Threat Intelligence On Vice Society’s Dark Web Footprint
Understanding the Situation: Why Are All the Darknet Markets Down?
As a billion dollar industry dealing in illicit goods, dark web markets are a great concern for governments. US agencies, like the FBI, are constantly working with international law enforcement agencies to stop the growth of dark web markets all over the globe. “Fraud shops are a unique segment of darknet markets that sell compromised data such as stolen credit card information and other forms of personally identifying information (PII) that can be used for fraudulent activity,” Chainalysis explained. Though Dream Market has been around for 6 years, Dark Web marketplaces are typically short-lived.
In [14] Me and Pesticcio analyze 14 Tor marketplaces and derive connections between those by identifying PGP keys used by vendors in multiple marketplaces. Georgoulias et al. investigate 41 marketplaces and 35 vendor shops and also analyze discussions within forums of those marketplaces in [10]. Most darknet marketplaces first show a specific type of captcha before allowing access to the site, usually in order to protect against DDoS attacks and automated web crawling. After solving the captcha, the user can continue to login or register an account. New users can register as customer or vendor by providing a username, a password, and typically a PIN to withdraw deposited funds.
The recent wave of darknet market shutdowns has sparked interest and concern among users and observers alike. This article delves into the factors contributing to the question: why are all the darknet markets down?
Tor, short for “The Onion Router,” routes internet traffic through a global network of volunteer-operated servers to anonymize a user’s online activity. This technology initially had noble intentions, aiming to protect activists, whistleblowers, and individuals in repressive regimes. However, it soon became a double-edged sword as malicious actors began to exploit its capabilities for illicit purposes.
Upon sale, the vendor would send the buyer geographic coordinates and a picture of where their well-hidden purchase could be found. Hydra Market led the way once again as the highest-earning darknet market in 2022, even though it was sanctioned by OFAC and shut down in a joint U.S.-German operation in April — no other market beat the revenue lead it built up in those four months. As we’ll explore later, the three next-highest earning markets of the year — Mega Darknet Market, Blacksprut Market, and OMG! Market — all gained their initial market share in the wake of Hydra’s collapse, with on-chain data suggesting these markets made concerted efforts to attract former Hydra users and vendors. So far, 2023 has presented darknet drug markets with a number of challenges – however, their ability to bounce back despite these clearly shows they won’t be going anywhere anytime soon.
Some of these sites have turned to influencers to boost their publicity campaigns. Earlier this month a Kraken employee told Russian news website Lenta.ru that the market had a dedicated PR department. For a local machine configuration he recommends a computer purchased for cash running Linux, using a local Tor transparent proxy. For operations security he suggests avoiding storing conversation logs, varying writing styles, avoiding mobile phone-based tracking and leaking false personal details to further obfuscate one’s identity.
- Not only did Brian’s Club publish ads on the main pages of XSS, but they also put down some money to become the official sponsor of Omerta – a popular underground forum focusing on credit card trading – a position that was held by Joker’s Stash only a year ago.
- Table 7 shows the prices for all counterfeit listings (offers) as customers can see them on the markets.
- Hansa, unbeknownst to its customers, had also been taken over by law enforcement, but it continued to operate under the control of the Dutch National Police for at least one month before it was also shuttered.
This suggests some continuity in the financial infrastructure of funds leaving darknet vendors following the takedown. However, 334 cash-out service entities (mainstream exchanges, high-risk exchanges and mixers) that received funds from both Hydra and its top five successors (Mega, Blacksprut, OMG!OMG!, Kraken and Solaris) showed an overlap of just under 50 percent. Given that these stores often operate under new names, it is difficult to assess with absolute certainty whether they were present on Hydra or just planting the reviews for publicity. However, Flashpoint’s cryptocurrency analysis performed in September 2022 found that some of the exchanges that received funds from Hydra (e.g. Bitzlato, MINE exchange, Bitpapa,) were also receiving funds from OMG! TRM Labs adds that eight of the top 10 mainstream exchanges that received funds from Hydra before its shutdown also received funds from its successor entities over the subsequent year. L; 5,030 on Mega; 4,849 on Solaris; 4,313 on Blacksprut; and 2,095 on Kraken, which was a late addition to the competition.
Factors Contributing to the Shutdown
Several dynamics can lead to the closure of these clandestine markets:
- Law Enforcement Actions: Increased pressure from government agencies worldwide often results in coordinated crackdowns on illegal online activities.
- Server Seizures: Authorities have the technical ability to seize the servers that host these marketplaces, leading to immediate downtime.
- Internal Issues: Market operators may encounter financial difficulties, exit scams, or operational failures that cause the markets to shut down abruptly.
- Cyber Attacks: DDoS (Distributed Denial of Service) attacks can temporarily or permanently disable server functions.
- Market Saturation: With numerous platforms available, some markets may struggle to maintain user interest, leading to closures.
Impact of Market Shutdowns
The closure of darknet markets has several implications for users and the broader landscape of online illegal activities:
- User Lost Access: Regular users may find themselves without a reliable source for illicit goods or services.
- Increased Prices: The reduced supply can drive prices up on remaining markets.
- Shift to Alternative Platforms: Users may migrate to alternative darknet markets, which could also face scrutiny.
- Change in Tactics: Sellers may move to more secure venues or employ different methods for engaging with customers.
FAQs About Darknet Market Closures
1. Why are all the darknet markets down simultaneously?
A simultaneous shutdown may result from coordinated law enforcement actions targeting multiple platforms, or it could be due to shared vulnerabilities exploited by attackers.
2. When can we expect these markets to come back online?
The return of these markets is uncertain and can depend on various factors, including market operators’ decisions to resume operations and the ongoing pressure from law enforcement.
3. Are the remaining darknet markets safe to use?
No darknet market can guarantee complete safety. Users should be aware of the risks of scams, law enforcement actions, or technical issues.
4. What should users do during this downtime?
Users might consider research on upcoming markets or explore alternative platforms. However, caution is advised when navigating these environments.
Conclusion
While the question why are all the darknet markets down suggests a sudden vacuum in the availability of illicit goods and services, understanding the underlying causes reveals the complex interplay between criminal activity and law enforcement. The future of these markets remains uncertain as both users and operators navigate this challenging landscape.
