Anonymity tools such as the tor network and cryptocurrencies are increasingly adopted by fraudsters to hide their tracks. They have enabled a darknet underground economy that centers around online illicit markets which has generated over USD$500 million in sales in the past year. Within online illicit markets, fraudsters create profiles and post ads for their products and services. Fraudsters build a public reputation and history around their online personas. Our recent interactions with fraudsters have shown that while anonymity tools are important, many fraudsters are also active on unsecured networks that have been around for decades and provide little to none in terms of anonymity. In addition, these networks do not keep profiles of fraudsters who must always find new ways to prove their worth to others. In this talk, we will present an analysis of the intelligence that can be gathered both on dark networks such as the tor network as well as open networks such as ICQ. We will demonstrate that very different intelligence can be gathered on both types of networks and that combining both sources of information provides analysts with a much deeper understanding of the underground economy. This presentation includes screenshots and videos of fraudsters who have made the mistake of sharing them publicly.
