Exploring The Cybercrime Underground: Part 4 – Darknet Markets
Understanding Tor Markets
AlphaBay’s quick growth—or regrowth—has been fueled in part by what Gray calls “the Great Cyber Resignation.” At least 10 dark web markets have dropped offline for various reasons in the last 18 months. Others, like Dark0de and World Market, are believed to have pulled “exit scams,” disappearing suddenly with their users’ money. Still others, like Cannazon and White House Market, staged more considerate and organized exits, giving users time to pull out any funds held on the sites. While most virtual currency activity is licit, virtual currencies can be used for illicit activity, including sanctions evasion through darknet markets, peer-to-peer exchangers, mixers, and exchanges.
Agora, said to be the Dark Web’s largest dark market since Silk Road was shuttered, has been spooked by what it called “suspicious activity” and recent research into vulnerabilities in Tor that it fears could help to unmask its server locations. For anyone who has built up 1,000 Facebook friends, this may come as a shock – all that effort is woth £3, on Tor Bazaar. As an ESET guide explains, account details are valuable to cybercriminals – and this vendor offers email addresses and other detials as part of the deal. While police had managed to seize some of his shipments to customers that were flagged by PostNord, Denmark’s main private mail carrier, they’d yet to uncover his real world identity. Malvax ran a sophisticated operation, relying on mixers and other obfuscation techniques to protect his identity.
In recent years, Tor markets have gained significant popularity and notoriety on the internet. These marketplaces operate on the Tor network, which provides its users with anonymity and privacy.
The internet is essential to the global system of interconnected computer networks using the Internet protocol suite, TCP/IP. For example, the world wide web, which can be seen as an information system where documents and other web resources are identified, is carried on the internet. But, the problem with shutting down markets is that other ones fill the void extremely quickly. As of the end of 2019, there are at least 49 active darknet markets, so both users and vendors are spoilt for choice when seeking a new one. Not only that, but it’s easy for them to coordinate with one another to find new markets on forums such as Dread, a Reddit-like discussion site devoted to darknet markets. Perhaps our most interesting finding is that darknet markets’ transaction activity appears to be less influenced by the ebbs and flows of the cryptocurrency markets and other forms of seasonality compared to other services.
The Basics of Tor Markets
Tor markets refer to marketplaces that are only accessible through the Tor network. They facilitate the buying and selling of various goods and services, often operating in the realm of illegal activities. The anonymity provided by the Tor network is a key reason for their proliferation.
DeSnake has broken this mold with their dramatic return to the public eye that included interviews with the media and identity verification through a potentially compromised PGP key. DeSnake joined the conversation, creating an account with his moniker on September 12, 2021 in attempts to mitigate the marketplace’s potential reputation damage. DeSnake repeatedly pointed to their vouches from Dread and old PGP key pasted to Ghostbin, paste site. DarkOwl has been unable to assess how the larger darknet community (outside of Dread) feels about the new Alphabay Market. AlphaBay historically had a vocal and persistence presence on Darknet Market Avengers forum which unfortunately, has been offline for several weeks. They worked closely with a “security administrator” and second in command known as DeSnake, or simply “DS” for short.
Before starting Matillion in 2011, Matthew worked in commercial IT and software development for 15 years at a number of British and European systems integrators. A native of Altrincham, England, near Manchester, Matthew now spends half his time in the United States – primarily in Denver (Matillion’s U.S. headquarters), Seattle, New York, and in the Bay Area, at the beating heart of the enterprise software industry. Jon has extensive international financial, life sciences and governance experience. Jon served as an Independent Non-Executive Director of HSBC Holdings plc from April 2014, and as Deputy Group Chairman from August 2018, until his retirement from the Board in February 2020. He was previously Chairman of HSBC Bank plc, Chief Financial Officer of Novartis AG, Partner and Managing Director of Goldman Sachs, Chief Financial Officer of AstraZeneca plc, and a Partner at KPMG. His governance experience includes roles as Non-Executive Director and Chair of the Audit Committees of Diageo plc and QinetiQ Group plc and Non-Executive Chair of Proteus Digital Health Inc.
Be sure to keep your finger on the pulse of these trends to truly stay up to date with what you can do to guard yourself against them. • Take a risk-based approach in reducing your attack surface by proactively identifying and remediating vulnerabilities. Many organizations are still struggling due to the complexity of their internal policies, conflicting priorities, limited control over outsourced capabilities and poor governance. After a steady period where there were, on average, 255 listings across 2020 and 379 across 2021, another period of growth happened in early 2022. This saw over a thousand products being listed on Tor Market by mid-2022 (see graph below). This makes Tor Market’s performance over the same period even more remarkable.
While it’s a deep resource, it’s also technically illegal in many countries because it violates copyright restrictions, so check out the laws in your area before visiting. Given that these stores often operate under new names, it is difficult to assess with absolute certainty whether they were present on Hydra or just planting the reviews for publicity. However, Flashpoint’s cryptocurrency analysis performed in September 2022 found that some of the exchanges that received funds from Hydra (e.g. Bitzlato, MINE exchange, Bitpapa,) were also receiving funds from OMG! TRM Labs adds that eight of the top 10 mainstream exchanges that received funds from Hydra before its shutdown also received funds from its successor entities over the subsequent year. However, these developments do not mean a complete departure from darknet markets, or DNMs. Nevertheless, as long as these actors avoid arrest, the general darknet market landscape appears to be capable of healing itself.
- In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.
- For instance, Hydra was unique from its competitors in that it offered location-based courier services.
- Although eight of the darknet markets active in 2018 closed in 2019, eight new ones opened, keeping the total number of active markets steady at 49.
How Tor Markets Work
Understanding the mechanics of Tor markets can shed light on their functioning:
- Accessing the Tor Network: Users must download the Tor browser to access these marketplaces.
- Anonymity: The Tor network routes connections through multiple servers, making the users’ identities and locations difficult to trace.
- Cryptocurrency Transactions: Most Tor markets operate using cryptocurrencies, most commonly Bitcoin, to safeguard users’ financial information.
Types of Goods Available in Tor Markets
While many items sold on Tor markets may be illegal, they also feature a variety of legal products. Common categories include:
- Drugs: Various types of narcotics and controlled substances.
- Stolen Data: Personal information, credit card details, and login credentials.
- Counterfeit Items: Money, documents, and branded goods.
- Legal Items: Books, music, and even services like privacy tools.
Risks Associated with Tor Markets
While Tor markets may seem appealing for various reasons, they come with significant risks:
- Legal Issues: Engaging in illegal transactions can lead to severe legal consequences.
- Scams: Many marketplaces are rife with scams, including fake listings and fraudulent vendors.
- Security Threats: Users may expose themselves to malware or hacking attempts.
FAQs about Tor Markets
1. Are Tor markets legal?
The legality of Tor markets depends on the goods being traded. While some items may be legal, many marketplaces deal in illegal goods, making participation risky.
2. How can I protect myself while using Tor markets?
To enhance security:
- Use a VPN.
- Engage only with well-reviewed sellers.
- Keep your financial transactions private.
3. What should I do if I encounter a scam on a Tor market?
Report the scam on relevant forums and avoid engaging with the scammer in the future. Secure your personal information immediately.
The Future of Tor Markets
As internet privacy becomes a more pressing issue, the existence of Tor markets is likely to evolve. Increased law enforcement attention and technological advancements may impact their usage. Additionally, the rise of decentralized technologies could lead to new forms of marketplaces that prioritize user anonymity.
Ultimately, Tor markets represent a complex intersection of anonymity, legality, and digital commerce. Users must tread carefully in this space, weighing the benefits against the potential risks involved.
