ArticlePublisher preview available

A Market in Dream: the Rapid Development of Anonymous Cybercrime

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract and Figures

In this paper we have conducted a comprehensive measurement and analysis on the Dream market, an anonymous online market that uses cryptocurrency as transaction currency. We first collect data between October 30th 2018 and March 1st 2019. Then we use decision tree-based approach to classify goods. Following we analyze the category of goods sold in the market, the shipping place of vendors. By analyzing more than 1,970,303 items, we find the goods sold in Dream Market are mainly drugs and digital goods. We estimate the total sales of all vendors, and find that an average monthly income is $14 million during the measurement period, which means that the market commission income is more than $560,000 per month. Based on these data, we use transaction cost theory to analyze the transaction attributes of illegal transactions, which shows that anonymous online market can reduce transaction cost of illegal transactions. We finally discuss the results analyzed and the intervention policy, as well as recent DDoS attacks and future trends of illegal transactions in anonymous online market.
This content is subject to copyright. Terms and conditions apply.
https://doi.org/10.1007/s11036-019-01440-2
A Market in Dream: the Rapid Development of Anonymous
Cybercrime
Gengqian Zhou1·Jianwei Zhuge1·Yunqian Fan2·Kun Du1·Shuqiang Lu1
©Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract
In this paper we have conducted a comprehensive measurement and analysis on the Dream market, an anonymous online
market that uses cryptocurrency as transaction currency. We first collect data between October 30th 2018 and March 1st
2019. Then we use decision tree-based approach to classify goods. Following we analyze the category of goods sold in the
market, the shipping place of vendors. By analyzing more than 1,970,303 items, we find the goods sold in Dream Market are
mainly drugs and digital goods. We estimate the total sales of all vendors, and find that an average monthly income is $14
million during the measurement period, which means that the market commission income is more than $560,000 per month.
Based on these data, we use transaction cost theory to analyze the transaction attributes of illegal transactions, which shows
that anonymous online market can reduce transaction cost of illegal transactions. We finally discuss the results analyzed and
the intervention policy, as well as recent DDoS attacks and future trends of illegal transactions in anonymous online market.
Keywords Anonymous online market ·Illegal transactions ·Cybercrime
1 Introduction
Anonymous network initially served as an approach for
browsing Internet anonymously, protecting user privacy.
With the development of anonymous network, more and
more users can access it by related tools such as Tor
browser [11] easily. Anonymous online markets that based
Jianwei Zhuge
zhugejw@cernet.edu.cn
Gengqian Zhou
zhougq17@mails.tsinghua.edu.cn
Yunqian Fan
fyq18@pku.edu.cn
Kun Du
dk15@mails.tsinghua.edu.cn
Shuqiang Lu
lusq18@mails.tsinghua.edu.cn
1Institute for Network Sciences and Cyberspace, Beijing
National Research Center for Information Science and
Technology (BNRist), Tsinghua University, Beijing, China
2School of Software and Electronics, Peking University,
Beijing, China
on it allow buyers and vendors to hide their identity, making
it difficult for law enforcement to tracking them. As a result,
many prohibited goods such as drugs and privacy data, have
become the main business in anonymous online market.
Since the rise of Silk Road in 2011,1market size and
volume of the anonymous market have been growing. In
2012, the largest anonymous online market items volume
was around 24,400 [10]. By 2015, AlphaBay replaced
Silk Road and became the largest market. In July 2017,
AlphaBay had more than 369,000 products and 400,000
users [1].
Nowadays, three major large anonymous online markets
are Dream Market, Wall Street2and Silk Road 3.13. Among
them, the amount of items daily in Dream Market is around
170,000, which is much more than Wall Street’s 10,000. In
many dark market forums, Dream Market’s score is much
higher than the other two [4].
In this paper, we attempt to provide a scientific analysis
of Dream Market and anonymous cybercrime by collecting
and analyzing a set of data for approximately four months
(from October 30th, 2018 to March 1st, 2019). We think our
research has mainly four contributions.
1https://en.wikipedia.org/wiki/Silk Road (marketplace)
2http://wallst4qihu6lvsa.onion/
3http://silkroad7rn2puhj.onion/
Mobile NetworksandApplications (2020) 25:259–270
February
2020
Published online: 1
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
... The hidden nature of the .onion websites on the Tor network can be abused to facilitate various illicit services (e.g., Silk Road marketplace), where anonymous payment systems (e.g., cryptocurrencies) are generally used in such cybercriminal activities [9,10]. Now, we will briefly summarize the various malicious cyber activities that are known to be conducted on dark web and facilitated using cryptocurrencies. ...
