Dark Web Marketplaces
In this episode of The Dark Dive we look at the types of goods that are sold on dark web marketplaces.
In this episode of The Dark Dive we take a forensic look at dark web marketplaces.
Among other things, guests Louise Ferrett and Dave Osler discuss the difference between drug and digital goods markets (known as “autoshops”), the short lifespan of marketplace sites, and the strangest things they’ve seen sold on the dark web.
Speakers
Aidan Murphy
Host
Louise Ferrett
Senior Threat Intelligence Analyst at Searchlight Cyber
Dave Osler
Head of Product at Searchlight Cyber
This episode of the dark dive covers:
The different types of marketplaces that exist on the dark web
Including real life examples of some of the most notorious marketplaces in the history of the dark web, and the ones that dominate the landscape today.
The illicit and criminal goods they sell
Including everything from drugs, arms, and counterfeit goods, to malware and exploits, and everything in between.
The challenges they create for law enforcement
Who have to overcome the anonymity the dark web provides marketplace admins and their users in order to bring them to justice.
Transcript
Aidan Murphy: Hello, and welcome to another episode of The Dark Dive, the podcast that delves into the depths of the dark web. My name is Aidan Murphy, and I’m your host as, each episode, we look at different aspects of the dark web. In the podcast feed, you can already find the entire limited series which includes episodes on how the dark web works, how cyber criminals use the...
Aidan Murphy: Hello, and welcome to another episode of The Dark Dive, the podcast that delves into the depths of the dark web. My name is Aidan Murphy, and I’m your host as, each episode, we look at different aspects of the dark web. In the podcast feed, you can already find the entire limited series which includes episodes on how the dark web works, how cyber criminals use the dark web, and what security professionals can do about it. But in this episode, we’re going to be delving into the world of dark web marketplaces. You may have heard of some of them, the likes of AlphaBay, Hydra, and Silk Road, but to talk us through the dark web marketplace landscape as it is today, I’m joined by two experts who know their BidenCash from their TrumpsDumps. Those are two markets, by the way. Dave Osler, head of product of Searchlight Cyber. Hello Dave.
Dave Osler: Hello.
Aidan Murphy: And Louise Ferrett, senior cyber-intelligence analyst at Searchlight Cyber. Hello, Louise.
Louise Ferrett: Hey Aidan.
Aidan Murphy: So, before we kick off, I’m just going to ask you to introduce yourselves to the audience and give us a bit of your background. Dave, we’ll start with you.
Dave Osler: Hi, everyone, I’m Dave Osler, I am head of product, I’ve been in product management for about the last fifteen years now. I run a team here with a range of product managers, designers, support team. We develop and build the products, we work closely with our customers to understand their requirements, and we work very closely with our internal development team as well to make sure that the product’s delivering the value, and we work closely with the TI team internally as well to ensure that we’re at the cutting edge of anything dark web related.
Aidan Murphy: And just for the audience, that is the threat intelligence team, TI team, threat intelligence team, which Louise is a member of, so Louise.
Louise Ferrett: So, I am senior threat intelligence analyst here at Searchlight. As Dave said, we work a lot with the product team to, kind of, keep informed on the latest happenings on the dark web. We also work a lot with marking and, yes, with the developer team as well, all focused on building the best dark web intelligence products that we can.
Aidan Murphy: Brilliant, thanks Louise. So, dark web marketplaces. I’m going to start with the obvious question, and I’m going to aim it at you, Dave, what do people go to the dark web to buy? What types of products people go to a dark web marketplace for?
Dave Osler: So, there’s all sorts of products sold on dark web markets, and it’s what most people can probably imagine, it’s anything that you wouldn’t want people to know you’re buying on the clear net. So, it’s drugs, it’s illicit items, it’s items to do with money laundering, that can be related to carding, it could be related to data, so it’s not just physical items, people might think physicals items and delivery through a market, it’s drugs, but it’s not just that, there’s data, so sensitive personal credentials that have been stolen in breaches as well, there’s a really wide range of things. I’ve even seen gold bars for sale on dark web marketplaces, and obviously, you’re going to question if you’re buying a gold bar for £10,000 off a dark web marketplace if it truly is a gold bar or not. But there really is pretty much everything you can think of that is in some way illicit is sold on dark web marketplaces.
