There has been a flurry of activity on the dark web this week.
A hacker, claiming to be the author of the recent ransomware NotPetya, has surfaced on the dark web. They’re offering the “master key”, which they claim can decrypt all files that have been encrypted by the ransomware in exchange for 100 bitcoins (around US$250,000).
Journalists from Motherboard, talking with the hacker on a dark web chatroom, confirmed the hacker’s ability to decrypt a file. It seems that, as yet, there had been some interest but no firm offers to pay the ransom.
The hacker also moved the somewhat paltry 3.96 bitcoin ransom collected as a result of the original attack to another bitcoin wallet. The exact purpose of this was not clear. Some security companies are claiming that the purpose of the NotPetya attack was simply to cause damage and not to collect ransom.
The Ukraine, most affected by the attack, naturally pointed the finger at Russia. In this scenario, the hackers are potentially trying to bring attention back to the question of money as a motive and lend more evidence that it was simply a ransomware attack.
Meanwhile in Australia, a journalist from The Guardian reported that a vendor on a dark web marketplace was selling Medicare identification numbers (every Australian has an identifier to access health services) for any Australian citizen for 0.0089 bitcoin, about AU$22 each.
This incident has drawn public attention to the existence of darknet markets and the wide range of illegal products and services available there. Journalists at the ABC reported on the ability to buy hacked Uber accounts, complete with attached credit cards for less than US$5.
Of course, it is not just Uber accounts. Accounts for almost any digital service, including services like Netflix, are available from vendors that have sold hundreds and have been rated as being reliable and trustworthy by their customers.
Darknet markets have turned illegal goods and services into commodities using many of the same approaches as their legitimate internet counterparts. Markets like AlphaBay and Hansa Market are organised into categories of goods from drugs to counterfeit jewellery. Vendors are rated for their reliability and responsiveness, and buyers are encouraged to leave reviews.
The markets organise the exchange of payment, in Bitcoin or other cryptocurrency, once the goods have been received. This process is complicated by the fact that there is only the marketplace itself to complain to in the event of something going wrong. Given the fact that all of the goods are illegal, scams are a problem for buyers, in addition to trying to hide their digital and physical traces.
In a bizarre coincidence, however, AlphaBay, the darknet market that was hosting the Australian vendor of Medicare numbers has gone offline and, the site has been unavailable for more than 21 hours at the time of writing.
The unannounced down time of the site has made users with large amounts of money still held by the site nervous that the owners are pulling an “exit scam” and will simply vanish with the money. This happened in 2015 with a well-respected marketplace called Evolution, which resulted in the disappearance of US$12 million in bitcoin at the time.
Another explanation for the possible fate of AlphaBay was linked to news that police in Canada had executed search warrants to seize computers and merchandise linked to the dark web. The operation was part of a global investigation involving the FBI and other agencies. Again, law enforcement agencies have had success in taking down darknet markets, including one of the first and most infamous of markets, Silk Road.
Although G20 leaders will be discussing the role of encrypted messaging apps and social media in aiding terrorists, it is actually the dark web that they should be more concerned about. Recently, suspected terrorists in the Netherlands were being sought after the FBI noticed them ordering detonators and Semtex explosives on the dark web.
Police in the UK have reported an increase in the delivery of weapons in parcels after being ordered on darknet markets.
It is by no means impossible to police the dark web. At some point, physical goods or actual money is involved, and this allows people to be identified.
However, because of the sheer number of people using the dark web, especially for drugs, the increasing burden is stretching law enforcement resources and as a consequence, this illegal activity will continue to rise and impact society in the physical world.