Dark Web Down But Not Out

The black market took a hit when, in July, law enforcement took down two of the biggest dark web marketplaces, AlphaBay and Hansa Market. AlphaBay went down first, with Hansa not far behind – authorities had apparently been operating Hansa since June, and used the influx of traffic from the shuttered AlphaBay to catch more criminals before taking down the site.

AlphaBay and Hansa Market were exclusive marketplaces where criminals could transact anonymously behind the scrims of special software called Tor and the hard-to-trace blockchains that power cryptocurrencies like bitcoin. They were places where criminals could buy things like illegal firearms, drugs and tools for launching cyberattacks, such as botnets.

The takedown has sown chaos into that community, with criminals unsure where to turn and who to trust. But Marc Laliberte, a WatchGuard threat researcher, doesn’t think the lull will last.

“It always comes back,” Laliberte said. After the original dark web marketplace “Silk Road got shut down, it came back as Silk Road 2 and Silk Road 3. They just keep popping up with new individuals trying to make a quick buck with transaction fees. But there’s more distrust every time, and more calls for operational security.”

Therefore, said Laliberte, whatever new marketplace fills the void will probably look a little different. At the minimum, it will probably have more verification steps for identifying specific individuals on sites (this despite the fact that the dark web can only be accessed using identity-masking software). Whoever owns and operates the new website will probably want increased security, said Laliberte, which could be achieved through an open source-backed site or other means.

Such an emphasis on security and verification would probably transform the dark marketplace shopping experience, which to date has involved a lot of careful sifting through the weeds to find products that are legitimate, said Laliberte.

PYMNTS has previously called AlphaBay the “Amazon of the dark web,” but perhaps it would be more appropriate to compare it to Craigslist, where every listing must be taken with a grain of salt, and the inexperienced user can be easily snared. On the dark web, some of those false listings come from law enforcement trying to bait criminals. Others, said Laliberte, are hackers hacking hackers, preying on those who don’t know any better to scam them out of a few bitcoins.

It’s not that these sites didn’t have security or verification before. Similar to eBay, AlphaBay had rating systems, so if a drug dealer sold amphetamines that were found to be laced, he would be banned from the site. Hansa actually banned the sale of the deadly synthetic opioid fentanyl altogether shortly before law enforcement took it down.

“It’s more illicit things they’re dealing with, but there’s still some review of purchase and sellers,” said Laliberte. “They’re not bad people; they don’t want to kill people. They’re just in an illegal profession.”

If there are people like Laliberte and law enforcement officials watching the dark web, then how does a site like AlphaBay ever succeed? Why doesn’t it just get taken down immediately? Laliberte said that it can be difficult to trace ownership of dark web marketplaces, and until the authorities have found the person behind the operation, they may allow business to continue as usual.

In the case of AlphaBay, it was a header in a 5-year-old password reset email that finally led to administrator Alexandre Cazes. The header contained a personal email address, said Laliberte – a small slip-up that cost Cazes the entire operation in the end.

The alternative is that authorities may do what they did with Hansa and use a marketplace to track criminals and make arrests. Laliberte said that’s probably how Marcus Hutchins, the hacker who found the kill switch domain for the WannaCry ransomware, got linked to the banking malware Kronos, leading to his arrest. He predicts that there will be more arrests like that in the near future as authorities sift through the information they’ve collected.

All of that has left the criminal community a bit more cautious than before, but it doesn’t mean they’ll change their ways.

“People are taking a step back until things blow over,” said Laliberte, “but I don’t see it going away ever.”