Aidan Murphy: I guess that makes quite a challenge for us for what we do which is help people understand what happens on the dark. We have to categorize those products, how that categorization work? Do we break it down into drugs, arms, you know, how vast is it really?
Dave Osler: It’s very vast, and often, these marketplaces, much like marketplaces on the clear net, which is the usual internet people go on, if they’re not going on the dark web or Tor, as people know it. Often, these markets have specific categories, so they might have a drugs category, and that’s drugs category might be broken down into stimulants, for example. So, you’ll usually find that these items are listed and categorized by these markets already. Obviously, there can be quite generic listings, so as well as pulling out the listings and things like that, we structure our data, we’re already using advanced techniques, not just to look at what someone’s saying data is, what category it’s sitting under, but actually, is it related to that category? Because you often see items for sale in categories that aren’t actually related to that category at all.
So, for example, I’ve seen firearms for sale in drugs markets’ listings and things like that, and for a human, looking at that, you can clearly see it’s a picture of a gun and it’s got some text against it describing the type of weapon it is, but someone’s posted it for sale in the drugs market. So, actually, relying on just those market categorizations for data collection purposes, you can’t do that, you have to go above and beyond to really understand what it is that’s being sold and how to categorize that as well.
Aidan Murphy: That’s really interesting, yes. So, they do some of the categorization work themselves, and I guess, like you say, there is the clear web comparison. I think maybe at this point, Louise, this is great for an audio medium, but if you can maybe describe, what would somebody see if they went to a dark web market? And I know they’re all a little bit different, but, you know, are we talking eBay, Amazon, or do they look slightly different from that?
Louise Ferrett: Yes, sure. I’ll try and paint as best a picture as I can with my words. But, yes, especially a lot of the earlier ones were pretty heavily based on eBay and that kind of auction, sort of, UI. There’s even been a couple markets that, sort of, directly riff on eBay with their name, so obviously, you’ve got AlphaBay, there was also DarkBay. So, I guess the best way to describe it is, yes, most of them will have, like, a search bar at the top where you can search for whatever product or service you’re looking for, and then down the left-hand side, you’ll have a sidebar with, as Dave mentioned, the on-site categories, then in the middle of the page, before you search for anything, there might be some featured listings, so that can be stuff that’s popular or often stuff that vendors have paid to have that ad space basically.
So, it’s quite interesting, it is, sort of, parallels to a legitimate business. I mean, I say that about a lot of stuff on the dark web, but, yes, there are parallels with those, kind of, periphery ways of gaining revenue through, yes, advertising space, if yours is a popular site and people will want to boost their products on there and get the most eyes on it. So, yes, pretty similar to normal e-commerce platform.
Aidan Murphy: Yes, and I guess it speaks to, I guess, in quotation marks, a sophistication, but I think it might be surprising to some people if that, you know, there be advertisers on the dark web, but it is a market like any other. So, just as there are advertisers on clear web markets, there are advertisers on dark web markets as well. And you mentioned at the beginning, that was the case, that they, kind of, mimicked eBay or Amazon and things like that. Are there more specific markets than that? Are there markets that specialize in particular goods and services?
Louise Ferrett: Yes. So, there’s a range. I think it’d be easier if I, sort of, explain the different types of markets. Your standard, kind of, dark web market, it is quite impressive from, like, an administration perspective basically. The administrators of the market will build all these, sort of, transaction processes, and the ways for vendors to interact with the platform, and then individual vendors will be the ones that post their specific product, the buyer will go on and select the product that they want to buy, enter all the shipping details, and then to pay for that product, obviously, the dark web’s, sort of, anonymous by nature, so it’d be a bit risky just instantly sending money to a random person that you don’t know, so what would typically happen is the funds to pay for the product will get sent to an intermediary, basically held in escrow, that would usually be the market’s wallet, the market administrator’s, and then once shipping is confirmed, the funds will release to the vendor.
