Shedding Light On The Dark Web

Uploaded on 2016-08-03 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

 

Though online markets still account for a small share of illicit drug sales, they are growing fast, and changing drug-dealing as they grow. Sellers are competing on price and quality, and seeking to build reputable brands. 

Turnover has risen from an estimated $15m-17m in 2012 to $150m-180m in 2015. And the share of American drug-takers who have got high with the help of a website jumped from 8% in 2014 to 15% this year, according to the Global Drug Survey, an online study.

Online drug markets are part of the “dark web”: sites only accessible through browsers such as Tor, which route communications via several computers and layers of encryption, making them almost impossible for law enforcement to track. 

Buyers and sellers make contact using e-mail providers such as Sigaint, a secure dark-web service, and encryption software such as Pretty Good Privacy (PGP). They settle up in bitcoin, a digital currency that can be exchanged for the old-fashioned sort and that offers near-anonymity during a deal.

Almost all sales are via “crypto-markets”: dark websites that act as shop-fronts. These provide an escrow service, holding payments until customers agree to the bitcoin being released. Feedback systems like those on legitimate sites such as Amazon and eBay allow buyers to rate their purchases and to leave comments, helping other customers to choose a trustworthy supplier. 

The administrators take a 5-10% cut of each sale and set broad policy (for example, whether to allow the sale of guns). They pay moderators in bitcoin to run customer forums and handle complaints.

Once a deal is struck and payment is waiting in escrow, drugs are packed in a vacuum-sealed bag using latex gloves to avoid leaving fingerprints or traces of DNA, and dipped in bleach as a further precaution against leaving forensic traces. A label is printed (customs officials are suspicious of handwritten addresses on international packages). Smart sellers use several post offices, all far from their homes—and, preferably, not overlooked by CCTV cameras. 

Some offer to send empty packages to new customers, so they can check for signs of inspection. Smart buyers use the address of an inattentive or absent neighbour with an accessible postbox, and never sign for receipt. Judging by the reviews, around 90% of shipments get through.

Despite the elaborate precautions, until now crypto-markets have tended not to last long. The first, Silk Road, survived almost three years until the FBI tracked down its administrator, Ross Ulbricht, aka “Dread Pirate Roberts”. He is serving a life sentence for money-laundering, computer-hacking and conspiracy to sell narcotics. 

Its successor, Silk Road 2, lasted just a year before law-enforcement caught up with it. Buyers and sellers migrated to the next-biggest sites, Evolution and Agora. The former vanished in March 2015 with $12m-worth of customers’ bitcoin in an “exit scam”. Then Agora disappeared, claiming that it had to fix security flaws. The biggest still standing is Alphabay, though the recently opened fourth version of Silk Road could knock it off the top spot.

Economist

« Don’t Underestimate Virtual Reality
Half UK Employees Have No Cyber Security Training »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

AirCUVE

AirCUVE

AirCUVE provide authentication and access control solutions for networks and mobile security.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.

Xantaro

Xantaro

Xantaro specializes in technologies, software and services for Carriers, ISPs, Hosting and Cloud Providers as well as for Operators of Data Centres and Campus Networks.