Until recently, AlphaBay Market was the largest marketplace on the Darknet. It provided an outlet for buyers and sellers of illegal goods and services, including drugs, stolen data, malware, hacking tools, weapons, child pornography and freelance assassination services.
But, earlier in the month it was confirmed that AlphaBay Market was shut down after authorities in the United States, Canada and Thailand performed several raids, which resulted in the arrest of Alexandre Cazes. Cazes was reportedly one of the operators behind the AlphaBay Market. Though Cazes was a resident of Canada, he was arrested by law enforcement in Thailand where he owned three houses and four cars. Law enforcement seized “four Lamborghini cars and three houses worth 400 million baht ($11.7 million) in total.” Cazes, however, hanged himself using a towel.
Launched in 2014, AlphaBay was considered the “the new Silk Road” and became one of the most prominent darknet marketplaces. Last week, Dutch police announced they had shut down and dismantled another major darknet marketplace, Hansa Market. Dutch authorities kept the market running for a month while recording thousands of its transactions. The international investigation was undertaken in concert with Europol, the FBI and authorities in Germany and Lithuania.
Following the news of the seizure of AlphaBay and Hansa Markets, warnings from Redditors emerged, claiming that another popular darknet market, Dream Market, would be taken down by law enforcement by August 20, 2017. According to Mashable, online buyers and sellers had began flocking to Dream Market:
“Amidst the chaos, Dream Market chugged along. But the nature of Hansa’s takedown — with law enforcement secretly running it — has users panicked that a similar bust is about to take place at Dream.
‘Dream Market will be taken down by the FEDS by August 20 (insider government employee),’ wrote one redditor. ‘GET YOUR BITCOINS OUT FAST.’
To add fuel to the paranoid fire, the same redditor that correctly called Hansa was under government control before it was shut down now claims that Dream Market is next.
‘Beware that Dream has been compromised,’ wrote luckyduckquack on July 20. ‘This is a warning you will want to heed. Dream has been under the control of law enforcement for some time now. Within the next couple of weeks you will see a seizure notice. They are waiting to gather as many refugees from AB & Hansa as they can and then drop the hammer.’”
With the recent market closures, the following lists the availability status of the remaining Darknet Markets, including Dream Market (courtesy of DeepDotWeb):
Invite / Referral Markets
- T•chka Free Market – 95.9%
- The Trade Route – 99.63%
- Wall Street Market – 99.6%
- House Of Lions – 97.71%
- Zion Market – 98.27%
- RsClub Market – 98.52%
- Apple Market – 90.01%
- Darknet Heroes League – 97.79%
- The Majestic Garden – 98.03%
- CGMC – 99.97%
- PekarMarket (Russian) – 99.63%
- Infinite Market – 73.19%
- Pyramid Market – 99.28%
- Gammagoblin – 97.76%
- The French Connection – 98.77%
- CharlieUK – 94%
- ToYouTeam – 96.57%
- EuroPills – 99.05%
- Fight Club – 95.43%
- MaghrebHashish – 80.14%
- Mollyworld – 81.65%
- ElHerbolario – 98.01%
- l33TER – 97.4%
- YourDrug – 99.7%
- The Church (JoR) – 98.37%
- RechardSport – 98.45%
- Dutch Magic – 97.41%
- Soulkush – 82.44%
- Stoned100 – 94.3%
- MUSHBUD – 98.4%
- QualityKing – 89.34%
- DeepStatus – 75.12%
- DutchDrugz – 98.66%
- Ramp (Russian) – 82.22%
- RuTor (Russian) – 97.45%
- IDC (Italian) – 97.71%
- WayAway (Russian) – 99.4%
- French Freedom Zone – 97.15%
- French Deep Web – 99.32%
- HYDRA (Russian) – 99.28%
- Italian Deep Web – 98.55%
- BlackDeal (French) – 96.76%
The sale of personal, corporate and government data sold on the dark markets is extensive. Hacks and leaks have become commonplace and new exploits and hacks surface daily. In 2015, the Office of Personnel Management (OPM) was targeted. At that time it was also reported that, “government records stolen in a sweeping data breach that was reported last week are popping up for sale on the so-called ‘darknet,’ according to a tech firm that monitors the private online network used by criminals and creeps throughout the world.”
