Cyber-Invading Communities In The Dark-Net Cyber-Invading

The role of Cyber-Criminals has changed over the years, in the past, these professionals were viewed as dangerous criminals that needed to be kept away at any cost. However, such times are behind us and recently various private companies, criminal gangs, and intelligence agencies are seeking help from those experts. An increasingly large number of modern business operations rely on an understanding of the risks associated with programs that can easily be made vulnerable to Cyber-Invasion. Reported in a post I published on the Fox News Web-Site on the role of Cyber-Criminals. Cyber-Invading services are among the most attractive commodities in the underground market, it is possible to hire a Cyber-Criminal to request a realistic penetration test, or one can pay a Cyber-Criminal if they wish to take over someone’s Facebook or Gmail account. How much does it cost to hire a Cyber-Criminal? How to do it and what is the price for their services?

Recently many new sources also claimed that now a day it is extremely easy to hire Cyber-Criminals to carry on desires Cyber-Invasion. These Cyber-Criminals have a catalog full of prices for their Cyber-Invading Service, if an individual wants to compromise someone’s Gmail account they have to pay approximately $90 USD to get the job done. This can really come in handy if you forget your password and have important information to access and you are feeling helpless without the password. But, truth is that taking service from these Cyber-Nerds you can unlock your account. It states the post if you want to crack Gmail passwords; you can compromise Gmail with browser settings, phishing and keylogging programs, and special scripts. Cyber-Criminals, for example, could be hired to Cyber-Invade into a social media account, the cost to compromise someone’s Facebook account is $350, or simply to increase the rank of a company on a social network. The investigation conducted by law agencies revealed that the Cyber-Criminal can steal someone’s Facebook Information for $15 and to compromise a NetFlix account you have to just spare $1.25. Other common commodities in the Cyber-Invading underground are the tutorials of Cyber-Invasion that go for $20 and hit-and-run strikes, such as a DDoS or Web-Site defacement. There are various ways to buy Cyber-Invading services and probably the most interesting place where it is possible to meet members of the principal Cyber-Invading communities is the Dark-Net.

Many Cyber-Crime investigating agencies disclosed that are countless Cyber-Invading community in the Dark-Net and Strike-Forum, Cyber-Experts, Trojan-Forge, Mazafaka, TheRealDeal and darkdeare some of the rent examples of these community. The majority of the Cyber-Invading communities are closed to the public and one must request an invitation to join the discussions. In many cases, these groups are specialized in their activities on specific topics and practices (e.g. Social media strike, data theft, infections and exploits and hit-and-run strikes (i.e. DDoS, Web-Sitestrike).Among the communities accessible only by invitation there are several strike forums, an example is the popular Trojanforge, which specializes in virus and code reversing.

Let’s start our tour on the Dark-Net from the results of a study conducted by the experts at Dell Secure Works Counter Threat Unit (CTU) to see what is changing from the publishing of the report and which are the dynamics and trends behind the Cyber-Invading communities in the underground. In 2013, experts at Dell Secure Works Counter Threat Unit (CTU) published a very interesting report titled “The Underground Cyber-Invading Economy is Alive and Well.” which investigated the online marketplace for stolen data and Cyber-Invading services. The study listed the goods sold in the black markets and related costs. One year later, the same team of researchers at Dell SecureWorks released an update to the study of black hat markets, titled “Underground Cyber-Criminal Markets”, which reports a number of noteworthy trends. Many researchers witness that the demand of fraudulent personal documents is rising every day, these documents could be employed as a second form of identification such as passport, drivers licenses, utility bills, and Social Security Numbers. Another distinguishing element of the evolution of the underground marketplaces in the last year is the offer of Cyber-Criminal Tutorials, as we have seen this kind of product still represents an element of attraction in the Cyber-Invading community. Training tutorials provide instruction to criminals and Cyber-Criminals that want to enter into the business of stolen credit card data, information on running exploit kits, guides for the organization of spam and phishing campaigns, and tutorials on how to organize hit-and-run DDoSstrike. Other tutorials offered in the Cyber-Invading communities include an instruction to compromise ATM and to manage a network of money mules, which are the principal actors for the cash-out process of every illegal activity. An investigation conducted by many law agencies proved various underground illegal activities happening in the Brazilian underground, which is characterized by the availability of a significant number of similar products and services. Cyber-Invading communities are very active in selling stolen credit cards, differentiating their offer to reach a wider audience and provide tailored services at higher prices. In the table listed on twitter, the services and the products are there with related prices expressed in both BTC and USD.

