On Tuesday, Trend Micro researchers released a whitepaper (.PDF) documenting the results of an investigation into the Web's underbelly, asking if the underground is connected globally, or whether there are countries which have a certain illegal "specialization" in goods or services.
There are three loose layers of the Internet; the "Clear" Web, the "Deep" Web and the "Dark" Web. The Clear Web is where we go for daily tasks and to visit standard websites through search engines such as Google, Bing and Yahoo.
The "Deep" Web is the layer underneath which is not indexed by standard search engines, and has to be accessed through a service such as the Tor network to access .onion websites hosted in this area.
Lastly, the "Dark" Web is a fraction of the Deep Web where illegal dealings take place, such as the purchase of weapons, drugs, counterfeit documents and hacking tools.
The average person is unlikely to go beyond the Clear Web, but the rest of the Internet is open to anyone using the right setup.
Over the past few years, Trend Micro has conducted a number of research projects focusing on these areas and the underground economy at large. Within the latest research paper, Trend Micro focuses on comparisons between different countries, their users and their online activities.
The team focuses on six main markets: Russia, Japan, China, Germany, the US and Canada, and finally Brazil. Trend Micro says that a "global cybercriminal underground market" does not exist; rather, each country's economy is unique -- and the goods being sold are different, too.
Russia
In Russia, where stolen data sales run rife, stiff competition from Dark Web vendors has pushed up the efficiency levels of supplying illegal goods and data such as credit card information. Trend Micro says sellers from this country are forced to "step up their game by providing goods in the shortest amount of time and most efficient manner possible," and often takes business away from rivals such as Germany.
China
If you're looking for prototype software, services and cracking tools -- as well as hardware -- the Chinese forums are the best place to start. The researchers say that Chinese users are the quickest to adapt to changing trends in the cybercrime world, and they are also "leading the way" in cybercriminal innovation.Skimming equipment, hardware, exploits and hacking tools abound, as well as social engineering toolkits and a swathe of ready-made systems for cybercriminals.
Germany
Likely due to language barriers, German vendors stock their websites full to the brim with as many products as possible. However, these products generally serve a niche market, such as droppers which exploit vulnerabilities in software only recognizable to German buyers.
Trend Micro says sellers from this country often rely on Russia for tips and trading tactics, and there is most likely collaboration between the two countries given clues such as cross-advertising and overlapping profiles.
The US and Canada
Vendors based in the US do not often close their doors to the uninitiated; rather, they encourage new members and novices to engage in cybercrime."It is not a locked vault accessible only to the tech-savviest of hackers but rather a glass tank -- open and visible to both cybercriminals and law enforcement," the team says.
The US is also, ironically, the best place for the darkest and most dangerous services and purchases, including assassination services and murder-for-hire.
Meanwhile in Canada, the underground economy is not as well-developed or efficient as others. However, vendors are still making a profit on counterfeit documents and credentials including driver's licenses and passports, as well as stolen financial data and information dumps. Vendors are also known to sell their wares worldwide.
Japan
Japanese underground dwellers focus less on the illegal and more the taboo, including forums locked to Japanese speakers who communicate in code. Anonymity is king, and Japanese buyers and sellers do everything possible to keep surveillance at bay.Unlike other markets, Japanese sellers also often accept unusual means of payment, such as gift cards and forum points.
Brazil
Brazil is an interesting case. Dubbed the "fastest route to cybercriminal superstardom," Brazilian sellers are young, bold, and completely disregard the law on their quest for notoriety.Sellers from this country will also brazenly advertise on the Clear Web and inflate their own egos by boasting of their wares and exploits. Due to this, Brazilian underground players are most often seen working alone.
Interestingly, the Dark Web is perhaps one of the few platforms where anyone can trade with anyone, regardless of their country, color or creed. It seems ironic that legal trade, imports, and exports are often controlled by agreements and caps on the international platform, but in the underground, only money matters.
Report
Zdnet