12 September 2017

Exploring dark web: Marketplaces for wannabe hackers

Exploring dark web: Marketplaces for wannabe hackers

For cybercrime community last summer was remarkable for two reasons. The first reason was the shutting down of Alphabay, and the second one - the closing of Hansa. Both websites used to be leading dark web marketplaces but they were taken down by law enforcements, just like well-known Silk Road before. But nature abhors a vacuum and new leaders loom large on the horizon.

To determine who is the Alphabay and Hansa’s successor we did some research in Deep Web. Black markets on the dark side of the Internet are known for selling illegal goods like drugs, weapons, etc. But we were interested in “cybercrime” goods like exploits and malware.

We imagined that we were wannabe hackers with low skills but great ambitions. What should we do? Is it real to start your own cybercrime business from scratch? We had Tor browser installed and VPN activated on our machines. Search requests pointed us to news website DeepDotWeb dedicated to Tor hidden services and all the things happening in dark web. It has its own list of dark net marketplaces and we can see most recent changes in a changelog.

On the time of writing the top markets on DeepDotWeb were Dream Market, The Trade Root and Tochka, which don’t require invites from other subscribers. The registering process on these websites turned out very simple. You just need to choose username and password as you would do with regular online store and enter captcha. No email needed, but for Dream Market you would also set up a withdrawal PIN.

If you are new to Dream Market, you have to read an instruction. “Dream Market is a feature rich escrow marketplace supporting the bitcoin currency and the tor network. The market has been operating for 3 1/2 years now and has been proven to be reliable and secure. You might find products which are not available legally in your country”, says the instruction.

What’s interesting, Dream Market welcomes new users with security advices – not much of clear net online stores do the same. Marketplace administrators warning their customers about potential phishing scam. They recommend checking URL, regular changing password and using PGP.

After reading all the instructions the most interesting part begins. For those interested in buying malware, dark web is a Holy Grail. After tapping “exploits” in a search bar we got everything wannabe hacker wants – from “noob-friendly” tutorials and guides to professional forensic tools.

For example, only for $10 you can get a package for phone and iCloud hacking. According to description of the item, buyer will get software “only government uses”. One of them is MOBILedit Forensic Express which promises the ability to “extract all the data from a phone with only a few clicks”. From the description of the product on vendor’s website: “This includes deleted data, call history, contacts, text messages, multimedia messages, photos, videos, recordings, calendar items, reminders, notes, data files, passwords, and data from apps such as Skype, Dropbox, Evernote, Facebook, WhatsApp, Viber, Signal, WeChat and many others”.

The Trade Root also has its own security mechanisms. Unlike Dream Market, it doesn’t welcome new users with security advises but instead the site links every new subscriber with unique picture (for us it was a sunflower with clear blue sky on the background). In case user was tricked to visit a phishing page, the picture wouldn’t show up. For us it means that if we don’t see a sunflower, we are on a fake page mimicking the original one.

Searching for exploits didn’t give us many tools but we found a lot of hacking tutorials, guides, cookbooks and handbooks. We also found a former “star” of the cybercrime – Blackhole exploit kit. This crimeware used to be very popular among hackers in 2010-2012. At that time the price of renting the Blackhole ran from $500 to $700 per month. The creator of the kit is Russian hacker Dmitry “Paunch” Fedotov. He was sentenced in April 2016, and now everyone can buy Blackhole exploit kit on The Trade Root market only for $1,1. At the time of writing we couldn’t confirm it was genuine.

Regarding the forensic tools we found only six items. Only for $4-6 everyone can buy “FBI hacking and forensic toolkit” or “Ultimate package of computer security”. 

The Tochka market is much more useful for wannabe hackers than previous two. You can find here ransomware packs, RATs (Remote Access Trojans), keyloggers, cracking tools, ID theft software etc.

You can also find the whole package for skimming and carding. For $2500 you can get all pack or separate items. Vendor offers 25 blank cards (for $150), card maker (for $400), skimmer with PIN reader ($500) and even PDF tutorial for beginners.

Tochka market allows you to hire professional hackers. If someone wants to change his or her school grades or track somebody else’s phone – the team of professional hackers can do that. “Give us any task and we assure you we get your work done within no time”, promise hackers.

