Shedding Light On The Dark Web

Uploaded on 2016-08-03 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

 

Though online markets still account for a small share of illicit drug sales, they are growing fast, and changing drug-dealing as they grow. Sellers are competing on price and quality, and seeking to build reputable brands. 

Turnover has risen from an estimated $15m-17m in 2012 to $150m-180m in 2015. And the share of American drug-takers who have got high with the help of a website jumped from 8% in 2014 to 15% this year, according to the Global Drug Survey, an online study.

Online drug markets are part of the “dark web”: sites only accessible through browsers such as Tor, which route communications via several computers and layers of encryption, making them almost impossible for law enforcement to track. 

Buyers and sellers make contact using e-mail providers such as Sigaint, a secure dark-web service, and encryption software such as Pretty Good Privacy (PGP). They settle up in bitcoin, a digital currency that can be exchanged for the old-fashioned sort and that offers near-anonymity during a deal.

Almost all sales are via “crypto-markets”: dark websites that act as shop-fronts. These provide an escrow service, holding payments until customers agree to the bitcoin being released. Feedback systems like those on legitimate sites such as Amazon and eBay allow buyers to rate their purchases and to leave comments, helping other customers to choose a trustworthy supplier. 

The administrators take a 5-10% cut of each sale and set broad policy (for example, whether to allow the sale of guns). They pay moderators in bitcoin to run customer forums and handle complaints.

Once a deal is struck and payment is waiting in escrow, drugs are packed in a vacuum-sealed bag using latex gloves to avoid leaving fingerprints or traces of DNA, and dipped in bleach as a further precaution against leaving forensic traces. A label is printed (customs officials are suspicious of handwritten addresses on international packages). Smart sellers use several post offices, all far from their homes—and, preferably, not overlooked by CCTV cameras. 

Some offer to send empty packages to new customers, so they can check for signs of inspection. Smart buyers use the address of an inattentive or absent neighbour with an accessible postbox, and never sign for receipt. Judging by the reviews, around 90% of shipments get through.

Despite the elaborate precautions, until now crypto-markets have tended not to last long. The first, Silk Road, survived almost three years until the FBI tracked down its administrator, Ross Ulbricht, aka “Dread Pirate Roberts”. He is serving a life sentence for money-laundering, computer-hacking and conspiracy to sell narcotics. 

Its successor, Silk Road 2, lasted just a year before law-enforcement caught up with it. Buyers and sellers migrated to the next-biggest sites, Evolution and Agora. The former vanished in March 2015 with $12m-worth of customers’ bitcoin in an “exit scam”. Then Agora disappeared, claiming that it had to fix security flaws. The biggest still standing is Alphabay, though the recently opened fourth version of Silk Road could knock it off the top spot.

Economist

« Don’t Underestimate Virtual Reality
Half UK Employees Have No Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.