So, that’s what’s known as an escrow market. There are some that focus on a specific niche, so it might be drugs or, kind of, digital products, hacking tools, malware, cracked software. There are markets that sell things like counterfeit cash as well and clothes, fake IDs, and then other form of market would be what’s known as an autoshop, so that’s one that’s, sort of, strictly focused on digital goods, which means that there’s not as much need for the escrow function because the product can just be downloaded or sent to the buyer immediately, and it requires interaction as a whole from both the market administrators and the vendor.
Aidan Murphy: Perfect. So, before we get into autoshop markets, because I think there’s quite a lot to talk about there separately, escrow markets, as you mentioned, are, kind of, let’s call it category one, the dark web markets, and Dave, you mentioned there’s a real smorgasbord of goods you can buy from these marketplaces, do you have any sense of, I guess, the most popular category? Are we mostly talking drug trade? Is there any way we quantify this? Is there a particular, I guess, type of good that is more popular than others on the dark web?
Dave Osler: I think there’s a number of different ways that you could categorize popularity. From what we see, drugs, there’s a vast quantity of drug sales, that’s one of the major things for the dark web, and I think that’s what a lot of people are aware of the dark web for as well. It can be quite hard to track the quantity of items being sold because someone might put a listing up, for example, a cracked piece of software, and that could be bought by multiple people, and it’s sometimes very hard to tell how many people have bought that item, it’s not necessarily the case that that item, once it’s been bought, will disappear like a physical good, because think of, like, inventory, that’s not the case with a piece of software, for example. General, as I said, drugs is a very broad category.
We see a lot of sale of items related to things like financial fraud like bank fraud, card fraud. I think another one of the major areas that we see is the sale of credential data as well, so where there’s been something like a breach, so information has been stolen or obtained from an organization, that is shared, and that often includes personal identifiable information about the individuals, whether they might have been customers of that organization that were breached. There’s a multitude of different ways this information can be stolen, and so, we do see a lot of sale of that personal information. And also, another area that we see a lot of is the sale of log on credentials as well, so those can be stolen in a range of different means, whether, for example, an infection, a malware infection on a machine can steal things like log on credentials. Those are traded and sold a lot and can be used as part of that supply chain in the ransomware area as well. So, as people want to gain access and footholds into companies as part of that ransomware operation, those credentials and log on details are very important as part of that. So, I think those are some of the key areas that I see.
Aidan Murphy: Yes, it’s interesting. So, there’s, kind of, variants between, I guess, what you might call traditional crime and the cyber-security side of things, and it sounds like there’s a real mix of both in there. Louise, before I quiz you on autoshops, Dave mentioned gold bars, what’s the weirdest thing that you’ve seen sold on the dark web, if you have something that comes to mind?
Louise Ferrett: God, yes, I had to work on a project talking about this, yes, gold bars is, like, a classic funny one. I guess it appeals to the, sort of, maybe paranoid mind of someone that might be using the dark web, that they want to get away from cash and have a real safe commodity or whatever. A lot of stuff that you see on there is a myth, like, obviously, there’s the legend of organs being for sale. I think I have seen listings for, kind of, human heart or something, but, yes, you can safely assume that those are false. I’d say probably the weirdest or the most amusing stuff is counterfeit designer clothes that you see on there just for, sort of, the sheer quantity and variety that they have there. It’s not something that I would think you need to go to the dark web for, just down a dodgy market stall.