... -Contract Killers: There exist many dark websites that allow one to hire a hitman to murder another person [9]. For example, a White-hat hacker named "bRpsd" reportedly helped the FBI to arrest several hitmen in May 2016 by hacking into the "Besa Mafia" site on the dark web, and leaking contract information such as user accounts, client messages and other information. ...
Chapter
Full-text available
The dark web is often associated with criminal activities such as the sale of exploit kits using cryptocurrencies as payment. However, the difficulty in determining the identities of dark website owners and the tracing of the associated transactions compounds the challenges of investigating dark web activities. In this study, we explore how cryptocurrencies have been involved in cybercriminal activities on the dark web and the factors that drive cryptocurrency investments. Then, we present several recommendations and guidelines for prospective investors to help identify determinant factors for assessing investment risks in the cryptocurrency marketplace. We also present several potential research opportunities in cryptocurrency.
... The hidden nature of the .onion websites on the Tor network can be abused to facilitate various illicit services (e.g., Silk Road marketplace), where anonymous payment systems (e.g., cryptocurrencies) are generally used in such cybercriminal activities [9,10]. Now, we will briefly summarize the various malicious cyber activities that are known to be conducted on dark web and facilitated using cryptocurrencies. ...
... -Child pornography / abuse / exploitation): It has been known that cryptocurrencies have been used to pay for commercial child pornography, abuse, exploitation materials and/or services (e.g., over a webcam) [18]. -Contract Killers: There exist many dark websites that allow one to hire a hitman to murder another person [9]. For example, a White-hat hacker named "bRpsd" reportedly helped the FBI to arrest several hitmen in May 2016 by hacking into the "Besa Mafia" site on the dark web, and leaking contract information such as user accounts, client messages and other information. ...
Preprint
Full-text available
The dark web is often associated with criminal activities such as the sale of exploit kits using cryptocurrencies as payment. However, the difficulty in determining the identities of dark website owners and the tracing of the associated transactions compounds the challenges of investigating dark web activities. In this study, we explore how cryptocurrencies have been involved in cybercriminal activities on the dark web and the factors that drive cryptocurrency investments. Then, we present several recommendations and guidelines for prospective investors to help identify determinant factors for assessing investment risks in the cryptocurrency marketplace. We also present several potential research opportunities in cryptocurrency.
... Sellers and buyers of illicit goods are matched with ease, and payments are quickly executed. However, contrary to fiat currencies, where law enforcement agencies have access to a wide arsenal of analytic methods for investigation of various criminal activities, from money laundering to drug dealership to human trafficking, methods for detecting crime on the blockchain are yet in their infancy (Foley, Karlsen, and Putniņš 2019;Zhou et al. 2020). As a result, large amounts of illegal transactions with cryptocurrencies remain unidentified. ...
Preprint
The number of blockchain users has tremendously grown in recent years. As an unintended consequence, e-crime transactions on blockchains has been on the rise. Consequently, public blockchains have become a hotbed of research for developing AI tools to detect and trace users and transactions that are related to e-crime. We argue that following a few select strategies can make money laundering on blockchain virtually undetectable with most of the existing tools and algorithms. As a result, the effective combating of e-crime activities involving cryptocurrencies requires the development of novel analytic methodology in AI.
Chapter
In this paper, we have conducted a comparative analysis of anonymous online market between Chinese and English speaking communities. First, we collect public data of multiple Chinese and English anonymous online markets. Then, we conduct a comparative analysis of the Chinese and English anonymous online markets from three aspects: market operation mechanism, market security mechanism, and goods sales situation. We find that Chinese and English anonymous online markets are both affected by factors such as market demand and relevant laws and regulations, and there are differences in the goods sales situation. In contrast, English anonymous online markets are relatively mature in market operation mechanism and market security mechanism, while Chinese anonymous online markets are still on their developing stage. We finally discuss the impact of law enforcement agencies’ crackdown on Chinese and English anonymous online markets, as well as the focus and methods of Chinese and English anonymous online market governance.
