An experienced hacker has opened up about his experiences on the dark web, including the worst things he's seen.
In a masked interview with Vice, the cybercriminal-turned-ethical hacker laid it out bluntly: “I've watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?”
Untraceable and encrypted, the dark web is the perfect playground for hackers, drug dealers, and even hitmen.
The most hunted content? A report found it's child p*rnography, followed by guns and drugs.
While this hacker avoided discussing those specific horrors, his concerns are chilling enough.
He’s worried about “major impacts [ransomware will have] to financial markets or potential impacts to things like electricity production facilities.”
“If I wanted to gain access to a secure company, I wouldn't go kick the door down,” he said. “I would target people I know who have access, who I know bring personal devices into a building or do things adjacent to the sensitive stuff, and I would then work my way up.”
It’s a tactic that’s evolved since 1989, when the AIDS Trojan—the first ransomware attack—was unleashed.
That one was cooked up by Joseph Popp, who handed out 20,000 floppy disks at a WHO AIDS conference. When installed, the disks encrypted files and demanded a ransom sent to a PO box in Panama.
Today, it’s way easier. “You just need a few thousand dollars and a laptop and a couple of smart hackers to write some code and send something out.”
The man in the mask started as a “black hat”—the kind of hacker who breaks the rules for personal gain.
Now, he calls himself a white hat, tracking down cybercriminals and helping companies fix vulnerabilities.
“I at one time considered myself a black hat and changed to a white hat,” he said. “White hats tend to be hackers who are bound by an ethical code, who try to do things to improve the greater good and who are bound by the law.”
Still, he knows how the dirty side works. And according to him, even world governments dip into the dark web when they need help.
“Every single country has a reason to weaponize these kinds of attacks,” he said, pointing out that smaller nations often fly under the radar.
The hacker also opened up about the Initial Access Broker Market. These brokers sell stolen credentials to hackers, providing easy entry into over 2,300 networks—no hacking required.
“For an average price of around $2,800, these so-called initial access brokers (IABs) sold stolen VPN and remote desktop protocol (RDP) account details and other credentials that criminals could use to break into the networks of more than 2,300 organizations around the world, without breaking a sweat,” Dark Reading reports.
Between late 2021 and mid-2022, IAB sales skyrocketed, with 2,348 reported transactions and the number of brokers jumping from 262 to 380.
Meanwhile, 2,886 companies had sensitive data dumped on ransomware leak sites - a 22% increase, according to InfoSecurity Magazine.
The FBI knows what’s happening - but stopping it is another story.
“We're not only trying to attack the supply side, but we're also attacking the demand side with the users,” a senior FBI official told DailyMail.com about the Genesis Market takedown.
Genesis Market—once a massive dark web hub where stolen passwords sold for as little as $1—was finally seized in a joint operation involving over 200 global raids and 120 arrests. In the UK alone, 24 people were picked up around Grimsby.
Dubbed “Operation Cookie Monster,” the crackdown exposed a treasure trove of 80 million stolen credentials from 1.5 million compromised devices - including login data for banks, PayPal, Amazon, Netflix, and even Facebook.
And the scary part? Many of those arrested weren’t elite hackers. They were just regular users, exploiting stolen “cookies” to masquerade as someone else and bypass security.