Discussing Darknet Adjacent Sites and Narrative Attacks with Blackbird.AI and DarkOwl CEOs

November 09, 2023

Mark Turnage, CEO and Co-Founder of DarkOwl, and Wasim Khaled, CEO and Co-Founder of Blackbird.AI, sat down for a fireside chat to discuss emerging trends with darknet adjacent sites, such as Telegram and Discord, and narrative attacks. Their interview is transcribed below.

Today, Blackbird.AI, the leader in AI-driven Narrative and Risk Intelligence announced a partnership with DarkOwl, the leading provider of Darknet Data, to enable organizations to identify narrative attacks across the dark web. This expands Blackbird.AI’s comprehensive visibility of narrative attacks that today include social media, news, forums, podcasts, and more. The full press release can be found here.

Interview with Mark and Wasim

Mainstream apps like Discord and Telegram are gaining popularity among hackers. Why do you think they are migrating away from the dark web?

Wasim: Narrative attacks are now part of many cyberattacks. Mainstream apps like Discord and Telegram are gaining popularity among hackers because increased law enforcement monitoring has pressured dark web hacker forums. These apps make it easier for hackers to coordinate because apps like Discord and Telegram offer more moderate anonymity but increased accessibility compared to the difficulty of accessing the dark web. It’s also effortless for narratives to proliferate across channels and groups with little friction.

Mark: As Wasim said, there has been a considerable uptick in recent years of marketplaces and forums being “disrupted” and taken down by law enforcement activities on the dark web. For example, Breached Forums, Monopoly Market, and Genesis were taken down just this year. This has led to a lot of mistrust by users on these forums who believe that they are being watched or that their infrastructure is unsafe. So they are looking for other means of communication. Platforms like Telegram are utilized for marketplaces and forums like the dark web, using public channels but also allowing users to have private messaging, giving them more security and anonymity. Platforms like Telegram are much more accessible to users, easily accessed from your phone, and for some users, this is better than configuring your TOR browser, etc. Telegram also traditionally has not cooperated with law enforcement. Using dark web adjacent sites can also give the appearance of legitimacy, as legitimate users can often use these. Groups like left and right-wing extremists use these channels and surface web forums. Also, groups like the Taliban are active on these sites.  

The dark web allowed anonymity but was difficult to access. How do Telegram and Discord offer hackers more moderate anonymity but increased accessibility?

Wasim: The dark web allowed anonymity but was difficult to access. Telegram and Discord offer hackers more moderate anonymity, but the improved accessibility of mainstream apps makes them attractive alternatives.

Mark: While the dark web continues to be an area where criminals congregate to sell goods and discuss illicit activities, we are seeing other platforms emerge as also being used by these groups. Many of these chat platforms and networks include legitimate channels and communities and could even be casually considered a form of ‘social media.’ Despite this, DarkOwl refers to chat platforms such as IRC, Telegram, and qTox that have considerable use by darknet cyber criminals as ‘darknet adjacent’ for their role in persisting illicit goods trade, fraudulent activities, and cybercrime. 

What are some examples of narrative attacks and disinformation that can spread about companies?

Wasim: Examples of narrative attacks and disinformation aimed at companies include spreading misleading or outright false information about harmful products, leadership misconduct, unethical business practices, or other damaging claims.

Mark: Regarding nation-state examples, with the emergence of the Russian invasion of Ukraine, messaging apps have become an essential means of communication between militant groups and sharing information/disinformation with wider groups of people. Wagner, the Russian PMC group, also uses Telegram. These sites have a much larger reach than the traditional dark web sites.  

How can narrative attacks and disinformation about a company’s products be harmful?

Wasim: False claims about product defects, safety issues, or performance can erode consumer trust. This may discourage purchases. Correcting false claims is difficult if disinformation has spread widely online or in the media. Lost revenue and reputational damage can result. Narrative attacks and disinformation targeting a company’s products can inflict significant harm by eroding consumer trust and tarnishing brand reputation. Misleading or polarizing information quickly goes viral in today’s hyper-connected world, leading to a cascade of negative effects such as plummeting sales, increased customer churn, and even regulatory scrutiny. The long-term impact can be even more damaging because once a narrative takes hold, it can be tough to change, causing lasting harm to market share and growth prospects. In the worst-case scenario, a successful disinformation campaign can trigger a crisis of confidence among stakeholders, ranging from customers and employees to investors, severely undermining the company’s competitive standing and even jeopardizing its existence.

Mark: I would add that due to all those examples, disinformation can even lead to legal action against a company in some cases. On the darknet, we see disinformation-as-a-service frequently. It is definitely on the rise. Threat actors trade social media accounts and their influencers – accounts sold in bulk that could be easily leveraged for disinformation or misinformation campaigns by a foreign government or agency with malicious intentions. There are several examples the DarkOwl team has found where a threat actor group offers for a fee to erase news, website pages, results from search engines, YouTube videos, and negative comments on forums and create posts, reviews, and news to positively or negatively affect a company.

How do narrative attacks target politicians, thought leaders, and company leadership?

Wasim: Conspiracy theories and false and inaccurate narratives about executives can undermine their credibility and leadership. False claims about illegal or unethical actions by leaders can also trigger costly investigations or lawsuits, while share prices may fall due to uncertainty. The company may have to spend significant resources defending and communicating the truth.

Mark: The darknet is a known playground for disinformation campaigns, and its users are wise to detect disinformation, especially across anonymous image boards where several controversial groups like QAnon participate. The team wrote a blog a while back where one anonymous user on endchan advised, “Don’t be fooled by disinformation. They almost always use truth but wrap it in disinformation,” noting the prevalence of outrageous conspiracy theories historically across the internet. 

This interview continues diving into narrative attacks on the Blackbird blog here.

About BlackBird.AI

Blackbird.AI helps organizations detect and respond to threats that cause reputational and financial harm. Powered by their AI-Driven Narrative & Risk Intelligence Constellation Platform, organizations can proactively understand risks and threats to their reputation in real-time. Blackbird.AI was founded by a team of experts from artificial intelligence, and national security, with a mission to defend authenticity and fight narrative manipulation. Recognized by Forrester as a “Top Threat Intelligence Company,” Blackbird.AI’s technology is used by many of the world’s largest organizations for strategic decision-making.


Questions? Please contact DarkOwl or Blackbird.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.