To most users, the Internet appears as an endless virtual world of global e-commerce and information. Goods can be purchased and delivered to your doorstep in 2 days (or less), information can be accessed at the swipe of a finger, and dreams come true. But the Internet has a dangerous, colossal secret: the Dark Web. Today’s number one source for stolen information, illegal paraphernalia, and criminal services is as interesting a talking point as it is dangerous to browse. Whether we are talking about the massive amount of sensitive personal information stolen in the Equifax breach, personal healthcare information stolen in the Anthem breach, or the credit/debit card information stolen in incidents like the Target breach, they all have at least one thing in common: this stolen information eventually makes its way to the Dark Web to be sold and purchased.

What is the Dark Web

While the Internet appears to be a flat ecosystem on its surface, there are actually numerous different layers at play. In reality, there are three (3) major areas of the Internet to differentiate between: the Surface Web, the Deep Web, and the Dark Web. When on the topic of the Dark Web, the Deep Web may be thrown in or used interchangeably, but the two different Internet layers vary quite a bit, especially with regards to content.

The Surface Web

Let’s begin with the Surface Web. At its most basic level, the Surface Web is essentially everything that we as Internet users can access through web crawlers or your favorite search engines, such as Google, Yahoo, or Bing. With the Surface Web being the Internet layer with which most people are familiar, it is assumed that the Surface Web contains most of the information on the Internet, but truthfully, it is just the tip of the iceberg, both in visibility and significance. Most estimates state that approximately 4% of the Internet is accessible through the Surface Web and its search engines, which is also the reason we commonly see an infographic of an iceberg used to display the different Internet layers.
 

The Deep Web

Next stop: the Deep Web. As mentioned previously, the Deep Web is often confused with the Dark Web and the nefarious activities performed therein. However, most of the Deep Web content is simply an Internet layer that we cannot access through a search engine but doesn’t necessarily contain the wayward content that can be found specifically when accessing the Dark Web (or at least no more than the Surface Web). Common sources of information on the Deep Web might include government databases, healthcare information, webmail, or even Netflix subscriptions. Other examples might be areas of a website that a search engine simply cannot access due to its inability to locate that information through search tools found on said website. For example, while the FDIC website can be used to search for a bank’s financial information through a search function provided on the website, Google cannot use this function, as Google searches for content using links provided on that website. If there is an area of the website that a web-crawling search engine cannot access using these links, this content would make up part of the Deep Web. The Deep Web may not be widely understood, but it is an area of the web that most of us access on a regular basis.

The Dark Web

This brings us to the Dark Web. Unlike the Surface Web and the majority of Deep Web content, the Dark Web cannot be accessed through regular web browsers such as Internet Explorer, Google Chrome, or Mozilla Firefox. The most common tool for accessing the Dark Web remains a browser called Tor, or “The Onion Router,” which was created by the military to protect oversea communications. Tor was eventually released to the public in 2004, leading to a group of developers creating the Tor Project, the method most use to access Dark Web today. While not every site on the Dark Web supports illegal activity, the vast majority of black market activity occurs on the Dark Web today.

The Dark Web Marketplace

Now that you have a general understanding of the Dark Web, let’s discuss the markets that can be found on this seedy underbelly of the Internet. Just as the users can purchase products through sources such as Amazon and eBay on the Surface Web, Tor users can purchase illegal products or services through Dark Web counterparts. There are many different markets available on the Dark Web selling variety of stolen and illegal products, including weapons, drugs, and stolen information. Recently, 146.6 million United States citizens’ information was stolen through the Equifax breach, so you can assume that there’s a 50% chance (there are just over 300 million people in the U.S. today) that your Social Security Number (at a minimum) is currently for sale on the Dark Web.

When looking through Dark Web pricing for the information, you might be pretty surprised at how cheap and easy it is to buy your stolen information. In a recent article released by Experian (one of the three major credit bureau’s), the price ranges for information being sold on the Dark Web were detailed (shown in the graphic below). You will probably notice that it doesn’t take a whole lot of money to steal someone’s personal information or financial information.

There are also more specialized markets to purchase cybercrime services, showing us why cybercriminal activity is so common. These nearly-anonymous cybercrime markets make it much easier for less experienced cybercriminals to distribute malware or target businesses. Some of the products and services readily available include:

• DDoS Services - $7 per hour
• Email Lists - $50 for 500,000 emails
• Botnets - $60 Daily
• Basic Malware - $10 Average
• Ransomware Kits – Free - $1000 (Free normally includes a cut of the ransom)
• Compromised Website - $10 – $15
• ATM Skimming Devices - $400
• Online hacking tutorials – 0$ - $500
• Money mules for hire - % of the money

Are The Bad Guys Ever Caught?

