Last updated at Mon, 30 Oct 2023 20:02:13 GMT
When it comes to dark web black markets, anonymity is key. To help maintain their anonymity, dark web black market users leverage a variety of tools and technologies that mask their identity and location. It’s important to know how these tools are used so you can perform reconnaissance and identify potential attacks or leaked information that can be used against you. Here is our list of 15 common technologies and tools used by cybercriminals to access and communicate via the dark web.
Dark web black market technologies and tools
Cold storage: A secure offline wallet for your Bitcoins or other cryptocurrencies.
Cryptocurrencies: A cryptocurrency is any digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, rather than by a centralized authority such as a bank. Here are some of the most popular cryptocurrencies used across black markets:
- Bitcoin: An open-source, peer-to-peer payment network and anonymous digital currency being used for many transactions on the darknet.
- Litecoin: An alternative cryptocurrency, similar to Bitcoin. The key difference is that while Bitcoin uses hashcash-SHA256^2 as the “proof of work,” Litecoin uses hashcash-Scrypt, which is designed to use more memory and be less subject to custom hardware designed to solve the problem quickly.
- Monero: A newer, more privacy-focused cryptocurrency that’s being accepted by some dark web black markets.
Emergency BTC address: An address to be held on record to send all funds to in case of a market shut down. This would ideally be a cold storage address with no information that could be used to connect the owner to their identity. This address would only be checked after a market was shut down in order to recover outstanding funds.
Hidden service: A term for a .onion domain name. It can only be accessed through the Tor network and cannot be seized by a government or law enforcement agency.
Hushmail: An email provider used by many dark web users that focuses on privacy and uses industry standard protocols PGP and 256-bit AES encryption. It claims to be secure to the extent that not even Hushmail employees can read the contents of user emails. Hushmail is known to cooperate with law enforcement by handing over encrypted emails.
Hidden wiki: A “hidden service” website on the Tor anonymous network that allows for open editing of subjects related to hidden services and activity in them.
Hub forums: An Onion-based platform for cross marketplace discussion, like the Dream Market forum or sub reddit, these forums are usually fully anonymous.
Internet relay chat (IRC): A communication system allowing the easy transfer of text-based messages. It is intended for group discussions in sessions called channels. IRC channels are often used by black market vendors to provide updates on the arrival of new goods or other important messages.
LocalBitcoins: A site designed to allow over-the-counter trading of Bitcoins. Famed for its anonymous nature, people who sell on the site have been under constant pressure to avoid being prosecuted as unlicensed money traders. This extra risk and the extra work generally cause a significant price difference between the site and a more open (and regulated) exchange.
Marketplaces: Catch-all term for websites set up to allow trade between vendors and buyers. When used in the context of selling illegal goods, these usually provide anonymity to the buyer and seller, a method of escrow to ensure reduced risk from new vendors and sellers, and a method of advertising goods to be sold at a price so that a purchase may be initiated and paid for without involvement from the seller. Most markets are also set up as “hidden services” under anonymity networks like Tor, i2p, or Freenet, although there do exist some “clearnet” markets that operate over standard HTTP/HTTPS.
Onion browser: A web browser like the Tor Browser Bundle (TBB). This web browser is designed to work with the Tor network to browse hidden services and normal websites anonymously, without leaking user information.
SIGAINT: Tor-based darknet email service that allows you to send email without revealing your location or identity. Its name is derived from SIGINT (“Signals Intelligence”), which refers to intelligence-gathering by intercepting signals.
Torchat: Instant messaging service that works by having each user set up a “hidden service” that can be used to contact them via Tor. Somewhat similar in purpose to OTR, but messages do not have plausible deniability.
Tormail: Tormail was a Tor hidden service that allowed users to send and receive email anonymously and email addresses inside and outside the Tor network. The service was seized by the FBI as part of the Freedom Hosting bust in August 2013.
Learn how Rapid7 can help protect your organization against threats lurking on the clear, deep, and dark web.