Aidan Murphy: Yes, it seems strange to think of that next to organ sale and gold bars, yes. I mean, I hope the organ sale is a myth, although, on a previous episode of the podcast, I said that I thought that hitmen for hire was a myth, and Gareth, our CTO, corrected me. But I do quite like the idea of a man with his shed full of gold bars just in case the end of days comes and he needs to barter them. Just to come back to something you mentioned there, you can assume that some of these are fraud, so obviously, if you’re buying something from the dark web, you’re buying it from an inherently untrustworthy source, I guess, how do you see that, kind of, trust dynamic working in dark web markets? I guess the escrow part of it is one way to make sure that you get your goods, and the money is transferred when you get your goods, but there must be a lot of people being ripped off or falsely sold fake gold bars.
Louise Ferrett: Yes. So, a lot of people do get scammed, and we see them complaining about it quite a lot on forums, but the main way that people, sort of, verify trust is via, yes, dark web forums. Vendors will, kind of, seek reviews from customers, a lot of the time on the markets themselves, they’ll have a star review system and you can see how many previous purchases have been made, what’s the success rate, what’s the ratings, so things like delivery, quality, stealth. So, it is very much, sort of, an honor system, but, yes, the drug-focused dark web forums are probably the closest thing to regulation, and people, if they do get scammed, will usually post a warning about this specific vendor, what to watch out for.
Aidan Murphy: Interesting, a Trustpilot for the dark web, okay. So, autoshops, so this is actually a term that I hadn’t come across until you introduced it to me, Louise, when I started working here, and I don’t think it’s something that’s particularly well understood, even maybe amongst the cyber-security community, so I think it probably worth delving in a little bit into what an autoshop is, and how it differs from a, kind of, typical dark web marketplace. So, you’ve explained in quite a lot of depth what an escrow marketplace is, but maybe just as a recap, an autoshop, how does that run?
Louise Ferrett: As I said, escrow marketplace is, sort of, a platform built by administrators that then independent vendors will, kind of, set up shop on, and it’s a vehicle for them to sell their products to buyers. An autoshop is a little bit different, so as I said, it’s predominantly, or pretty much only for digital goods that the user can, kind of, or the buyer can receive immediate, meaning there’s no need for that kind of escrow intermediary to hold the money until the sale is confirmed. So, mainly digital goods, typically, it’ll be things like, yes, credit cards or banking information, account log ins, sometimes, sort of, malware or other kinds of hacking tools. I know there’s one for, kind of, web injections, which you can basically inject into a webpage and then impersonate to a banking app or something like that, and capture the credentials that way.
Yes, functionally, how it works is the user or the buyer selects what they want to buy, press the button, send the funds, and they can automatically receive the item that they’ve just paid for. On a more, sort of, this is varying slightly into opinion or, I don’t know, just stuff that I have, kind of, noticed while working on this kind of stuff, auto shops, they tend to be less up front about where they source their information from than, say, an escrow market, the vendors have to do quite a lot of self-promotion, they have to build a brand in order to stand out amongst what could be thousands of other vendors selling the same product as them. Autoshops will typically have a lot fewer vendors, sometimes there’ll be, sort of, no seller name, and it just appears like it’s coming directly from the site. So, it has a bit more of an element of, like, shadiness, I guess, or not quite as developed personas on there that you’re buying from. So, I’ve, sort of, got my theories that some auto shops, they’ll only let a select inner circle of sellers that they know of credit card info or account log ins to set up shop on their site, and even then, the site is the primary focus rather than the individual vendors.
Aidan Murphy: That’s interesting. So, I guess, this comes to the point you made, Dave, about when it comes to digital goods being sold, different people could be buying the same service again and again and again, and it’s very hard for us to tell on our how that works. But are there, I guess, either autoshops or escrow marketplaces, are there any that we’re aware are, kind of, the big names now? So, at the beginning of the podcast, I mentioned some names, Hydra, AlphaBay, and Silk Road, which Silk Road is probably, if people know about the dark web, they probably know the most about Silk Road, but all of those marketplaces are now gone, are there any marketplaces now that we, you know, see the most activity on or consider to be the big players?
