Search This Blog

Wednesday, August 23, 2023

Darknet market

From Wikipedia, the free encyclopedia

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

Following on from the model developed by Silk Road, contemporary markets are characterized by their use of darknet anonymized access (typically Tor), Bitcoin or Monero payment with escrow services, and eBay-like vendor feedback systems.

History

1970s to 2011

Though e-commerce on the dark web started around 2006, illicit goods were among the first items to be transacted using the internet, when in the early 1970s students at Stanford University and Massachusetts Institute of Technology used the ARPANET to coordinate the purchase of cannabis. By the end of the 1980s, newsgroups like alt.drugs would become online centres of drug discussion and information; however, any related deals were arranged entirely off-site directly between individuals. With the development and popularization of the World Wide Web and e-commerce in the 1990s, the tools to discuss or conduct illicit transactions became more widely available. One of the better-known web-based drug forums, The Hive, launched in 1997, serving as an information sharing forum for practical drug synthesis and legal discussion. The Hive was featured in a Dateline NBC special called The "X" Files in 2001, bringing the subject into public discourse. From 2003, the "Research Chemical Mailing List" (RCML) would discuss sourcing "Research Chemicals" from legal and grey sources as an alternative to forums such as alt.drugs.psychedelics. However Operation Web Tryp led to a series of website shut downs and arrests in this area.

Since the year 2000, some of the emerging cyber-arms industry operates online, including the Eastern European "Cyber-arms Bazaar", trafficking in the most powerful crimeware and hacking tools. In the 2000s, early cybercrime and carding forums such as ShadowCrew experimented with drug wholesaling on a limited scale.

The Farmer's Market was launched in 2006 and moved onto Tor in 2010. In 2012, it was closed and several operators and users were arrested as a result of Operation Adam Bomb, a two-year investigation led by the U.S. Drug Enforcement Administration. It has been considered a "proto-Silk Road" but the use of payment services such as PayPal and Western Union allowed law enforcement to trace payments and it was subsequently shut down by the FBI in 2012.

Silk Road and early markets

The first marketplace to use both Tor and Bitcoin escrow was Silk Road, founded by Ross Ulbricht under pseudonym "Dread Pirate Roberts" in February 2011. In June 2011, Gawker published an article about the site, which led to "Internet buzz" and an increase in website traffic. This in turn led to political pressure from Senator Chuck Schumer on the US DEA and Department of Justice to shut it down, which they finally did in October 2013 after a lengthy investigation. Silk Road's use of all of Tor, Bitcoin escrow and feedback systems would set the standard for new darknet markets for the coming years. The shutdown was described by news site DeepDotWeb as "the best advertising the dark net markets could have hoped for" following the proliferation of competing sites this caused, and The Guardian predicted others would take over the market that Silk Road previously dominated.

The months and years after Silk Road's closure were marked by a greatly increased number of shorter-lived markets as well as semi-regular law enforcement take downs, hacks, scams and voluntary closures.

Atlantis, the first site to accept Litecoin as well as Bitcoin, closed in September 2013, just prior to the Silk Road raid, leaving users just one week to withdraw any coins. In October 2013, Project Black Flag closed and stole their users' bitcoins in the panic shortly after Silk Road's shut down. Black Market Reloaded's popularity increased dramatically after the closure of Silk Road and Sheep Marketplace; however, in late November 2013, the owner of Black Market Reloaded announced that the website would be taken offline due to the unmanageable influx of new customers this caused. Sheep Marketplace, which launched in March 2013, was one of the lesser known sites to gain popularity with Silk Road's closure. Not long after those events, in December 2013, it ceased operation after two Florida men stole $6 million worth of users' Bitcoins.

DOJ-OIG Audit (2020-12-18)

Since Silk Road

From late 2013 through to 2014, new markets started launching with regularity, such as the Silk Road 2.0, run by the former Silk Road site administrators, as well as the Agora marketplace. Such launches were not always a success; in February 2014 Utopia, the highly anticipated market based on Black Market Reloaded, opened only to shut down 8 days later following rapid actions by Dutch law enforcement. February 2014 also marked the short lifespans of Black Goblin Market and CannabisRoad, two sites which closed after being deanonymized without much effort.