One of the most frequently asked questions about the Dark Web is: “do these guys ever get caught?” It is difficult for authorities to take down Dark Web sites due to a number of factors, including Tor’s multi-layered encryption, criminals using anonymous VPNs, sites being hosted in different countries (without strong cyber-laws), and the use of bitcoin or other cryptocurrency (nearly untraceable) when purchasing illegal good or services, rather than transacting through a Bank.

Despite these factors, the short answer is, yes; the bad guys are getting caught with increasing frequency. There have been several high-profile cases of Dark Web markets being taken down by the FBI or other authorities. A few examples include the Silk Road, AlphaBay, and Hansa, all of which were very popular Dark Web markets.

The Silk Road was one of the largest and most notorious black markets ever to be hosted on the Dark Web. Like many Dark Web Markets, Silk Road sold drugs, guns, cybercrime products and services, and pornography. Silk Road was taken offline in October of 2013 following the arrest of the site’s founder Ross Ulbricht, who was eventually sentenced to life in prison without the possibility of parole. It was reported that before it was shut down, Silk Road’s operators generated $80 million in commission, and the site itself generated over $1.2 billion in revenue. A mere five weeks after the original website was taken down, Silk Road 2.0 was launched by an administrator of the original site. Silk Road 2.0 was online for a year before being taken offline during another FBI bust, resulting in the arrest of the site’s admin, Blake Benthall. Silk Road 3.0 is currently operational.

In more recent events, AlphaBay, a black-market website that grew to be ten times as large as Silk Road, was taken down by the FBI in July of 2017. After AlphaBay was taken offline, the FBI reported over 200,000 active users and 40,000 thousand vendors posting on the site. Alexander Cazes, who was the creator and the administrator of AlphaBay, was arrested during the site’s takedown, and a week later was reported to have taken his own life while being held in custody in Thailand. The operation to take down AlphaBay was also performed in conjunction with a Dutch law enforcement operation to take down another large black-market site, Hansa Market. The FBI deployed a brilliant strategy to make the AlphaBay takedown look more like an exit scam used to steal vendor and users’ cryptocurrency temporarily stored in marketplace wallets. Once AlphaBay was shut down, users and vendors flooded to the Hansa Market to continue business, which at the time had been taken over by Dutch law enforcement, allowing for them to track down information on vendors and users. In addition to shutting down two of the Dark Web’s most notorious illegal markets, the trust of the Dark Web’s black market “safety” was broken, and law enforcement hopes these takedowns discourage further use. But the Dark Web and cybercrime is very resilient, and time will tell how big a dent these takedowns have made in underground criminal activity.

The Good Guys are Catching Up

Today, the Dark Web remains a hive for illegal activity and is constantly targeted by law enforcement, but as websites are taken down more sprout up. At this very moment, there are a number of black market sites up and running including sites such as Dream Market, WallStreet Market, and Silk Road 3.0 (a rebranded site, not stemming from the original).

The Dark Web is an extremely dangerous place to visit, especially if you do not understand how to access the Dark Web safely. It is highly recommended that you simply avoid visiting the Dark Web. Just as you would not go to the most dangerous dark ally in America out of curiosity, you shouldn’t access the Dark Web out of curiosity without the proper knowledge and tools.

Law enforcement continues to infiltrate the Dark Web with its own compromised and controlled Tor nodes, allowing the good guys to monitor some, if not all, Dark Web traffic and track criminal activity. The number of Dark Web-related arrests continues to rise, but as with all criminal activity, the bad guys continue to find a way to avoid justice. While it’s unlikely that the Internet will ever be rid of crime, the good guys have significantly closed the gap between anonymous criminal activity and the ability to enforce the law and take down illegal underground markets.

Written by: Cole Ponto
Information Security Consultant
SBS CyberSecurity, LLC

Sources

• https://krebsonsecurity.com/2017/07/after-alphabays-demise-customers-flocked-to-dark-market-run-by-dutch-police/
• https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/
• https://techlog360.com/darknet-vs-dark-web-vs-deep-web-vs-surface-web/
• https://brightplanet.com/2014/03/clearing-confusion-deep-web-vs-dark-web/
• http://www.visualcapitalist.com/dark-web/
• https://www.darkreading.com/cloud/cybercrime-a-black-market-price-list-from-the-dark-web/d/d-id/1324895?image_number=2
• https://www.darkreading.com/cloud/cybercrime-a-black-market-price-list-from-the-dark-web/d/d-id/1324895?image_number=2
• https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report
• https://www.usatoday.com/story/news/nation/2014/11/06/feds-shut-down-silk-road-copycat/18591155/
• https://www.fbi.gov/news/stories/alphabay-takedown
• https://krebsonsecurity.com/2017/07/exclusive-dutch-cops-on-alphabay-refugees/