If you read the first two posts in this series, you have an idea about what the darknets are and how the Tor network functions. (Here are the links to the previous posts, if needed: “Darknets: What You Need To Know” and “Darknets: The Mysterious Technology Explained, Part I.”)
Many people want to know the answers to these questions:
How does a buyer pay for darknet services or merchandise?
Darknet vendors usually accept only digital currencies and, in the past, Bitcoin has been the primary method of payment.
The use of these “alt coins” is growing dramatically, creating more challenges for darknet investigations.
How can a buyer trust a darknet vendor?
Most darknet sites allow both buyers and sellers to rate each other. This can build “social validation” for vendors who receive high ratings from previous buyers.
A high vendor rating might even allow a vendor to charge higher prices than a competitor.
For the other side of the transaction, high ratings for frequent buyers might result in special offers or discounts for future purchases.
Even with social validation, how many buyers would be willing to send payment to a vendor with no guarantee that he would receive his merchandise?
Many darknet markets solve this by serving as an escrow agent. The market operators will hold the payment until the buyer notifies them that he has received the merchandise. Payment is then forwarded to the vendor.
However, both parties in the transaction must also trust the darknet market operators. There have been cases where the operators suddenly closed the market and disappeared with the funds being held in escrow, never to be heard from again.
This happened with a previous popular darknet named Evolution, where the operators disappeared with over $12 million USD in Bitcoin, and have never been found.
PLEASE NOTE: At the request of our web hosting provider, all personal information in the images displayed in this post has been removed, including the darknet names of the vendors or any of their contact information. We are not promoting their products nor are we encouraging the use of darknets for illegal activities. We strongly believe that increasing awareness will help educate investigators and law enforcement professionals who were not already familiar with this area.
Criminal Activity on the Darknets
The sale of drugs probably generated the most publicity about criminal activities on Tor.
The Silk Road was the first major darknet marketplace to gain the attention of the international press. Silk Road was in operation from 2010 through October 2013. At the time it was shut down, the site had over 950,000 registered users and over 100,000 registered buyers.
According to a federal indictment, during the time period from February 2011 through July 2013, the site processed over $1.2 billion (USD) in transactions, and the operators of the site earned almost $80 million (USD) in fees.
Silk Road was the first major darknet market to have features such as buyer and seller ratings, a consolidated shopping cart, and a very user-friendly interface. The operators of the marketplace also acted as escrow agents for the transactions.
For a more detailed story about Silk Road, you might be interested in reading “The Rise and Fall of Silk Road” by Joshua Davis and Steven Leecart published in Wired magazine.
Since Silk Road was shut down in late 2013, numerous other darknet marketplaces have been created to provide similar products and services.
There are too many darknet marketplaces and individual vendor sites for us to cover here, but here are some examples of the type of merchandise available.
Almost every type of narcotic and banned substance is available from a darknet market. Products include, but are certainly not limited to:
There is a source for almost any drug that you can name from either numerous darknet markets or individual vendor sites.
Here are a couple of interesting items about darknet drug sales.
During the Silk Road investigation, law enforcement conducted over 100 covert purchases of drugs from various vendors. After delivery of the order, many of the drugs were sent to a laboratory for analysis. Surprisingly, the analysis indicated very high quality, even compared to street drugs.
Judith Aldridge, a law professor at the University of Manchester, and David Decary-Hetu, a criminologist at the University of Lausanne, published an interesting academic paper, titled: “Not an ‘eBay for Drugs’: The Cryptomarket ‘Silk Road’ As a Paradigm Shifting Criminal Innovation.”
Their hypothesis was that the darknet drug trade might actually reduce real-world drug-related violence.
If you think about it, in these transactions the identity and location of both buyer and seller are unknown. Where is the potential for violence? How could another vendor or group use violence to eliminate a darknet competitor when one doesn’t know who or where the other is?
It is an interesting topic to consider.
I have seen many vendors who offer a wide range of weapons, from handguns to military-grade arms and explosives.
Opinions on some darknet forums claim that there are no legitimate weapons vendors on the darknet, and all of them are scams.
However, there have been arrests of darknet vendors dealing in weapons of all types.
One past vendor claimed to be a legitimate gun dealer located in the mid-western United States. He sold all types of weapons, even offering to de-serialize the weapon and disassemble it so that the individual parts could be shipped separately.
How much of this type of activity is real? I don’t know, but I have seen these items for sale on various sites:
Personal and Financial Information
Everyone knows that data breaches of personal and financial information continue to grow. Much of this stolen data is sold on darknets.
Some examples of information for sale:
Forged Identification & Currency
Any type of forged identification and supporting documentation can be found for sale on darknets.
Vendors selling forged currencies abound. U.S. dollars and euros appear to be the most popular, but occasionally the currency of another country might also be seen.
Hacker And Hacking Tools
Hackers sell their services on the darknets, and will take on any assignment for a price.
Hacking tools are also available for sale that make it easy to attack a target. In the past, a hacker might need a high level of technical skill to break into a network. But the tools today are packaged into automated toolkits requiring much less knowledge and experience.
Keep in mind that the hackers who do have sophisticated expertise are the ones who penetrate your security and leave no trace.
New botnets used to conduct Distributed Denial of Service (DDOS) attacks are available to rent, with the price depending on the number of “bots” desired for the attack, and the length of time the attack lasts.
The basic concept of a DDOS attack is to launch so much Internet traffic against a target that the system is overwhelmed and can’t function. At the very least, the system is dramatically slowed or not available for legitimate users.
There is a fear that massive DDOS attacks could take down the Internet for entire countries. Limited examples have already been seen.
Millions of connected devices with little, if any, security have been added to these botnets. Devices such as Personal Digital Recorders, smart televisions (and other home appliances), CCTV surveillance cameras, Internet routers, and even baby monitors are now parts of these criminal botnets.
More and more devices are being connected to the Internet, providing possible entry points to home and business networks, as well as the potential for even larger botnets.
I will talk about the risks from the “Internet of Things” in future posts.
A few of the hacker tools seen for sale on the darknet markets include:
Why Is This Important?
There are lots of people who aren’t aware of the type of criminal activities occurring on the darknets.
I would suggest two points for you to think about.
First, I believe that some of the darknet vendors are criminals operating independently for their own purposes.
But I also believe that a portion of the criminal activity on the darknets involves organized transnational criminal groups, and that the different types of activities are related to support the organization’s goals.
Does this seem to be overly paranoid?
There are other criminal justice researchers who agree with this view.
Think about the potential revenue.
Think about the anonymity provided by using this technology.
Think about how these criminals are making it harder for investigators to find them.
The crime we are seeing on these darknets is only the beginning…
I hope that these posts have increased your awareness and understanding about the darknets.
Investigators need to be aware of every tool being used by techno-criminals in the world today.
Darknets are migrating and the technology is always changing.
We must change and evolve with it, so that we will continue to be effective.
Please join our mailing list!
If you want to learn more about techno-crimes, cybersecurity tips and techniques, and threats to privacy, join our mailing list!