Finding Use in the Dark Economy—and Minimizing Its Negative Effects

What is the dark web, and how does it work? Is it as ominous as its moniker suggests?

Economic principles have an odd habit of appearing in unexpected places. To emphasize how important branding is in a consumer's purchase decisions, which is often dismissed, Thomas Sowell wrote in Basic Economics that “Brands are a way of economizing on scarce knowledge, and of forcing producers to compete in quality as well as price.”

He emphasizes this power that brands have by including a report from The Economist on a peculiar situation in the Soviet Union in which branding was not available for assisting consumer decisions. "Consumers learned how to scan barcodes as substitutes for brands in order to identify items that originated from trusted manufacturers" to adjust to their economic circumstances. As Sowell points out, the Soviet customers were able to effectively develop brands for their own gain.

Similarly strange economic events may be found in the dark web's hallways, but before they can be assessed, a definition is required, since most people are familiar with the word but unaware of its specifics. The traditional web, or “clear web,” consists of web pages delivered to clients from web servers that are able to be indexed by search engines. This indexing allows search engines to serve up pages based on a given search query. The deep web, or all the resources on the internet not available to the web crawlers conducting the indexing, such as information behind a sign-in page or a paywall, medical records, or sensitive corporate web sites, is the outcome of the decision to allow a web page to be indexed. This information is so prevalent that it is estimated to make up between 96 and 99 percent of the internet.

The dark web is a subsection of the deep web that can only be accessed with specific software. This software allows a user to access the anonymizing network known as Tor (the onion router). This network routes web traffic through a series of proxy servers operated by volunteers. This special way of routing internet traffic effectively results in a user’s identity being untraceable (although there theoretically are ways to expose the activity of someone using Tor), making it the perfect tool for ne'er-do-wells or web users in totalitarian states in which the clear web is heavily monitored and censored. Content is posted on the dark web through servers that lie within the Tor network called hidden services (aka onion addresses like the official Facebook hidden service URL facebookcorewwwi.onion).

Not everything on the Tor network is malicious or illegal. As mentioned above, users can enter it to access Facebook or other content providers that may be blocked in their country. This was actually the original intention behind the network: provide an anonymous communication channel that allows for unfettered speech. Even the CIA has their own Tor hidden service, which makes sense since the Tor network was funded during its inception by the Naval Research Lab and Defense Advanced Research Projects Agency. More credence is given to the usefulness of this shadowy network by the fact that even the United States government is among its users.

Defining the Dark Economy

There are a plethora of intriguing economic concepts and profit production techniques at play in the burgeoning dark economy (an ecosystem comprising of dark web hackers, the destructive tools they build and sell, and their unlucky victims and their stolen data). Cryptocurrency acts as the system’s unofficial designated currency, à la the dollar or euro. In this vein, it allows “a merchant [to] sell his or her goods and have a convenient way to pay their trading partners” by acting as a “universal store of value.” There are also features seen within the e-commerce space, such as seller reviews, shopping carts, consumer forums, and accounts that you use to log in and shop.

An interesting development in the world of hackers is the proliferation of ransomware as a service (RaaS) operations. This new business model is similar to the popular as a service offerings in the IT world, such as software as a service, where a vendor provides a full-fledged application to a customer that is accessible through the internet, or infrastructure as a service, where the vendor offers a customer access to computing resources in a similar way. For ransomware as a service, the vendor (ransomware developers) leases their ransomware to customers (hackers doing the initial compromise of the target’s network) so they can deploy it in their attack without spending the time or developing the skills to produce a sophisticated ransomware program.


This division of labor, where a complex task is broken into sub-tasks through specialization, is a major factor fueling the explosion of recent ransomware attacks because “a given number of workers can produce far more output using division of labor compared to the same number of workers each working alone.” The global estimated cost of ransomware attacks in 2020 was $20 billion, up from $8 billion in 2018 and $11.5 billion in 2019. This steep increase was due in part to the rise in the average ransom payment made, cost per ransom incident, and cost of downtime per incident. Ransomware continues to top the list of cyber threats and will remain there until it becomes less convenient and profitable for attackers.

