In Western Europe, the TRM Labs researchers have found the tactic being used in Hungary, the Czech Republic and Greece, but said sellers appear to prefer using end-to-end encrypted messaging services such as Telegram and Session – a fork of Signal – instead of darknet markets. Unlike Western darknet market drug dealers who tend to use domestic or international postal services to deliver their products, Russian criminals will typically instead stash drugs in a hidden location, and alert a buyer to their whereabouts. In this explainer piece, we’ll cover what a darknet marketplace (“DNM”) is, how administrators obfuscate their infrastructure, and why in the case of Hydra and several other recent takedowns, law enforcement and regulators were able to identify and disrupt the marketplaces. Western drug flows in particular come from US-domiciled exchanges and trace flows from those to darknet markets.
Hydra Disrupted
In February 2022, Garantex lost its license to provide virtual currency services after supervision by Estonia’s Financial Intelligence Unit revealed critical AML/CFT deficiencies and found connections between Garantex and wallets used for criminal activity. This growth in profit is enabled by Hydra’s association with Russian illicit finance. According to blockchain researchers, approximately 86 percent of the illicit Bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra. Following a sale, Hydra’s vendors have distributed illicit goods dropped anonymously in physical locations, sometimes buried or hidden in an inconspicuous location.
What’s Sold On The Russian Marketplace
How does dark web usage or virtual private network (VPN) connectivity to peer-to-peer facilitated “mesh nets” directly impact war or civil unrest? Of those 5.18 billion users, how many are throttled by their governments as to what they are allowed to do when they go online? Department of Defense partners to understand dark web intelligence is a crucial component of the open-source intelligence discipline, especially for countries in conflict. Something often forgotten and the altruistic cornerstone as to why the dark web exists in the first place is the mitigation of internet censorship. The prosecutor’s office said law enforcement officers seized almost one metric ton of narcotics and psychotropic substances during raids that dismantled the criminal group. The Moscow Regional Court found Moiseyev and the 15 accomplices guilty of running or being part of an organized criminal group, as well as drug manufacturing and trafficking.
These platforms sell everything from drugs and fake IDs to weapons and hacking tools, resembling a digital black-market bazaar. The first category includes classic marketplaces, which serve as one-stop shops for a wide range of illegal goods. It is one of the most active and up to date markets and always provides new and updated malware and data.
Hydra also offered stolen databases, forged documents, and hacking-for-hire services. This Russian dark web platform was used by criminals to sell drugs and launder money, and it had a turnover of $1.35 billion in 2020, 19,000 registered seller accounts, and served at least 17 million customers worldwide. “People are recording videos of themselves using drugs, talking about their lives, hanging out, collaborating with other bloggers.” Drug users have been chatting about their drug use on dedicated drug user internet forums for decades, but now a younger generation of drug users are doing so on video. As Hydra did, many of these markets have continued the tradition of including drug harm reduction information for drug buyers, such as providing drug testing and medical advice. But Russians fleeing the country since the war have still been able to buy drugs on the dark web. Cannabis is also a popular drug bought on the Russian darknet.
Fresh Tools Market has become a go-to platform for cybercriminals seeking access to malicious software such as keyloggers, Remote Access Trojans (RATs), and ransomware-as-a-service. The platform is favored by cybercriminals seeking access to accounts that can be exploited for fraud or sold to others. The market has become the go-to place for individuals looking to purchase malware, exploit kits, and software vulnerabilities. Founded in 2020, Cypher Market has carved out a niche on the dark web by focusing on cybercrime products. Bohemia entered the dark web scene in May 2021, quickly rising due to its modern interface and strict rules that reduce the likelihood of scams.
Russian Dark Web Markets Laundered $2 Billion Via Crypto Exchanges
- Cannabis is also a popular drug bought on the Russian darknet.
- Driven by large platforms such as Kraken, Mega, and Blacksprut, Russian darknet markets control 93% of the global share, generating approximately $1.5 billion in revenue in 2023 alone.
- Is the youngest of the marketplaces on our list, having launched in 2021.
- The existence of the shadow fleet matters greatly, not just because the vessels are old but also because they don’t comply with the rules that govern maritime operations.
- It’s not established yet how the drugs were brought to occupied Ukraine but the dealing network likely has some connection with Russian soldiers or non-combat staff.
Digital access for organisations. Check whether you already have access via your university or organisation. Essential digital access to quality FT journalism on any device. Complete digital access to quality FT journalism on any device. In successful cases, law enforcement can combine this intelligence with other investigative techniques to seize the online infrastructure and residual virtual currency, like in the case of the Silk Road seizure. Though the drug transactions were limited to Russia and its geographic neighbors, the cyber and money laundering tools were available to anyone in the world willing to pay.
New TRM Report Reveals Russian-speaking Groups Dominate Ransomware
One technological revolution that significantly accelerated the ease of operating an illicit business such as a DNM on the darkweb was the invention of Bitcoin and other virtual currencies, which provided a convenient payment method for goods exchanged. Individuals began using the darknet to pseudonymously sell illegal content without face-to-face interaction. In addition to content such as anti-authoritarian political sites within authoritarian regimes (e.g. citizens organizing protests during Arab Spring), the darknet is also a convenient place for illegal content such as DNMs, Child Sexual Abuse Material (“CSAM”), hacking forums, fraud forums, and money laundering forums. Given the darknet’s infrastructure, which is hidden behind onion routing, the darknet attracts sites whose proprietors want to remain anonymous. There are certain sites on the darknet (and on clearnet) which attempt to manually track and publish sites on the darknet, but common browsers do not link directly to darknet.