November 2014 briefly shook the darknet market ecosystem, when Operation Onymous, executed by the United States' FBI and UK's National Crime Agency, led to the seizure of 27 hidden sites, including Silk Road 2.0, one of the largest markets at the time, as well 12 smaller markets and individual vendor sites. By September 2014, Agora was reported to be the largest market, avoiding Operation Onymous, and as of April 2015 has gone on to be the largest overall marketplace with more listings than the Silk Road at its height.

2015 would feature market diversification and further developments around escrow and decentralization.

In March 2015, the Evolution marketplace performed an "exit scam", stealing escrowed bitcoins worth $12 million, half of the ecosystem's listing market share at that time. The closure of Evolution led to a users redistributing to Black Bank and Agora. However Black Bank, which as of April 2015 captured 5% of the darknet market's listings, announced on May 18, 2015, its closure for "maintenance" before disappearing in a similar scam. Following these events commentators suggested that further market decentralization could be required, such as the service OpenBazaar, in order to protect buyers and vendors from this risk in the future as well as more widespread support from "multi-sig" cryptocurrency payments.

In April, TheRealDeal, the first open cyber-arms market for software exploits as well as drugs, launched to the interest of computer security experts. In May, varied DDOS attacks were performed against different markets including TheRealDeal. The market owners set up a phishing website to get the attacker's password, and subsequently revealed collaboration between the attacker and the administrator of Mr Nice Guy's market who was also planning to scam his users. This information was revealed to news site DeepDotWeb.

On July 31, the Italian police in conjunction with Europol shut down the Italian language Babylon darknet market seizing 11,254 Bitcoin wallet addresses and 1 million euros.

At the end of August, the leading marketplace Agora announced its imminent temporary closure after reporting suspicious activity on their server, suspecting some kind of deanonymization bug in Tor.

By October 2015, AlphaBay was recognized as the largest market. From then on, through to 2016 there was a period of extended stability for the markets, until in April when the large Nucleus marketplace collapsed for unknown reasons, taking escrowed coins with it.

On April 28, investigations into the Italian Darknet Community (IDC) forum-based marketplace led to a number of key arrests.

In May 2017, the Bloomsfield Market closed after investigations in Slovakia inadvertently led to the arrests of its operators. Later that month, the long-lived Outlaw market closed down citing a major bitcoin cryptocurrency wallet theft; however, speculation remained that it was an exit scam.

In July 2017, the markets experienced their largest disruptions since Operations Onymous, when Operation Bayonet culminated in coordinated multinational seizures of both the Hansa and leading AlphaBay markets, sparking worldwide law enforcement investigations. The seizures brought in lots of traffic to other markets making TradeRoute and Dream Market the most popular markets at the time.

In October 2017, TradeRoute exit-scammed shortly after being hacked and extorted.

In June 2018, the digital security organization Digital Shadows reported that, due to the climate of fear and mistrust after the closure of AlphaBay and Hansa, darknet market activity was switching away from centralized marketplace websites and towards alternatives such as direct chat on Telegram, or decentralized marketplaces like OpenBazaar.

In 2019 Dream Market was the most popular market by far, with over 120,000 current trade listings, followed at one time by Wall Street Market with under 10,000 listings. Dream Market was shut down in 2019, and Wall Street Market was seized by law enforcement in May 2019.

The May 2019 seizure of news and links site DeepDotWeb for conspiring with the markets created a temporary disruption around market navigation.

In 2021, authorities have taken down the largest dark web marketplace DarkMarket, along with arresting the Australian man who was believed to be the operator of the website. The 20 servers that hosted the website were seized.

In August 2021, AlphaBay was relaunched after the return of one of the original security administrators DeSnake.

Market features

Search and discussion

One of the central discussion forums was Reddit's /r/DarkNetMarkets/, which has been the subject of legal investigation, as well as the Tor-based discussion forum, The Hub. On March 21, 2018, Reddit administrators shut down the popular subreddit /r/DarkNetMarkets citing new changes to their content policy that forbids the sale of "Drugs, including alcohol and tobacco, or any controlled substances". This led to the rise of Dread, the dedicated darknet discussion forum and the news site Darknetlive.

