adimas - Fotolia
An international operation shut down the AlphaBay and Hansa marketplaces in July 2017, raising questions about the integrity and longevity of remaining markets on the dark web.
The shutdown operation was led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of Europol.
Before its closure, AlphaBay was the leading dark net market with more than 200,000 users, 40,000 sellers and an estimated $1bn in transactions since its creation in 2014.
Shortly after AlphaBay’s closure, a separate dark web marketplace, Hansa, was also taken offline by law enforcement authorities.
The shutdowns are just the latest in a series of law enforcement takeovers since Silk Road in 2013, with new markets typically springing up quickly to replace what has gone before.
However, the closure of two major markets in quick succession has sent ripples through the dark web, according to Marc Laliberte, information security threat analyst at WatchGuard Technologies.
In the wake of the AlphaBay closure, he said users flocked to its dark net competitor Hansa, but unbeknown to its existing user base and the influx of new users, Hansa had been seized and had been running under Dutch police control for several weeks.
By leaving Hansa operational, the Netherlands police collected tens of thousands of messages between buyers and sellers, along with several thousand delivery addresses for orders of illegal drugs.
“After Hansa was finally taken offline, news that it had been under law enforcement control for nearly a month prompted many dark web marketplace users to question the continued safety and secrecy of their transactions on the dark web,” said Laliberte. “Users questioned what other popular marketplaces may be under the control of authorities.
“In the weeks after the shutdowns, users on popular dark web marketplace discussion forums were questioning the integrity of remaining marketplaces. Frequent posts by some users still claim to have proof that vendors or entire marketplaces are compromised, while other users post open letters to law enforcement defending dark web marketplaces as a safe place for otherwise dangerous transactions.”
Read more about the dark web
- Dark web markets’ shutdown may lead to more arrests.
- Threat monitoring: Why watching the dark web is crucial.
- The dark web is a key conduit for the malware industry to refine and distribute its products and services, say security researchers.
- GCHQ and the National Crime Agency set up a joint unit to police the dark web and tackle serious cyber crime.
The shutdowns have affected more than purveyors of illegal drugs, said Laliberte, citing the arrest of British security researcher Marcus Hutchins – also known as MalwareTech – who was credited with halting progress of the WannaCry ransomware attack.
According to the indictment against Hutchins, the FBI suspects him of helping to create the Kronos banking Trojan and distributing it by selling it on AlphaBay in 2015.
Laliberte speculates that the identification of Hutchins as the author of Kronos could have been aided by the FBI’s access to AlphaBay’s servers after the marketplace’s demise.
However, Laliberte said the dark web marketplace cycle appears destined to repeat itself for the foreseeable future, despite the recent shutdowns, with Dream Market and Trade Route already picking up where AlphaBay and Hansa left off.
“When these marketplaces, in turn, are taken down, others will rise in their place,” he said. “The only thing these recent stings are likely to change is the operational security practices of marketplace owners and users.”
Although the dark net is not fully anonymous, Laliberte points out that it still takes a tremendous amount of work to track individual connections and users can protect their identities using PGP encryption and two-factor authentication, for example.
“It is likely that leading intelligence organisations have the means and desire for that level of investigation, but it is probably out of reach for law enforcement,” he said. “Taking down or taking over individual dark net websites yields better results for catching the criminals that use them, instead of going after the criminals themselves.”
But the dark web is not going anywhere, said Laliberte. “The only way to seriously disrupt underground marketplaces is to continue to shake the confidence of buyers and sellers.”