Hackers Use Microsoft Teams To Spread Matanbuchus 30 Malware
Over the last year, “Alex,” the drug dealer from Moscow, said a new genre of content has been growing on Russian Telegram profiles. “The RuTor forum has launched a series of webinars on medical topics, including first aid and overdose scenarios,” said Aleksey Lakhov, of St. Petersburg-based drug project Drugmap.ru. Now those trying to access Solaris are redirected to its upstart rival, Kraken.
Twelve months into the war, the fleet had grown to some 600 tankers and other types of vessels. But Russia has been successful in circumventing these sanctions, especially through its extensive use of so-called shadow vessels, which are old and lack proper insurance. They and other Western countries already promised to phase out Russian crude oil from their own markets. In addition to serving the transportation needs of Russia (as well as Iran, North Korea, and Venezuela), the shadow fleet forms quintessential “gray zone” aggression, causing tangible harm that targeted countries can do little to punish.
Notes From The Dark Web: Analyzing Ukraine-Related Chatter In Key Forums
Similarly, single vendor shop revenue fell concurrently with the recovery of traditional darknet markets from around June through end of year. Throughout 2022, we observed a negative relationship between funds sent to regular darknet markets and those sent to single vendor shops. While darknet markets have largely recovered after Hydra’s closure and fraud shops have not, single vendor shops showed a different pattern.
Swedish Court Acquits Alleged Russian ‘Agent’
Unlike many other dark web markets, Cypher does not require buyers to deposit cryptocurrency upfront, which reduces the risk of exit scams. It allows vendors to sell without registration, which provides an added layer of anonymity, making it one of the more flexible and user-friendly markets on the dark web. With enhanced security features and a strong focus on financial fraud, STYX has become a go-to marketplace for those looking to engage in cybercrime on a more technical level It offers a wide range of illicit goods, including illegal drugs, counterfeit items, fake IDs, passports, and software keys. Here’s a look at the top 10 dark web markets currently dominating this underground space.
They were found guilty of the illegal production and sale of drugs as part of an organized criminal group. Use EDR (endpoint detection and response) platforms to flag suspicious behaviors like browser data access, unauthorized network requests, or credential dumping. Early detection enables fast password resets and gives your security team time to investigate and contain potential access. Use threat intelligence platforms, dark web monitoring, and breach alert services to detect when your credentials show up in stealer logs. Use adaptive MFA that reauthenticates based on device or location risk, and monitor for anomalous behavior like logins from unusual IPs or rapid access across services.
Top 5 Darknet Marketplaces In 2022
- Silk Road not only aggregated thousands of drug vendors, it created a user-friendly interface that resembled a clear-net shopping website.
- But in fact it was a guerrilla marketing stunt promoting OMG, a darknet marketplace selling heroin, mephedrone, marijuana, and everything else in between.
- The two charts below show which markets Hydra’s previous counterparties used the most in both of those two time periods.
- Fraud shops are a unique segment of darknet markets that sell stolen data such as compromised credit card information and other forms of personally identifying information (PII) that can be used for fraudulent activity.
It is, indeed, vital for governments and legally operating shipping companies to have a clear picture of vessels and accidents involving the shadow fleet, and it’s equally important for environmental organizations and seafarer welfare organizations to have a comprehensive understanding of the accidents. The nature of the shadow fleet’s aging and poorly maintained vessels makes incidents and accidents far more likely than is the case in regular shipping. Tanker traffic from Russia via the Baltic Sea gives a good indication of shadow fleet activity (though some tankers departing Russian ports are not dark ships). The existence of the shadow fleet matters greatly, not just because the vessels are old but also because they don’t comply with the rules that govern maritime operations. In the months since Russia’s 2022 invasion of Ukraine, vessels have joined the shadow fleet at an extraordinary rate. The shadow fleet, also known as the dark fleet, comprises mostly aging ships that sail without the industry’s standard Western insurance, have opaque ownership, frequently change their names and flag registrations, and generally operate outside maritime regulations.
Mysterious Russia-linked Buyers Amass LNG ‘dark Fleet’
The ease of use with market-specific apps built for Android operating systems allowed ready access to Russian markets like “RuTor,” “Blacksprut, and “OMG! As the conflict between Russia and Ukraine neared its one-year anniversary, a DeviceSecurity.io article highlighted the recent rising trend of Russia eliciting dark net markets for mobile app connectivity for its customers . After the rise of notorious “dark net markets” like “Silk Road” and “AlphaBay” in the early 2010s, pop culture has come to equate the “dark web” with illegality and contraband. Countries that don’t utilize the shadow fleet but whose waters the vessels use are the real victims of the shadow activities. The shadow fleet poses mounting risks to other vessels, to coastal countries, and to countries in whose search and rescue areas of responsibility the vessels may have incidents.
This failure to cope lies partly with the changing nature of the drug market itself. Just like the United States, Russia has been waging a war on drugs. During a series of raids, law enforcement reportedly uncovered drug production labs set up within the suspects’ homes.
Starting in 2022, the majority of the vessels’ port calls took place in India, Greece, China, and Morocco; the Norwegian Coastal Administration also observed ship-to-ship transfers by the tankers to other tankers off the coasts of Morocco and Greece. The fleets thus ensure a tolerable existence for the sanctioned countries’ citizens in addition to generating revenues for hostile activities such as Iran’s nuclear program. However, in recent decades, as Western governments have imposed economic sanctions on Iran, North Korea, and Venezuela, the fleet has become an established phenomenon. Because the world lacks a maritime police, vessels have operated in this manner for practically as long as there has been an organized maritime industry. If countries do try to block dark ships from their waters, or escort them away, it could prompt retaliation and escalation by Russia. Their presence poses considerable risk to other ships, to the environment, and to countries experiencing maritime accidents caused by the vessels.
