Although the darknet is often touted as the place to be for criminals who want to keep their identity private, there are some caveats. New research goes to show hackers tend to resort to specific patterns in communication on the deep web. Looking closer at these models may lead to detecting illicit behavior at an early stage, and potentially even identifying individual users.
Darknet Data Analysis Is Quite Powerful
The evidence for this study will be presented at the upcoming Black Hat Europe 2016 conference, which takes place come November 2016.Data analysts claim they have come up with a way to identify illicit behavior on the darknet by looking at the way individuals communicate with one another.
According to this research, security experts can discover communication patterns by analyzing darknet forums. Moreover, the behavior of individual hackers and criminals can tell a lot about these people as well. New technologies such as natural language processing, social network analysis, and temporal pattern analysis can help identify malicious intentions at an early stage.
By conducting data analysis themselves, enterprises can look closer at individual messages and posts on the darknet at their own pace. This would actually remove the need to rely on threat intelligence experts, which are not cheap to come by. Although the information is aggregated through one central service, the list of crawled darknet forums continues to grow every month. So far, close to 800 platforms are being monitored on a 24/7 basis.
There are multiple use cases for this type of technology, as it can help track down individual hackers. While it will not immediately lead to a name or address, this would allow people hiding behind different aliases to be identified. After all, most people reuse the same pattern of communication at all times. In fact, using these research tools has unveiled valuable information for security experts already.
A Potential Concern For Bitcoin Pseudonymity
The company driving all of this research goes by the name of Recorded Future, and they will unveil more information during the November conference. The team is confident they can remove the issue of bad actors jumping between different online handles. That aspect remains a critical problem during darknet investigations right now.
Bitcoin users should take note of this new development as well. Although Bitcoin offers all users pseudonymity, these tools can also be used to link wallet addresses to user profiles. Keeping in mind how the majority of Bitcoin users is also active on social media, cross-referencing communication and information is not overly difficult. Moreover, this toolkit can be used to monitor any forum. There is lots of information to be analyzed when looking at Bitcointalk, for example.
Header image courtesy of Shutterstock
