Dark web takedowns make good headlines, do little for security

Shutting down dark web marketplaces looks and feels good, but it hasn't significantly reduced risk. Worse, it drives cybercriminals to harder-to-track channels.

Dark web markets are an inherently unstable place. Regular DDoS attacks from rivals, takedowns by law enforcement, plus a variety of scams means markets come and go at a rapid pace.

According to threat intelligence provider Recorded Future there are around 8,400 live Tor onion domains, and within that around 100 markets and forums in all. Since the 2013 takedown of Silk Road, a regular carousel of dark web marketplaces has sprung up and disappeared. In 2017, AlphaBay and Hansa were the top markets only to be taken down by law enforcement as part of a sting codenamed Operation Bayonet.

2019 has seen a raft of major closures. The markets that rose up to fill the gap left by AlphaBay and Hansa – Dream Market, Wall Street Market and Valhalla/Silkkitie – have all closed down in recent months.

Wall Street and Valhalla were taken down by law enforcement (Wall Street’s operators were reportedly trying to exit before they were caught) while Dream Market’s operators said it was closing down due to attackers using a flaw in Tor to repeatedly launch DDoS attacks against the site and demanding a ransom to stop. The “official” statement about its closure said the market would be “transferring its services to a partner company,” but as yet there hasn’t been any replacement partner.

Law enforcement also took down Deep Dot Web, a news site dedicated to dark web markets, after charging its owners with money laundering and receiving kickbacks from the markets they wrote about.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!