Cyber criminals are following in the footsteps of nation states by offering disinformation services – but rather than attempting to influence elections or political discourse, these influence campaigns are being advertised to the private sector.
It's believed to be the first time underground forums have been found to be offering commercial disinformation services.
For as little as a few hundred dollars, members of the criminal forums will craft full-scale disinformation campaigns which organisations can use to falsely generated positive propaganda about themselves – or to generate negative disinformation campaigns designed to tarnish rivals with lies and malicious material.
SEE: 10 tips for new cybersecurity pros (free PDF)
In both cases, the campaigns can be successfully up and running in under a month and at low cost, as detailed by Recorded Future's Insikt Group research team, who've witnessed Russian-speaking groups increasingly advertising their services to outsiders, having honed their skills over a number of years by selling disinformation campaigns across Eastern Europe.
"Now, as this type of activity has become much more well known in the West, we believe that some of these criminal-threat actors decided to capitalise on their newfound fame and try to cash in on unscrupulous businesses and entities outside of the Eastern European landscape," Roman Sannikov, head of analyst services at Recorded Future, told ZDNet.
Researchers created a fictitious company and used two separate dummy accounts to approach two of the dark web users who were offering disinformation services. One was asked to build a positive disinformation campaign about the company, while another was asked to target it with a negative campaign.
In both cases, the cyber-criminal service providers offered highly customised campaigns, using social media to help generate influence.
The campaigns followed similar strategies to nation-state-backed disinformation campaigns, using newly created and long-established accounts on 'major social media platforms' to help spread information. In some cases, what appeared to be real users were replying to the accounts of the companies.
But it isn't just by exploiting social media that those selling disinformation services on the dark web go about their business: they'll create their own articles and blogs to help push the agenda they've been provided with.
For example, the user offering positive coverage wrote articles – complete with edits after feedback – and listed prices for placing the articles at various destinations around the web.
Researchers say an article ended up being published as news on two media sources, illustrating the ease at which the information can spread.
The other user also offered edits based on feedback before setting about sharing the disinformation using social media accounts, including older, more established accounts – which then had their message amplified by bots and sock-puppet accounts.
Some of these accounts even went so far as to communicate with or attempt to befriend users in the targeted countries to make the campaigns more effective by encouraging real people to share the disinformation.
SEE: European police arrest Dark Web counterfeit currency traders
In total, researchers spent $6,500 across the two campaigns around the fictitious company – an amount that would likely be peanuts for a company that tried to get involved in what researchers describe as the "alarmingly simple" process of launching a disinformation campaign. And it's likely that this is only just the start of things to come.
"There are a myriad of applications for these types of disinformation and influence campaigns. Just think of the implications of stock price manipulation. Threat actors can use the same disinformation service to first boost an entity's reputation and subsequently damage it," said Sannikov.
"We believe organisations need to be laser focused on any erroneous information published about them on social media, particularly when there is any type of reference to traditional media sources in those posts," he added.