Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us


    Author Archive - Vincenzo Ciancaglini (Senior Threat Researcher)




    2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail.

    In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short – and colorful – lives before collapsing.

    Figure 1. Timeline of the Deep Web

    This was not the only factor that led to chaos and disorder within the Deep Web. Law enforcement actions also shut down multiple market places, and technical developments in anonymity and cryptocurrency technology have also changed the Deep Web in 2014.

    Law enforcement strikes back – Operation Onymous

    Ulbricht may have been one of the first high-profile arrests related to the Deep Web, but he was far from the last. In what was called Operation Onymous, 17 people were arrested and 414 different .onion domains seized by various law enforcement authorities from various countries. The seized sites included underground marketplaces as well as money laundering sites.

    Law enforcement has not said how they were able to locate the servers and persons involved in these underground sites. One of the developers of Tor, Jacob Applebaum, has stated the he believes that the arrests were due to confessions from at least one Deep Web site operator.

    One side effect from the Operation Onymous may be the emergence of businesses specifically tailored for Deep Web site hosting. Merely hosting a site on the Deep Web is no guarantee of anonymity and safety on the part of users (a single Bulgarian ISP was responsible for hosting 129 of the seized domains). Some hosting providers and e-commerce platforms may choose to provide advanced services to Deep Web clients such as cryptocurrency support, escrow services, and two-factor authentication.

    Let a hundred marketplaces bloom

    Even before Operation Onymous took place, multiple marketplaces had appeared in the Deep Web offering all sorts of (mostly illegal) wares. Not all of these marketplaces proved to be particularly enduring. Sheep Marketplace shut down after claiming that they had been robbed of bitcoins, but users alleged that far more money had been stolen by site owners. Atlantis Marketplace shut down, citing security concerns.

    Much as had happened before, the shutdown of high-profile Deep Web marketplaces sent users scurrying to various replacement sites. One key difference with the post-Onymous cycle was where these marketplaces were “located”.  Some of these sites used the Invisible Internet Project (I2P) network, in addition to or supplementing Tor.

    Some of the most popular marketplaces today are Agora, Evolution, WhiteRabbitmarket (present on I2P), Themarketplace (exclusively on I2P), Tortuga (present on I2P) , and an I2P-exclusive version of Silk Road.

    New technology and cryptocurrencies

    The technology used in the Deep Web has also evolved. We’ve already noted the adoption of I2P by some deep web sites. In addition to this, we have also seen new cryptocurrencies that attempt to use blockchain technology in interesting ways that add features.

    One of these new currencies is Cloakcoin, which claims full anonymity and untraceability of the transaction chain. It scrambles requests across various open wallets (similar to Tor’s onion routing). To entice users to keep their wallets open, a 6% annual interest fee is offered. Cloakcoin also natively includes an escrow function; this allows two parties to securely perform a commercial transaction using a third-party escrow wallet that guarantees money only gets transferred when both sides of the transaction are satisfied.

    Another emerging project was OpenBazaar, which was aimed at building a platform for anonymous, untraceable marketplaces. It also used blockchain technology to implement escrow, order management, user identities, and reputation management.

    Conclusion

    2014 was a year of much turmoil in the Deep Web. Law enforcement took down many high-profile sites, doubts about Tor’s actual anonymity grew, and new tools were deployed by Deep Web actors. We can only expect to see more of the same in the months to come. The arms race between law enforcement and threat actors will only continue to intensify, and we can expect more marketplaces and tools to make their appearance and advance the state of the art in this field.

     
    Posted in Bad Sites |



    While Ross Ulbricht, the accused operator of the first Silk Road Marketplace, remains in trial in New York, a new version of the deep web site, named Silk Road 2.0, has been launched yesterday. The launch was announced through the Twitter account of Dread Pirate Roberts, the pseudonym Ulbricht allegedly used while operating the site.


    Figure 1. Twitter announcement of the new Silk Road

    The new site has a new login page which parodies the FBI seizure page of the old Silk Road site.


    Figure 2. Login page of the new site

    According to its new front page, the new Silk Road offers users the additional option of being able to use their PGP keys to secure their communications.


    Figure 3. Silk Road main page

    In an official announcement published on the Silk Road Forums, a separate site hosted in the TOR network, Dread Pirate Roberts explains that the launch will take place over several days, starting with an initial launch on the 5th of November, and ending on the 9th of November, when the marketplace is supposed to regain full functionality.


    Figure 4. Silk Road announcement.jpg

    News of the resurrection of Silk Road has been immediately picked up by the mainstream media, with some speculation that the newly launched site may be just a honeypot setup to catch the remaining user base of the old Silk Road.

    More Deepweb Marketplaces Online

    However, relaunched Silk Road is not alone, as other marketplaces have also sprouted online. A new marketplace, named Pandora, was spotted. According to its creator, Pandora features better security for customers because it has a stronger verification process for sellers and high fees for first time vendors, discouraging possible scammers. Pandora currently has more than 2,000 active users, with most activity revolving around narcotics.


    Figure 5. Pandora home page

    The Black Market Reloaded, a Silk Road competitor, is also back online after being shut down after the Silk Road arrest. Currently, there are more than 6,000 posts related to narcotics and more than 1,000 posts about services such as coding, hacking, and counterfeiting money or documents.


    Figure 6. Black Market Reloaded home page

    These marketplace launches and relaunches show just how active and vibrant the deep web is. Such activity is the reason why Trend Micro is actively involved in analyzing and monitoring activities related to the deep web.

    Our Forward Looking Threat Research Team recently published a detailed report covering all the technologies related to deep web sites and the kind of transactions that take places, focusing on the kind of goods such as credit cards, counterfeit moneys or e-crime services. You may read the paper, Deepweb and Cybercrime: It’s Not All About Tor.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice