Built On Blind Trust: Risky Business on the Dark Web

Next: This Week: Yahoo Still Has A Problem (And...
Previous: Announcing our Partnership with Mandiant, a FireEye Company...
Day 64: They still believe I am one of them.
October 04, 2016

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

You don’t know who you’re buying from and you don’t know who you’re selling to. Everyone trades in a virtual, anonymous currency, and most people are buying something illegal.

Objectively, this plan sounds like it belongs in the graveyard of bad business models, but on the dark web, it works.

Take It or Leave It

In fact, this is the only way to do business in a virtual world that prides itself on, and demands, anonymity. With the existence of exit scams, vendors failing to fulfill trades, and serious legal risks, many wonder how such a service has ever managed to build trust among its user base and why they continue to trade.

Buying credit cards, drugs, or software exploits on the dark web is not like your everyday shopping. You almost always have no idea who is on the other end of a transaction, and if you do, you can never be certain that it isn’t just a false persona the vendor has created. Although there are methods to establish identity and credibility such as forum reviews or escrow services, these systems are comforting at best and completely fabricated at worst.

On the dark web, tradecraft is everything. Community trust is perpetuated and emboldened by the relationship users have with their anonymous tools, including Tor browser, the Tails operating system, encrypted messaging, Bitcoin, VPNs, and more. Indeed, the dark web community and the technology it uses are intertwined; they’re unified by their desire for privacy in both purchases and communications.

Buyers, Beware

Fresh, un-vetted accounts generally don’t enjoy much success on the dark web, as learning the nuances of these markets takes time. Deviating from best practices or erring in OPSEC raises red flags, signaling to users that an outsider has entered their secluded community. In practice, it becomes easy to avoid would-be scammers looking to make a quick buck by fooling some unsuspecting buyer.

But users can still be duped by veteran dealers with high-ratings and sound reviews. Market owners have often decided to accept all incoming payments without delivering goods shortly before vanishing from the dark web completely. Others with good track records have chosen to selectively cheat their customers – “maybe your package was seized?”

Like many online shopping sites, dark web markets encourage and rely on reviews. Terbium Labs recently saw a vendor on TheRealDeal - a dark web market that specializes in software exploits and hacking services - with a questionable review record. The 94% positive feedback that “bestbuy” boasts consists of 15 positive reviews and one negative review. The positive feedback is generally short, and all but one review are from the same month; several are from the same day. And because TheRealDeal shortens and obfuscates the reviewers’ names, researching their accounts is impossible.

2016-10-03 Blind1.png 2016-10-03 Blind2.png

The cluster of positive feedback is suspicious enough, but the negative review is a stark warning: “Spent money, never received stuff. Tried to message seller – no chance. Scam.” Reviews are meant to guide buyers to credible vendors, but anonymity makes assurance difficult, if not futile.

The Cost of Doing (Anonymous) Business

These scams certainly aren’t the norm, but they do happen, reminding everyone that the anonymity of the dark web is both a benefit and liability. The same tools that allow the community to exist also strip them of recourse and accountability.

Despite these risks, dark web markets continue to thrive. When markets shut down, they’re quickly replaced by new hubs that promise greater transparency (in market operation), security, and most importantly, anonymity. And when vendors deceive their customers, the affected are quick to broadcast their experiences in forums, cautioning all of the phony merchant.

These warnings, reviews, and discussions on forums and markets make users well aware of potential hazards, but they’re willing to incur any unfortunate “operating costs” in exchange for privacy, profit, and safety. The cost-benefit makes sense, even if it is blind.

RELATED ARTICLES
analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...

analysis October 02, 2018
The Truth About Dark Web Pricing

Asking how much data costs on the dark web is a good question, but the line of inquiry should not end there. In our research of the dark web, Terbium Labs not only examines...