Are You Afraid of the Dark(web)?

Davey Winder examines the fear factor that surrounds dark web marketplaces and asks whether there’s light among the nefarious bleakness

Criminal enterprise exists to make money. Traditionally, as any avid viewer of TV detective dramas of the seventies and eighties will recall, this often required the use of a ‘fence’ as an intermediary between the criminal seller and the ultimate buyer. That was before the internet changed everything. Now the dark web, or more accurately, the many nefarious marketplaces that exist within this plethora of sites that can only be accessed using the appropriate network-routing software, has pretty much replaced the role of the fence.

As well as being a marketplace for stolen goods, physical and digital, the dark web is also a conduit for the serious business of organized crime. Drugs and weapons sit on the virtual shelves alongside databases of compromised credentials, malware exploit kits and denial of service attacks for rent.

Yet the dark web isn’t just a black market for the digital age – to define it so is not only blinkered but could undermine the role it plays in protecting the anonymity of political dissidents, journalists, whistle-blowers and those persecuted for their sexual orientation. The protocols behind the dark web are technologically agnostic – yes, some people use them to do bad things, but is that the whole story?

"The dark web isn’t just a black market for the digital age"

The Dark Web Fear factor
“The dark web is probably feared more than is warranted,” says Vince Warrington, CEO of Protective Intelligence and a member of the Information Assurance Advisory Council (IAAC) and the UK Cyber Security Forum. “For your average person or business, it will have absolutely no direct impact whatsoever.” Warrington compares the dark web to Area 51, in that is has become shrouded in myth and legend, whereas the reality is rather different. 

That’s not to say that the dark web can be safely ignored by businesses though, not when “it’s where their stolen data usually ends up,” Warrington reminds us. Data is not, however, the primary product being traded on the dark web, and that’s where the fear factor starts ramping up. “The dark web does of course host illegal and some incredibly sick material,” Kevin Curran, professor of cybersecurity at the Faculty of Computing, Engineering & Built Environment, Ulster University, admits. “Popular illegal content for sale including credit card numbers, fake passports and marijuana.” All of which can also be found for sale on the web itself, Curran continues, without diving into the dark web per se. “It only really takes illegal content forums to enforce some sort of membership filtering (along with VPN use, fake email accounts etc.) to create a similar safe trading environment to the dark web,” Curran says. “The only difference with the dark web is that sites can remain more persistent.”

If you take a deep dive into the dark web economy and look at what is really driving sales in these marketplaces, you’ll see that drugs are front and center when it comes to transactions, with stolen data and various forms of identity documentation also featuring along with the sale of weapons. “Of the rest,” Warrington says, “about 15% consists of dedicated child abuse sites and another 15% is made up of various forums mainly around hacking and child abuse.” Those forums also cover a wide range of other topics, including everything from insider trading information to computer programming support.

It is in these other corners of the dark web that the reputation for nefarious activity gets replaced by a force for good. Warrington says around 8% of dark web sites are dedicated whistle-blower sites, such as WikiLeaks, where journalists can communicate with those seeking to expose abuses of power. “Whilst there is a small amount of activity which can be considered good,” Warrington concludes, “the majority is overwhelmingly bad.”

The Dark Web Fear factor
“The dark web is probably feared more than is warranted,” says Vince Warrington, CEO of Protective Intelligence and a member of the Information Assurance Advisory Council (IAAC) and the UK Cyber Security Forum. “For your average person or business, it will have absolutely no direct impact whatsoever.” Warrington compares the dark web to Area 51, in that is has become shrouded in myth and legend, whereas the reality is rather different. 

That’s not to say that the dark web can be safely ignored by businesses though, not when “it’s where their stolen data usually ends up,” Warrington reminds us. Data is not, however, the primary product being traded on the dark web, and that’s where the fear factor starts ramping up. “The dark web does of course host illegal and some incredibly sick material,” Kevin Curran, professor of cybersecurity at the Faculty of Computing, Engineering & Built Environment, Ulster University, admits. “Popular illegal content for sale including credit card numbers, fake passports and marijuana.” All of which can also be found for sale on the web itself, Curran continues, without diving into the dark web per se. “It only really takes illegal content forums to enforce some sort of membership filtering (along with VPN use, fake email accounts etc.) to create a similar safe trading environment to the dark web,” Curran says. “The only difference with the dark web is that sites can remain more persistent.”