Many market places maintain their own dedicated discussion forums and subreddits. The majority of the marketplaces are in English, but some are opening up in Chinese, Russian, and Ukrainian.

The dedicated market search engine Grams allowed the searching of multiple markets directly without login or registration.

Dark web news and review sites such as the former DeepDotWeb, and All Things Vice provide exclusive interviews and commentary into the dynamic markets. Uptime and comparison services provide sources of information about active markets as well as suspected scams and law enforcement activity. Due to the decentralized nature of these markets, phishing and scam sites are often maliciously or accidentally referenced.

After discovering the location of a market, a user must register on the site, sometimes with a referral link, after which they can browse listings. A further PIN may be required to perform transactions, better protecting users against login credential compromise.

Customer interactions

Flowchart of The Silk Road's payment system, produced as evidence in the trial of its owner.

Transactions typically use Bitcoin for payment, sometimes combined with tumblers for added anonymity and PGP to secure communications between buyers and vendors from being stored on the site itself. Many sites use Bitcoin multisig transactions to improve security and reduce dependency on the site's escrow. The discontinued Helix Bitcoin tumbler offered direct anonymized marketplace payment integrations.

On making a purchase, the buyer must transfer cryptocurrency into the site's escrow, after which a vendor dispatches their goods then claims the payment from the site. On receipt or non-receipt of the item users may leave feedback against the vendor's account. Buyers may "finalize early" (FE), releasing funds from escrow to the vendor prior to receiving their goods in order to expedite a transaction, but leave themselves vulnerable to fraud if they choose to do so.

Following Operation Onymous, there was a substantial increase in PGP support from vendors, with PGP use on two marketplaces near 90%. This suggests that law enforcement responses to cryptomarkets result in continued security innovations, thereby making markets more resilient to undercover law enforcement efforts.

Market types

Items on a typical centralized darknet market are listed from a range of vendors in an eBay-like marketplace format. Virtually all such markets have advanced reputation, search and shipping features similar to Amazon.com.

By 2015 some of the most popular vendors had their own dedicated online shops separate from the large marketplaces. Individual sites had returned to operating on the clearnet, with mixed success.

Some criminal internet forums such as the defunct Tor Carding Forum and the Russian Anonymous Marketplace function as markets with trusted members providing escrow services, and users engaging in off-forum messaging. In May 2014 the "Deepify" service attempted to automate the process of setting up markets with a SAAS solution; however, this closed a short time later.

Following repeated problems associated with centralized infrastructure, a number of decentralized marketplace software alternatives were set up using blockchain or peer-to-peer technologies, including OpenBazaar and Bitmarkets,

Vendors

To list on a market, a vendor may have undergone an application process via referral, proof of reputation from another market or given a cash deposit to the market.

Many vendors list their wares on multiple markets, ensuring they retain their reputation even should a single market place close. Grams have launched "InfoDesk" to allow central content and identity management for vendors as well as PGP key distribution.

Meanwhile, individual law enforcement operations regularly investigate and arrest individual vendors and those purchasing significant quantities for personal use.

A February 2016 report suggested that a quarter of all DNM purchases were for resale.

Products

An analysis of the defunct Evolution marketplace shows the different types of products and vendors on a market

Drugs

Whilst a great many products are sold, drugs dominate the numbers of listings, with the drugs including cannabis, MDMA, modafinil, LSD, cocaine, and designer drugs.

Personal information

Personally identifying information, financial information like credit card and bank account information, and medical data from medical data breaches is bought and sold, mostly in darknet markets but also in other black markets. People increase the value of the stolen data by aggregating it with publicly available data, and sell it again for a profit, increasing the damage that can be done to the people whose data was stolen.

Fraud and hacking services

Cyber crime and hacking services for financial institutions and banks have also been offered over the dark web. Markets such as AlphaBay Market have hosted a significant share of the commercial fraud market, featuring carding, counterfeiting and many related services. Loyalty card information is also sold as it is easy to launder.

