Researchers Call for a Shared Dark Web Taxonomy

A dark web intelligence company has called for an industry-wide, standardized framework for evaluating and describing goods and services for sale on underground forums, after complaining that most research is inconsistent and misleading.

Terbium Labs analyzed 22 reports from 18 different sources dating back to 2013 to better understand how security vendors and researchers approach the topic of dark web pricing for stolen accounts and identity information.

Its report, The Truth About Dark Web Pricing, argued that, despite the best intentions of those releasing these reports, they are saddled with inconsistencies in data collection, definitions and sampling methodologies. Researchers often cherry pick details, thus failing to present a balanced and accurate view of the industry as a whole, and are unable to provide insight into longer-term trends, it added.

“For example, one report classified payment cards with BINs (Bank Identification Numbers) as a separate category from payment cards, although all payment cards have BINs. Other reports classified cloneable payment cards and payment cards with track data separately, though they are essentially the same,” the study noted.

“Even reports from the same research group used slightly different categories from year to year; one series of reports grouped cards from the same geographic area in different categories depending on the year the report was published.”

This only adds to the fear, uncertainty and doubt permeating the cybersecurity industry and creates greater opacity where insight and clarity is desperately needed, argued Terbium Labs.

The answer is to build a shared taxonomy for describing dark web goods and services, ideally involving a price index which could measure price changes in a standardized way, according to the firm’s chief research officer, Munish Walther-Puri.

“An industry standard such as this one cannot be set by one organization; a true standard requires that we synthesize across sectors. We are proposing first to recognize the shared problem that we all face and then create an environment where a standard can emerge,” he told Infosecurity.

Models from adjacent areas could help in drawing up such a standard, he claimed.

“These include the development and adoption of STIX TAXII for threat intelligence, ATM terminal and fraud definitions set by the European Association for Secure Transactions, and even the scoring of corruption: the Corruption Perception Index from Transparency International,” Walther-Puri explained.

“The latter case, incidentally, is a similar challenge: what once was considered strictly qualitative, and limited discussion of the influence and impact of corruption soon became measurable and comparable over time.”