Empire Market Cartel Marketplace Hidden Links

What is a Darknet Store and Why Are People Who Run Them So Hard to Catch?

An Australian man has been arrested in Germany, accused of operating the biggest illegal marketplace on the darknet. Prosecutors allege the 34-year-old sold drugs, forged money, stolen or forged credit cards, anonymous mobile phone SIM cards and malware on the site, known as DarkMarket.

So what is a dark web store and why are people who run them so hard to catch? Professor of digital forensics at Edith Cowan University, Craig Valli, explains.

What do we mean when we say 'the darknet'? What is it?

You've got your internet, which allows us to all connect with each other, and the darknet is a space you can use with what we call a gateway service to connect to what is essentially another network. That network is not apparent to the internet.

The analogy you can draw here is people working from home and using a VPN to connect to work. You can use similar technologies to set up darknets as a protected network for people to set up shop, in this case, or share information. But what enables a darknet to be subversive, apart from offering privacy, is the sorts of things that are traded. We are talking about the usual suspects: drugs, child exploitation material, assassins for hire. Really dark stuff.

Darknet means that you cannot see it; it doesn't mean that dark things happen there. Unfortunately, though, dark things do happen. And that means a whole pile of higher level implications for governments and law enforcement. How does it work?

Darknet users have to install specialised software that uses countermeasures such as cryptography so it makes it hard for people to trace them. The IP numbers of people on the darknet don't make sense and you don't even know they're connected. In the darknet, nothing is recorded on the PC; there are no log files written of any chat.

Depending on how paranoid users are, and what they decide to modify further, within that darknet they'll have to use another VPN to connect to the person that they want to transact with. It's sort of like going down the rabbit hole. You've got layers of obfuscation of someone's IP address, masking who they are and then protecting them as they go.

You'd be stupid not to protect yourself. You're going somewhere that is a known "bad".

What was special about the DarkMarket?

Let's think about it from a cybercrime perspective. Imagine we planned to hatch a plot to take down an Australian politician and we want to buy some cybercrime tools.

We can do the silly way, which is to go on the internet and post on public boards and say, "Hey, we want to buy some malware, can you help us out?" People in the conventional security and intelligence will have eyes on that and catch you.

However, if we go into the darknet, we'll be able to find those same items with very little risk of someone finding out. Don't think for a second that the intelligence community and security agencies are not operating in those areas, but on the darknet you can choose anonymity.

It makes it easier for people to do really bad stuff. There are high levels of criminality, high levels of harm.

What kind of people get involved in these platforms?

They would fit the typical criminal profile for any crime anywhere else on the planet.

And the darknet is an equal opportunity employer. It employees poor people, young people, old people, smart people. What makes you successful? Knowledge, motivation and opportunity. You don't need a lot of knowledge to set up some of these things, but you need the motivation to make money.

The proliferation of cloud services means everyone's becoming more comfortable with virtual private servers. So the info infrastructure is also helping people to be able to do these things. The other enabler, of course, is the maturation of info-space that allows these marketplaces not to exist in a physical place.

It can exist in multiple places at once. Virtuality helps as well, in terms of the obfuscation. You can have a piece of software that sits in Perth for the next 30 seconds while a deal is underway: it goes across the network to Melbourne or it goes to Rajisthan or Uzbekistan, all over the place.

In a standard network there is a router on the organisation. That's where you can track and trace. Technology used on a darknet is designed to just leave remnants, or no remnants at all, so the piece of software may run on a device for the length of the transaction and then not be found again. It destroys and just disappears.

But there must be infrastructure somewhere. How is it hidden?

In the same way that a drug lab may be set up by conventional criminals in disused space, you need to think about a darknet operation in terms of the hard, physical gear required in the same way you would a meth lab. These darknet guys are looking for space to base their operations.

The DarkMarket is said to have set up in a disused NATO bunker in the south of Germany. The reason they use these spaces is that no one goes there and they typically had good power connections. A lot of them, being ex-military use, aren't that far from large internet connections, or "points of presence", as they are called.

In the same way that traditional dope growers steal electricity from the grid, the same same sort of modus operandi occurs with this. But there are also going to be darknets flourishing on servers where a particular nation state doesn't really care about what's there. They may think, "Yeah, we'll keep the platform running for you. We don't care what's on it."

In some countries you can't be prosecuted for hosting an illegal website unless it can be proven that you know that it's supporting illegal activity.

