Dark Web Mar­ket­places

Middle East Business (English) - - NEWS - By Alas­tair Pa­ter­son CEO and Co-Founder, Dig­i­tal Shad­ows

We've all heard the phrase : "When one door closes, a win­dow opens." You can bet that as you're read­ing this, those en­gaged in cy­ber­crime on the dark web are look­ing for that next 'mar­ket­place win­dow 'to open.

The clo­sure of Al­phaBay by an in­ter­na­tional law en­force­ment in­ves­ti­ga­tion, fol­lowed soon there­after by Hansa, has left many won­der­ing about the fu­ture of dark web mar­ket­places. An ero­sion of trust in these more es­tab­lished mar­ket­place mod­els will likely de­rail ef­forts by oth­ers to fill the void quickly. But the fact re­mains, sell­ers still need to find cus­tomers and cus­tomers still need ac­cess to il­licit goods and ser­vices. So what’s next for il­le­gal, on­line trade? And should I be in­ter­ested? As I dis­cussed in an on­line ar­ti­cle1, it is im­por­tant to re­mem­ber that crim­i­nal ac­tiv­ity isn’t limited to the dark web, par­tic­u­larly given the fact that some coun­tries don’t ex­tra­dite cy­ber­crim­i­nals. This is es­pe­cially the case with more so­phis­ti­cated crim­i­nals. With min­i­mal con­se­quences, some crim­i­nals have no in­cen­tive to hide. As a re­sult, cy­ber­crime is an In­ter­netwide prob­lem, al­most equally present on the deep and open web. That said, it’s also safe to as­sume that dis­il­lu­sioned buy­ers are seek­ing al­ter­na­tive, more se­cure and anonymised meth­ods for con­duct­ing on­line il­licit trans­ac­tions via the dark web. De­spite the pop­u­lar­ity and con­ve­nience of Al­phaBay for sell­ing drugs and credit card in­for­ma­tion, for years cy­ber­crim­i­nals sell­ing sen­si­tive data or mal­ware vari­ants fre­quently opted for di­rect peer-to-peer (P2P) com­mu­ni­ca­tion and re­la­tion­ships made on spe­cialised fo­rums. The P2P model pro­vides more con­trol and helps safe­guard against exit scams and loss of funds, which weighed heav­ily on ven­dors and cus­tomers. We’re now see­ing a more “for­malised” ap­proach to this method of trade. One of the first fully-de­cen­tralised P2P mar­ket­places is known as OpenBazaar, an open source project that al­lows the un­re­stricted sale of goods be­tween anony­mous buy­ers and sell­ers. OpenBazaar is ac­cessed through a front-end client that can be freely down­loaded from the project web­site. All trans­ac­tions are made us­ing Bit­coin and are recorded on the project blockchain as cryp­to­graph­i­cally signed smart con­tracts. This ad­dresses prob­lems with user trust; if all trans­ac­tions are per­ma­nently recorded, ven­dors who at­tempt to scam buy­ers can be more eas­ily iden­ti­fied. Fur­ther­more, plat­form op­er­a­tors have no con­trol over list­ings and the plat­form is split among many nodes, mak­ing it highly re­silient to law en­force­ment take­downs or at­tacks by other crim­i­nal ac­tors. The suc­cess of these new mar­ket­places re­mains to be seen and de­pends on these five driv­ers:

1. Adop­tion – Blockchain projects are not yet main­stream and are not widely un­der­stood. These plat­forms must be­come more com­monly used be­fore crim­i­nal ac­tors will trust and em­brace them.

2. Con­tent con­trol – Lack of cen­tralised con­trol is a dou­bleedge sword, it makes the plat­form re­silient but it also means there is less con­trol over the ma­te­rial up­loaded, open­ing up the door to ma­te­rial that even crim­i­nal ac­tors find ob­jec­tion­able. Mar­ket­places that im­ple­ment some level of con­tent con­trol will be more at­trac­tive.

3. Ven­dor at­trac­tion – Cus­tomers want to shop at mar­ket­places with suc­cess­ful ven­dors. Those mar­ket places that at­tract prom­i­nent ven­dors will nat­u­rally be­come more pop­u­lar. 4. Se­cure com­mu­ni­ca­tions – Blockchain-based plat­forms pub­licly record all mes­sages, com­pli­cat­ing pri­vate mes­sag­ing be­tween users. Plat­forms that can in­te­grate se­cure mes­sag­ing sys­tems with­out com­pro­mis­ing per­for­mance will at­tract more crim­i­nal ac­tors.

5. User ex­pe­ri­ence – As with all shop­ping ex­pe­ri­ences, mar­ket­places that can es­tab­lish sta­ble, fea­ture-rich in­ter­faces that seam­lessly in­te­grate pay­ment plat­forms (in this case cryp­tocur­rency plat­forms) will en­tice more users.

The emer­gence of de­cen­tralised mar­ket­places within the crim­i­nal ecosys­tem poses sig­nif­i­cant chal­lenges for law en­force­ment agen­cies and pri­vate se­cu­rity ven­dors. Al­though pub­lic blockchains can be freely mined for data, the very high vol­ume of con­tent is likely to make pars­ing this in­for­ma­tion and de­vel­op­ing ac­tion­able in­tel­li­gence very tech­ni­cally and lo­gis­ti­cally chal­leng­ing. Fur­ther­more, pre­vi­ous law en­force­ment op­er­a­tions tar­get­ing crim­i­nal mar­ket­places or fo­rums have tended to re­volve around tar­get­ing site op­er­a­tors or geo-lo­cat­ing servers and con­duct­ing raids; nei­ther of these would likely be ef­fec­tive for tar­get­ing a de­cen­tralised plat­form. In this sce­nario, it would be more ef­fec­tive to tar­get in­di­vid­ual prom­i­nent ven­dors or ven­dor net­works and at­tempt to iden­tify and lo­cate them, ad­mit­tedly a more piece­meal ap­proach. De­cen­tralised mar­ket­places are not yet the dom­i­nant model, with many buy­ers and sell­ers hav­ing moved to other mar­ket­places, such as Dream.

How could this af­fect me?

A com­pre­hen­sive as­sess­ment of your dig­i­tal risk starts with know­ing where to find it. With an ap­proach that com­bines tech­nol­ogy and hu­man ex­perts look­ing across the open, deep and dark web, you can un­der­stand not only where and when you are men­tioned on­line, but also why, by whom and the likely im­pact to your or­gan­i­sa­tion. This breadth and depth of cov­er­age is es­sen­tial to pro­tect against threats as­so­ci­ated with fo­rums and mar­ket­places and, ul­ti­mately, to for­mu­late a suc­cess­ful dig­i­tal risk man­age­ment strat­egy.

1. http://www.se­cu­ri­ty­week.com/

know-where-find-your-dig­i­tal-risk

Alas­tair Pa­ter­son

Newspapers in English

Newspapers from Palestine

© PressReader. All rights reserved.