Digital Shadows looks beyond the ‘Age of Empire’ to assess potential successors
ANALYSIS Cryptocurrency exit scams and law enforcement seizures have dealt another blow to the customers of underground darknet marketplaces with the fall of Empire Market – though there’s still no shortage of candidates poised to take its place.
Empire Market ceased trading in August following a suspected exit scam. Its effective removal from the scene follows law enforcement takedown of its predecessors including Silk Road, AlphaBay, and Hansa.
Dream Market, another major marketplace that shut up shop in March 2019, was also bedeviled with rumors of law enforcement infiltration after the seizure of AlphaBay and Hansa as part of Operation Bayonet in July 2017.
Wretched hives of villainy
Even before the latest ructions in the dark web market, some security researchers reckoned there were signs that drug dealers and other digital underground denizens were already migrating to other platforms, including ‘anonymous’ mobile messaging apps such as Telegram and Wickr.
However, threat intel firm Digital Shadows argues that there’s still a need for a underground equivalent of eBay – not least because potential alternatives fail to scale anything like as well as those that operate under the tried-and-tested web-based model.
Digital Shadows told The Daily Swig: “There will inevitably be a small portion of cybercriminals that may move to alternative platforms tired of the ongoing exit scams, and who have an established buyer base and can trust their buyers to follow them to an alternative format.”
“However, due to the wide reach that marketplaces offer, the majority of vendors will continue to adopt the platform knowing old and new buyers will likely already be registrants waiting to continue their business transactions,” the security company added.
Scoping out the competition
Alternative buy-and-sell platforms come with their own issues for cybercriminals, who may be wary of using technology that’s designed and run by civilians for non-illicit purposes.
“By trusting a legitimate third-party application’s encryption and anonymity policies, threat actors are placing their trust in non-criminal entities,” Digital Shadows said in a darknet deep dive published this week.
“Compare this to forums or marketplaces whose administrators have a vested interest in maintaining the ultimate security and anonymity levels.”
Catch up on the latest dark web security news
In addition, it’s often harder to market products or search for relevant listings on the disparate channels or groups that messaging platforms provide.
“Essentially, it is much easier to run a search on a marketplace or know that you can advertise your products to a marketplace’s entire user base as a vendor, so it is envisaged that the migration of both buyers and vendors away from the marketplace format will be minimal until an alternative can viably provide the ease of functionality that marketplaces present.”
Heir to the underground throne
If underground marketplaces are likely to remain, it begs the question: Which platform might fill the vacuum left by the exit of Empire Market from the scene?
Digital Shadows has put together a matrix that tracks the merits of various contenders:
According to a guide published on the dark web community forum Dread, any marketplace that’s worth its salt should have compulsory multisig, PGP-based verification, and competitive vendor registering and listing rates, among other features.
The dark web community appreciates features that improve security and users’ anonymity, but a large number of listing and easy payment options are also a factor.
Not unlike a racing tipster, Digital Shadows finds merit in the various runners and riders in the underground marketplace stakes.
“Dark0de Reborn, Canada HQ, Monopoly Market, The Versus Project, and ToRReZ market fit the Dread guide’s criteria for their use of multisig and preventing the risk of exit scams like Empire,” according to Digital Shadows.
“However, Icarus Market has at least three times the number of listings on each platform, with over 35,000 listings as of September 2020.”
INSIGHT Tor security: Everything you need to know about the anonymity network
Icarus also scores positively because of its above average commission rates, and the range of payment options on offer (Bitcoin, Litecoin, and Monero).
Meanwhile “Monopoly and White House Market rate highly on their approach to security and their strict use of Monero”, according to Digital Shadows.
However, Monopoly and White House Market can only boast 22,000 listings between them, despite having launched eight months before Icarus, which surfaced in April 2020.
Although the momentum is with Icarus, the marketplace is beset by rumours is might fall victim to an exit scam, where its principals take funds supposedly stored in escrow and scarper. These rumours might themselves have been put about by rival operators, Digital Shadows notes.
Cybercrime in the age of Covid-19
The Daily Swig recently reported that dark web vendors were feeling the pinch due to coronavirus lockdown restrictions.
Underground markets as a whole were not severely disrupted, even though sales in some categories of goods were effectively curtailed, according to Digital Shadows.
“Whilst business would have inevitably suffered for some vendors in specific areas (drugs, physical goods, travel based listings) other vendors offering listings not within these areas (digital products, credit card goods, fraud items) may likely have increased largely in part due to the high numbers of people confined to their places of residence,” the company explained.
“The reduction of buying in some areas is likely to have been off-set by the purchasing in other areas,” Digital Shadows concluded.
RECOMMENDED Server-side censorship evasion: Fresh fuzzing technique might outfox censors