On Tochka market we even found hacking tool Galileo, initially created only for governmental usage. Galileo is a spyware for any cell phone from Italian-based Hacking Team, a company known for creating forensic tools for law enforcement and intelligent agencies.Galileo’s source code was leaked by hacker with moniker Phineas Fisher in 2015.

As we can see, dark web is Mecca for wannabe hackers. Hidden services admins are doing good job providing security measures, and clearnet websites should take lessons from them.

Update (14.09.2017): On September 12th Dream Market went offline. Users who tried to visit the marketplace were greeted with a note which said that the website was on maintenance. The day after, some users reported that their money were stolen from their Dream Market accounts. Some people quoted Dream Market admins and said that it was just a wallet error. On the time of writing this Update Dream Market was online.

By Natalia Galadzhyants
Analyst at Cybersecurity Help

Back to the list

Latest Posts

Week in review: major security incidents in September 11-17

Week in review: major security incidents in September 11-17

The article contains a brief report of cybersecurity incidents for the past week.
18 September 2017
Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs

Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs

Microsoft patched 83 vulnerabilities in total.
12 September 2017
Exploring dark web: Marketplaces for wannabe hackers

Exploring dark web: Marketplaces for wannabe hackers

The top markets for criminals: some research into Deep Web.
12 September 2017
Featured vulnerabilities
Remote code execution in Foxit Reader
High Not Patched | 23 Sep, 2017
Remote code execution in Google Chrome
High Patched | 23 Sep, 2017
Command execution in Digium Asterisk GUI
High Not Patched | 22 Sep, 2017
Authentication bypass in Ctek SkyRouters
Low Patched | 22 Sep, 2017

Future events
Location: Hotel Grandior, konferenční centrum,Na Poříčí 42, Praha 1
End date: 2017-10-06

6. října 2016 na Vás čeká bohatý program, v rámci kterého představí své vize a novinky pro rok 2017 přední odborníci české IT scény. Nenechte si ujít důležité informace z oblasti licencování, technologických trendů, cloudových a poradenských služeb či produktových novinek předních světových výrobců softwaru!

Akce se koná v konferenčním centru hotelu Grandior, Na Poříčí 42, Praha 1.

Předběžný program:

Dopolední blok IT Inspiration

  • IT pro firmy nové generace
  • Digitální transformace a internet věcí z pohledu Microsoftu
  • Novinky a trendy v IBM Cloud Computingu

Odpolední blok Advisory & Security

  • Nový licenční program Enterprise Advantage
  • Force audit výrobce: Rizika, prevence a průběh
  • Hybridní licencování
  • Prezentace společnosti Comguard
  • Platforma Pyracloud by SoftwareONE

Blok Cloud

  • Firma As A Service
  • Virtualizace a cloudová řešení VMware
  • Jak na to: Transformace do cloudu
  • Prezentace společnosti Veeam
  • Ochrana informací a správa identit
  • BYOD

Registrovat se můžete na stránkách konference.

CIO Business World je partnerem akce.

Location: Na Strži 65/1702, Praha 4
Links: http://financnictvi.konference.cz/

Technologické inovace ve finančním sektoru (FINTECH). Kybernetická bezpečnost, risk management, decision engine, datová analýza, reporting, platformy bezpečnostních technologií, mobilní aplikace v globálním světě financí, projektové řízení, případové studie.
Location: Bajkalská 25/A, Bratislava
Links: http://bdd.exponet.sk/

Explózia dát je nepochybne sprievodným javom súčasnosti. Preto aj problematika bezpečnosti a dostupnosti dát zaznamenáva prevratný rozvoj a jej obsah a rozsah sa mení tiež v súvislosti s vývojom nových technológií. Ochrana dát sa netýka len jednotlivých zariadení, ale aj sietí, online úložísk a služieb. Množstvo dát, portfólio zariadení a úložisk sa tiež významne rozširuje s nástupom internetu vecí. Konferencia sa zameriava na aktuálne trendy a možnosti lepšej ochrany a efektívnej práce s dátami.
Location: Na Strži 65/1702, Praha 4
Links: http://did.konference.cz/

Konference přinese aktuální témata, vystoupení předních odborníků z praxe i z akademického prostředí, případové studie. V popředí zájmu budou big data, data analytics, propojování interních a externích dat, business intelligence, geodata, open data,  big data ve finančnictví, vzdělávání i astronomii.