Conference Paper
Full-text available
Researchers have observed the increasing commoditiza-tion of cybercrime, that is, the offering of capabilities, services, and resources as commodities by specialized suppliers in the underground economy. Commoditiza-tion enables outsourcing, thus lowering entry barriers for aspiring criminals, and potentially driving further growth in cybercrime. While there is evidence in the literature of specific examples of cybercrime commoditization, the overall phenomenon is much less understood. Which parts of cybercrime value chains are successfully com-moditized, and which are not? What kind of revenue do criminal business-to-business (B2B) services generate and how fast are they growing? We use longitudinal data from eight online anonymous marketplaces over six years, from the original Silk Road to AlphaBay, and track the evolution of commoditiza-tion on these markets. We develop a conceptual model of the value chain components for dominant criminal business models. We then identify the market supply for these components over time. We find evidence of com-moditization in most components, but the outsourcing options are highly restricted and transaction volume is often modest. Cash-out services feature the most listings and generate the largest revenue. Consistent with behavior observed in the context of narcotic sales, we also find a significant amount of revenue in retail cybercrime, i.e., business-to-consumer (B2C) rather than business-to-business. We conservatively estimate the overall revenue for cybercrime commodities on online anonymous markets to be at least US $15M between 2011-2017. While there is growth, commoditization is a spottier phenomenon than previously assumed.
Article
Full-text available
In this article, we study the various functions of online cybercriminal meeting places from a unique perspective: We do not take the criminal meeting place as a starting point, but the users—the criminal networks. This allows not only for a view of what is happening on online meeting places, but it also places online meeting places into perspective. Our data consisted of detailed case descriptions of 40 cybercriminal networks active in the Netherlands (18), Germany (3), the United Kingdom (9), and the United States (10). Reconstructions were made based on analysis of police files and/or interviews with case officers and public prosecutors. Online meeting places play a role in the majority of our cases: to meet co-offenders, to buy tools, or to sell data. However, from a crime script perspective, the role of forums is much more modest. Forums, for example, can be used to find suitable co-offenders, but in the majority of our cases the core members did not meet at forums. Offline meeting places still play an important role in cybercriminal networks. Furthermore, forums can be viewed as online versions of offline offender convergence settings—physical locations such as a bar—where criminals can meet, and ensure continuity and structure. However, forums might be more accessible than physical criminal meeting places. For a curious newbie, it is, for example, easier to visit all sorts of forums than it is to visit all sorts of criminal bars. Finally, our cases show that the learning function of forums should not be underestimated.
Article
Full-text available
Objectives The current study is the first to examine the network structure of an encrypted online drug distribution network. It examines (1) the global network structure, (2) the local network structure, and (3) identifies those vendor characteristics that best explain variation in the network structure. In doing so, it evaluates the role of trust in online drug markets. Methods The study draws on a unique dataset of transaction level data from an encrypted online drug market. Structural measures and community detection analysis are used to characterize and investigate the network structure. Exponential random graph modeling is used to evaluate which vendor characteristics explain variation in purchasing patterns. Results Vendors’ trustworthiness explains more variation in the overall network structure than the affordability of vendor products or the diversity of vendor product listings. This results in a highly localized network structure with a few key vendors accounting for most transactions. Conclusions The results indicate that vendors’ trustworthiness is a better predictor of vendor selection than product diversity or affordability. These results illuminate the internal market dynamics that sustain digital drug markets and highlight the importance of examining how new anonymizing technologies shape global drug distribution networks.
Article
Full-text available
This study examines the signals of trust in stolen data advertisements by analysing the structural and situational factors that influence the type of feedback sellers receive. Specifically, this article explores the factors associated with positive and negative buyer feedback from the purchase of stolen credit card data in a series of advertisements from a sample of Russian and English language forums where individuals buy and sell personal information. The results of zero-inflated Poisson regression models suggest that the sellers may influence their likelihood of receiving feedback by specifying the type of payment mechanism, choosing the advertisement language and selecting the type of market they operate within. The implications of this study for our understanding of online illicit markets, criminological theory and policy-making will be explored in depth.
Conference Paper
Full-text available
We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area.
Article
Full-text available
Research examining offender risk reduction strategies within illicit markets focus primarily on those operating in the real world for drugs and stolen goods. Few have considered the strategies that may be used by individuals in virtual illicit markets that are hidden from public view. This study addresses this gap through a grounded theory analysis of posts from 10 Russian and three English language web forums selling stolen data to engage in identity theft and fraud. The findings indicate that buyers employ multiple strategies to reduce their risk of loss from unreliable vendors, along with resources provided by forum administrators to manage relationships between participants. The implications of this study for law enforcement and offender decision-making research are also discussed.
Conference Paper
Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.