We’ve all heard the phrase: “When one door closes, a window opens.” You can bet that as you’re reading this, those engaged in cyber crime on the dark web are looking for that next ‘market place window’ to open.
The takedown of AlphaBay by an international law enforcement investigation, followed soon thereafter by the takedown of Hansa, has left many wondering about the future of dark web market places. An erosion of trust in these more established marketplace models will likely derail efforts by others to fill the void quickly. But the fact remains, sellers still need to find customers and customers still need access to illicit goods and services. So what’s next for illegal, online trade?
As I’ve discussed before, it is important to remember that criminal activity isn’t limited to the dark web, particularly given the fact that some countries don’t extradite cybercriminals. This is especially the case with more sophisticated level Russian-speaking criminals. With minimal consequences, bad actors have no incentive to hide. As a result, cybercrime is an Internet-wide problem, almost equally present on the deep and open web.
That said, it’s also safe to assume that disillusioned buyers are seeking alternative, more secure and anonymized methods for conducting online transactions via the dark web. Despite the popularity and convenience of AlphaBay for selling drugs and credit card information, for years cybercriminals selling sensitive data or malware variants frequently opted for direct peer-to-peer (P2P) communication and relationships made on specialized forums. The P2P model provides more control and helps safeguard against exit scams and loss of funds, which weighed heavily on vendors and customers.
We’re now seeing a more “formalized” approach to this method of trade. One of the first fully-decentralized P2P marketplaces is known as OpenBazaar, an open source project that allows the unrestricted sale of goods between anonymous buyers and sellers. OpenBazaar is accessed through a front-end client that can be freely downloaded from the project website. All transactions are made using Bitcoin and are recorded on the project Blockchain as cryptographically signed smart contracts. This addresses problems with user trust; if all transactions are permanently recorded, vendors who attempt to scam buyers can be more easily identified. Furthermore, platform operators have no control over listings and the platform is split among many nodes, making it highly resilient to law enforcement takedowns or attacks by other criminal actors.
The success of these new marketplaces remains to be seen and depends on these five drivers:
1. Adoption – Blockchain projects are not yet mainstream and are not widely understood. These platforms must become more commonly used before criminal actors will trust and embrace them.
2. Content control – Lack of centralized control is a double-edge sword, it makes the platform resilient but it also means there is less control over the material uploaded, opening up the door to material that even criminal actors find objectionable. Marketplaces that implement some level of content control will be more attractive.
3. Vendor attraction – Customers want to shop at marketplaces with successful vendors. Those market places that attract prominent vendors will naturally become more popular.
4. Secure communications – Blockchain-based platforms publicly record all messages, complicating private messaging between users. Platforms that can integrate secure messaging systems without compromising performance will attract more criminal actors.
5. User experience – As with all shopping experiences, marketplaces that can establish stable, feature-rich interfaces that seamlessly integrate payment platforms (in this case cryptocurrency platforms) will entice more users.
The emergence of decentralized marketplaces within the criminal ecosystem poses significant challenges for law enforcement agencies and private security vendors. Although public blockchains can be freely mined for data, the very high volume of content is likely to make parsing this information and developing actionable intelligence very technically and logistically challenging. Furthermore, previous law enforcement operations targeting criminal marketplaces or forums have tended to revolve around targeting site operators or geo-locating servers and conducting raids; neither of these would likely be effective for targeting a decentralized platform. In this scenario, it would be more effective to target individual prominent vendors or vendor networks and attempt to identify and locate them, admittedly a more piecemeal approach.
Decentralized marketplaces are not yet the dominant model, with many buyers and sellers having moved to Dream marketplace. However, there is growing interest in this model and we’ll be keeping tabs on what forms they will take, as well as how law enforcement and security researchers will overcome the challenges they present.