Out in the Open: Accessibility in the North American Underground

In our exploration of the different cybercriminal underground markets, we often note that these black markets are often hard to infiltrate, or even find in the first place. It takes a specific set of skills and knowledge to be able to get inside these underground economies.

But not the North American underground. Unlike its counterparts in other countries or regions, the North American underground does not rely on limiting access for sustainability. It does not close its doors to novices. On the contrary, it encourages cybercriminal activity.

In our latest paper, North American Underground: The Glass Tank, we note that many of the North American underground sites are easy to access, as they are often found in the Surface Web—not the Deep Web. Anyone armed with the right search query can enter. Simply looking for cybercrime how-to guides can actually lead to related forums.

The Glass Tank

This underground is not a locked vault accessible only to the tech-savviest of hackers, but rather a glass tank—open and visible to both cybercriminals and law enforcement. Several goods and services are blatantly advertised on Surface Web forums and even on popular sites like YouTubeTM to draw in customers.

Figure 1. YouTube video showing off Xena’s various features

The North American black market is teeming with various other cybercriminal tools and services such as crypters, hacking tools, stolen documents, and DDoS (distributed denial of service) offerings.

A common list of tools with average prices can be seen below:


Crypting services, arguably the most sought-after crimeware in the North American underground to date, obfuscate malware binaries’ creation dates and other malicious components. All customers need to do is send their malware to service providers who then check them against all standard anti-malware tools available in the market. Crypting service providers check how many products flag the code “malicious.” They then encrypt the malware as many times as it takes until these are no longer detected.

We’ve spotted several advertisements for these services, with prices ranging from US$8 per file to US$1,000 per month for use on an unlimited number of files.

Tackling the Glass Tank

The transparency of the North American underground creates a paradox. The supposed freedom and liberty this underground provides may allow cybercrime to thrive, but it does so under the watchful gaze of law enforcement, ready to serve their cease-and-desist orders at any time.

While law enforcement efforts in North America are generally much stronger compared with any other region’s worldwide, they still face challenges. The North American underground’s transparency means the life span of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace.

For details on our investigation, please read North American Underground: The Glass Tank.

Read more: Out in the Open: Accessibility in the North American Underground

Story added 7. December 2015, content source with full text you can find at link above.