The Dark Web’s Underworld: Rise of Fraud-as-a-Service

January 16, 2024
Firefly generate for my an image that depicts the dark web on a computer 86134

By Daniel Brunner, COO - BSG
January 16, 2024


The Rise of Fraud-as-a-Service in the Dark Web's Underworld

In recent years, the dark web has seen a significant rise in the availability of "Fraud-as-a-Service" (FaaS), signaling a troubling trend in the evolution of cybercrime. This service-oriented criminal business model allows individuals, even those with minimal technical expertise, to participate in fraudulent activities by purchasing pre-made tools and services.

The Emergence of FaaS on the Dark Web

Fraud-as-a-Service has emerged as a new commodity in the digital underworld, primarily facilitated by the anonymous nature of the dark web. This sector of the internet, accessible only through specialized software like the Tor browser, provides a haven for cybercriminals due to its inherent privacy and anonymity. The dark web marketplaces, often compared to legitimate e-commerce sites, offer an array of illegal services, from financial fraud tools to identity theft services.

Market Growth and Offerings

The FaaS market on the dark web has shown exponential growth, much like legitimate SaaS (Software-as-a-Service) models in the regular web. These services range from the sale of stolen credit card information, phishing kits, and hacking tools to more complex services like complete identity theft packages and bespoke scam campaigns.

One notable aspect of this marketplace is its user-friendliness and customer service, often providing tutorials and 24/7 support, making it alarmingly accessible for aspiring cybercriminals. The commoditization of cyber fraud tools has significantly lowered the entry barrier into the world of cybercrime, leading to an increase in the number and diversity of actors involved in these illegal activities.

The Threat Landscape

The proliferation of FaaS is a significant threat for several reasons. First, it enables a broader range of individuals to engage in cybercrime, increasing the overall volume of fraudulent activities. Secondly, the sophistication of services offered means that even well-protected individuals and organizations are at risk. Additionally, the constant evolution of these services makes it challenging for law enforcement to keep pace with the changing tactics.

Moreover, the intersection of FaaS with other dark web activities, like drug trafficking and money laundering, suggests a deepening complexity and interconnection of online criminal enterprises. The revenue generated from these services funds further criminal activities, creating a vicious cycle.

Case Study

The "Hydra" dark web marketplace, known for being the largest of its kind, was shut down following a joint investigation by the U.S. Department of Justice and German law enforcement authorities. Hydra operated primarily in Russian-speaking countries and facilitated the sale of various illegal goods and services, including drugs, stolen financial information, fraudulent identification documents, and money laundering services. The transactions on Hydra were conducted in cryptocurrency, with the operators charging a commission for each transaction.

The investigation led to the seizure of Hydra's infrastructure and the arrest of Dmitry Olegovich Pavlov, a 30-year-old Russian resident. Pavlov was charged with conspiracy to distribute narcotics and conspiracy to commit money laundering in connection with his role in operating and administering the servers used for Hydra. This coordinated action was intended to send a clear message against the operation of online criminal enterprises under the cover of the dark web.

Hydra's revenue had increased significantly over the years, from under $10 million in 2016 to over $1.3 billion in 2020. As part of the takedown operation, German police seized servers powering Hydra and confiscated approximately €23 million in Bitcoin. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also identified over 100 virtual currency wallets associated with illicit transactions related to Hydra.

The seizure of Hydra is part of a broader effort to combat cybercrime and money laundering activities on the dark web. It highlights the ongoing collaboration between U.S. and international law enforcement agencies to dismantle such criminal networks, regardless of their attempts to operate anonymously online​

The growth of Fraud-as-a-Service on the dark web represents a significant and evolving challenge to cybersecurity and law enforcement worldwide. This trend underscores the need for continuous advancement in cybersecurity measures, international cooperation in law enforcement, and increased public awareness about cyber threats. As the digital landscape evolves, so too must the strategies to protect against these emerging forms of cybercrime.