There is no doubt – the foundations that support dark web marketplaces as a crucial cog of illicit trade are unsteady.
According to Digital Shadows CEO and co-founder Alastair Paterson, the recent takedown of AlphaBay by an international law enforcement investigation, followed soon thereafter by the shutdown of Hansa has left many wondering about the future of dark web marketplaces.
“An erosion of trust in these more established marketplace models will likely derail efforts by others to fill the void quickly,” says Paterson.
However, Paterson uses an old phrase to illustrate the situation: ‘When one door closes, a window opens.'
“You can bet that as you're reading this, those engaged in cyber crime on the dark web are looking for that next ‘market place window' to open,” Paterson says.
“The fact remains, sellers still need to find customers and customers still need access to illicit goods and services.
Paterson says that while it is important to note that cybercrime isn't limited exclusively to the dark web (particularly given the fact some countries don't extradite cybercriminals), it's safe to assume that disillusioned buyers are actively seeking alternative, more secure and anonymised methods for conducting transactions via the dark web.
“Despite the popularity and convenience of AlphaBay for selling drugs and credit card information, for years cybercriminals selling sensitive data or malware variants frequently opted for direct peer-to-peer (P2P) communication and relationships made on specialised forums,” says Paterson.
“The P2P model provides more control and helps safeguard against exit scams and loss of funds, which weighed heavily on vendors and customers.
A more formalised approach to this method of trade has emerged, according to Paterson, with one of the first fully decentralised PTP marketplaces known as OpenBazaar, an open source project that allows the unrestricted sale of goods between anonymous buyers and sellers.
“OpenBazaar is accessed through a front-end client that can be freely downloaded from the project website. All transactions are made using Bitcoin and are recorded on the project Blockchain as cryptographically signed smart contracts,” says Paterson.
“This addresses problems with user trust; if all transactions are permanently recorded, vendors who attempt to scam buyers can be more easily identified. Furthermore, platform operators have no control over listings and the platform is split among many nodes, making it highly resilient to law enforcement takedowns or attacks by other criminal actors.
The emergence of these decentralised marketplaces within the criminal underworld poses significant challenges for law enforcement agencies and private security vendors.
Paterson says the although public blockchains can be freely mined for data, the very high volume of content is likely to make parsing this information and developing actionable intelligence very technically and logistically challenging.
“Furthermore, previous law enforcement operations targeting criminal marketplaces or forums have tended to revolve around targeting site operators or geo-locating servers and conducting raids; neither of these would likely be effective for targeting a decentralised platform,” says Paterson.
“In this scenario, it would be more effective to target individual prominent vendors or vendor networks and attempt to identify and locate them, admittedly a more piecemeal approach.
Paterson says decentralised marketplaces are not yet the dominant model, with many buyers and sellers have moved to Dream marketplace.
“However, there is growing interest in this model and we'll be keeping tabs on what forms they will take, as well as how law enforcement and security researchers will overcome the challenges they present,” Paterson concludes.