WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
It’s often the case that a sequel to a great book or a remake of a once-popular TV series doesn’t generate the same enthusiasm or excitement as the original. Of course, there are well-known exceptions to this… For the movie fans out there, The Godfather Part II stands out as one example. More often than not, however, when a format tries to repeat its former glory it doesn’t quite live up to its predecessor.
This phenomenon can also be seen in the cybercriminal world, when a defunct dark web marketplace or cybercriminal forum attempts to return and replicate the notoriety of the original version of the platform.
While the rest of the world has been busy dealing with the coronavirus pandemic, a once-key platform in the English-language cybercriminal underground may have been making a quiet comeback. Its return would really test whether a sequel can truly live up to—or even surpass—its predecessor in the criminal world.
On 21 Dec 2020, a user called KickAss initiated a thread on the dark web community forum Dread to allege that the once-notorious dark web forum of the same name had returned following a substantial hiatus. KickAss said that the original forum had been taken offline intentionally in January 2019 following the increasing media and law enforcement attention brought to the platform by the actions of the ransomware collective, TheDarkOverlord.
TheDarkOverlord was an active member of the forum at that time and had publicized their high-profile extortion attempt relating to legal documentation associated with the 9/11 terrorist attacks in the US. Although TheDarkOverlord ultimately failed in their attempt to profit from these sensitive documents, it appears the added spotlight on the site was enough to force the KickAss administrators to shut the doors of the formerly prominent hacking forum.
Prior to its closure, KickAss was referred to on several occasions as the number one hacking forum in the English-language cybercriminal community, with hundreds of members contributing thousands of threads to an array of topics such as ransomware, exploits, data sharing, and card data offerings.
The announcement on Dread of KickAss’s return coincided with similar threads on other English-language dark web forums such as Torigon and RaidForums. All such announcements have been met with users expressing both delight at the site’s revival and suspicion as to the legitimacy of the new version of the service.
Some have wondered whether KickAss 2 is a law enforcement honeypot attempt—an entrapment technique that involves creating a decoy version of a cybercriminal entity to gather compromising information about threat actors. But claims from both ex-members of KickAss and established members of sites such as Dread and Torigon indicate that KickAss’s return is legitimate. In fact, the language and tone used in the announcement of the forum’s return suggest it may even have been made by the well-known former administrator of KickAss.
When KickAss went offline in early January 2019, rumours of possible law enforcement action quickly circulated around the dark web. To this day, these claims have not been validated or confirmed. Therefore, it is too early to say whether the forum’s impromptu return is genuine or if it is a coordinated effort to trap unsuspecting users.
The mixed reaction to KickAss’s return and continued uncertainty as to its credibility led us to wonder whether, in a world built upon dishonesty and manipulation, a platform can ever truly return to its former glory. We’ve been reflecting on historical attempts by dark web marketplaces and forums that have been shut down or rendered offline only to return at a later date under the same name or a rebrand.
Torigon Dark Web Forum
Torigon, another English-language dark web forum, was created September 2019 with the bold intention of unifying the Russian- and English-speaking cybercriminal landscapes.
Torigon’s founders stated:
“Torigon is a cyber security forum connecting Russian & English hackers. Torigon is open for everyone who can program, provide services, sell exploits, code malwares, believe in anonymity & strong darknet and also open for all those who want to learn alongside others, gain general information about hacking and internet security. The first version of Torigon was scrapped very fast but after a lot of work put by few people it is back to serve again. The main purpose of Torigon is to provide a platform for badass internet criminals to make cyber crime more easier & exploit their targets together.”
However, Torigon suffered from a severe lack of interest and dealings behind the scenes never coming to fruition. Following a sustained heavy DDoS attack, the administration team seemingly thought it best to take the forum offline completely in Mid-May 2020 in the hope that the attack would disappear. Unfortunately, this proved not to be the case: Soon after the site’s revival in August 2020, it was once again subjected to the same attack. However, fast-forward a couple of months and, following some work in the backend, the forum is now growing steadily within the English-language criminal underworld and is starting to gain the momentum it never really achieved the first time round.
