Sign up to our newsletter
The latest security news direct to your inbox
Ever since two researchers announced they had a method to “uncloak” Tor users on dark web sites for less than $3,000, there has been a flurry of activity in the “anonymous” online service, particularly the markets that fit the description of a ‘dark web’ – new rules, new technologies, new addresses.
But new shops are opening, slicker than ever – and business is booming.
Designed with the help of U.S. military experts, The Tor Project is still heavily funded by the U.S. government – even the NSA grudgingly admits it is “the king” of anonymity – but its dark web sites are now full of discussions about theives, informers, hackers, and PGP keys.
Tor is a privacy tool which allows users to access “hidden” sites, with the .onion suffix, which cannot be accessed via other browsers – users instead use customised bundles of open-source browsers such as Firefox. It’s used by political activists – but also plays host to some of the most terrifying classified ads ever made. Even worse than the ones in local newspapers.
One Tor user – who wished to remain anonymous – said that the new dark web markets (dozens of them) were often bourgeois and upscale, offering premium, imported marijuana with high-end customer service. Sites such as Tor Bazaar openly shun weapons and pornography.
One market, Middle Earth, offers competitions with free Ecstasy pills as prizes. Others have adverts: “Honest Cocaine: Life May Not be Honest But Our Cocaine Always Is.”
Contrary to mainstream media reports, the Silk Road bust did little to stem the trade. Tor itself pointed out that the suspects were “found through actual detective work.”
The Tor Project continues to improve security (new measures defending against the relay attack were revealed this week). New dark web markets and new ads continue to sprout up.
This week, easily accessible via a Reddit thread, were: Behind Blood Shot Eyes, Farmer1, Bungee54, Dutchy Anonymous, Onionshop, The Majestic Garden, Pandora, Russian Anonymous Market, Silk Street, Acorah, Andromeda. Blue Sky Black Bank, The Pirate Market, Outlaw market, Hydra, Agora.
Many dark web sites have shifted their URLs, and restructured their finances – Bitcoins are transferred through “multi-sig” transactions for security. The Pirate Network advises: “When signing up NEVER use your actual email address, remember to keep your darknet alias completely separate from your actual identity.”
V3 reported that Tor warned users to “assume” they had been affected. They have – but as these adverts show, business continues as usual.
“Please do not contact us regarding regular SEO work” begs an agency who specialize in making businesses burn – and can even make estate agents look more untrustworthy than they already are. It seems unlikely that anyone would, given how they describe themselves.
“Our team of dedicated hackers have over five years of experience in doing this professionally. Hit the first page on Google under any name or company name while trashing their reputation. Advertise warning about a business where it hurts them most (eg. real estate websites, yellow pages etc… depending on the business). Prices are discussed in private.” All you need is a PGP key for privacy, around $5000, and a complete lack of morals.
For anyone who has built up 1,000 Facebook friends, this may come as a shock – all that effort is woth £3, on Tor Bazaar. As an ESET guide explains, account details are valuable to cybercriminals – and this vendor offers email addresses and other detials as part of the deal.
“These accounts are perfect for getting ~500 slaves for your RAT’s botnets and such. All accounts are checked and in full working condition when delivered!” he promises. “If your account does not work PM me, I will check and if that’s the case I will replace your product with a working one otherwise a full-refund will be made!”
ESET’s guide to Facebook privacy and password hygiene may help prevent your hard-won 1,000 friends being sold for £3.
Many hackers offer data sourced from insiders at companies – such as one which will trace a cellphone, presumably via a company insider. The trace is performed live.
“Track down any cellphone in the UK without the users permission or knowledge. Simply enter a number and get results directly from the cell company. Offered as a service or as source code,” the hackers offer.
Prices range from $150 for a trace to $1,000 for source code.
The hackers say, “Code must be used with a VPN as this is a live hack into cell network data.”
Free ‘tester’ packs of drugs are a standard sales techniique – for instance, vendors on Tor Bazaar offer 1/10 grams of cocaine for less than $10.
But one vendor goes further: “You can snort, shoot and smoke it. They claim they have the best Heroin straight from Turkey.” All you need is to be in Holland, and willing to risk a rapid and pointless death if the heroin happens to be either A) too strong, or B) poison. Write a will bequeathing your Bitcoins to your loved ones first.
‘Dark markets’ are full of liars, cheats and thieves. Packages often fail to arrive, or vendors offer deals so utterly insane there are two possibilities. One: they are insane. Two: they will just run away into the sunset with your Bitcoins.
Political assassination is an expensive business – but a mysterious trio offer efficient kills, as long as no “Top 10” politicians are involved. “We are a team of 3 contract killers working in the US and Canada) and in the EU.Once you made a “purchase” we will reply to you within 1-2 days, contract will be completed within 1-3 weeks depending on target.Only rules: no children under 16 and no top 10 politicians.”
The price is around $20,000. Politicians just outside the top ten – transport officials for instance – should be safe from the deadly trio.
Many adverts on ‘dark markets’ are fakes – designed to lure unwary users into handing over account details or Bitcoins. One recent ad promised, “Im offering a 9mm (9x19mm) ERO UZI with Silencer with 5 Magazins each 32 rounds The Silencer is very quiet and doesnt need subsonic ammunition for normal use.” (sic.)
The vendor promised a unique, effective way of shipping the weapon across borders – and a library of pictures…. which attempted to install software on your machine each time you clicked. Each image was a URL on Tor which turned out to download an .exe file and at a guess, the software was probably not a free user guide thrown in by the kind vendor.
Banking Trojans are sold through most dark net markets – but it helps to have a command of Russian, as the latest tend to be on sale on Russian-language forums. Hackers aren’t team players, though. One advertiser says, “We hack Yahoo, Hotmail, Gmail, Facebook.”
Hackers offer Trojans, bespoke attacks (designed to attack a particular company), or RAT (Remote Access Tools), often used to spy on teenage girls via webcams. Others are professional spyware, whose uses are presumably industrial espionage: “This RAT was written by me and cannot be blocked. Tested with the strictest firewall policies. Cannot be reversed without the private key. Automatically maps all hard disks and network disks. Creates a map of files to browse even when the target is offline.”
Others are less professional – but much more scary: “”Ill do anything for money, im not a pussy :) if you want me to destroy some bussiness or a persons life, ill do it! i can ruin them financially and or get them arrested, whatever you like. If you want someone to get known as a child porn user, no problem.”
Author Rob Waugh, We Live Security