Into the Darknet: Comparing MTV Developers + Users

This week we continue our "Into the Darknet" blog series, which aims to provide readers with a better understanding of the darknet's history, users, uses and purpose and examine other hot topics in DARKINT, cybersecurity, including malware, toolkits, viruses, cryptocurrency, marketplaces and OPSEC.

As we covered last week, Tor’s Hidden Services and the anonymous nature of the darknet make it an ideal space for the collaboration on and the dissemination of malware, toolkits and viruses (MTV). The composition of the groups leveraging MTV varies not only in ethnicity, gender and level of creative sophistication but also in both expertise and intention.

Some malicious code is developed by individuals, but a majority of large-scale hacking campaigns utilize an organized network of hackers with varying technical and societal backgrounds. MTV is developed and deployed by several different types of groups including state sponsored cyber groups, cyber terrorists, hacktivists, hackers-for-profit security researchers and hobbyist/individual hackers.

faceless dude in crowded subway.jpeg

Comparing EXPERIENCE: MTV Developers + Users

While some malicious code is developed by individuals, the majority of large-scale hacking campaigns utilize an organized network of hackers with varying technical and societal backgrounds.

MTV is developed and deployed by several different types of groups, including state sponsored cyber groups, cyber terrorists, hacktivists, hackers-for-profit, security researchers and hobbyist/individual hackers. Each of these groups have varying levels of experience within specialized areas, and are motivated by different (often overlapping) incentives. 

First, we look at the typical background and experience profile for each group segment.

 
Screen Shot 2017-02-02 at 1.56.56 PM.png
 

Key takeaways: 

1. Every type of persona using and developing MTV has a background in, and/or experience with, Systems Engineering + Network Architecture, Computer Programming or Scripting and Social Engineering. 

2. Only half of all groups have experience as Certified Security Professionals.

3. MTV users typically have experience in a variety of areas, making them well-rounded, flexible and difficult to profile. 

 

COMPARING MOTIVATIONS: MTV DEVELOPERS + USERS

While the above comparison indicates that there is significant overlap in the characteristics of our segmented MTV groups, the factors that drive them to utilize these tools are varied and demarcate their uniqueness.  

 
 

Key Takeaways: 

1. Hacktivists are the only type of MTV users that are not driven by some form of monetary gain. 

2. Everyone who develops, uses and/or disseminates MTV is motivated by their ego, curiosity or the desire to showcase their skill set. 

3. Security Researchers and Criminal Organizations are the only groups not driven to use MTV for reasons associated with politics or ethics. For the remaining majority, these powerful, often deeply personal causes serve as motivational forces that many view as impacting the greater good.

 

FINAL THOUGHTS

While some malicious code is developed by individuals, a majority of large-scale hacking campaigns utilize an organized network of hackers with varying technical and societal backgrounds and motivations, as explored above. MTV is developed and deployed by many different groups including state sponsored cyber groups, cyber terrorists, hacktivists, hackers-for-profit security researchers and hobbyist/individual hackers.

Join us next week when we take a closer look at one of the most organized MTV groups in the world: nation-state sponsored cyber organizations.


Curious about something you've read on our blog? Want to learn more? Please reach out - we're more than happy to have a conversation.