Altenen Cybercriminal Forum
Altenen initially started out as an Arabic-language cybercriminal forum and morphed into an English-language carding-focused platform in 2013. After several cyberattacks, Altenen went offline in either late 2016 or early 2017 before the forum administrator resurrected the site in June 2018. Since then, the platform appears to have attracted users from across the globe and has experienced a steady increase in forum membership, though multiple users within the cybercriminal community have described it as a scam site..
XSS Cybercriminal Forum
XSS is a recent rebranding of the previously long-standing Russian-language cybercriminal forum DamageLab, one of the first Russian-language cybercriminal forums to be established. DamageLab in its original incarnation closed down to protect its users from investigation when its administrator had a run-in with law enforcement. Now run by a former administrator of the popular Russian-language cybercriminal forum Exploit, XSS is well regarded within the cybercriminal scene and features discussions and commercial activity relating to several fields, including malware, spam, exploits, vulnerabilities, carding, access sales, and credential databases
Silk Road 2.0 Dark Web Marketplace
The administrators who helped launch and maintain the original Silk Road platform, which was the dark web’s number 1 marketplace in its heyday, created the dark web marketplace Silk Road 2.0 in November 2013. The administration team recreated Silk Road’s original set-up and promised improved security. However, just a month later, it was reported that three administrators had been arrested for their alleged roles as moderators on the original platform, which law enforcement agencies had shut down in October 2013. An administrator called Defcon maintained Silk Road 2.0 until its eventual seizure by law enforcement in November 2014.
Dark0de Cybercriminal Forum
The original Dark0de forum was a big hub in the cybercriminal community that collected together prominent hackers who had to undergo a rigorous registration process to obtain access to the site. It facilitated trade in malware, zero-day exploits, rentable botnets, and access to compromised servers. Following the site’s high-profile takedown by law enforcement in July 2015, one administrator who had managed to evade capture relaunched the forum under the same branding just ten days after the shut-down of the first. However, due to a number of security and poor configuration issues on the revised forum, the revived platform failed to gain anywhere near the traction attained by its older sibling. It died off when it became clear that the cybercriminal community had no trust in the forum and how it was being run.
Hell Reloaded Cybercriminal Forum
The hacking forum Hell Reloaded was created in late 2015 in response to the alleged law enforcement shut-down of the forum’s predecessor, ‘Hell’. Hell had gained popularity as a hub for hacking activity but was undone by its publication of 4 million user accounts for “Adult Friend Finder”. The resulting media attention quickly led to the site’s shut down by law enforcement in July 2015. A few months later, the forum was back online under the branding Hell Reloaded. However, suspicions that the forum was a honeypot were soon raised, because the registration process was opened to the public and the original site founder was notably absent. Hell Reloaded later went offline likely as a result of the increased suspicions surrounding it and a notable lack of traction.
It remains to be seen whether the new KickAss will return to its self-made claim of being “the number 1 english hacking forum”, or whether rumours and suspicions about law enforcement will continue to keep the community and its trust away from the forum. It is still within the realm of possibility that the forum administrator genuinely took the forum offline back in 2019 and waited for media attention to subside before attempting to bring the forum back online. And with a small number of well-known dark web threat actors backing up the new version’s claims to legitimacy, there might just be enough impetus for the forum community to grow once again.
But, as we’ve seen with other attempted forum resurrections, associations with law enforcement can be hard to shift, and we wouldn’t be surprised if the forum struggles to attain the same popularity it once garnered before its impromptu shut down.
Despite the uncertainty of KickAss’s life cycle, it’s sure that there will always be cybercriminals on the lookout to exploit your organization’s digital footprint. Security professionals should take a proactive approach to detect data loss before it is leaked to the wrong places, as well as monitoring the cybercriminal forums and marketplaces for mentions of their company name or postings of sensitive data or credentials for sale.
To see how Digital Shadows (now ReliaQuest) helps monitor your organization’s digital footprint to protect against digital risks, try Search Light (now ReliaQuest GreyMatter Digital Risk Protection) for free now.
Additionally, get our research report on How Cybercriminals Monitor Our Online Exposure with a growing market for network accesses, stolen documents, and extortion guide, alongside practical tips for mitigation.