• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   The Deep Web: Shutdowns, New Sites, New Tools

The Deep Web: Shutdowns, New Sites, New Tools

  • Posted on:March 10, 2015 at 10:22 am
  • Posted in:Bad Sites
  • Author:
    Vincenzo Ciancaglini (Senior Threat Researcher)
0

2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail.

In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short – and colorful – lives before collapsing.

Figure 1. Timeline of the Deep Web

This was not the only factor that led to chaos and disorder within the Deep Web. Law enforcement actions also shut down multiple market places, and technical developments in anonymity and cryptocurrency technology have also changed the Deep Web in 2014.

Law enforcement strikes back – Operation Onymous

Ulbricht may have been one of the first high-profile arrests related to the Deep Web, but he was far from the last. In what was called Operation Onymous, 17 people were arrested and 414 different .onion domains seized by various law enforcement authorities from various countries. The seized sites included underground marketplaces as well as money laundering sites.

Law enforcement has not said how they were able to locate the servers and persons involved in these underground sites. One of the developers of Tor, Jacob Applebaum, has stated the he believes that the arrests were due to confessions from at least one Deep Web site operator.

One side effect from the Operation Onymous may be the emergence of businesses specifically tailored for Deep Web site hosting. Merely hosting a site on the Deep Web is no guarantee of anonymity and safety on the part of users (a single Bulgarian ISP was responsible for hosting 129 of the seized domains). Some hosting providers and e-commerce platforms may choose to provide advanced services to Deep Web clients such as cryptocurrency support, escrow services, and two-factor authentication.

Let a hundred marketplaces bloom

Even before Operation Onymous took place, multiple marketplaces had appeared in the Deep Web offering all sorts of (mostly illegal) wares. Not all of these marketplaces proved to be particularly enduring. Sheep Marketplace shut down after claiming that they had been robbed of bitcoins, but users alleged that far more money had been stolen by site owners. Atlantis Marketplace shut down, citing security concerns.

Much as had happened before, the shutdown of high-profile Deep Web marketplaces sent users scurrying to various replacement sites. One key difference with the post-Onymous cycle was where these marketplaces were “located”.  Some of these sites used the Invisible Internet Project (I2P) network, in addition to or supplementing Tor.

Some of the most popular marketplaces today are Agora, Evolution, WhiteRabbitmarket (present on I2P), Themarketplace (exclusively on I2P), Tortuga (present on I2P) , and an I2P-exclusive version of Silk Road.

New technology and cryptocurrencies

The technology used in the Deep Web has also evolved. We’ve already noted the adoption of I2P by some deep web sites. In addition to this, we have also seen new cryptocurrencies that attempt to use blockchain technology in interesting ways that add features.

One of these new currencies is Cloakcoin, which claims full anonymity and untraceability of the transaction chain. It scrambles requests across various open wallets (similar to Tor’s onion routing). To entice users to keep their wallets open, a 6% annual interest fee is offered. Cloakcoin also natively includes an escrow function; this allows two parties to securely perform a commercial transaction using a third-party escrow wallet that guarantees money only gets transferred when both sides of the transaction are satisfied.

Another emerging project was OpenBazaar, which was aimed at building a platform for anonymous, untraceable marketplaces. It also used blockchain technology to implement escrow, order management, user identities, and reputation management.

Conclusion

2014 was a year of much turmoil in the Deep Web. Law enforcement took down many high-profile sites, doubts about Tor’s actual anonymity grew, and new tools were deployed by Deep Web actors. We can only expect to see more of the same in the months to come. The arms race between law enforcement and threat actors will only continue to intensify, and we can expect more marketplaces and tools to make their appearance and advance the state of the art in this field.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: Deep WebI2P networkOperation Onymoussilk road

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection
  • December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

Popular Posts

  • Mac Backdoor Linked to Lazarus Targets Korean Users
  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
  • Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.