Prohibitions and restrictions

Many markets refuse to list weapons or poisons. Markets such as the original Silk Road would refuse to list anything where the "purpose is to harm or defraud, such as stolen credit cards, assassinations, and weapons of mass destruction".

Later markets such as Evolution ban "child pornography, services related to murder/assassination/terrorism, prostitution, Ponzi schemes, and lotteries", but allow the wholesaling of credit card data.

The market in firearms appears to attract extra attention from law enforcement, as does the selling of other weapons such as certain types of knives and blades.

Market operations

Nachash, former proprietor of Doxbin, wrote a guide in early 2015 entitled So, You Want To Be a Darknet Drug Lord ...

Background research tasks included learning from past drug lords, researching legal matters, studying law enforcement agency tactics and obtaining legal representation. With regards to the prospective market's hosting, he recommends identifying a hosting country with gaps in their mutual legal assistance treaty with one's country of residence, avoiding overpriced bulletproof hosting and choosing a web host with Tor support that accepts suitably hard-to-trace payment. Patterns recommended to avoid include hiring hitmen like Dread Pirate Roberts, and sharing handles for software questions on sites like Stack Exchange.

He advises on running a secured server operating system with a server-side transparent Tor proxy server, hardening web application configurations, Tor-based server administration, automated server configuration management rebuild and secure destruction with frequent server relocation rather than a darknet managed hosting service. To protect against guard node deanonymization he recommends obfuscating traffic by investing in Tor relays which the market site will exclusively use.

For a local machine configuration he recommends a computer purchased for cash running Linux, using a local Tor transparent proxy. For operations security he suggests avoiding storing conversation logs, varying writing styles, avoiding mobile phone-based tracking and leaking false personal details to further obfuscate one's identity. Use of OTR and PGP are recommended.

He recommends verifying market employees carefully, and to weed out law enforcement infiltration through barium meal tests.

Law enforcement and intelligence agencies have expanded investigations of dark web markets,

Fraudulent markets

A large number of services pretend to be a legitimate vendor shop, or marketplace of some kind in order to defraud people. These include the notoriously unreliable gun stores, or even fake assassination websites.

Exit scams

Graphical illustration of the life-cycle of vendors

Centralized market escrow allows a market to close down and "exit" with the buyer's and vendor's cryptocurrency at any time. This has happened on several occasions such as with BlackBank, Evolution, and Wall Street Market.

Individual vendors often reach a point of reputation maturity whereby they have sold sufficient product reliably to have gained a significant reputation and accumulated escrowed funds; many may choose to exit with the funds rather than compete at the higher-volume higher-priced matured product level.

Commentary

In December 2014, an exhibition by Carmen Weisskopf and Domagoj Smoljo entitled "The Darknet: From Memes to Onionland" explored Darknet culture. This featured a bot called the "Random Darknet Shopper" which spent $100 in BTC per week on products listed on Agora. Their aim was to explore the ethical and philosophical implications of these markets, which, despite high-profile internationally co-ordinated raids, persist and flourish.

James Martin's 2014 book Drugs on the Dark Net: How Cryptomarkets are Transforming the Global Trade in Illicit Drugs discusses some vendors who are even branding their opium or cocaine as "fair trade", "organic" or sourced from conflict-free zones. In June 2015 journalist Jamie Bartlett gave a TED talk about the state of the darknet market ecosystem as it stood at the time.

According to 2014 studies by Martin Aldridge & Décary-Hétu and a January 2015 report from the Global Drug Policy Observatory, many harm reduction trends have been spotted. These include the reduced risks associated with street dealing such as being offered hard drugs. The vendor feedback system provides accountability for risks of mixing and side effects and protection against scammers. Online forum communities provide information about safe drug use in an environment where users can anonymously ask questions. Some users report the online element having a moderating effect on their consumption due to the increased lead time ordering from the sites compared to street dealing.

Professor for addiction research Heino Stöver notes that the shops can be seen as a political statement, advancing drug legalization "from below". The results of these markets are higher quality and lower prices of psychoactive substances as well as a lower risk of violent incidents. A number of studies suggest that markets such as Silk Road may have helped users reduce the harm caused by illicit drug use, particularly compared with street-based drug marketplaces. Examples include the sale of high-quality products with low risk for contamination (including lacing and cutting), vendor-tested products, sharing of trip reports, and online discussion of harm reduction practices. Some health professionals such as "DoctorX" provide information, advice and drug-testing services on the darknet. The quality of products is attributed to the competition and transparency of darknet markets which involve user feedback and reputation features.

