Darknet market

1970s to 2011

Though e-commerce on the dark web only started around 2006, illicit goods were among the first items to be transacted using the internet, when in the early 1970s students at Stanford University and Massachusetts Institute of Technology used what was then called the ARPANET to coordinate the purchase of cannabis. By the end of the 1980s, newsgroups like alt.drugs would become online centres of drug discussion and information; however, any related deals were arranged entirely off-site directly between individuals. With the development and popularization of the World Wide Web and e-commerce in the 1990s, the tools to discuss or conduct illicit transactions became more widely available. One of the better-known web-based drug forums, The Hive, launched in 1997, serving as an information sharing forum for practical drug synthesis and legal discussion. The Hive was featured in a Dateline NBC special called The "X" Files in 2001, bringing the subject into public discourse. From 2003, the "Research Chemical Mailing List" (RCML) would discuss sourcing "Research Chemicals" from legal and grey sources as an alternative to forums such as alt.drugs.psychedelics. However Operation Web Tryp let to a series of website shut downs and arrests in this area.

Since the year 2000, some of the emerging cyber-arms industry operates online, including the Eastern European "Cyber-arms Bazaar", trafficking in the most powerful crimeware and hacking tools. In the 2000s, early cybercrime and carding forums such as ShadowCrew experimented with drug wholesaling on a limited scale.

The Farmer's Market was launched in 2006 and moved onto Tor in 2010. It was closed and several operators and users arrested in April 2012 as a result of Operation Adam Bomb, a two-year investigation led by the U.S. Drug Enforcement Administration. It has been considered a "proto-Silk Road" but the use of payment services such as PayPal and Western Union allowed law enforcement to trace payments and it was subsequently shut down by the FBI in 2012.

Silk Road and early markets

The first pioneering marketplace to use both Tor and Bitcoin escrow was Silk Road, founded by Ross Ulbricht under pseudonym "Dread Pirate Roberts" in February 2011. In June 2011, Gawker published an article about the site, which led to "Internet buzz" and an increase in website traffic. This in turn led to political pressure from Senator Chuck Schumer on the US DEA and Department of Justice to shut it down which they finally did in October 2013 following a lengthy investigation. Silk Road's use of both Tor, Bitcoin escrow and feedback systems would set the standard for new darknet markets for the coming years. The shutdown was described by news site DeepDotWeb as "the best advertising the dark net markets could have hoped for" following the proliferation of competing sites this caused, and The Guardian predicted others would take over the market that Silk Road previously dominated.

The months and years following Silk Road's closure would be marked by a greatly increased number of shorter-lived markets as well as semi-regular law enforcement take downs, hacks, scams and voluntary closures.

Atlantis, the first site to accept Litecoin as well as Bitcoin, closed in September 2013, just prior to the Silk Road raid, leaving users just 1 week to withdraw any coins. In October 2013 Project Black Flag, closed and stole their users' bitcoins in the panic shortly following Silk Road's shut down. Black Market Reloaded's popularity increased dramatically after the closure of Silk Road and Sheep Marketplace however in late November 2013, the owner of Black Market Reloaded announced that the website would be taken offline due to the unmanageable influx of new customers this caused. Sheep Marketplace which launched in March 2013 was one of the lesser known sites to gain popularity with Silk Road's closure. Not long after those events it ceased operation in December 2013, when it announced it was shutting down after two Florida men stole $6 million worth of users' Bitcoins.

Post-Silk Road to present

From late 2013 through to 2014, new markets started launching with regularity, such as the Silk Road 2.0, run by the former Silk Road site administrators as well as the Agora marketplace. Such launches were not always a success, in February 2014 the highly anticipated market based on Black Market Reloaded, Utopia opened only to shut down 8 days later following rapid actions by Dutch law enforcement. February 2014 also marked the short lifespans of Black Goblin Market and CannabisRoad, two sites which closed after being deanonymised without much effort.

