Asian Dark Web Communities Thrive on Cultural Differences

A new report sheds light on the little-understood dark web markets in Asia, showing how they’re driven by cultural differences and local government policies.

Researchers from IntSights Cyber Intelligence have investigated dark web cybercrime websites in Japan, China, South Korea, Indonesia and Vietnam to see how they differ from their Western counterparts and the challenges they pose to companies and cybersecurity teams. Itay Kozuch, IntSights’s director of threat intelligence presented his comapany’s findings Thursday at the Black Hat USA security conference.

According to IntSights, the dark web in Japan is used by a lot of internet users, not just criminals, as it’s seen as a refuge for people to express themselves anonymously. That’s why it’s not uncommon to find diaries, blogs and bulletin board systems with innocent content that would be normal in Western societies, but might lead to social stigma in Japan.

However, there are also illegal operations going on, such as the distribution of child pornography or the sale of narcotics and stolen credit card data. But even in these activities, Japanese dark web users behave differently than those in the West.

“Quite a few Japanese drug dealers allow prospective buyers to sample their product and return it free of charge if they’re not satisfied (you’d be hard-pressed to find that type of service from other drug dealers, either online or in person),” the IntSights researchers said in a report shared with Security Boulevard. “They also tend to be more respectful than their Western counterparts, which you can see based on the distinct differences in casual Japanese (which is used with family and friends) compared to the various levels of polite and formal Japanese (that is used with strangers and in business), which they opt for.”

While the legislation is Japan is tough on cybercrime and arrests have been made for developing and distributing malware, the country’s constitution, which guarantees the secrecy and integrity of communications, limits the ability of law enforcement to investigate dark web activities.

“For instance, they are unable to seize websites in their respective territories, unlike U.S. and European authorities,” the IntSights researchers said. “As a result, Japanese cybercriminals have more room to maneuver and don’t have to worry about their dark web operations being interrupted. As such, the criminal cyber climate in Japan tends to be unrestricted by the state’s institutions.”

Dark web usage in China is pretty small compared to the country’s population, but that’s also because most online illegal activities in China are done in the open, on forums available on the clear web. According to Kozuch, that’s because of several factors including the government’s generally laissez-faire attitude toward hackers, as long as their actions don’t conflict with national interests. Another reason is that China government’s strictly controls internet access in the country and accessing the dark web is more difficult for Chinese users.

Because a lot of illegal activity takes place in the clear, Chinese hackers have developed special jargon that uses code names for various services and goods. This, combined with the fact that Chinese websites are often hard to access from outside, makes China’s cybercriminal ecosystem harder to investigate.

The most common criminal activities on China’s illicit online markets include the sale of narcotics, forged documents, personal and financial information, business data, DDoS and hacker-for-hire services, malware, exploits, hacker tools, child pornography and, sometimes, even human organs.

“The Chinese have a strong sense of national pride, which is one of their noticeable differences when it comes to cyber activity,” the IntSights researchers said in their report. “The Chinese Red Hacker groups believe that hostile activity against Chinese interests should be answered with an appropriate cyber response. It is a sense of nationalism that encourages them to attack back as a way of protecting their country.”

The theft of intellectual property from foreign entities is also common and is usually done by state-affiliated hacker groups to advance Chinese interests. A lot of hacking is done for sport and fame, because “hacking in China is portrayed as a lucrative and even respected occupation,” according to Kozuch, which causes Chinese hackers to be “adored” by the Chinese people.

The dark web markets in South Korea started to appear in the mid-2000s and the number of users active in them is growing. However, compared to the overall number of internet users in the country, dark web activity remains small.

Unlike in Japan, the South Korean dark web is almost exclusively focused on illegal activities, the most prominent of which are the sale of narcotics and credit card information. Child pornography, hidden wikis and hacking forums can also be found on the country’s dark websites, according to IntSights.

The dark web in Indonesia is pretty small, because, as in China, many illegal activities take place in the open, on the clear web. Aside from narcotics, child pornography and hacking, many websites on the Indonesian dark web are focused on online gambling, an activity that’s banned in the country.

The underground markets in Vietnam are focused on narcotics, cryptocurrency exchange and child pornography. However, what’s interesting is that most of the communication between users is done in English to avoid government detection and censorship.

“The Asian dark web is relatively small compared to its counterparts in Western countries, such as the United States and Europe,” Kozuch said. “However, this doesn’t mean that it poses less of a threat. In fact, due to the laws and political motivations of these countries, the risk to non-Asian companies is significantly higher.”

Lucian Constantin

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at [email protected] or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin