sb-eu logo
Story image

Two dark web markets shut down but expert says ‘one door closes, a window opens’

22 Aug 2017

There is no doubt – the foundations that support dark web marketplaces as a crucial cog of illicit trade are unsteady.

According to Digital Shadows CEO and co-founder Alastair Paterson, the recent takedown of AlphaBay by an international law enforcement investigation, followed soon thereafter by the shutdown of Hansa has left many wondering about the future of dark web marketplaces.

“An erosion of trust in these more established marketplace models will likely derail efforts by others to fill the void quickly,” says Paterson.

However, Paterson uses an old phrase to illustrate the situation: ‘When one door closes, a window opens.’

“You can bet that as you’re reading this, those engaged in cyber crime on the dark web are looking for that next ‘market place window’ to open,” Paterson says.

“The fact remains, sellers still need to find customers and customers still need access to illicit goods and services.”

Paterson says that while it is important to note that cybercrime isn’t limited exclusively to the dark web (particularly given the fact some countries don’t extradite cybercriminals), it’s safe to assume that disillusioned buyers are actively seeking alternative, more secure and anonymised methods for conducting transactions via the dark web.

“Despite the popularity and convenience of AlphaBay for selling drugs and credit card information, for years cybercriminals selling sensitive data or malware variants frequently opted for direct peer-to-peer (P2P) communication and relationships made on specialised forums,” says Paterson.

“The P2P model provides more control and helps safeguard against exit scams and loss of funds, which weighed heavily on vendors and customers.”

A more formalised approach to this method of trade has emerged, according to Paterson, with one of the first fully decentralised PTP marketplaces known as OpenBazaar, an open source project that allows the unrestricted sale of goods between anonymous buyers and sellers.

“OpenBazaar is accessed through a front-end client that can be freely downloaded from the project website. All transactions are made using Bitcoin and are recorded on the project Blockchain as cryptographically signed smart contracts,” says Paterson.

“This addresses problems with user trust; if all transactions are permanently recorded, vendors who attempt to scam buyers can be more easily identified. Furthermore, platform operators have no control over listings and the platform is split among many nodes, making it highly resilient to law enforcement takedowns or attacks by other criminal actors.”

The emergence of these decentralised marketplaces within the criminal underworld poses significant challenges for law enforcement agencies and private security vendors.

Paterson says the although public blockchains can be freely mined for data, the very high volume of content is likely to make parsing this information and developing actionable intelligence very technically and logistically challenging.

“Furthermore, previous law enforcement operations targeting criminal marketplaces or forums have tended to revolve around targeting site operators or geo-locating servers and conducting raids; neither of these would likely be effective for targeting a decentralised platform,” says Paterson.

“In this scenario, it would be more effective to target individual prominent vendors or vendor networks and attempt to identify and locate them, admittedly a more piecemeal approach.”

Paterson says decentralised marketplaces are not yet the dominant model, with many buyers and sellers have moved to Dream marketplace.

“However, there is growing interest in this model and we’ll be keeping tabs on what forms they will take, as well as how law enforcement and security researchers will overcome the challenges they present,” Paterson concludes.

Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More