Dark Consequences: The Ripple Effects of Cyber-Political Crackdowns

Technology moves at the speed of light. It’s hard to believe that the internet started in the ‘80s with just a few government systems and within a few short years, it was open to the public with hundreds of domains being registered and thousands of emails being sent around the world.

The internet enabled a globalization that humanity had never seen before, connecting everyone in what seemed like a free for all, a digital free zone. But how do we manage this wild, wild wilderness of web?

Today, internet laws that are being enacted around the world – but especially in the Asia-Pacific region and Russia – are like tectonic plates. These laws are the foundations of our cyber threat landscape, and as they shift and move, everything else moves as a result. Nations are isolating their internet blocks and their citizens from access to the globalized internet. Isolationism, restrictions, and data privacy laws will drive citizens to the deep and dark web for anonymity, cryptocurrency, and access to otherwise inaccessible information, including crime.

How Did the Flourishing Cybercriminal Underground Emerge?

Every day, we hear of a new breach, a new hack, a new exploit or vulnerability. In the cybersecurity industry, it’s a lot to keep up with. We are often consumed with what is right in front of us – how to protect our organization, our home network, our personal data. How to respond to an incident or a malware campaign – all very important tasks.

But let’s take a step back and address how we got here in the first place.

Cybercrime and hacking really took off around the world between 2000 and 2007, as the internet became an increasingly crucial component of daily life for consumers and businesses alike. As the world has grown increasingly digitized, there are countless opportunities for threat actors to crack into systems and obtain sensitive information.

The threat began in 1997, as the Russian dark web community was established and then blossomed on Hackzone.ru. In 2005, the Russian underground continued to spearhead cybercriminal activity, as the ever-popular Exploit.in forum emerged, quickly growing to nearly 2,000 users a year later. Fast-forward to 2018, and the Tor browser – which allows users to anonymously access the dark web while remaining untraceable – had over 4,000,000 users.

The dark web’s explosion in popularity – and subsequent emergence of sophisticated threat actors targeting both businesses and nations – has led to government crackdowns, particularly in the Asia-Pacific region and Russia. Here’s how these kinds of legislation affect internet users.

Vietnam

Vietnam passed a new cybersecurity law in 2018 requiring tech companies to open offices and store local user data within its borders, while handing over any information it requests. This law also has repercussions for consumers, as it censors social media and sites it deems to be undesirable. To enforce these restrictions and combat “inappropriate or toxic” views, Vietnam created a 10,000-member cyber offensive unit, called Force 47.

As a result, there has been an observed increase in Vietnamese-language internet traffic and activity on the deep and dark web. Thousands of users are migrating to Vietnamese-language forums to seek information on technology, cryptocurrencies, and cybercrime opportunities. The government’s attempts to crackdown on free internet usage in the name of security has, ironically, pushed many members of Vietnam’s young, tech-savvy middle class to the dark web, where threat actors are actively recruiting skilled hackers.

Below is a chart detailing the progression of dark web usership in Vietnam between March and June:

The trend is clear: Vietnamese citizens aren’t going to wait around for the government to relinquish its grip on their browsing capabilities. Increasingly, they are turning to the dark web – and, in many cases, to cybercrime.

China

Long before the internet arrived to China, Deng Xiaoping said, “If you open the window, both fresh air and flies will be blown in.” This statement is a perfect summation of how the Chinese control their internet infrastructure. China leads the way in government control of the internet and they may be a prime example of what internet censorship could look like in the future as many governments around the world attempt to control the data flowing through and within their borders.

In 2018, China had 778 million internet users. It also has the most expansive “surveillance state” in history, using the huge strides it has made in AI technology to monitor and track data. It recently began requiring tourists to download data-monitoring apps on personal mobile devices. The Chinese government has almost total control over internet usage within its borders, and has virtually blocked access to the dark web.

However, cybercriminals tend to find a way no matter what obstacles impede them. In China, they tend to congregate on the clear net, since the dark web is hard to access. They hide in plain sight by using cryptologic language to hide the true meanings of their communications. As a result, it can be very challenging to track and interpret these cybercriminals, meaning they present a very different type of threat than those found on the dark web.

Russia

Russia is making some sweeping changes that are creating big ripples throughout the global threat landscape. On May 1, 2019, President Putin signed into law the Sovereign Internet Law, which is designed to protect its network from foreign intervention that might intend to disconnect Russia from the world wide web. However, it can be interpreted to establish a means for closure of Russian access to the internet while still maintaining a functional internet inside their nation’s borders. Under the law, while Russia states that they are preparing for a case in which foreign powers disconnect Russia from the internet, Russia could willfully disconnect from global root name servers, ensuring autonomous operation of RUnet, the Russian internet sector.

With specialized hardware and software installed in every Russian internet service provider, governmental and law enforcement agencies now have on-demand access to the private data of Russian citizens without the need to provide a court order. Russia could disconnect its citizens from the world wide web, further restricting internet freedom for users and bolstering the government’s already-tight grip on how the internet is used within its borders.

In stark contrast to China, Russia actually tends to turn a blind eye to activity taking place the dark web, allowing for a thriving Russian cybercriminal community. For more information on this Russian dark web underground, download our forthcoming report, The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime, set to be published on Thursday, August 8.

Australia

Many in Western countries were shocked when Australia adopted a new restrictive internet policy last year. The “Assistance and Access Bill” will allow the country's intelligence and law enforcement agencies to demand access to all end-to-end encrypted digital communications. Australia's lawmakers say it will enable crucial intelligence capabilities in organized crime and anti-terrorism investigations.

What it will also do is enable the government to issue technical capability notices to companies that provide encrypted products and services to require them to ensure their systems would allow exceptional access for law enforcement and/or intelligence agencies. It also allows officials to approach specific individuals with these demands, rather than the institution itself. They can force the engineer or IT administrator in charge of vetting and pushing out a product's updates to undermine its security.


Companies that fail or refuse to comply with these orders will face fines up to about $7.3 million. Individuals who resist could face prison time. Australian companies are less vigilant about data risk than their counterparts in other advanced economies. The question of what will happen when this law is enacted and how Australian organizations will respond will soon be answered – for better or for worse.

Global Implications

For global organizations, all of these laws explicitly demand handing over data to a foreign government. Consider the risk involved with handing over your crown jewels to a foreign, or even domestic, government: PCI, PII, PHI, trade secrets, new technologies being developed, competitive business intelligence. All of that could be monitored, read, and used by the government.

How are businesses going to explain this to customers, partners, and employees? Disclosures are going to be painful and consequential. How much will it cost for organizations to increase data storage in those locations to comply with the new requirements?

Our research is showing a clear trend over the past couple of years: As governments tighten their control of how people are allowed to use the internet, the young, technical generations of internet users are migrating to the deep and dark web. The internet is evolving and as evolution usually goes, we adapt and overcome. There is a new generation of internet users that are circumventing laws and diving into a darker part of the internet to maintain privacy. Cybercrime will only continue to grow and prosper as we enter this uncharted – and dark – territory.

Digital transformation has created unprecedented new opportunities for businesses – but it has also created a host of new cybersecurity challenges. Learn how to use threat hunting to defend your organization in our ebook, Dark Web 201: How to Leverage Threat Hunting to Prevent CyberattacksDark Web 201: How to Leverage Threat Hunting to Prevent Cyberattacks.

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.