The Tor Browser is a web browser that hides your web traffic using the Tor network, making it easy to protect your identity online. The Tor browser is a perfect choice for you, if you’re investigating a competitor, researching an opposing litigant in a legal dispute, or just think it’s creepy for your ISP or the government to know what Web-Sites you browse. Browsing the web over Tor is slower than the clearnet, and some major web services block Tor clients. This browser is illegal in some countries, as the authority there does not want their citizens to publish, read or communicate privately. Various free minds across the globe have embraced the Tor browser, as online freedom and company itself work very hard to improve the overall performance of the browser.

  • How to Operate the Tor Browser

Like any other browser such as google chrome and Firefox, one can easily download the Tor browser. If you’ve never practiced Tor, then the first thing you’ll notice is that it’s slow or at least, slower than regular internet browsing. Still, Tor has gotten quite a bit faster over the years, and with a good internet connection, you can even watch YouTube videos over Tor.

Tor Browser gives you access to .onion Web-Sites that are only available within the Tor network. For instance, try to access Facebook at https://www.facebookcorewwwi.onion and The New York Times at https://www.nytimes3xbfgragh.onion/ employing a regular web browser. It won’t work. As you can only reach these Web-Sites over Tor. This makes it possible to read the news privately, a desirable feature in a country where you don’t want the government knowing which news Web-Sites you’re reading, when you’re reading them, and for how long. Operating Tor comes with a major set-back as various web services have blocked the access to Tor, sometimes without useful error message. If a Web-Site you normally visit suddenly returns 404 when visiting over Tor, the service is likely blocking Tor traffic and being needlessly opaque about it. Web-Sites that do not block Tor might push you to click through a ton of captchas. It’s not the end of the world, but it is annoying.

  • How Tor Browser works

The greatest advantage of the Tor Browser is that it re-routes all the web traffic through their network and it results in complete secrecy. Tor had developed three-layers of the proxy, quite similar to the layers of an onion. Tor Browser connects at random to one of the publicly listed entry nodes, bounces that traffic through a randomly selected middle relay, and finally spits out your traffic through the third and final exit node. As a result, don’t be surprised if Google or another service greets you in a foreign tongue. These services look at your IP address and guesstimate your country and language, but when using Tor, you will often appear to be in a physical location halfway around the world. If you live in a regime that blocks Tor or need to access a web service that blocks Tor, you can also configure Tor Browser to exercise bridges. Unlike Tor’s entry and exit nodes, bridge IP addresses are not publicly listed, making it extremely complex for web services, or governments, to blacklist those IP addresses. Tor does not support UDP, so don’t try to torrent free programs ISOs, as it won’t work.

  • Is Tor Browser legal?

For most people reading this article, Tor Browser is completely legal to practice. In some countries, this browser is illegal, as the authority there does not want their citizens to publish, read or communicate privately. Various free minds across the globe have embraced the Tor browser, as online freedom and the company itself work very hard to improve the overall performance of the browser. China has banned secrecy and hence blocks Tor traffic from crossing the Firewall and countries such as Saudi Arabia, Iran and Russia are working day and night to stop citizens from using Tor. Recently most of the traffic of the Tor browser was blocked in Venezuela. It’s easy to see why a repressive regime hates Tor. The service makes it easy for journalists to report on corruption and helps dissidents organize against political repression. The freedom to communicate, publish, and read privately is a prerequisite for freedom of expression online, and thus a prerequisite for democracy today.

  • How to get on the Dark-Net?

Let’s get this Dark-Net nonsense out of the way once and for all. While it’s true that some criminal entities employ Tor to commit crimes, criminals also employ regular internet to commit crimes. Bank robbers often take getaway cars on public highways to commit crimes. We don’t slander highways or the internet, because that would be foolish. Tor has tons of legitimate operations and it is considered to be a cornerstone of democracy today. So when you hear people talking in scared whispers about the Dark-Net or some other nonsense, understand that there is a lot more going on here than just The Four Horsemen of Infocalypse are using systems in non-normative methods and online Secrecy is not merely the bailiwick of criminals.As a practical matter, Tor is for ordinary people, because criminals willing to break the law can achieve better secrecy than Tor provides.

  • Does Tor allow criminals to do illegal things?

Criminals can already do bad things, as they want to break the law and they will do it in one way or the other. In addition to that, they have plenty of options available to do their work is absolute privacy. They can steal cell phones, employ them, and throw them in a ditch; they can crack into computers in Korea or Brazil and employ them to launch abusive activities such as spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world. Tor as a browser always aims to provide protection for ordinary people. Those who want to follow some rules. Recently, only criminals can enjoy privacy and we need to do something about it.