If you take a deep dive into the dark web economy and look at what is really driving sales in these marketplaces, you’ll see that drugs are front and center when it comes to transactions, with stolen data and various forms of identity documentation (see boxout on page 21) also featuring along with the sale of weapons. “Of the rest,” Warrington says, “about 15% consists of dedicated child abuse sites and another 15% is made up of various forums mainly around hacking and child abuse.” Those forums also cover a wide range of other topics, including everything from insider trading information to computer programming support. It is in these other corners of the dark web that the reputation for nefarious activity gets replaced by a force for good. Warrington says around 8% of dark web sites are dedicated whistle-blower sites, such as WikiLeaks, where journalists can communicate with those seeking to expose abuses of power. “Whilst there is a small amount of activity which can be considered good,” Warrington concludes, “the majority is overwhelmingly bad.”

John Walker, a visiting professor at the School of Computing and Informatics at Nottingham Trent University, has a theory as to why this is so. “Like all forms of technology and infrastructure, as an entity it is agnostic and has no inbuilt intelligence,” Walker explains. “It is only the imagination, intention and creativity of its users that determines if it is employed for good or evil purposes.” Those with the greatest depth of all three, with the addition of ingenuity, Walker argues, “tend to reside on the darker side of our electronic, and human, society.” Walker knows the dark web well, having purchased hacking tools under his “dark world identity” and has looked through the storefront windows where drugs, firearms and counterfeit cash are on open display. Security researchers even found one dark web money-laundering site earlier this year that was selling $10,000 cash for $800 in Bitcoin, but even the somewhat pessimistic professor Walker can see some glints of good shining from this otherwise criminally dark landscape. “It offers positive benefits for the real-world oppressed, where a hidden ‘subterranean’ electronic world may be leveraged by individuals for the good of their own society in which they may otherwise be pursued by radical governments or rogue nations,” Walker says. 

It’s also important to bear this in mind when the media focus is pulled almost exclusively to cover the criminal aspects of the anonymized environment. “Any anonymizing service such as Tor can actually be a force for good, especially in countries where sexuality or political views are suppressed,” Curran points out. “Of this there is no doubt: for people who wish to remain more secure from the authorities, the dark web can provide a safer place to share or communicate with others.” The dark web even has marketplaces that trade in otherwise expensive medicines that are unavailable, or out of the financial reach, of people who need them. Warrington argues that Ross Ulbricht, also known as Dread Pirate Roberts, the now jailed founder of the infamous Silk Road marketplace, even stated as part of his defense that “obtaining illegal drugs through the post reduced the level of drug-related violence on the streets, as the dealers were taken out of the picture.” Finding the good amongst all the bad, though, is not easy. Warrington compares the situation to a zombie apocalypse movie: “you have to wade knee-deep through the undead to get to a safe haven.”

“The only difference with the dark web is that sites can remain more persistent”

John Walker, a visiting professor at the School of Computing and Informatics at Nottingham Trent University, has a theory as to why this is so. “Like all forms of technology and infrastructure, as an entity it is agnostic and has no inbuilt intelligence,” Walker explains. “It is only the imagination, intention and creativity of its users that determines if it is employed for good or evil purposes.” Those with the greatest depth of all three, with the addition of ingenuity, Walker argues, “tend to reside on the darker side of our electronic, and human, society.” Walker knows the dark web well, having purchased hacking tools under his “dark world identity” and has looked through the storefront windows where drugs, firearms and counterfeit cash are on open display.

Security researchers even found one dark web money-laundering site earlier this year that was selling $10,000 cash for $800 in Bitcoin, but even the somewhat pessimistic professor Walker can see some glints of good shining from this otherwise criminally dark landscape. “It offers positive benefits for the real-world oppressed, where a hidden ‘subterranean’ electronic world may be leveraged by individuals for the good of their own society in which they may otherwise be pursued by radical governments or rogue nations,” Walker says. 

