It seems the chickens have come home to roost. Crime markets that have benefitted from the anonymity offered by the TOR browser are now suffering because of it. The attacks have been causing havoc among a number of websites that cater to criminal enterprises on the dark web.
The sites so far identified as having been attacked are Dream Market, Empire Market, and Nightmare Street. These three are the biggest dark web criminal marketplaces today, and they are well known for selling illegal substances such as guns, drugs, hacked data, and malware — the usual things one would find in the seedy underbelly of the internet.
It seems that the first marketplace to shut down has been Dream Market. In a message to users, the moderators and admins have said that they are unable to continue due to the massive scale and time frame of the DDoS attacks. The operators of the marketplace said in a post that the attacker promised to stop if they paid $400 thousand in ransom money.
The marketplace management decided not to, instead of going the route of trying to secure their service only to fail in the attempt. They have said that any attempt to stop the DDoS attacks would be futile as the exploit lies within the TOR network itself. They announced their intention to close down and move their market resources to a partner company that they say is a “fair and honest company.”
The attacks which had been going for the last seven weeks stopped as soon as the message was put out. It is clear though that the attacks on other markets have only just begun. The prime target for the new wave of attacks has been Empire Market that experience only intermittent attacks in the last month. Now those attacks are starting to happen more often, and much the same is expected for the marketplace. Either close down or pay the ransom.
Other marketplaces that were targetted were Nightmare Market and Wall Street Market, though the latter has been decreasingly affected since the owners ran away with the users’ funds in an exit-scam. This means that extortionists have no interest in a market that has been left in complete and utter disrepair.
What is not known about these attacks, if they are clearly the work of extortionists just looking for a quick payday or if they are the work of competitors in a market that is not exactly known for its clear and transparent industry standards.
There are many who do think that it is more likely that it is the work of competing markets. Extortionists tend to come and go – and anyone who works with them is putting a large target on their backs. If you pay once, so the saying goes, you’ll definitely pay again. The trial of Ross Ulbricht, where it was discovered that a moderator of The Silk Road paid many an extortionist to keep the booming marketplace open during its heyday.
However, the more likely scenario is that competitors are using these DDoS attacks to gain market share. There have been closures in the dark web that have left thousands of users up for grabs. These cutthroat methods are the norm when such large closures had come before, most notably when The Silk Road was finally shuttered.
Federal agencies in the United States have been successful in the last few months in shuttering some of the larger markets which have precipitated a fight for these errant users.
There is a third option though. It could be as simple as law enforcement using the tools that hackers have used for years. This would enable them to centralize the criminal marketplaces and maybe even push users to those that the law enforcement agencies have in their sites. More birds with fewer stones, as the old saying goes.