In 1984, science fiction writer William Gibson became the father of the Cyberpunk fiction genre with his novel, Neuromancer. Neuromancer and its follow up novels, Count Zero and Mona Lisa Overdrive, can be interpreted as narratives about humanity’s grapple with technology and technology’s effects on the development of culture and crime. Strangely enough, these stories’ backdrop can also be mapped thematically to the real-world rise and splintering of the modern dark web marketplace and help teach us what’s in store for future users (and give me a chance to talk about sci-fi).
Buckle up! This blog post will be a bit nerdier than usual – minor spoilers for three science fiction novels from the 20th century ahead!
What Happens to Popular Dark Web Marketplaces?
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
Gibson’s novels, collectively known as the Sprawl Trilogy, often deal with the concept of Artificial Intelligence (AI). The first novel itself culminates with a single AI, Wintermute, developing into an enormous, monolithic system after it was able to evade and outwit law enforcement and other adversarial factions. It’s then struck down in the second novel by an outside force and explodes into a teeming multitude of lesser intelligences which inhabit cyberspace, also known as the matrix.
If Wintermute’s story sounds familiar, it’s because that’s beat-for-beat how many of the largest dark web marketplaces meet their end, with their users jumping ship to create new sites or make their trades off the Tor network entirely. Looking back to 2013, many of the roughly one million users of Silk Road likely migrated to other sites or created new ones when the marketplace giant was shut down by the FBI and Europol.
However, in 2017 one of the largest marketplaces at the time, Alpha Bay, had only 400,000 users when it was terminated by authorities. This can partially be attributed to the fracturing of the marketplaces on the .onion network – over time it has become more and more common for sites to maintain a selective membership rather than growing into Silk Road-esque goliaths. But like Wintermute, who was split into multiple, smaller selves, it’s clear the current dark web marketplace in 2019 is diminished compared to days of yore. However, the items and services available for purchase are only advancing!
Did you know? Many marketplaces also die out due to internal causes, like exit scams or the leakage of user details. For instance, Nightmare Market has been in disarray with talks of an exit scam, and around this time last year Olympus Market did the same thing.
Figure 1: Users on Dread (a reddit-like site for dark web marketplace news) reacting to the alleged Nightmare exit scam.
The Future of TOR: NETCRASH
It’s worth mentioning, not every popular marketplace is shut down by authorities; Digital Shadows recently reported a likely exit scam from one criminal dark web marketplace, Nightmare. Often a marketplace’s lifespan is affected by threats within almost as frequently as without – the more successful a site gets, the more lucrative an exit scam may be. While titillating, the shuttering of dark web marketplaces is nothing new. However, clear attempts to de-anonymise the Tor network are in full-swing, perhaps leaving some users fearful that the old havens are not as secure as they once were.
Another common theme of Gibson’s Sprawl Trilogy is how dangerous life can be on the net. Hostile forces ranging from the police, ghosts in the machine, and other hackers can pose huge risks, which cause many net denizens to hang up their hats. This seems to be what’s happening with many users on different Tor marketplaces. After countless busts, exit scams, and dodgy security controls, people are leaving in droves – many continuing to conduct business elsewhere. For instance, criminal forums like Sinister, Raid Forums, and Exploit are reasonably popular despite maintaining presences on the clear web.
Alternative marketplaces: At Digital Shadows, we often see cyber criminals trading credentials, payment card information, and other data on places like Telegram and Pastebin. These act as alternatives to sites or exit nodes that some users may no longer trust.
Figure 2: A Telegram message excerpt – the post exposes complete payment card details.
The dark web (and specifically Tor) isn’t going away any time soon. However, the winnowing of many Tor marketplaces, fear of eavesdropping, and frustrations from constant DDoS attacks are likely pushing many users away.
Monitoring for your company assets, whether those are related to your internal employees or external customers, is a large task but not an impossible one. If you want to go down the free route, take a look at our Practical Guide to Reducing Digital Risk and make sure to get a solid understanding of the dark web with our comprehensive blog on the topic, Dark Web Monitoring: The Good, The Bad, and The Ugly.
Dark Web Monitoring
In the next year it’s likely that organizations will see more customer information for sale on services like Telegram. And like cyberspace (which in the Sprawl Trilogy is exclusive and tightly controlled), many marketplaces on the .onion network are likely to become more mature, compartmentalized, and selective when it comes to their user base.
At Digital Shadows, we help our clients monitor for sensitive and unwanted information that is exposed on the dark web. This can include mentions of your products and assets being sold on criminal locations, research tools shared and sold on the criminal underground, and insiders selling valuable data or privileged access. You can learn more on our dark web monitoring page here.
A final note: All readers are encouraged by the author to read the Sprawl Trilogy. Also, for slightly less nerdy insights, subscribe to our threat intelligence newsletter to check out our other blog posts!