The article goes on to say:
“Credentials to log into the Office of Personnel Management are being offered just days after the announcement the agency’s records, including extremely personal information of 4.1 million federal government employees dating back to the 1980s, had been compromised, said Chris Roberts, founder and CTO of the Colorado-based OneWorldLabs (OWL), a search engine that checks the darknet daily for data that could compromise security for its corporate and government clients, including government IDs and passwords.
In addition to data from the OPM breach, Roberts said a new OWL search has uncovered another 9,500 government log-in credentials stolen this week from a variety of county, state and federal agencies across the nation, for everything from the Obamacare site, Healthcare.gov, the Internal Revenue Service, the U.S. Census Bureau, and U.S. Court System to the Child Support agency and Unemployment Agency in Ohio.”
It usually takes weeks, sometimes even months to discover a breach that has leaked sensitive information. The data stolen can include names, addresses, login credentials, social security numbers, credit card numbers, financial details, medical information or an entire database of personal information, fingerprints, and more. The following is a list of measures that can be taken to find out if you’ve been hacked and how to find out if your info is being sold on the darknet:
- haveibeenpwned.com – This website allows you to enter in an email address to find out if it has been compromised.
- BreachAlarm – Here you can find out if a password hack has exposed your password online. The internet is scanned for stolen password data posted by hackers. Then, you find out if your email address was spotted in a security breach.
- Hacked Emails – As the name suggests, the focus is on email and the site is easy to use and values anonymity. There is also a Chrome plugin for the service and you can download it to make the process a little speedier.
- Sucuri’s Security Scanner – Sucuri “takes a different approach — it allows you to check an entire site for any signs of bugs, blacklisting, security vulnerabilities, and the presence of hackers. It’s an ideal tool for bloggers and online businesses, but it should be used in addition to other sites that check emails and usernames, just to be safe. Sucuri also offers a broader suite of security and malware removal services than most, with monthly fees that start at $17 a month. There’s also an option for a WordPress plugin and a Chrome extension for more consistent monitoring.”
- Hold Security – Helps safeguard credentials by utilizing deep web intelligence. The service searches darknet forums and sites, gathers any potentially stolen data, indexes it and then stays on alert for indicators that might identify a company.
- DLP or Data Loss Prevention – DarkWebNews points out that “some organizations are leveraging the data loss prevention (DLP) tools they have in place to aid in discovering lost data on dark web. Prevention is always better than cure, and this service works for tracking and securing confidential data wherever it is, physically or on the internet, kept in the computer, mobile, or backup storage. Sufficient DLP must be in place for the utmost safety of any data.”
- Honey Tokens – Some companies are also starting to “seed sensitive internal databases with fictitious accounts, referred to as honey tokens, which can function as an early alert system of a security breach. To attackers, these fake accounts look real with details such as a login history and 30-day activity. If someone attempts to log in using the fake portal credentials or a few accounts suddenly receive spam email, this can be an indicator of a data breach, and it’s the best time to act quickly.”
- Dark Web Monitoring – Because valuable data can show up for sale in the dark recesses of the internet, it’s important to monitor the darknet marketplaces. “A service provided Baltimore-based Terbium Labs boasts of being able to crawl the dark web anonymously and cut back detection time in minutes. Matchlight scans hacker forums and black markets inside and out, covering both surface web and the dark web, and notifies clients if ever confidential data turns up.”
- SurfWatch – A company which emphasizes that, “when it comes to the dark web, what you don’t know CAN hurt you.” SurfWatch Cyber Advisor seeks to eliminate this cybersecurity blind spots by providing you with a personalized cyber risk profile and baseline assessment, continuous monitoring of your darknet threats and prescribed threat mitigation recommendations.
- Do It Yourself – You can search the darknet markets by way of Grams, which is basically the Google of the darknet, to see if your company’s (or your personal) hacked information is for sale. Grams is equipped with a search database for Tor sites and allows for cross-marketplace searches. You can access Grams here via Tor.
Troy Hunt, a Microsoft Regional Director and founder of Have I Been pwned has said that, “data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.” His goals in aggregating the data on his website is to help victims learn of compromises of their accounts and to highlight the severity of the risks of online attacks on today’s internet.