  • Is Tor Browser private?

Tor browser features one of the best private web-browsing so far. However, still is far from perfect. They are currently witnessing an arms race between researchers seeking to strengthen Tor, or even develop a next-generation secrecy tool, and governments around the world studying how to break Tor’s secrecy properties.




Small Job-like Email, Facebook etc. compromising

$200 USD

Medium-Large Job, ruining people, espionage, Web-Site strikes etc.comercial Moctezuma

$600 USD

Compromising web server (vps or hosting)

$120 USD

Compromising personal computer 

$80 USD

Security Audit


Web Server security Audit 

$150 USD

Social media account take-over


Social media (FB, Twitter, etc.) – account Compromising

$50 USD

Spyware and Device Tracking


Spyware development

$180 USD

Device Tracking 

$60 USD

Intelligence and Investigation


Intelligent report – locate people 

$140 USD

Intelligent report – background checks

$120 USD

Fraud Track – Find your Scammer

$120 USD

Cyber extortion To be agreed prior contact 


Compromising web server (vps or hosting)

$250 USD

Compromising personal computer

$200 USD

Compromising Social Media Account (Facebook, Twitter)

$300 USD

Gmail Account Take over

$300 USD

Security Audit 


Web Server security Audit 

$400 USD


$150 USD

Remote Access Trojan 

$400 USD

Banking virus Customization (Zeus source code) 

$900 USD

DDoS strikes


Rent a botnet for DDoS strike for 24 hours

$150 to $500 USD

24 Hours DDoS Service

$480.61 USD

Market set up

$7957.80 USD

Private RAT setup for dummies 

$1250 USD

The real GovRAT – source code + Instructions on setup and compile + 1 digital certificate for code signing to sign your files

$1081.38 USD

RAT set up service and deployment on bullet proof hosting 

$1201.53 USD

Android RAT + Tutorial

$1200 USD

Compromising web server 

$500 USD

Compromising Social Media Account (Facebook, Twitter )

$200 USD

Compromising Tutorial, Cash out tutorial, Carding tutorial etc. 

$240 USD

Compromising Tool: Spying a Computer 

$500 USD

Compromising a web server

$1000 USD

Targeted invasion on a specific client

$2000 USD

Programs protection cracking- Reverse engineering

$300 USD

Penetration Testing

$250 USD

Custom Facebook strike

$250 USD



How to make a Botnet

$2211 USD

How to set up a RAT

$1100 USD


All the payments are done privately and in BTC. In the Tor network, several Cyber-Criminals offering their services using their own Web-Sites, black markets represent the privileged choice to get in touch with a Cyber-Criminal and hire him. The principal benefits of hiring a Cyber-Criminal on a black marketplace are:
• Possibility to verify the reputation of the Cyber-Criminal and its abilities.
• Availability of escrow services that protect both buyers and sellers.

For this reason, we decided to explore some of the most popular black markets searching for Cyber-Criminals to hire. We end up taking a short tour of the TheRealDeal black market. This community was emerged recently to deliver a privileged environment to both buyers and sellers and the core goal is to commercialize exploit kits and Cyber-Invading services. I have found among the Cyber-Criminals that propose their services the possibility to pay for a DDoSstrike or for the customization of a virus, also on TheRealDeal market it is possible to pay for tutorials of a different kind. Below a table that outlines the offers, I received from the Cyber-Criminals I contacted, or that published their offers on the marketplace. Another popular black market is Nucleus(http://nfc2s3fsbjh22hzz.onion, http://ifa3gxnvs6gj7ooa.onion/ but at least another 2 mirrors are up to serve visitors), this marketplace is more focused on products (i.e. virus, stolen card data, etc.) than service. I tried to contact some sellers and only one of them offered me Cyber-Invading services to compromise a server or to compromise a specific client stealing his data with targeted invasion. In the following table are resumed some of the products/services available on Nucleus marketplace.

In order to give you an illustrious opinion about the Cyber-Menaces of the Dark-Net, I decided to involve a valuable colleague, Paolo Stagno, aka VoidSec, which is a Cyber Security Analyst specialized in Underground Intelligence. He provides speeches in various international conferences, which include BlackHat, DEFCON, and Droidcon. He is the proud leader and founder of This is the Web-Site where all Cyber-Criminals can share experience and ideas.
Below my questions for Paolo regarding Dark-Net and Cyber-Invading communities:

What can we find in the Dark-Net?

