Black markets on the darknet are consistently getting attacked, and this raises questions about anonymity on the platform. But who is behind these cyber-attacks? No doubt, supremacy battles within the darknet as well as state infiltration have a significant share of the blame. Baltimore-based IT security system researcher Emily Wilson has been keeping up with the trend.
Emily admits that there is someone out to meddle with the deep web. The drugs, data, weapon and child pornography trade causes allure to many stakeholders and security organs. The darknet drug trade continues to rise globally.
Speaking to Wired, Emily Wilson- a senior analyst at Terbium Labs- says “Unknowns are using DDoS attacks to hit the remaining nine hypermarkets.”
She also notes that the servers to darknet marketplaces such as Tochka, Trade Route, Wall Street and Dream Market are already overburdened. The majority of their central pages stay offline most of the hours. Sources privy to Emily explain that the platforms are under consistent attack. The companies have similar messages for their users. They claim that they are doing everything to keep the trade going, but; “somebody is acting in a coordinated manner” to thwart their progress.
Although Emily has closely observed darknet markets that rely on Tor’s encrypted connection (and seen them come and go), the current attacks are new, even to her.
“The deep web and its markets have escalated to a technological arena of cat and mouse games,” she says.
Just as hackers have launched DDoS attacks in Europe, she says that investigators could also be using the same tactics to launch similar attacks on these darknet stores to hunt for their operators and traders. Then, the markets may be fighting each other for influence. So, researchers like Emily Wilson are trying to find out who the attackers are, what their aims are and how the deep web could be affected.
Emily observes that whenever the attacks occur, the ultimate losers are the users, especially if they have already invested in the trade. Their identities, too, become available for authorities.
She gives an example of AlphaBay going offline on July 4th, 2017. Alphabay users lost vast sums of money after the site went offline. The site provided a bitcoin wallet from which all transactions were made. The attack left all cash at stake, and the users counted huge losses.
But the massive traffic shifted to other competitor sites. Hansa and Dream Market received large streams of visitors, and they just couldn’t keep up. In fact, Hansa went public to say “Due to the influx of Alpha Bay refugees, we have a few technical problems to fix.” As a result Hansa temporarily closed its registration forum.
The people who were flocking to the Hansa website did not know that the site had been in the hands of the Dutch government since June 20th the same year. As the ‘refugees’ were desperately in search of a new platform, they did not know that they were landing into a planned trap.
According to Europol chief Rob Wainwright, there was an ‘eight-fold increase in new users’ on Hansa after the cancellation of AlphaBay. “They flocked to Hansa in droves,” he said.
The investigators pretended to be customers on the site and continued ordering for products. This exposed drug deals and wholesalers were quickly identified. In the end, 10,000+ addresses of Hansa users were later exposed and forwarded to Europol.
July 20th, 2017 saw the international security organs make an official announcement on the fall of Hansa and Alphabay. The target was to end the darknet drug trade and hunt the perpetrators. According to the American Department of Justice, Alphabay had about 350,000 products, as well as fake ID cards, software and contrabands. Silk Road, another darknet market that met its end in 2013 November, had 14,000 products offered.
Today, the security organs still spy on buyers and sellers on the darknet. Their attention is on those who deal in illegals. In Germany, the espionage intensified after the Munich shootouts 2016 where the perpetrator allegedly bought the gun after accessing the deep web.
With the intensified attacks on the dark web marketplaces, the black economy tends to be crumbling. The majority of smaller markets such as Dream Market are working hard to fit in the gap. However, there’s uncertainty among most users. Furthermore, Dream Market is unstable, lacks an active customer support and contains malware.
Chief IT Inspector Peter Vahrenhorst says that police are concerned about arresting the culprits and not damaging their servers. He admits that the TOR network keeps on evolving and the security agencies want to keep up with the technology. Vahrenhorst says that the majority of enthusiasts now prefer a P2P business to a central platform.
An example of a P2P trading platform is the OpenBazaar software that allows buyers and sellers to connect directly. The open source project has no central server, intermediary or organization to control the marketplace. Although the platform is not a darknet site, the products sold depend on the sellers. But they’ll still appear on the regular search engines.
Although the security agencies are always a step ahead, Christian Ruckert says “the black market is not finished.” The cybercrime researcher at the International Criminal Law Research Unit on Darknet and University of Erlangen doubts the DDoS attacks are from the security agencies. He says that the international law does not allow server attacks on foreign countries.
Considering such factors, Emily Watson notes that the attacks are selective and only target drug trades, suspiciously ignoring fraud, malware, and security holes. The drug market, she says, is less politically charged. So, she believes that the recent major attacks on darknet marketplaces are a result of supremacy battles. Martin Dittus, a Darknet researcher at the Oxford Internet Institute, agrees with Emily and says “a market is working to achieve a monopoly and is using blackmail.”