The DarkNet is synonymous with the sale of drugs, weapons and fake passports. None of which are relevant to pay- media operators. What lurks in the DarkNet which would be of interest to them? And what can be done to mitigate the impact?

What are we seeing?
Irdeto has witnessed a growing demand for customer databases – supplying compromised account credentials for pay media services. These credentials are available in the DarkNet, and as you know from my earlier post its anonymity attracts criminal activity.

Once the compromised credentials are bought at a wholesale rate in the DarkNet, they are sold for maximum profit to be used in the Clearnet. The average markup of the price on the Clearnet is 300%. That’s a tidy profit for the cybercriminals.

But surely a subscriber would know that their account has been compromised? Not always.

A lot of pay media services allow a number of active devices to be associated to a subscription. In some cases, OTT providers don’t have a limitation on how many devices an account can use, which means that an account can be resold several times over. When the purchaser buys the compromised credentials they are made aware of the caveats, e.g. not to change any settings on the account otherwise the real subscriber will become aware.

Another trend which is gaining momentum is cybercriminals offering a personalized shopping service. Here the purchaser requests for compromised credentials of a specific provider.

How are they obtained?
Typically cybercriminals use one of 3 ways to harvest the account credentials.

  1. Brute Force Attack. This approach targets vulnerable databases. It uses automated software to launch an exhaustive trial and error attack which uses all possible combinations to figure out the passwords for a computer or network server.
  2. Evil Twin Access Point Attack. This involves the hacker setting up a fake Wi-Fi hot spot, for instance, to secretly intercept the communication between the subscriber and operator to acquire the credentials.
  3. Phishing. This has long been a staple way to acquire sensitive information by masquerading as a trustworthy online entity.

What can be done about it?
To start with, it’s about getting to grips with the intelligence problem. It is important to identify which operator’s database has been compromised and the extent of the attack. From there, the next step is to validate that the account credentials for sale in the DarkNet are legitimate. Once validated, evidence is then gathered to support civil or criminal proceedings.

It sounds simple until you add the DarkNet anonymity into the equation. Monitoring, detecting and investigating such activity in the DarkNet require specialized expertise. Many Clearnet tools and techniques are not transferable.

A different approach is needed in the shadowy depths of the DarkNet. Not everyone has these capabilities. And this is one of the reasons why pay media operators look to Irdeto to help protect their brand and revenue streams against ever increasing reach of online piracy.