Blog_Header.jpg

IntSights' Blog

15 Technologies and Tools Commonly Used in Dark Web Black Markets

by Itay Kozuch / July 3, 2018

When it comes to dark web black markets, anonymity is key. To help maintain their anonymity, dark web black market users leverage a variety of tools and technologies that mask their identity and location. It’s important to know how these tools are used so you can perform reconnaissance and identify potential attacks or leaked information that can be used against you. Here is our list of 15 common technologies and tools used by cybercriminals to access and communicate via the dark web.

In addition, don’t forget to check out our 10 Dark Web Black Market Terms Every Cybersecurity Professional Should Know.

Dark Web Black Market Technologies & Tools

  1. Cold Storage: A secure offline wallet for your Bitcoins or other cryptocurrencies.
  2. Cryptocurrencies: By now, you’re likely familiar with cryptocurrencies. Naturally, they’re a very popular method throughout dark web black markets. Here are some of the most popular cryptocurrencies used across black markets:
    1. Bitcoin: An open source, peer-to-peer payment network and anonymous digital currency being used for almost all transactions on the darknet.
    2. Litecoin: An alternative cryptocurrency, similar to Bitcoin. The key difference is that while Bitcoin uses hashcash-SHA256^2 as the ‘proof of work’, Litecoin uses hashcash-Scrypt, which is designed to use more memory and be less subject to custom hardware designed to solve the problem quickly.
    3. Monero: A newer, more privacy-focused cryptocurrency that’s being accepted by some Dark Web black markets.
  3. Emergency BTC Address: An address to be held on record to send all funds to in case of a market shut down. This would ideally be a cold storage address with no information that could be used to connect the owner to their identity. This address would only be checked after a market was shut down in order to recover outstanding funds.
  4. Grams: Cross Marketplace search engine for the Dark Web.
  5. Hidden Service: A term for a .onion domain name. It can only be accessed through the Tor network, and cannot be seized by a government or law enforcement agency.
  6. Hushmail: An email provider used by many Dark Web users that focuses on privacy and uses industry standard protocols PGP and 256-bit AES encryption. It claims to be secure to the extent that not even company employees can read the contents your emails. Hushmail is known to cooperate with law enforcement by handing over encrypted emails.
  7. Hidden Wiki: A “hidden service” website on the Tor anonymous network that allows for open editing of subjects related to hidden services and activity in them.
  8. Hub Forums: An Onion-based platform for cross marketplace discussion, like the Dream Market forum or sub reddit, these forums are usually fully anonymous.
  9. IRC (Internet Relay Chat): A communication system allowing the easy transfer of text-based messages. It is intended for group discussions in sessions called channels. IRC channels are often used by black markets vendors to provide an update on an arrival of new goods or important massages.
  10. LocalBitcoins: A site designed to allow over-the-counter trading of Bitcoins. Famed for its anonymous nature, people who sell on the site have been under constant pressure to avoid being prosecuted as unlicensed money traders. This extra risk and the extra work generally cause a significant price difference between the site and a more open (and regulated) exchange.
  11. Marketplaces: Catch-all term for websites set up to allow trade between vendors and buyers. When used in the context of selling illegal goods, these usually provide anonymity to the buyer and seller, a method of escrow to ensure reduced risk from new vendors and sellers, and a method of advertising goods to be sold at a price so that a purchase may be initiated and paid for without involvement from the seller. Most markets are also set up as ‘hidden services’ under anonymity networks like Tor, i2p, or Freenet, although there do exist some ‘clearnet’ markets that operate over standard HTTP/HTTPS.
  12. Onion Browser: A web browser like the Tor Browser Bundle (TBB). This web browser is designed to work with the Tor network to browse hidden services and normal websites anonymously, without leaking user information. While easier to use properly without leaking information, bugs in a browser can cause serious problems, such as the javascript bug that was used in part to shut down Freedom Hosting.
  13. SIGAINT: Tor-based darknet email service that allows you to send email without revealing your location or identity. Its name is derived from SIGINT (“Signals Intelligence”), which refers to intelligence-gathering by intercepting signals.
  14. Torchat: Instant Messaging service that works by having each user set up a ‘hidden service’ that can be used to contact them via Tor. Somewhat similar in purpose to OTR, but messages do not have plausible deniability.
  15. Tormail: Tormail was a Tor hidden service that allowed users to send and receive email anonymously and email addresses inside and outside the Tor network. The service was seized by the FBI as part of the Freedom Hosting bust in August 2013.

Want to learn more about Dark Web Black Markets and some of the terms above?

Download our Complete Dark Web Black Market Glossary
DOWNLOAD NOW

Tags: Dark Web Dark Web Monitoring Black Market Glossary TOR

0 Comments
previous post A Dark Web Analysis of the Bank of Montreal and Simplii Financial Breach
Next Post How to Automate the Process of Identifying and Taking Down Malicious Social Media Profiles
Itay Kozuch

Itay Kozuch

Itay Kozuch is the Director of Threat Research at IntSights. He is a cybersecurity expert with over a decade of experience managing cyber-security and threat research. Prior to IntSights, Itay served as a Manager and Head of Cyber Technologies at KPMG. He previously led cyber projects and served as a CISO for major companies in Europe, West Africa and Central America.