A similar example is this: after Cyclone Katrina in Florida, spam on the internet dropped markedly, by 60 or 70 per cent. Why? Because all of the servers were in the US state of Florida, which has amendments to the Racketeer Influenced and Corrupt Organisations (RICO) Act, allowing civil forfeiture proceeding for tangible and intangible property.

That's why there's a stereotype of mobsters and dealers living in Florida, with Picassos hanging on their walls. If they eventually get caught there's nothing stopping their partner taking the art off the wall, selling it and walking away with the money.

What's life like if you're constantly avoiding police?

A darknet boss would likely hide in plain sight. He would go to the football, have a few drinks. But he would probably not spend a lot of money (so as not to draw attention to himself and not leave traces). Some criminals are motivated by having lots of money, and by the power or the thrill.

But these people are equally likely to be super paranoid, have different ethical frameworks and decide something we might fight morally reprehensible is perfectly fine.

If they're so good at hiding, how do they get caught?

This sort of stuff is a significant disrupter of criminal systems and the way crims do business. Law enforcement and intelligence are disrupting their patterns. There's a whole retraining that's occurring in the police force and intelligence that's just started to get a handle on that.

But the other thing to question is why we place a mystery status on the darknet.

It's just an alternate use of existing technologies to produce an incredibly private, paranoid place for people to cohabit and do whatever they do. And to bring those people down we've got to be among them.

Following the money trail

Governments and law enforcement are getting better at doing "track-and-chase". In theory it's the same way they got Al Capone: tracking the money.

We've seen a tightening of regulation around transferring large sums of money or money laundering and the Government has mechanisms to control traditional money stuff in traditional currencies. But where it all goes to hell in a handbasket is with the use of cryptocurrency.

One of the favourite ones, of course, is Bitcoin, and also Monero.

But there are hundreds of bitcoins out there. There's one that's actually designed to be completely anonymous, called darkcoin. It's basically used so that you can't trace the transaction. With Bitcoin you can trace some of the transactions, so depending on which currencies are used it's hard to do track and trace to find out where the money's gone.

Bitcoin is rapidly becoming an alternate currency. It means the banks feel like they're missing out, so they're starting to offer Bitcoin trading services. But again, because of Bitcoin's popularity in Australia, it still hits the $10,000 buffer on how much can be traded. But some of the lesser known cryptocurrencies are further off the radar.

The rise of Silk Road was synonymous with the rise in value of Bitcoin. And we're seeing increases in cryptocurrency values so that's starting to drive these sorts of things.

Exchanging of non-digitised goods like drugs must offer a weak link?

To maintain anonymity when money or hard goods are exchanged, intermediaries can be found and then hired via the dark web. The transferring of the money is a problem. As soon as you do so, you start to leave breadcrumbs. It becomes suspicious.

So they set up all the architecture that we have in our commercial systems inside the darknet.

But anything that's digitised is dynamite. That includes malicious software for sale or cyber criminals to penetrate a network and exfiltrate information, or to generate malicious code that someone might put on your phone to track you, for instance. So lot of that stuff goes down, particularly in marriage bust-ups and stalkers.

Anything you can think of that is unadulterated evil, it will be in a darknet somewhere for a price.

How does a darknet boss trust their customers?

For an operator on the darknet, an important question is how to validate a person that's totally anonymous to them. With criminal gangs, there are always points in a relationship where people "prove" themselves. With paedophiles, that may be the exchange of child exploitation material.

So that remains one of the big risks for someone operating a darknet: how do they know that the person who's in there, who's observing, is not a "force for good" service? At some point they have to take a risk. If they get caught they can shut down their site, use technology to make it disappear completely, and set up again somewhere else.

The size of the internet now is vast. The Australian boss of DarkMarket was possibly unlucky. The problem for law enforcement is that there are still plenty more criminals operating on the darknet and still plenty of places to hide.

Craig Valli is Professor of Digital Forensics at Edith Cowan University.


Read Comments & Discuss This Article on Dread

Share this article

  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
Maybe you’ve heard of the Silk Road market (or
Earlier this week, noted security researcher and
At least $11 billion in unemployment benefits so
Ever wanted to get access to your spouse’s
Global Drug Survey finds 15% of global
The COVID-19 pandemic is still raging through the
Rise of professional criminal gangs,
Boneless was one of HackBB's most tireless
Cybercriminals are taking advantage of the
  • 1
  • 2
  • 3
Cartel Marketplace   Hidden Links   Onion Scanner


Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…