Shedding Light On The Dark Web

Uploaded on 2016-08-03 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

 

Though online markets still account for a small share of illicit drug sales, they are growing fast, and changing drug-dealing as they grow. Sellers are competing on price and quality, and seeking to build reputable brands. 

Turnover has risen from an estimated $15m-17m in 2012 to $150m-180m in 2015. And the share of American drug-takers who have got high with the help of a website jumped from 8% in 2014 to 15% this year, according to the Global Drug Survey, an online study.

Online drug markets are part of the “dark web”: sites only accessible through browsers such as Tor, which route communications via several computers and layers of encryption, making them almost impossible for law enforcement to track. 

Buyers and sellers make contact using e-mail providers such as Sigaint, a secure dark-web service, and encryption software such as Pretty Good Privacy (PGP). They settle up in bitcoin, a digital currency that can be exchanged for the old-fashioned sort and that offers near-anonymity during a deal.

Almost all sales are via “crypto-markets”: dark websites that act as shop-fronts. These provide an escrow service, holding payments until customers agree to the bitcoin being released. Feedback systems like those on legitimate sites such as Amazon and eBay allow buyers to rate their purchases and to leave comments, helping other customers to choose a trustworthy supplier. 

The administrators take a 5-10% cut of each sale and set broad policy (for example, whether to allow the sale of guns). They pay moderators in bitcoin to run customer forums and handle complaints.

Once a deal is struck and payment is waiting in escrow, drugs are packed in a vacuum-sealed bag using latex gloves to avoid leaving fingerprints or traces of DNA, and dipped in bleach as a further precaution against leaving forensic traces. A label is printed (customs officials are suspicious of handwritten addresses on international packages). Smart sellers use several post offices, all far from their homes—and, preferably, not overlooked by CCTV cameras. 

Some offer to send empty packages to new customers, so they can check for signs of inspection. Smart buyers use the address of an inattentive or absent neighbour with an accessible postbox, and never sign for receipt. Judging by the reviews, around 90% of shipments get through.

Despite the elaborate precautions, until now crypto-markets have tended not to last long. The first, Silk Road, survived almost three years until the FBI tracked down its administrator, Ross Ulbricht, aka “Dread Pirate Roberts”. He is serving a life sentence for money-laundering, computer-hacking and conspiracy to sell narcotics. 

Its successor, Silk Road 2, lasted just a year before law-enforcement caught up with it. Buyers and sellers migrated to the next-biggest sites, Evolution and Agora. The former vanished in March 2015 with $12m-worth of customers’ bitcoin in an “exit scam”. Then Agora disappeared, claiming that it had to fix security flaws. The biggest still standing is Alphabay, though the recently opened fourth version of Silk Road could knock it off the top spot.

Economist

« Don’t Underestimate Virtual Reality
Half UK Employees Have No Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.