Louise Ferrett: I’d like to, sort of, go over how we quantify popularity on a dark web market, because as Dave mentioned, it can be hard to know exactly how many sales or transactions have actually taken place. Two, sort of, most effective data points for me that we use in tandem with each other are the number of listings on a site and the number of active vendors. This is basically because some markets, they can have a lot of listings, but they might all be, kind of, duplicates, also known as cloned listings, which is basically just a spamming technique, or it might all be really unreliable scammy looking listings. So, with those two metrics in line, because if an escrow market has a large number of active vendors, that’s also an indication that it’s a popular site because people want to sell on there, or they see that logic only really works for escrow markets rather than auto shops. With that being said, sort of, two markets that seem to be in the top rankings for the past three months, the Bohemia, which, I think, has been in the news lately, and Incognito, so they both score pretty highly in those two categories of listings and vendors. But, yes, as you mentioned, Aidan, there’s a lot of big names from the past that are probably more familiar with listeners, so, yes, Silk Road, AlphaBay, Dream, Empire, White House Market, and looking back historically over our data, I mean, we don’t have any data for Silk Road because it was shut down way before this company actually started, but most of those had over 100,000 listings and over 2,000 vendors total.
Aidan Murphy: Yes, that gives quite a good indication of scale, to drive home the point, what we can’t really see is the number of buyers, is that right?
Louise Ferrett: Yes, that’s correct. So, there’s not really a lot of data on buyers on the site other than if they’ve left a review, and then, their name will usually be obscured for privacy reasons.
Aidan Murphy: And Dave, I guess, if we’re struggling to put names to buyers, talking about geography might be quite difficult, but do we get any indication of where these markets are based, or where they’re shipping their products to? Is there any, kind of, data we collect on that front?
Dave Osler: There is, and again, this can work in a number of different ways, and you can look at geographical, kind of, dispersion and distribution through a few different lenses. I guess, at a very top level, you can look at the language spoken, so if a market is a Russian language market, you would predominantly assume that that transacts in Russia or surrounding countries or Russian-speaking countries. Obviously, if it’s English spoken, and you do get a lot of markets where English is the predominant language, those, you can assume are in the western world, but then, that assumption can be wrong because, you know, when you read a sentence, you can tell that it was written by someone who’s not necessarily a native English speaker, so that is more difficult, and I think people like to use English as that primary language to reach a broader market or the target market. So, markets do, on occasions, define where items were delivered to, it’s more on the vendor level, so a vendor might say, ‘Yes, we’ll ship from this location to this location.’ Again, you can’t assume that that is the same across every market, there is data to run on that. I’ve seen places where they ship worldwide though, so again, take that reliability as you will. Another way, and probably the most granular way, but one of the hardest ways to track at scale is when a vendor describes where they’ll post to or won’t post to in the free text description of their item.
So, they might say, ‘I will ship to Germany, and I will ship to the UK, but I will not ship to these locations.’ So, when you’re looking at a post on a case-by-case basis, so if you put yourself in the position of a buyer, I think that’s relatively simple to understand the locations to and from, whereas when you’re trying to extract that text and meaning and context at a broad scale, and especially when posts, as I said earlier, aren’t always written in English by someone who’s a native English speaker, that can be quite a challenge. That’s one of the things we do look to do, and we want to really ensure that that data is available because when you look at challenges from a law enforcement perspective, they’ve got boundaries that they have to adhere to, it’s crime within their country when you look at those legal systems, unless you’re looking at, kind of, more the Interpol, the Europols, the more global-reaching law enforcement groups. So, that is something that is of interest because if a government wants to tackle this, they really want to tackle either drugs being sold from their country into other countries, drugs being sold from other countries into their countries, or obviously, drugs being sold from and within their territories. So, it’s not an easy question to answer, but there are a number of ways you can approach it and try and tackle that issue.