It’s also important to bear this in mind when the media focus is pulled almost exclusively to cover the criminal aspects of the anonymized environment. “Any anonymizing service such as Tor can actually be a force for good, especially in countries where sexuality or political views are suppressed,” Curran points out. “Of this there is no doubt: for people who wish to remain more secure from the authorities, the dark web can provide a safer place to share or communicate with others.” The dark web even has marketplaces that trade in otherwise expensive medicines that are unavailable, or out of the financial reach, of people who need them. Warrington argues that Ross Ulbricht, also known as Dread Pirate Roberts, the now jailed founder of the infamous Silk Road marketplace, even stated as part of his defense that “obtaining illegal drugs through the post reduced the level of drug-related violence on the streets, as the dealers were taken out of the picture.” Finding the good amongst all the bad, though, is not easy. Warrington compares the situation to a zombie apocalypse movie: “you have to wade knee-deep through the undead to get to a safe haven.”

Good Versus Bad
Will the dark web pivot more to bad or good in future? Law enforcement, and various government three-letter intelligence agencies, are not only aware of the existence of dark web marketplaces, but have been successfully infiltrating and shutting them down for a long time. It has been six years since Silk Road was shut down and Ulbricht arrested. Since then, there has been no end of these marketplaces that have succumbed to the same fate, yet like shark’s teeth, there’s always another waiting to move forward.

Most recently we have seen multiple dark web markets, including sites involved with child abuse images and illegal drug sales, taken offline in one fell swoop as police in Germany closed down a ‘bulletproof’ web hosting company operating out of a heavily-fortified ex-military bunker.

So, is this the beginning of the end for the criminal dark web? Sadly not, according to Curran. “Tor hidden services work within the Tor network allowing the registration of an internal, Tor-only service that resolves its own .onion hostname,” he explains. “This provides two-way anonymity as the server does not know the IP of the client and the client does not know the server’s IP.” All of which could make it safer for criminals to host illegal content and remain beyond the reach of the law if they are careful with their site security. There is some evidence that this is already happening. “We’re seeing increasing security measures being undertaken by those who operate these sites,” Warrington says, referring to the dark web investigations he undertakes, “such as marketplaces and child abuse sites offering tools to remove EXIF data from images and new members increasingly vetted before being granted access.”

“We’re seeing increasing security measures being undertaken by those who operate these sites"

Dark Web Pricing
According to research from Flashpoint, threat actors are continuing to support a ‘robust’ dark economy that revolves around the trade in credentials and access to compromised systems, as well as the more traditional sale of stolen payment cards. The Flashpoint Pricing Analysis of Goods in Cybercrime Communities report comprises an analysis of the comparative pricing of products and services across a swathe of dark web market sectors between 2017 and 2019. Those sectors include the trade in DDoS for hire services, “fullz” packages of personally identifiable information, passports, payment card data, remote desktop protocol server credentials and vulnerability exploit kits.

When it comes to how dark web pricing is determined, the jury is still out. “Prices can vary drastically,” report author Ian Gray says, “and the reasons for the discrepancies remain largely unexplained.” The biggest variations can be found in DDoS for hire pricing. You can rent an unprotected DDoS IoT or Windows botnet for as little as $0.35 per 10 minutes, while by the hour attack services vary from $10 for a standard website DDoS through to $150 if the target is a government or military one. Even within these pricing ranges, the variations from site to site can be enormous: the Flashpoint analysis found three hours of DDoS costing just $35 and five hours costing $250, for example.

When it comes to ID documents (passport templates that enable the buyer to input their own details,) these range from $5 (Swedish passport) to $50 (Netherlands) with a US template costing $18. The most expensive document templates are drivers’ licenses, which can cost up to $1000. However, the big bucks for ID documents are reserved for physical passports, complete with supporting documentation such as a driver’s license, social security number and birth certificate, which can sell for $5000. 

What’s Hot on Infosecurity Magazine?