Europol reported in December 2014, "We have lately seen a large amount of physical crime move online, at least the 'marketing' and delivery part of the business ... [Buyers can] get the illegal commodity delivered risk-free to a place of their choice by the mailman or a courier, or maybe by drone in the future, and can pay with virtual currency and in full anonymity, without the police being able to identify either the buyer or the seller."

In June 2015 the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) produced a report citing difficulties controlling virtual market places via darknet markets, social media and mobile apps. In August 2015 it was announced that Interpol now offers a dedicated Dark Web training program featuring technical information on Tor and cybersecurity and simulated darknet market takedowns.

In October 2015 the UK's National Crime Agency and GCHQ announced the formation of a "Joint Operations Cell" to focus on cybercrime. In November 2015 this team would be tasked with tackling child exploitation on the dark web as well as other cybercrime.

In February 2015, the EMCDDA produced another report citing the increased importance of customer service and reputation management in the marketplace, the reduced risk of violence and increased product purity. It estimated a quarter of all purchases were for resale and that the trend towards decentralization meant they are unlikely to be eliminated any time soon.

A June 2016 report from the Global Drug Survey described how the markets are increasing in popularity, despite ongoing law enforcement action and scams. Other findings include consumers making purchases via friends operating Tor browser and Bitcoin payments, rather than directly. Access to markets in 79% of respondents' cases led to users trying a new type of drug.

Size of listings

The size of the darknet markets economy can be problematic to estimate. A study based on a combination of listing scrapes and feedback to estimate sales volume by researchers at Carnegie Mellon University captured some of the best data. A reviewed 2013 analysis put the Silk Road grossing $300,000 a day, extrapolating to over $100 million over a year. Subsequent data from later markets has significant gaps as well as complexities associated with analysing multiple marketplaces.

  • 18,174 – October 2013, Digital Citizens Alliance, 13,472 of which were on Silk Road in November 2013
  • 41,207 – April 2014 Digital Citizens Alliance
  • 33,985 – May 2014 The Guardian via Reddit
  • 43,175 – July 2014 a report by the BBC
  • 65,595 – August 2014 Digital Citizens Alliance
  • 51,755 – December 2014 Digital Citizens Alliance
  • 68,835 – March 2015 (before Evolution scam), Digital Citizens Alliance
  • 68,322 – April 2015 (after Evolution scam)
10
20
30
40
50
October 2013
April 2014
August 2014
November 2014
March 2015
April 2015
  •   Silk Road
  •   Black Market Reloaded
  •   Sheep
  •   DeepBay
  •   Agora
  •   Pandora
  •   Evolution
  •   TOM
  •   Middle Earth
  •   Nucleus
  •   Abraxas
  •   Black Bank
  •   Alpha Bay
  •   Others

In fiction

In the episode "eps2.3_logic-b0mb.hc" (ep. 5 of season 2) of the drama–thriller television series, Mr. Robot, the protagonist, Elliot, is supposed to be repairing a Tor hidden site which turns out to be a darknet market called "Midland City" styled after the Silk Road for the sale of guns, sex trafficked women, rocket launchers, drugs and hitmen for hire.

In the 2016 movie Nerve starring Emma Roberts and Dave Franco, the dark web plays a major role.

In Grand Theft Auto Online, players who purchase warehouses and garages for illicit cargo and stolen cars can buy/steal and sell them through trade on the "SecuroServ" syndicate website. After the Biker DLC, players can now purchase buildings for illegal drugs and counterfeit products manufacture, and distribute them through a darknet website called "The Open Road" where law enforcement cannot be notified of the player's trade.

In the first arc of the anime series Lupin the 3rd Part V, Lupin III steals digital currency from the "Marco Polo" darknet market.

Pluto

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Pluto 134340 Pluto Pluto, imaged by the New Horizons spac...