A three-week long wave of cyberattacks against several popular dark web marketplaces has left the notorious underground e-commerce economy drenched in uncertainty and wondering if, like earlier this year, this is a prelude another round of arrests.
Just two months after police brought down a slew of the most well-known dark web markets, those left standing can’t quite figure out — nor defeat — who has been behind a three-week long denial-of-service offensive that’s knocked their sites offline.
As if looking to further stoke fear and uncertainty, Deputy Attorney General Rod Rosenstein recently spoke in Washington, D.C. on how the Department of Justice is continuing to target crime on the dark web.
Paranoia haunts the mood of those who remain as many wait for the next looming law enforcement sting. Those actions have sown a deep distrust among the markets’ purveyors and customers, whom are often looking for drugs, malware, stolen data, exploitation material and other ways to commit fraud. This is on top of a customer base that already goes to great lengths to conceal identity, hiding behind anonymization technology like the Tor browser, and paying for wares via cryptocurrencies like Bitcoin and Monero.
The turbulence these dark web marketplaces have dealt with beyond the arrests has been unprecedented. Scams and cyberattacks are common, as those looking to replace the reliable crime superstores of the past are struggling. To top it off, a new class of scammers is seizing on the chaos, launching phishing attacks to steal cryptocurrency from the dark web’s faithful.
“This year turned things the other way around,” one dark net market customer lamented on a subreddit dedicated to the marketplaces. “It is like a dead place now to be very honest. Sales have dropped, there are more scammers in the market now, people are losing their money or assets, most of the good vendors are gone, people are scared.”
There are “a few hints but definitely more questions than answers,” Emily Wilson, a researcher at Terbium Labs, told CyberScoop. “We know the markets are being DDoSed, we know it’s a fairly coordinated effort. It’s been going on for two weeks now.”
The attackers have made what some forum administrators call “silly demands,” implying that lucrative extortion is the goal. The latest incident echoes past incidents, like the 2013 denial of service attack against Silk Road when hackers successfully made the market pay a ransom in order to for attacks to stop.
But more recent history shows AlphaBay, the largest dark web market for a period of around three years, went dark for nearly two weeks before it was revealed that an international law enforcement operation was behind the outage.
One result of the attacks are increasing distrust of centralized markets. Instead of sticking to the big players, dark web dwellers are now following smaller, speciality vendors to get their malware, fraudulent data and drugs.
The impact has been uneven. The drug market has been hit hardest, but crooks selling fraud and malware have carried on with little downtime in large part because those economies also operate on the public web.
To deal with the denial-of-service attacks, some markets have put up site mirrors at different addresses. The tactic makes it more difficult for attackers to hit a moving target, but it also makes it easier for phishing scams to fool victims who don’t know which market is real or fake.
“We can’t expect to see nine markets DDoSed forever,” Wilson said. “It depends on who is behind it. The fact that the DOJ has made hardline remarks about going after the dark net makes me think we’ll see increased instability over the coming months and years. The question then is, are people going to pop up new markets and take their chances? Will we see more peer to peer trade? We’re all waiting to see.”
If a mountain of unanswered questions looms over the dark web, at least one has been answered.
“The question we all had six months ago was, ‘Are we going to see another AlphaBay pop up quickly?’” Wilson said. “The answer is no.”