Aidan Murphy: You’ve beautifully pre-empted my next question, or given me the perfect segue, but at this point, I think, you know, I should ask the question that people are probably screaming at their podcast device which is, ‘Why can’t law enforcement do more about this?’ So, you’ve touched on, I think, some of the challenges, so attributing even a geography is quite difficult, which obviously causes a problem. But we have established that there are administrators of these markets, there are multiple vendors, what is stopping law enforcement, I guess, from doing their job, which I’m sure they’re very dedicated to doing, and taking either the vendors or the administrators down?
Dave Osler: Now, that is the million-dollar question, and if anyone’s read the news, there’s examples where markets have been taken down recently, so Kingdom Market was taken down in December, so markets do get taken down, it’s not an easy thing to do, the way Tor has been designed, it’s for anonymity, so there’s multiple layers of cryptography, and this is privacy by design, it’s made to be difficult to track actors acting on this, on Tor. So, whilst it’s very difficult to do, it’s obviously not impossible, as I said, you see these news articles where markets are taken down. What you’ll see a lot of times, if you read the detail, once these happen, it’s actually, it’s often not a single law enforcement agency on their own doing this, it’s actually combinations of multiple law enforcement agencies from different countries around the world who actually group together to cooperate around this. And I think, when you look at this, markets operate, they might sell to different locations, they might have infrastructure, so the servers that these markets are on, running in different locations, the administrators, sorry, the administrators of the market might be residing in one country but utilizing servers in another country, and passing their traffic through data centers in another country, so actually, it’s a very complicated operation to unpick, but it’s obvious from the markets that are taken down by law enforcement that it is something that can be addressed but is a difficult problem.
Louise Ferrett: I was just going to say, a really good example of that, kind of, international cooperation is the Hydra take-down, so Hydra, as I think you mentioned, Aidan, was one of the biggest, if not the biggest dark net market for a while, and it only catered to customers in Russia and surrounding countries, so in that former Soviet space. And the way that it got taken down, I don’t believe the administrators actually got arrested, but because the servers were based in Germany, there was cooperation between US law enforcement and the German federal police to then get, yes, the servers shut down. So, yes, it’s very rare that everything will be based at one place like the admins and the hosting provider and the data centers is usually quite spread apart, and that can make it more difficult.
Aidan Murphy: So, one thing that always strikes me when we talk about dark web markets is this, kind of, tempestuous nature of the landscape, so I thought it was quite interesting early in the podcast, Louise, where you mentioned Bohemia and Incognito as the most popular markets of the last three months, which, I think, to listeners won’t seem like a very long time, but we know, internally, that in the world of dark web markets, three months is a very long time, and these markets come and go quite quickly. So, we’ve just been talking about law enforcement take downs which is one way that they go, but you also introduced me to the idea of exit scams. I don’t know if maybe you could explain to the audience what an exit scam is, and how those work?
Louise Ferrett: Yes. So, this is one of Aidan’s favorite dark web concepts, I think, he loves an exit scam. So, yes, as you said, three months is quite a long time in the dark web market scene, and one of the reasons that Bohemia and Incognito are probably two of the most popular ones that we track right now is by virtue of them being around for, not sure, both, probably about two years now, which is a long time in, sort of, dark net market years. An exit scam is basically the administrators of the market have, sort of, made all the money that they want to make, they’re looking for a way out, but obviously, they don’t really have any responsibility to their customers, no one’s going to report them to the trading standards authority or whatever, so they’ll keep the market up, but maybe they’ll start only accepting deposits of money into people’s market wallets, and not accepting withdrawal requests, so when people want to take the money that they’ve put onto the market out, or vendors want to withdraw the funds that they’ve made from selling products, that won’t work any more, and people will start raising the alarm on forums saying, ‘What’s going on with this?’ And if a market’s really cheeky, like, a lot of them will just stay silent throughout this, if they’re really cheeky, they’ll have a public relations rep on the forum saying, ‘No, everything’s fine, guys, like, there’s just a bug at the moment, we’re working on getting it fixed as soon as possible.’ Like, ‘We’re not going anywhere, don’t worry about it.’
