[Reading Time - 3 minutes 37 seconds]
The dark web is most often seen as a place where cybercriminals can buy stolen credit card numbers, order drugs or guns, and trade tips with others. And by some estimates almost two-thirds of all dark web sites are involved in some type of illegal activity. Security researchers have recently seen a change in these dark web platforms and how they are evolving to stay ahead of the law while still serving their customers.
Cybercriminals today use the web for two primary purposes (other than to launch attacks). The first usage is to participate in "underground hacker forums" in which the cybercriminals exchange information on the latest vulnerabilities and attack techniques, and often trade attack tools with each other. They may even offer their services for hire, such as launching a ransomware attack.
The second usage of the web by cybercriminals is as a black market to sell stolen or illicit goods. Over time these have evolved as new technologies have been introduced and as the cybercriminals attempt to thwart new techniques used by law enforcement.
In the early days of online black markets (mid-1990's to 2008) cybercriminals used the same web as we do today for their sales; however, they tried to make their sites hidden by preventing their web site's content from being discovered and indexed by search engines. But during this time most of the online black markets only did business in a specific geographic location. That's because delivering the illicit goods and receiving payments required a face-to-face meeting between the buyer and the seller (cybercriminals required cash because credit cards could be traced).
Around 2008 these online black markets started to evolve based on new technologies. TOR and similar anonymous networks enabled cybercriminals to push their sites down to the dark web. And the introduction of bitcoin, one of the first decentralized digital currencies, no longer made it necessary for cash to trade hands. Also, cybercriminals started using standard postal (USPS) or parcel delivery services (UPS, FedEx, DHL) to ship their goods. This made any physical interaction between the buyer and the seller unnecessary while opening up online black markets to customers around the world.
But there are two major problems with the dark web marketplaces.
One problem is the platform that is required. In order to keep things private on these dark net marketplaces it is necessary to use TOR or a similar anonymous network. Whereas this creates a barrier of entry that prevents casual web surfers from snooping around these dark web marketplaces, it also is a barrier for many customers who want to buy illicit goods. In addition, accessing the dark web requires a desktop or laptop computer; mobile devices like smartphones or tablets cannot conveniently access this dark web.
Another problem is that dark web marketplaces, while keeping out casual users, can still be infiltrated by law enforcement agencies. These agencies can mask their true identities and pretend to be buyers or even sellers (setting up a "sting" operation) while gathering evidence. They can then bring it to a court that will approve "pulling the plug" on a dark web marketplace. This results in money and goods being locked up and inaccessible to the cybercriminals. And because packages are shipped using public carriers, these can also be traced or intercepted by law enforcement.
First, cybercriminals are turning to private services like Telegram instead of using the dark web and TOR. Telegram is a messaging app in which you can create groups to send and receive messages, photos, videos and files of virtually any type (it is advertised as the best of text messaging and email combined). You can also create channels for broadcasting to unlimited audiences. And of course, it's completely encrypted end-to-end. Cybercriminals can communicate directly with their customers, and repeat customers are given access to specialized Telegram channels. And these channels can be controlled by automated bots, so the buyer does not even have to spend time interacting with customers.
A second feature of these new dark net marketplaces is they no longer use standard postal or parcel delivery services for shipments. Instead, "dead drops" are used. A third-party "mule" is paid to take the merchandise to a publicly accessible location like a park and hide it in a specific spot. The buyer is given the location to pick up the merchandise. This has several advantages. It allows the buyer to remain anonymous (he doesn't have to give his mailing address to the cybersecurity seller and hope that it is kept confidential). The buyer can also receive the goods more quickly (he doesn't have to wait for a delivery), and it can thwart law enforcement from tracing or seizing questionable shipments. And a mule can make multiple drops in a single visit to a park, serving a large number of customers at one time.
By using apps like Telegram and dead drops everyone involved can remain isolated from each other. Without any interaction, it makes it much harder for law enforcement to identify any of the members involved in a transaction, and even if they do, there is nothing to link that one person back to anyone else. This new type of organizational structure is called a "dropgang."
The dark web marketplace is not going away anytime soon, but it is continuing to evolve to serve its customers while keeping ahead of law enforcement.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.