South Africa has witnessed an explosion in cybercrime namely due to the advancement of ICT infrastructure and broadband connectivity in both the public and private sectors. A recently published paper presents a platform that is designed to target cyber threats taking place at both the surface web (Clearnet) and the dark web, which specifically target victims in South Africa.
The platform features multi-faceted cybercrime combating characteristics, including detection and identification of cybercrime related activities, prevention and minimization of cybercrimes via the sharing of relevant information, and protection of users and stakeholders against potential cybercrime activities via means of innovative proactive techniques.
A considerable percentage of cyber criminals operate from the dark web, namely the Tor network, which represents segments of the world wide web that non-tech savvy individuals have no access to, or even the knowledge that it exists. The dark web is where cyber criminals perform illegal activities including illicit drug trafficking, cryptocurrency mediated money laundering, trading stolen banking data, selling malware and ransomware, and occasionally selling firearms. Selling zero day exploits, ransomware toolkits, malware payloads, and phishing exploits is rendering it extremely easy for any individual without technical skills to engage in illegal online activities.
An overview of South Africa’s cyber crime combating platform:
The proposed cybercrime combating platform is based on the concept of community of practice (CoP), which refers to a unique group of collaborative stakeholders with similar concerns and problems, and the fascination to regularly share information and expertise on a regular basis. The platform’s CoP will include governmental cybercrime investigation personnel, businesses interested in boosting the cyber security of their organizational networks, and state sponsored individual ethical hackers.
The platform will include a special online portal that facilitates the sharing of information related to cyber security threats including identified zero day exploits, malware, ransomware, darknet marketplaces with a large number of vendors in South Africa, South African darknet vendor shops, and information related to hacking groups and cyber criminals operating within South Africa.
The South African CoP cybercrime combating platform will be pillared on the following:
– Governmental cyber security professionals, business experts, state sponsored ethical hackers, and other relevant entities
– Special focus on social learning and information sharing, rather than a solid framework and design
– A specially designed dark web crawler fed with special keywords and programmed to alert all platform participants whenever suspicious content relevant to South African cyber security threats emerge, e.g. South African banks, healthcare facilities, online banking applications, etc, which can point to stolen data being traded on darknet marketplaces, forums, or other forms of hidden services on the Tor network, Freenet, and I2P. A special application that combines data retrieved from multiple surface web search engines can be implemented to perform similar tasks on targeted Clearnet black hat forums and other cybercrime related websites.
– A special sector of the platform will specialize in taking down highly dangerous Clearnet and dark web forums and marketplaces. Adopted strategies can include blockage of the IP address of the service by South African ISPs (for Clearnet websites) and the launching of DDoS attacks via a state sponsored booter or IP stressor, or even relying on commercially available online services whenever needed.
– A rewarding system that entices businesses and individuals to engage actively in the platform. For example, creating bounties for identifying certain cyber criminals, taking down websites distributing malware, shutting down darknet marketplaces with a large number of vendors in South Africa, etc. The platform will create “quests” on a regular basis that involve targeting relevant cyber threats with a pre-defined bounty for the winner.
The platform will include a group of applicable learning cyber security topics for all participants. It will also involve established periodicity with predefined security objectives for all participants. It will also feature a schedule of training and learning events to enlighten participants of emerging cyber threats.