And this can go on for, like, it can be days, it can be weeks, I don’t know if I’ve seen it go on for months, but, yes, it will get to a point where everyone’s, sort of, arguing about it online, there’ll be some die-hards who are like, ‘No, they wouldn’t do this.’ And other people that have been, sort of, saying, ‘I told you so since day one, like, these guys are scammers, I never trusted them.’ And, yes, eventually, the market will disappear. And it really, at its core, is taking advantage of people who aren’t really in the know at all, and they might have literally just found the market, don’t know any of the history or that people are having problems withdrawing funds from it, or that orders aren’t getting sent. It’s scooping up those, sort of, last bits of funds before, yes, running off into the sunset with huge bags of, I was going to say cash, but it’d be crypto. So, yes, huge bags of crypto.
Aidan Murphy: Well, a cautionary tale on not using dark web markets. They can’t be trusted. Take that on board, listeners. So, we have markets coming and going very regularly, so, Dave, again, I imagine that makes your job quite difficult because trying to stay on top on these markets, how do we manage to keep on top of them, find new markets as they pop up?
Dave Osler: So, there’s a range of different ways you can go about identifying markets, and actually, really, this is Louise’s strong point, ever since I’ve joined, she’s been hunting around, finding these sites incredibly well, because they can be often quite hard to find. I think for markets specifically, because obviously, there’s lots of different types of sites on Tor, markets want to be found, they want people to know they’re there so they can buy from them. So, you can look for the onions which is the, kind of, URL address that you type into your browser to find that marketplace, that might be shared on a forum where people might be talking about, ‘Where’s the, you know, best market to buy drugs from?’ That’s a way you can find them. There’s other techniques you can use to identify markets, fairly technologically advanced, I won’t go into the details of it, but basically, spidering out and trying to find these different sites across Tor, so not necessarily a human doing it, but through a machine process that identifies these sites, and you can look for things like keywords as well to identify whether that site is a market or not. So, there’s a human aspect to it, and it’s like an intelligence aspect to it, and there’s an automated aspect that you can go down as well. And Louise might have more to add on that side of it than me.
Louise Ferrett: Thank you, Dave. Yes, so, as Dave said, there’s, sort of, human and automated ways of finding new markets, but, yes, they sit in an interesting space of obviously don’t want to be attracting too much attention because then there’s more chance of law enforcement radar, getting shut down, but you also want buyers to be able to find you. So, it, kind of, goes back to the advertising that we mentioned, forums, dark web forums will also sell advertising space to other sites, particularly markets that are in the same niche as what their forum’s about. So, like, forums focused on credit card fraud are probably going to have a shop that sells stolen credit details as their main banner ad. Also, sort of, there’s a thing called link sites which will store a lot of onion addresses to these sites, also just people on forums sharing with each other what the new, best site is for this. Because everyone’s, kind of, in the same boat, they don’t really know where to go to find what they’re looking for, so best you can do is ask around. There are dark web search engines, not as powerful as the ones that we have on the clear web, but that is, yes, another way that people might try and look for new markets.
Aidan Murphy: Interesting. I think that paradox of people on the dark web wanting to remain hidden, but also at the same, wanting to attract attention for their nefarious ways is something we’ll probably return to in this podcast, and I think we’re definitely returning to dark web forums, which have been mentioned, link sites, and search engines on later episodes, so if you’re interested in finding out more about those, you’ve come to the right place, and stay tuned. But I think that is quite a good place in which to draw a line under this episode of the Dark Dive. The last thing for me to do is to thank Dave and Louise for joining me. If you want to find out more, remember, you can follow us for free on Apple Podcasts, Spotify, or whatever podcast app you have on your device. You can get all of the episodes of this limited series in your podcast feed now. If you’d like to get in touch with us here as Searchlight Cyber, you can find our social media accounts and email address in the show notes or you can find plenty of information on our website, www.slcyber.io. Until next time, stay safe.