The Dark Web’s battle against a digital skills shortage

Graphic of a hacker walking through a digital corridor
(Image credit: Bigstock)

For technology driven economies reliant on electronic communication and secure data storage, cybercrime is a prevailing threat that's increasing in frequency and constantly evolving to bypass safeguards.

In 2016 cybercrime broke industry records more than once, with hacks discovered against Yahoo, LinkedIn and AdultFriendFinder alone exceeding 2 billion leaked user accounts. Almost two thirds of large UK businesses have been hit by an attack or data breach in the last year, according to government statistics and this year we're likely to see greater innovation in the use of ransomware and mass exploitation of our Internet of Things lifestyle.

The changing nature of cybercrime

Recent attacks have demonstrated the nature of rampant 'mainstream' hacking, where individuals use prebuilt systems developed as-a-service to launch attacks. Users with relatively basic hacking abilities are now able to carry out criminal activity on a much larger scale. This evolution of cybercriminality is not only proving a challenge for industries racing to curb the higher frequency of attacks, but cybercrime itself is struggling to source enough skilled techies willing to help build these services.

Security researcher Michael Marriott and his team at Dark Web monitoring service Digital Shadows have identified a demand surge for 'modern' applications built with ease of use in mind. "You see so many services today where the UI is so much improved on these criminal support sites, and the UI is so much better than anything that has gone in the past," explains Marriott. "There's this increasing professionalisation of these services that people are demanding. There are lots of support services for cashing out, as well malware and infrastructure that helps with attacks. They need it to be easier to use."

Over the last six months, the Digital Shadows team has been monitoring the emergence of a filtering website called Ripper.cc. The service uses a look-up database of known 'Rippers' -- fraudsters who either sell poor quality datasets or simply fail to come up with the goods -- and alerts users if they are engaging with a known scammer. The site provides automated alerts using browser extensions and plugins for Jabber, a messaging platform that has proven popular for criminal activity. But due to the complexity of the service and a lack of skilled coders, development has been severely delayed.

Skills shortage on the Dark Web

"Although there's all this professionalisation of cybercrime, we have seen evidence with Ripper.cc that they still find it hard to find good talent," says Marriott. "We always go on about it in cybersecurity, that we struggle to find the right people or we lack the right talent. But cybercriminals are having the exact same problem. Ripper.cc couldn't find enough developers to write the code for one of its plugins -- it delayed its release because they couldn't find enough good people. So although we're seeing more and more cybercrime and stuff affiliated with that, they're still struggling to find the really high skilled talent."

Marriott explains that Ripper.cc is a support service that helps cybercrime function more efficiently by ensuring the market place is as effective as possible.

"If you can weed out the people who are dishonest, the fraudsters, then it'll encourage the high quality vendors to come back to the market, because the buyers are more confident and they can make more profit overall," he says.

"But as you have all these support services with as-a-service offerings, you get all these people who don't need that high level of coding ability. They can just plugin, type in a target address, type in their own Bitcoin address for ransomware, and go."

This over-reliance on support services is having a profound impact on the cybercriminal talent pool. Like wider legitimate industries, evidence suggests that cybercrime is also suffering from a digital skills shortage and that the well of skilled talent willing to engage in illegal activity is drying up.

It's simply not the case that the Dark Web is a homogeneous entity with a single guiding principle, explains Marriott, but that there are in fact similarities with legitimate counterparts in the nurturing and hiring of talent. Recruitment in the criminal world is surprisingly similar to any other company, from the use of anonymised Skype interviews to three-month hacking probationary periods.

Groups do not just want 'hackers' -- they need, for example, users skilled in DDoS tactics with knowledge of SQL injection, or someone who can speak fluent English and use cross-site scripting. Born out of frustration with the number of users clogging up forums, 'Skids', or 'Script Kids' has become a widely used term for users with no discernable skill. Although there are plenty of these Skids about, a shortage exists when recruitment involves specialist knowledge, such as cryptology or insider experience of an organisation's operating system.

Digital skills arms race

Unlike the basement dwelling stereotype, the hacking community is a big business that bares an uncomfortable resemblance to legitimate industry. "It seems that in the cybercriminal field, not only are they highly skilled but also good businessmen running very big industries," says Avi Kasztan, CEO of cybersecurity firm Sixgill. "What makes a difference is that in general they are well organised and have made a profession from their activity."

This professionalisation has resulted in a digital skills arms race, where both domains compete for the same talent from an under-supplied pool. But the illegality of activities on the Dark Web places even greater strain on recruitment. Trust is a significant obstacle and it can be difficult to know who is legitimately looking to hire or offer their services.

"Mutual trust remains an issue," says Pieter Antz, malware analyst at Malwarebytes. "I would imagine that their shortage is even bigger than that of the regular industry. They need people who will keep on working for them, even after they find out that what they are doing is illegal, immoral or both."

Exploiting the weakness

If the skills shortage continues, malware is likely to evolve at a slower pace, according to Jerome Segura, lead malware intelligence analyst at Malwarebytes. "From my perspective I would say there's a shortage of exploit writers working in the underground," says Segura. "There has been no real improvements in exploit kits since about mid June of 2016 with the disappearance of some larger players."

Microsoft recently boasted that Windows 10 is capable of squashing some bugs on its own, without the need for a specific patch. This, according to Segura, will make it "more difficult to find new zero days or exploits that can work reliably" and that "the costs of new exploits will also go up as fewer individuals will possess the skills to come up with them".

To stay ahead in this arms race, organisations need to understand where individual actors sit within the broader criminal ecosystem, according to Marriott. "It's about working out what you represent to them and having security accordingly - making sure that your resilient to certain aspects of theft that make the costs of attacking you hopefully as prohibitive as possible."

Main image credit: Bigstock

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.