We notice not just identical e-commerce characteristics like product bundle sales and marketing in these ransomware as a service operations, but also common as a service benefits like user communities, documentation, feature upgrades, 24/7 user assistance, white papers, videos, and an active Twitter presence. Commonly seen revenue models used by these shady “businesses” consist of monthly fees, affiliate programs, licensing, and profit sharing. DarkSide, the ransomware used to infect Colonial Pipeline’s IT systems, is an example of an RaaS group.

In the shadow economy, governments and companies, which are frequently targeted by hacking organizations, play an important role. Because their data is so important, whether it's their customers' personally identifiable information (PII) or intellectual property critical to research and development, these companies are ready to pay a premium price to get it back and prevent it from being released on the dark web. They're also prepared to spend to get their systems up and running again, because every minute of missed income is costly. This principle of supply and demand takes a few different forms in the dark economy.When it comes to the ransom fee connected with regaining access to systems and data following an attack, the victim is the demand party, and the criminal is the provider. The victim is prepared to pay more if the info is valuable. When the subject is the initial value of the data or systems in issue, the reluctant targets of the assault establish the amount of supply, while the malevolent searchers of the resources create the demand. As solutions to the ransomware problem are considered, the interaction between these two antagonistic organizations is worth considering.

Lowering Supply and Increasing Costs

Despite its many useful applications, the Tor network nonetheless harbors much of the criminal activity and collaboration that results in devastating data, infrastructure, and financial attacks. While terrible conduct is to be expected in any human activity, taking the time to examine how these evil actors interact with one another and their victims reveals a fairly rational and predictable operation. Human nature does not alter simply because judgments are made in an unusual medium like the dark economy. Decision makers may better inform their attempts to resist the destructive effect that this hacker network has over the lives of the American people by harnessing the power of incentives, cost, demand, and supply.

Limiting the supply of data is the first step that businesses, internet users, and governments must do. Hackers are, for the most part, opportunistic. They're seeking for the slowest and most vulnerable prey they can discover. If they encounter too much opposition, they will typically cease the pursuit and seek for a new victim. As a result, it's critical to put in place adequate and fundamental security defenses before an attack occurs, such as implementing dependable endpoint protection products, regularly making backups, teaching people to recognize phishing emails, and updating diligently. Implementing a sound cybersecurity plan is going to limit the profitability of these hacking operations by making it harder for hackers to get to the prize they want.

Businesses must also restrict the amount of ransom payments made to these ransomware operators on a regular basis. The danger of ransomware can be reduced to the point where paying a ransom is no longer necessary if effective mitigation measures are adopted. Regrettably, most firms are still catching up. Newsworthy ransomware attacks where large payouts are made, such as $4.4 million to DarkSide from Colonial Pipeline, $11 million to REvil from JBS, and a potential $70 million to REvil again for the ransomware attack on Kaseya and its customers over the July 4th weekend, only help to fuel the greed of these cyber criminals. If the market for these paydays remains hot, ransomware gangs will continue to rake in the cash.

To lower the demand for cyberattacks, it is also necessary to impose consequences on these cyber criminals. If hackers are faced with the full might of the United States government, they will be hesitant to attack American targets. It is critical that these criminals are brought to court since it not only imposes unacceptably high costs on existing groups, but it also deters would-be players from following in their footsteps, which is an important part of criminal justice. Unfortunately, REvil's recent aggressive attack on Kaseya demonstrates that these organizations feel their acts have minimal consequence. This supply chain assault was not only carried out after the other high-profile SolarWinds supply chain attack, but it was also carried out by the same organization that carried out the high-profile attack on JBS. Reducing the demand for these hacks with concerted law enforcement efforts will be just as pertinent as reducing the supply of ransom payments and vulnerable data.

Choices drive human behavior, and these trade-offs are always influenced by incentives. Cyber thieves are currently being enticed to steal data and disrupt infrastructure belonging to the American people in order to obtain a ransom money in exchange for their pains. The economic principles of the shadow economy should be carefully explored if the tide is to be reversed against these adversaries of American wealth, as they contain the fundamental key to comprehending the why and how of the situation.

Follow us on Google News

Filed under

Recent Search