Underground Marketplace model in decline as cybercriminals switch to chat channels to trade illegal goods
June 4, 2018
Climate of fear and mistrust following the AlphaBay and Hansa takedowns leads to cyber criminals moving to less convenient decentralized platforms, such as Telegram according to a new research report from Digital Shadows
London, June 5, 2018: The FBl and Dutch National High Tech Crime Unit led action in July 2017 to take down the two most used criminal marketplaces has led to a decline in the dark web marketplace model, but cybercrime has found a way. According to the new Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Age report from Digital Shadows, the leader in digital risk management and relevant threat intelligence, the cybercriminal community has instead fallen back on alternative ways to conduct transactions across decentralized markets and messaging networks such as Telegram. Alongside this, criminals have adapted their processes to increase the security, reliability, and trust of existing sites. These trends predate the AlphaBay and Hansa takedowns, but have become more acute as the marketplace model continues to struggle.
Within the English-speaking community, AlphaBay was a significant player and its demise left a gap. However, almost one year since the AlphaBay and Hansa takedowns, no single marketplace has risen to the top. Mistrust and fear are rife, and, alongside hidden financial costs associated establishing a new market, this has prevented a new marketplace from flourishing.
Telegram in particular is proving increasingly popular. Over the last six months, the Digital Shadows analyst teams have detected over 5,000 Telegram links shared across criminal forums and dark web sites, of which 1,667 were invite links to new groups. These covered a range of services, including cashing out, carding and crypto currency fraud.
Rick Holland, CISO & VP Strategy at Digital Shadows said: “Historically, when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of “whack-a-mole” where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”
Cybercriminals did try to set up alternative market places in the immediate aftermath. Some users were so fond of their former haunt that they tried to form a new iteration of the site called GammaBay, but experienced limited uptake. Similarly, the promising Olympus market disappeared after it failed to foster trust among the criminal underground. Another exists in the form of ‘Dream Market’, but it has failed to capture market share amid poor user experience and suspicions of law enforcement activity.
Blockchain technology has been seen by some cyber criminals as a ‘savior’ to imagine alternative models for decentralized marketplaces. Sites that are hosted on blockchain, often with the “.bazar” TLD, are perceived to be less susceptible to law enforcement takedowns. This is why notable sites, such as Joker’s Stash, have switched to blockchain hosting. Taking a similar approach, the decentralized marketplace, OpenBazaar, has also experienced steady growth, with nearly four thousand new users signed up in the last four months. While it’s far off becoming a panacea to overcome the concerns about trust, interest in blockchain hosting has increased.
Rick Holland at Digital Shadows concludes: “The FBI take down has (for now) made the dark web marketplace model less viable. The barriers to entry has shifted upwards; criminals are more likely to be deceived by each other. However, cybercrime is not going away. Instead criminals have turned to alternative ways of interacting online.”
To read more around this research, read our latest blog post on Market[.]ms here.
ABOUT DIGITAL SHADOWS
Digital Shadows enables organizations to manage digital risk by identifying and eliminating threats to their business and brand. We monitor for digital risk across the widest range of data sources within the open, deep and dark web to deliver tailored threat intelligence, context and actionable remediation options that enable security teams to be more effective and efficient. Our clients can focus on growing their core business knowing that they are protected if their data is exposed, if employees or third parties put them at risk, or if their brand is being misused. To learn more, visit www.digitalshadows.com.