November 2014 briefly shook the darknet market ecosystem, when Operation Onymous executed by the FBI and UK's National Crime Agency led to the seizure of 27 hidden sites, including one of the largest markets at the time Silk Road 2.0 as well 12 smaller markets and individual vendor sites. By September 2014, Agora was reported to be the largest market, avoiding Operation Onymous and as of April 2015 has gone on to be the largest overall marketplace with more listings than the Silk Road at its height.

2015 would feature market diversification and further developments around escrow and decentralisation.

In March 2015 the Evolution marketplace performed an 'exit scam', stealing escrowed bitcoins worth $12 million, half of the ecosystem's listing market share at that time. The closure of Evolution led to a users redistributing to Black Bank and Agora. However Black Bank, which as of April 2015 captured 5% of the darknet market's listings, announced on May 18, 2015 its closure for 'maintenance' before disappearing in a similar scam. Following these events commentators suggested that further market decentralization could be required, such as the service OpenBazaar in order to protect buyers and vendors from this risk in the future as well as more widespread support from 'multi-sig' cryptocurrency payments.

In April, TheRealDeal, the first open cyber-arms market for software exploits as well as drugs launched to the interest of computer security experts. In May varied DDOS attacks were performed against different markets including TheRealDeal. The market owners set up a phishing website to get the attacker's password, and subsequently revealed collaboration between the attacker and the administrator of Mr Nice Guy's market who was also planning to scam his users. This information was revealed to news site DeepDotWeb.

On July 31, the Italian police in conjunction with Europol shut down the Italian language Babylon darknet market seizing 11,254 Bitcoin wallet addresses and 1 million euros.

At the end of August, the leading marketplace Agora announced its imminent temporary closure after reporting 'suspicious activity' on their server, suspecting some kind of deanonymisation bug in Tor.

Since October 2015, AlphaBay is recognized as the largest market. From then on, through to 2016 there was a period of extended stability for the markets, until in April when the large Nucleus marketplace collapsed for unknown reasons, taking escrowed coins with it.

Search and discussion

One of the central discussion forums is Reddit's /r/DarkNetMarkets/, which have been the subject of legal investigation, as well as the Tor-based discussion forum, The Hub. Many market places maintain their own dedicated discussion forums and subreddits. The majority of the marketplaces are in English, but some are opening up in Chinese, Russian, and Ukrainian.

The dedicated market search engine 'Grams' allows the searching of multiple markets directly without login or registration.

Dark web news and review sites such as DeepDotWeb. and All Things Vice provide exclusive interviews and commentary into the dynamic markets. Uptime and comparison services such as DNStats provide sources of information about active markets as well as suspected scams and law enforcement activity. Due to the decentralized nature of these markets, phishing and scam site are often maliciously or accidentally referenced.

After discovering the location of a market, a user must register on the site, sometimes with a referral link after which they can browse listings. A further PIN may be required to perform transactions, better protecting users against login credential compromise.

Customer interactions

Transactions typically use Bitcoin for payment, sometimes combined with tumblers for added anonymity and PGP to secure communications between buyers and vendors from being stored on the site itself. Many sites use Bitcoin multisig transactions to improve security and reduce dependency on the site's escrow. The Helix Bitcoin tumbler offers direct anonymized marketplace payment integrations.

On making a purchase, the buyer must transfer cryptocurrency into the site's escrow, after which a vendor dispatches their goods then claims the payment from the site. On receipt or non-receipt of the item users may leave feedback against the vendor's account. Buyers may "finalize early" (FE), releasing funds from escrow to the vendor prior to receiving their goods in order to expedite a transaction, but leave themselves vulnerable to fraud if they choose to do so.

Following Operation Onymous, there was a a substantial increase in PGP support from vendors, with PGP use on two marketplaces near 90%. This suggests that law enforcement responses to cryptomarkets result in continued security innovations, thereby making markets more resilient to undercover law enforcement efforts.

Market types

Items on a typical centralized darknet market are listed from a range of vendors in an eBay like marketplace format. Virtually all such markets have advanced reputation, search and shipping features similar to Amazon.com.

Some of the most popular vendors are now opening up dedicated own online shops separate from the large market places. Individual sites have even returned to operating on the clearnet, with mixed success.