The Dark-Net is a “hidden reality” where is possible to find every kind of illegal products and services. Black markets are the places in the Dark-Net were sellers offer their illegal goods and services, including drugs, weapons, counterfeit, stolen merchandise, credit cards, access to bank accounts, fake identities and related documents, various accounts, trafficking in persons, organs, account compromising services and also hitmen. The Cyber-Invading market inside the Dark-Net is flourishing thanks to the secrecy offered by the communications protocols implemented in this part of the web. The newest trend observed by security experts is the model of sale known as Cyber-Invading as a service. The addition of technical support to the Cyber-Strike tools (i.e. Friendly interfaces, email, and IRC) lowers the level of complexity for their usage, ransom-ware kits, for example, are offered according to this model example allowing anyone to commit crimes just for 50 €.
Most common services available in the underground Cyber-Invasion:

  1. Hire a Cyber-Criminal
  2. Botnet
  3. exploit kit
  4. Zero-day
  5. Crypter
  6. DDoS
  7. Doxing
  8. Spam
  9. Virus
  10. Money laundering services

In order to rent a botnet, they normally run spam or DDoS campaign, clients pay a price from 2-5$ month, with a limitation on the number of strokes per session and up to $ 100-200 every day for more complex strikes. Exploit kits are still sold with their source code, but they still have exorbitant prices of $ 20-30k, for this reason, clients rent them for the limited periods, which cost them near about $ 500/month and the same goes for 0-day exploits that can cost approximately up to thousands of dollars.

Which are the principal players of the Cyber-Invasion the Dark-Net?

In Dark-Net, there are several Cyber-Invading communities that are accessible via both hiding protocols or via Clearnet. Most of them are exclusive and one must have an invitation in order to gain access. Normally they are more focused on topics like reversing and viruses including Trojan-forge, however, we also have some generic communities such as Cyber-Strike Forum, where members plan various issues related to Cyber-Invasion, Cyber-Frauds, and Financial Crimes. There are various forums and chat on the Dark-Net, which are dedicated to activities of Black Cyber-Invasion. However, the distribution of products and service are done by marketplaces to reach a wider audience. The major players in the Cyber-Invasion landscape in the Dark-Net are:

  1. Agora (TOR)
  2. TheRealDeal (TOR) past the spotlight recently due to the possibility of buying day exploits
  3. DreamMarket (TOR)
  4. MRNiceGuy (TOR, a clone of the original)
  5. Outlaw (TOR)
  6. MajesticGarden (TOR)
  7. Among the black market in Clearnet find
  8. Rescator
  9. Lampedusa

What are the risks for buyers?

The black markets hosted in the Dark-Net increase the safety of both sellers and buyers, making hard to track them by law enforcement. In any case, there is the concrete risk that clients fall victim to a Web-Site known as a honeypot, which was used by law enforcement. Another great risk for the buyer of these black market places is that the law enforcement agencies now have the ability to track their shipment and seize their shipment of illegal products.

How is the payment, what guarantees the buyer?

Trust has been a major issue for the Cyber-Invading communities and quite similar to any other market. The black market has created a reputation mechanism with the help of the buyer’s reviews. Some black markets implement escrow mechanisms based on BTC MultiSignature in order to protect both sellers and buyers. The Payment is generally made by exploiting virtual currency schemas such as Bitcoin and Litecoin, rarely operators allow PayPal, Western Union, and other payment systems.

Activities Of VoidSec In Dark-Net

It normally operates intense activities of the black market and under-ground intelligence by extreme research and preservation of various menaces. They also keep a close eye on the main black marketplaces and Cyber-InvadingCommunities. We analyze the latest trends, products, and services offered in the Dark-Net.

[/kc_column_text][crum_title title=”Conclusions” align=”align-left” _id=”126958″ type=”h4″ title_delim=”yes”][kc_column_text _id=”592753″]

As we have seen it not so hard to hire a Cyber-Criminal in the numerous black markets available on the Dark-Net, especially when someone needs simple tasks. These services are tempting, but it has a greater risk involved, as it is way different from hiring a professional. These groups employ various channels for communication and the majority of the service providers are just scam, as they run away with your money without doing the task. For this reason, clients that intend to hire a Cyber-Criminal usually refer to black markets due to the reputation mechanisms they implement.The rates of various services among various Cyber-Invading communities are quite similar and this allows the user to monitor the evolution and the latest running trends in the Cyber-Invadingmarket place. Variation of price: For instance, prices could be changed, due to the sudden rise in demand for a product in the criminal ecosystem. The availability of a large amount of data related to a data breach could cause a decrease in the price of a single record and sustain the offer Cyber-Criminal against clients of organizations affected.