Shedding Light On The Dark Web

 

Though online markets still account for a small share of illicit drug sales, they are growing fast, and changing drug-dealing as they grow. Sellers are competing on price and quality, and seeking to build reputable brands. 

Turnover has risen from an estimated $15m-17m in 2012 to $150m-180m in 2015. And the share of American drug-takers who have got high with the help of a website jumped from 8% in 2014 to 15% this year, according to the Global Drug Survey, an online study.

Online drug markets are part of the “dark web”: sites only accessible through browsers such as Tor, which route communications via several computers and layers of encryption, making them almost impossible for law enforcement to track. 

Buyers and sellers make contact using e-mail providers such as Sigaint, a secure dark-web service, and encryption software such as Pretty Good Privacy (PGP). They settle up in bitcoin, a digital currency that can be exchanged for the old-fashioned sort and that offers near-anonymity during a deal.

Almost all sales are via “crypto-markets”: dark websites that act as shop-fronts. These provide an escrow service, holding payments until customers agree to the bitcoin being released. Feedback systems like those on legitimate sites such as Amazon and eBay allow buyers to rate their purchases and to leave comments, helping other customers to choose a trustworthy supplier. 

The administrators take a 5-10% cut of each sale and set broad policy (for example, whether to allow the sale of guns). They pay moderators in bitcoin to run customer forums and handle complaints.

Once a deal is struck and payment is waiting in escrow, drugs are packed in a vacuum-sealed bag using latex gloves to avoid leaving fingerprints or traces of DNA, and dipped in bleach as a further precaution against leaving forensic traces. A label is printed (customs officials are suspicious of handwritten addresses on international packages). Smart sellers use several post offices, all far from their homes—and, preferably, not overlooked by CCTV cameras. 

Some offer to send empty packages to new customers, so they can check for signs of inspection. Smart buyers use the address of an inattentive or absent neighbour with an accessible postbox, and never sign for receipt. Judging by the reviews, around 90% of shipments get through.

Despite the elaborate precautions, until now crypto-markets have tended not to last long. The first, Silk Road, survived almost three years until the FBI tracked down its administrator, Ross Ulbricht, aka “Dread Pirate Roberts”. He is serving a life sentence for money-laundering, computer-hacking and conspiracy to sell narcotics. 

Its successor, Silk Road 2, lasted just a year before law-enforcement caught up with it. Buyers and sellers migrated to the next-biggest sites, Evolution and Agora. The former vanished in March 2015 with $12m-worth of customers’ bitcoin in an “exit scam”. Then Agora disappeared, claiming that it had to fix security flaws. The biggest still standing is Alphabay, though the recently opened fourth version of Silk Road could knock it off the top spot.

Economist

« Don’t Underestimate Virtual Reality
Half UK Employees Have No Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

Cyberstarts

Cyberstarts

Cyberstarts’ vision is to become the leading platform for amazing teams of entrepreneurs to solve the next big problems of the cybersecurity world.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Cyber Security Consulting Services to help you secure your mission-critical systems.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.