Some internet forums such as the defunct Tor Carding Forum and the Russian Anonymous Marketplace function as markets with trusted members providing escrow services and users engaging in off-forum messaging. In May 2014 the "Deepify" service attempted to automate the process of setting up markets with a SAAS solution, however this closed a short time later.

Following repeated problems associated with centralised infrastructure, a number of decentralised marketplace software alternatives have arisen using blockchain technology, including OpenBazaar, Syscoin, Shadow, BitBay, Bitmarkets, and Nxt.

Vendors

To list on a market, a vendor may have undergone an application process via referral, proof of reputation from another market or given a cash deposit to the market.

Many vendors list their wares on multiple markets, ensuring they retain their reputation even should a single market place close. Grams have launched "InfoDesk" to allow central content and identity management for vendors as well as PGP key distribution.

Meanwhile, individual law enforcement operations regularly investigate and arrest individual vendors and those purchasing significant quantities for personal use.

A February 2016 report suggested that 1/4 of all DNM purchases were for resale.

Drugs

Whilst a great many products are sold, drugs dominate the numbers of listings with the drugs ranging from Cannabis, MDMA, Modafinil, to LSD, cocaine and designer drugs.

Fraud and hacking services

Cyber crime and hacking services for financial institutions and banks have also been offered over the dark web. Markets such as AlphaBay Market would go on to host a significant share of the commercial fraud market, featuring carding, counterfeiting and many related services. Loyalty card information is also sold as it is easy to launder.

Prohibitions and restrictions

Many markets will refuse to list weapons or poisons. Markets such as the original Silk Road would refuse to list anything where the "purpose is to harm or defraud, such as stolen credit cards, assassinations, and weapons of mass destruction".

Later markets such as Evolution would ban 'child pornography, services related to murder/assassination/terrorism, prostitution, Ponzi schemes, and lotteries' but allow the wholesaling of credit card data.

The fire arms market appears to attract extra attention from law enforcement as well as other weapons such as certain types of knives and blades.

Market operations

Nachash, former proprietor of Doxbin wrote a guide in early 2015 entitled So, You Want To Be a Darknet Drug Lord ....

Background research tasks included learning from past drug lords, researching legal matters, studying law enforcement agency tactics and obtaining legal representation. With regards to the prospective market's hosting, he recommends identifying a hosting country with gaps in their mutual legal assistance treaty with one's country of residence, avoiding overpriced bulletproof hosting and choosing a web host with Tor support that accepts suitably hard to trace payment. Patterns recommend to avoid include hiring hitmen like Dread Pirate Roberts and sharing handles for software questions on sites like Stackexchange.

He advises on running a secured server operating system with a server-side transparent Tor proxy server, hardening web application configurations, Tor-based server administration, automated server configuration management rebuild and secure destruction with frequent server relocation rather than a darknet managed hosting service. Obfuscating traffic by investing in Tor relays which the market site will exclusively use he recommends to protect against guard node deanonymisation.

For a local machine configuration he recommends a computer purchased in cash running Linux using a local Tor transparent proxy. For OPSEC he suggests avoiding storing conversation logs, varying writing styles, avoiding mobile phone based tracking and leaking false personal details to further obfuscate one's identity. Use of OTR and PGP are recommended.

He recommends verifying market employees carefully and to weed out law enforcement infiltration through barium meal tests.

Fraudulent markets

A large amount of services pretend to a legitimate vendor shop, or marketplace of some kind in order to defraud people. These include the notoriously unreliable gun stores, or even fake assassination websites.

Exit scams

Centralised market escrow means that an individual market may close down and 'exit' with the buyer's and vendor's cryptocurrency at any given time. This has happened on several occasions such as with BlackBank and most notoriously Evolution who pocketed $12 million of escrowed coins.

Individual vendors often reach a point of reputation maturity whereby they have sold sufficient product to have accumulated both significant reputation and escrowed funds, that many may choose to exit with those funds rather than compete at the higher-volume higher-priced matured product level.

