On June 20, law enforcement took over the Hansa marketplace after investigations that began in 2016. On July 5, police in Thailand arrested Alexandre Cazes, alleged to be the operator of the large underground market AlphaBay. These efforts have taken two of the largest darknet markets offline.
AlphaBay, and later Hansa, was one of many markets that filled the void left by the notorious drug sales market Silk Road, which was shuttered by law enforcement in 2013. Some of these opportunistic markets quickly shut their doors, while others were scams to take advantage of buyers looking for new places to purchase illegal goods. Sheep Market absconded with more than $40 million in an elaborate exit scam. Evolution bilked $12 million from vendors in 2015. Other markets have come and gone for various reasons, including law enforcement takedowns such as Silk Road 2.0 in 2014. AlphaBay opened shop in 2014 and by 2015 had become the largest darknet marketplace. Until their recent takedown, AlphaBay remained the longest lasting market also ranked at the most popular while Hansa was ranked third.
Drug sales are the main driver behind the plethora of darknet markets. Following Silk Road, most markets opened their policies to include many items, including guns and stolen data. Partially due to the 2014 retail dumps, excess credit card data drove the growth of new markets, as discussed in my article “Dynamic Changes in Underground Data Markets.” Customers who otherwise would not have purchased stolen digital content now had easy access, creating more demand. Botnets, hacking services, and other cybersecurity-related goods also appeared on new markets, attracting impulse buyers who otherwise would have had no access.
The recent law enforcement takedowns will inevitably change behaviors in current markets, temporarily reducing the buying and selling of illicit digital goods. Both buyers and sellers will be on guard, but it is naive to believe that stolen data and malware sales will decline. The takedowns of these markets will be only a hiccup in overall sales because other markets are quite willing to take on new customers.
It is relatively simple to use search engines and popular communities to find a list of darknet markets. Sites such as Dream Market are still very active. Dream Market is mostly a drug-sales market but also includes a large amount of digital goods. The following screen image shows postings for stolen accounts, including digital streaming accounts, and various fraud tools.
We also expect to see continued sales of stolen data and malware because some markets, especially the smallest, are eager to take on the new business. The relatively new market House of Lions is offering AlphaBay vendors discounts to move their shipments to its platform. These new platforms need established, trusted sellers to bring in more clients.
We’ve already seen evidence of customers quickly migrating to new markets, with some struggling to keep up with the influx of users. Hansa, which has been operated by law enforcement since June 20, saw a large influx of AlphaBay users flock to its services. On July 17, law enforcement halted registrations to deal with the large migration.
Unlike in the days of Silk Road, buyers and sellers have many choices today. Formerly, darknet markets used various digital currencies and were just beginning to use Bitcoin as their primary means of trade, according to the McAfee report “Digital Laundry.” Silk Road popularized Bitcoin for darknet markets and it remains the primary currency. Several markets—such as Wall Street or Trade Route, which offer stolen databases and identity theft data among other goods—are experimenting in other crypto coins, such as Monero.
Buyers looking for ransomware can find listings on Zion. Nearly all the darknet markets deal in stolen credit cards, so there are plenty options. Each market has its own focus and features. Buyers and sellers inconvenienced by the takedown of AlphaBay and Hansa will find their way to one of the many options available today, just as with legitimate retail shops.
Darknet markets fill the demand for digital data. Although facilitators of those sales were taken down, the market for data still exists. We will still see the buying and selling of credit cards, databases, entertainment accounts, and other data. The demand will also continue to lead to attacks to acquire this data. If enough markets are taken down, it may eventually become too risky for criminals to remain in business, but in the meantime we must be diligent to protect our assets.
You personally may not be able to secure all your data because much of it may be stored outside of your control; however, there are many ways to reduce risk. For businesses, this includes maintaining proper procedures and security practices. For individuals, this includes good security hygiene. Never share passwords and keep an eye on bank accounts for suspicious activity. As long as there is value in data, we must take steps to secure it.
 “Dynamic Changes in Underground Markets,” by Charles McFarland. Cecile Park Media, November 2016.