Is This the End of the Deep Web?

“You are not safe, You cannot hide. We will find you, dismantle your organization and network. And we will prosecute you.” So stated Attorney General Jeff Sessions last Thursday when announcing the takedown of deep web sites, Alphabay and Hansa.

alpha seized

This was the correct statement to make when speaking of the deep web. It feeds the pre-existing and rampant paranoia which comes with participation in these markets. Back in May, I wrote a post about Alphabay and some of the troubles it was facing. At that time, a hacker, going by the name of Cipher0007, reported that he had found two security holes on the site that allowed him to read over 218,000 unencrypted messages between buyers and sellers. He had also found these holes on Hansa. Cipher0007 claimed that he was not a hacker. He simply looked for such security holes as a public service. Interestingly, about a month ago, just before the arrest of Alphabay administrator, Alexandre Cazes, on July 4th, Cipher0007 reported that he had found similar security problems in The Sanctuary Market.

It was possibly this announcement that made law enforcement authorities in the US and Europe admit their attacks on Alphabay and Hansa. They did this because Cipher0007’s announcement would fuel paranoia which would, then, drive members (potential criminals) away from deep web markets. The arrest of Cazes and the announcement by Cipher0007 probably funneled many deep web sellers and buyers to Hansa which was secretly under government control. Here, the government watched transactions while gathering information on members.

Even though the authorities only admit to being in control of Hansa for a month, they probably controlled it for much longer. They would not give up this control unless they felt that their cover had been compromised, which is what happened when Cipher0007 made his announcement. In fact, the holes Cipher0007 found may have already been found and exploited by law enforcement for some time. Despite having their cover blown, U.S. and European authorities were still able to collect hundreds of thousands of login credentials and delivery addresses used by deep web buyers and sellers. With this information, authorities would have been able to follow these buyers and sellers as they moved to other deep market sites, since many probably used the same login credentials on multiple sites. Sellers, who rely mainly on their reputations to attract buyers, would be especially damaged by the takedown of these major markets. If they wanted to keep selling, they would have to rebrand and begin rebuilding their reputations all over again. Some have already used forums to tell their customers where they are moving their markets to, which may not have been so wise.

But big time buyers and sellers face more difficulties than rebranding. Many of them will simply have to sit back and wait for that knock on the door from the F.B.I. There is panic in the deep web marketplaces. According to a post from an ex-Hansa employee, “there will be a bloodbath, a purge and any vendor on HANSA should immediately seize his operation, lawyer up and hide his trails.” The moderators on this forum site also give a guide on what all members should do to hide their deep net market (DNM) activities. They also refer to the DNM Bible, which gives information for all buyers and sellers who use deep net markets. Everyone is advised to lay low for a while as other markets may be compromised.

But will they? Many deep web users are simply more naïve than they should be. As I noted in my earlier post, many users of these deep market sites are looking for easy-to-use platforms and don’t take security seriously. As one European user noted on Reddit, “It just seems like these American kids want Amazon for drugs and that just doesn’t exist.” After the paranoia has abated somewhat, users will come back to these markets. As I wrote back in May, “denizens of deep web markets will not be leaving them soon. Here, hope and personal gratification inevitably triumph over paranoia. Too many people depend on these deep web markets for a variety of reasons. Let’s face it. Some may simply be drug addicts.”

But what if other markets are compromised as well? Much of the media is talking about the persistence of Dream Market; however, the moderator mentioned above and others state that it is probably compromised. I could not successfully log into it and some say this is because it is being heavily used. What does that tell you? Many market participants are trying to calm the panic. As one member observes, “the markets will come back and adapt with new security measures. They always do. There’s too much money involved for this niche to go away.” Another confirms this attitude. “Us veterans of the DNMs have been through this. We will roll with the punches and we will get through this!”

Beyond simply keeping the faith, there is a concerted effort in the community to promote sites with more complex security and browsers which appear to be safer than Tor. One site that has been getting a lot of mention is OpenBazaar. It uses no central server but rather numerous nodes to operate, much like Bittorrent does.


OpenBazaar Architecture (left) Compared with Traditional Market Site Architecture

Thus, no one can shut down the network by compromising the central server. Each computer in the group acts as a server.

OpenBazaar 2.0 is now compatible with the Tor browser, but for those looking for more security, some users recommend using the I2P browser. If you use these, a good VPN, and PGP encryption, you’d probably be safe on any deep web marketplace. However, most buyers and sellers won’t use these tools. This is because deep market participants want the easiest interface possible to buy and sell their goods and these new security layers don’t make for easy shopping.

Perhaps, those wishing to continue their deep web purchases should take the words of a deep market forum moderator more seriously.

“You can’t be too paranoid and be ordering off the dark net. If you are prone to anxiety or paranoia, take some time to seriously consider if ordering from the DNMs is really for you. Don’t have any illusions about it: this can be an exceptionally anxiety- and paranoia-inducing habit. You will be waiting an unknown period of time during which you have absolutely zero control over the situation as you await your order. You might find yourself worrying about every possible scenario where something could have gone wrong. There will be nowhere to turn to for comforting wisdom, and no one in the world will be able to actually tell you what is going on.”

 So does this recent takedown mean that this is the end of the deep web? In short, no. As soon as the panic subsides, new markets, perhaps with a few more safety features, will open. Eventually, these, too, will be infiltrated by law enforcement agencies and the whole scenario will play out once again. Nothing can keep drug users from their drugs. As Mark Twain said about his habit: “Quitting smoking is easy, I’ve done it hundreds of times.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s