With the police recently announcing the takedown of two of the dark web’s largest marketplaces for illegal goods: AlphaBay and its substitute, Hansa, it won’t be long for another to start-up.
Through a combination of online and conventional detective work, federal agents shut down these two hubs of criminal trade and arrested the major players involved.
This will be a substantial blow to the dark web’s community of consumers, who had taken to AlphaBay, and then, Hansa, after Silk Road 2 went under.
However, with these kind of websites having a reputation to be extremely persistent, authorities often find themselves playing a whack-a-mole game with the various sites.
Among dark web experts, there’s a general consensus that there will only be more dark web marketplaces and subsequent takedowns to come.
Despite the sophistication of anonymity tools like Tor and Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude.
How easy is it?
Criminals and undercover cops alike hide under the anonymity offered by Tor and other safe practices when using bitcoin to buy and sell illegal goods.
Making the dark web a nebulous playing field for digital crime where neither side can catch the other.
Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed resume listing cryptography and server admin skills.
“It is never really the technology, for example, Tor, that lets these operators down,” said dark web researcher Sarah Jamie Lewis.
She added: “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.”
“Running such a service is hard,” said Nicolas Christin, an associate research professor at Carnegie Mellon University who specializes in cybersecurity.
“A single slip-up like this can have domino effects. And the problem is that, while you get reasonable protection at the network level from Tor, for everything else, you are on your own.”
What these criminals should do, according to The Grugq, an anonymous information security researcher, is create an anonymous John Doe persona, complete with a fake email address, phone number, home address, and life history.
“That way, when he makes mistakes, which he will do, he exposes John Doe, this nonexistent nobody.” said The Grugq, “People tend to make mistakes and then rather than start over from scratch, they think, ‘Eh, what are the odds that that one mistake will be found? It’s probably fine.’ And of course, it is never fine.”
If mistakes ran so rampant in the AlphaBay operation, how can people keep them running for say six months and gain as much as $1bn in transactions?
It took two whole years of operation before authorities found his poorly hidden email address, combing through old forums and hidden links.
Changing their ways
As hacking and criminal marketplaces abound, officials are still struggling to adjust their methods accordingly.
“Law enforcement is really playing a game of catch-up and has been for a long time, which is one of the things I’ve seen when I was a federal prosecutor,” said Marcus Christian, a former prosecutor who is currently a partner in law firm Mayer Brown’s cybersecurity practice.
Some defend dark web markets as a way to make the drug trade less violent.
In a 2015 TED Talk, tech blogger Jamie Bartlett made the argument that sites like AlphaBay are at least a peer-reviewed way to buy drugs, malware, and other paraphernalia.
That TED Talk pointed to several advanced features of AlphaBay that perhaps will affect the future of the dark web and the internet in positive ways.
AlphaBay gave people a way to peer review drugs and discredit sellers that didn’t deliver on time, didn’t deliver the products that they promised, and otherwise left customers dissatisfied.
The Grugq wrote on Medium: “Great job ridding the world of a non-violent drug distribution channel that virtually eliminated risk and significantly reduced harm to addicts.”