Profiling a Dark Web Criminal

Download the report

This report takes the alias of a real-life dark web criminal to demonstrate how investigators and cybersecurity teams can build a profile on aN actor

The main reason that criminals use the dark web is for the anonymity that it provides. Dark web networks such as The Onion Router (Tor) mask where traffic is coming from, so a user can not be identified based on their IP address. The most sophisticated criminals work hard to maintain their operational security (OPSEC) on the dark web, taking care not to share any information that might lead to their identification by law enforcement or cybersecurity professionals.

However, even in the case where a criminal’s OPSEC is so good that they can’t yet be unmasked, there is still a great deal of value that can be unlocked in gathering intelligence on their online persona. A cybercriminal’s real name is almost certainly of less value to a defender than a clear understanding of details such as their favored tactics, techniques, and procedures, their associations with other cybercriminals, and their role in the cybercriminal ecosystem.

 

find out how to build a profile on a Dark Web criminal’s:

  • Capabilities: Establishing how skilled they are at hacking, the resources they have at their disposal, and their previous experience in conducting attacks.
  • Credibility: Assessing the level of threat based on their reputation within the cybercriminal community.
  • Goals and motives: To establish the likelihood of the cybercriminal targeting your organization.
  • Identifying criteria: To identify other accounts the cybercriminal has and build a more accurate assessment of the threat.