The Aussies dipping their toes and businesses into the dark web
Murky to most, the dark web is the epicentre of cyber attacks, identity fraud and drug crime, but it’s also not a bad business opportunity for those who know where to look.
The dark web is often characterised as a mythical place, an out of reach portion of the internet where only the most elite criminals frequent to trade stolen credentials, sell illegal weapons and share fraud tactics. But the reality is far more unremarkable than that.
Some would even describe the dark web as having a better resemblance to the early days of the internet rather than any kind of high-tech experience.
That’s according to Brenton Cooper, an Adelaide man who has for the past six years made a business out of selling access to its content. “It’s like the really early days of the internet when the internet was sort of like a directory,” Cooper says. “It’s basically folders that you can explore by clicking and that’s how people access the dark web today.
“There’s a whole range of forums that you can go in, as well as message boards. The marketplaces are relatively straightforward and like the experience you would have in eBay.”
Cooper is the founder and chief executive of Fivecast, the marketplace for dark web marketplaces, which provides a window into the world of criminal activity. The company is one of several in Australia that operates in a portion of the internet inaccessible to most.
While the average Australian won’t ever access the dark web, nor will most leaders at major companies, many are desperate to know if their data and their customers are being bought, sold and traded in illegal forums.
A former engineer, Cooper saw the opportunity to set up his platform in 2017, which could provide access to dark web files through a standard internet browser with no special software or hardware required. That’s quite the contrast to the dark web that sees many use former US military anonymity software TOR for access – originally developed to protect the identities of US Navy intelligence agents.
Fivecast’s marketplace looks a bit like that of eBay or Facebook, where companies can, for a buck, gain access to data that has been downloaded and vetted in a secure environment.
The idea has quickly caught on, with the company having now raised $34m across multiple capital rounds to fund its global expansion and to extend its product offering.
Today the company operates out of four major offices in the US, the UK and Cooper’s hometown of Adelaide, with a staff headcount of 120.
Fivecast is now used by almost all Australian law enforcement agencies or services in one capacity or another, says Cooper. “We’re helping them really collect that information index and make it searchable so that they can look for particular identifiers, whether it’s your own crypto wallet, premium signatures and things like that,” he says.
“Today we’re looking at about 750 different dark web forums and over 25 separate marketplaces. So it’s quite an active ecosystem.”
It’s a service that is well compensated, costing customers anywhere between $50,000 to several million per year, Cooper adds.
To understand how the business operates, one must first understand how the dark web works. The internet, Cooper says, can be broken up into the three parts: the surface, deep and dark web.
“The surface web is what you find with a Google search and makes up about four per cent of total data on the internet,” he explains. “The deep web makes up the most of the internet and that is information that sits behind logins or paywalls, such as social media and other sorts of paid platforms including news.
This is a feature from The List: 100 Innovators 2023, online and in The Australian on Friday, September 15.
“The remainder is the dark web; and the dark web is really sort of an overlay on top of the traditional internet where you’re using encryption and relays to sort of provide secure browsing.”
In the wake of mass cyber attacks Australia has seen over the past two years, Fivecast has taken on a number of new customers. Many companies that have been breached use the platform to find out just how much data has been stolen.
“That’s one of the benefits of being able to dip your toe into the dark web without having to worry about any infrastructure and concerns,” Cooper says. “That is one of the corporate use cases we have. On the law enforcement side, it’s much more about those illicit markets, whether it’s looking for drugs or human trafficking.”
The business today exists as a software-as-a-service (SaaS) product that is hosted in the cloud. Customers sign up to access the platform.
Given the nature of access to the dark web, “it draws in particular threat actors, as we like to call them, who can sort of roam freely and do what they want to do, whether that’s co-ordinate cyber attacks or exchange details,” Cooper says.
As vendors are increasingly moving into the dark web space, some criminals are choosing to conduct activity on other platforms. Some areas include invite-only hacker threads and messenger chats on platforms including Signal and Telegram.
Jamieson O’Reilly is the founder and chief executive of Dvuln, a cybersecurity firm that provides intel to companies including OCR Labs. Of late, O’Reilly has assigned four staff a new task: to infiltrate the chatrooms of hackers and criminals on secure messaging platforms.
Telegram, which has long been popular among right wing conspiracy theorists and was used widely to organise anti-lockdown protests across Sydney and Melbourne in 2021, is one of those platforms.
While in operation, staff pose as hackers and use local jargon to gain the trust of those running the platforms to obtain access. Once inside, they observe and report their findings back to their headquarters, which in turn delivers those reports to customers.
“It’s not like there are thousands of websites that our staff have to traverse across. It’s really just a handful of key players in that world that we need to keep tracking and keep on top of what they’re doing and what they’re planning,” O’Reilly says.
He adds that Dvuln is aware of a handful of notorious figures in the space but, rather than try to pin down who they are, it looks for traces of them across multiple threads and forums.
“The trouble is it’s too easy for these people to use multiple identities so we don’t put too much value on attribution,” he says. “Some companies in this space chase attribution very hard but we’ve always had this mantra that it takes someone 10 minutes to create a new profile.”
Dvuln has four main services, but two of its most popular include penetration testing, when the company is hired to test new systems or applications, and red teaming, which is an extension of penetration testing that doesn’t test a single application or program but rather the entire system.
These services typically cost between $2000 to $3000 per day, with pen testing lasting a couple of weeks and red teaming running up to several months.
With the threat of cyber attacks on corporate Australia causing increasing alarm and the rising sophistication of criminal online activity, it’s appears to be a timely (and lucrative) sector to be at the forefront of.
More Coverage
