Russia-Ukraine Cyber War in the Darknet

There is plenty of compromised data across the darknet. In addition, there are indicators of other cyberattacks So, monitoring IP addresses is crucial in identifying early indicators of cyberattacks. Research done found a significant increase in Russian IP addresses across the darknet over the past month.

Multiple IP addresses associated with Russian sites got mentioned on paste sites. This is where many targeted IP addresses can get anonymously distributed. It is the first time to encounter a hybrid war of this magnitude. The reason is it involves cyberattacks. Moreover, it includes two rival cyber hacktivist camps manoeuvring in the darknet. Further, this war proved that cyber warfare is critical in international warfare and conflicts.

The need for real-time, contextualized data monitoring is increasing. The reason is cybercriminals use the darknet as the primary platform for communication

Twitter Backs Up the Darknet to Bypass Russia’s Ban

Recently, Twitter came up with a “dark web” version of its service. Following this, people in Russia can access it without authorities finding out. In doing so, Twitter collaborated with other organizations such as the BBC and Facebook. The organizations have for years offered such versions of their sites. Particularly for people in heavily surveilled, censorship-happy societies like Iran and China.

The Tor Browser encrypts all dark web footprints. More so, one can use the Tor Browser to surf the regular web with extra privacy. It bounces the user’s traffic through several “relay” connections. So, it makes it practically impossible for law enforcement to monitor what the user is doing.

Vladimir Putin’s Crackdown

From the past years, Putin’s regime was already speeding up Web censorship and surveillance. This led up to his invasion of Ukraine. Yet, the Kremlin really cracked down since the war began. It ordered the blockage of Twitter when Russia launched its invasion of Ukraine. Furthermore, the Russian information regulator Roskomnadzor confirmed the blockage.

Twitter’s move will offer “greater privacy, integrity, trust and ‘unblockability’ for people worldwide who use [it] to communicate,” tweeted Alec Muffett. He assisted Twitter’s engineers to embrace the darknet. Other remarkable organizations that have darknet sites include:

  • Deutsche Welle
  • The CIA
  • The Brave
  • DuckDuckGo
  • The Tor Project

At the tail end of last year, Russia blocked the Tor Project’s website. This was to prevent Russians from circumventing an ever-expanding list of officially blocked websites and services by downloading the Tor Browser. Only countries like China and Vietnam match Russia’s mania for online control. But it would be a mistake to think it’s the only side opting for censorship. Especially in this Ukraine-centered information war.

Dark Web Filled with Ukraine Crypto Scammers

Many fraudulent adverts are appearing on the darknet following the ongoing war. They are prompting users to donate to Ukraine in the form of crypto. However, analysts advise people to seek out above-board methods of donating to Ukraine. The dark web is invisible to typical search engines. So then, you can only access it through anonymized browsers. In some regards, the dark web has come into its own during the war on Ukraine. For instance, organizations like the BBC use it to bring up-to-date news to Russia. In this case, Russia’s standard web services are subject to restrictions.

As a result, citizens can only access state-approved media. Still, it’s not surprising to see crypto scammers getting in on the action. They are leveraging the desperate position of Ukrainians to scam people out of funds.

“Last year, we found advertisements for fake coronavirus services. Now we’re seeing donation scams appear on the darknet as the Russia-Ukraine conflict intensifies,” stated Oded Vanunu, head of product vulnerabilities research at Check Point.
“These advertisements are using fake names and personal stories to lure people into donating. In one example, we saw someone alleging to be the name ‘Marina’, displaying a personal photo with her children in hand. It turns out that the image is actually taken from a German newspaper.”

Are There Any Legitimate Operators?

Despite the scammers, there are some legitimate operators. “We are seeing legitimate advertisements for donations to help Ukrainians, where we show one example that managed to raise nearly $10m. Thus, legitimate and fraudulent advertisements are being mixed on the darknet.” Vanunu added.

Defend Ukraine has legitimate ad points to a website on the public web. Also, it has an accompanying Twitter account that Check Point confirmed to be reliable. The website has a list of NGOs and organizations in Ukraine needing assistance. Furthermore, it solicits donations in Ethereum and Bitcoin. It raised over $9m in funding since getting registered in February 2022.

Nevertheless, Vanunu advised individuals looking to support Ukrainians. He told them to seek out trusted sources and not rely on dark web resources. UK citizens should donate through the Disasters Emergency Committee humanitarian appeal. In fact, the government matched donations worth £25m. The government said multiple other organizations launched appeals. The majority are legitimate. Even so, it is worth checking that a charity is legitimate.

You can do this by confirming the charity’s name and registration number. Notably, remember to use the government’s charity register. Most charities with an income of £5,000 or more must register. On top of that, the Charity Commission regulates them. If still in doubt, you can request the organization itself for more information. A genuine charity is always delighted to talk about its work.

Weapons on the dark web

The darknet enables the circulation of illegal weapons already on the black market. In addition, it is a potential source of diversion for legally owned weapons. The arms trade is small in volume compared to other products trafficked online. Even so, its potential threat to international security is significant.

Kingdom Market is a relatively new dark market. After its launch three months ago, the marketplace began to gain some popularity. On Kingdom Market, you can find all products ranging from weapons to drugs. One can access the market using the traditional onion network. You can also access it via the newer, more secure I2P network.

The development team behind this marketplace did a good job designing it. The market appears modern, is easy to use, and the design elements are consistent. The interface comprises a top-bar with all the needed navigation options. Below that, you can find crucial security information and some top listings.

Kingdom Marketplace is a regular market and has all the features needed to shop securely. It accepts multiple cryptocurrencies, including Litecoin, Bitcoin, Monero, and ZCash. Besides, you can deposit all of them into your account’s wallet.

The marketplace features traditional PGP support for automatic message encryption. For trusted sellers, there is an option for Early Finalization.