Commentary

In December 2014, "The Darknet: From Memes to Onionland" Carmen Weisskopf and Domagoj Smoljo explored Darknet culture in an exhibition. This featured the "Random Darknet Shopper" which spent $100 in BTC per week from Agora. Their aim was to explore the ethical and philosophical implications of these markets, which, despite high-profile internationally co-ordinated raids persist and flourish.

James Martin's 2014 book Drugs on the Dark Net: How Cryptomarkets are Transforming the Global Trade in Illicit Drugs discusses some vendors are even branding their opium or cocaine as "fair trade", "organic" or sourced from conflict-free zones. In June 2015 journalist Jamie Bartlett gave a TED talk about the state of the darknet market ecosystem as it stands today.

According to 2014 studies by Martin, Aldridge & Décary-Hétu and a January 2015 report from the Global Drug Policy Observatory, many harm reduction trends have been spotted. These include the reduced risks associated with street dealing such as being offered hard drugs. The vendor feedback system provides accountability for risks of mixing and side effects and protection against scammers. Online forum communities provide information about safe drug use in an environment where users can anonymously ask questions. Some users report the online element having a moderating affect on their consumption due to the increased lead time ordering from the sites compared to street dealing.

Professor for addiction research Heino Stöver notes that the shops can be seen as a political statement - advancing drug legalization "from below". The result of these markets are higher quality and lower prices of the psychoactive substances as well as a lower risk of violent incidents. A number of studies suggest that markets such as Silk Road may have helped users reduce the harm caused by illicit drug use, particularly compared with street-based drug marketplaces. Examples include the sale of high-quality products with low risk for contamination (see: lacing (drugs), cutting agent), vendor-tested products, sharing of trip reports and online discussion of harm reduction practices. Some health professionals such as "DoctorX" provide information, advice and drug-testing services on the darknet. The quality of the products is attributed to the competition and transparency of darknet markets which involve user feedback and reputation features.

Europol reported in December 2014, "We have lately seen a large amount of physical crime move online, at least the "marketing" and delivery part of the business ... [Buyers can] get the illegal commodity delivered risk-free to a place of their choice by the mailman or a courier, or maybe by drone in the future, and can pay with virtual currency and in full anonymity, without the police being able to identify either the buyer or the seller."

In June 2015 the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) produced a report citing difficulties controlling virtual market places via darknet markets, social media and mobile apps. In August 2015 it was announced that Interpol now offers a dedicated Dark Web training program featuring technical information on Tor, cybersecurity and simulated darknet market take downs.

In October 2015 the UK's National Crime Agency and GCHQ announced the formation of a "Joint Operations Cell" to focus on cybercrime. In November 2015 this team would be tasked with tacking child exploitation on the dark web as well as other cybercrime.

In February 2015, the EMCDDA produced another report citing the increased importance of customer service and reputation management in the marketplace, the reduced risk of violence and increased product purity. It estimated 1/4 of all purchases were for resale and that the trend towards decentralisation meant they are unlikely to be eliminated any time soon.

A June 2016 report from the Global Drug Survey described how the markets are increasing in popularity, despite ongoing law enforcement action and scams. Other findings include consumers making purchases via friends operating Tor browser and Bitcoin payments, rather than directly. Access to markets in 79% of respondent's cases led to users trying a new type of drug.

Size of listings

The size of the darknet markets economy can be problematic to estimate. A study based on a combination of listing scrapes and feedback to estimate sales volume by researchers at Carnegie Mellon University captured some of the best data. A reviewed 2013 analysis put the Silk Road grossing $300,000 a day, extrapolating to over $100 million over a year. Subsequent data from later markets has significant gaps as well as complexities associated with analysing multiple marketplaces.

In fiction

In the episode "eps2.3_logic-b0mb.hc" (ep. 5 of season 2) of the drama–thriller television series, Mr. Robot, the protagonist, Elliot, is supposed to be repairing a Tor hidden site which turns out to be a darknet market called "Midland City" styled after the Silk Road for the sale of guns, sex trafficked women, rocket launchers, drugs and hitmen for hire.

In the 2016 movie Nerve starring Emma Roberts and Dave Franco, the dark web plays major role.