When I first began my journey into cybersecurity, everything was surrounded in mystery pertaining to the dark web and its marketplaces. I thought only those who dabbled in cybercrime knew how to get there, and we were locked out. This echoed with me being in cybersecurity and watching so many companies getting compromised and having to pay ransoms just to be able to operate and take care of customers.
I couldn’t believe there was a cybercrime underbelly we all didn’t know about and could potentially utilize for research. It was at this moment that I decided to put on my black hoodie, drink an energy drink, and venture into the dark. Or, in this case, the dark web marketplaces.
Working in cybersecurity, you would think I would know all the “ins and outs” of the dark web and know how to get to the marketplaces, but you would be wrong. Nobody tells you how to get there. They just tell you the cybercriminals use a Tor browser, and that’s how they do it. No directions. It’s just you and a flashlight in the dark with a stranger.
I decided to download the Tor browser and see how far I could get with just general searching—or until the government showed up to take me for a ride. After downloading the Tor browser, I opened up a browser and was met with the default Onion page everyone sees when they use Tor. I still didn’t know where to look. Usually, you just open Google and do some searches to find what you want, and yes there is a dark version of Google but that is another article.
I used my phone and Googled dark web search engines to see what could be used. There were multiple choices like you would see with normal internet use. I then saw something called the Ahima search engine. Ahima on the dark web is a super search engine that indexes Tor sites. I thought to myself that this was a place to start, and, in my mind, I would have the dark web at my fingertips. I typed in dark web marketplaces, grabbed my energy drink, and peered out the window, half-expecting the FBI to show up. Perhaps they're busy elsewhere.
The list from my Ahima search was large and full of potential possibilities. I clicked on a few, and they didn’t reveal anything worthwhile until I found my first dark web marketplace. It was called AlphaBay. AlphaBay was very unique and had more than 30,000 unique product listings—largely drugs, from ecstasy to opioids to methamphetamines—but also thousands of listings for malware and stolen data, like Social Security numbers and credit card details.
I couldn’t believe you could just view all the listings of items like you were on Amazon…and yes there is a dark web version of Amazon as well. It’s called “Amazin”.
It was the malware and stolen information that intrigued me because it was my job to protect information, and I wanted to see how the cybercriminals dealt with or sold information as well as the actual content of the stolen information. Because despite what people believe, cybercriminals don’t always tell the truth.
While browsing AlphaBay, I clicked on the data dump and leaks section for the possibility of seeing stolen credentials. You could view leaked credentials, passwords to corporate accounts, social security numbers, and health information. My eyes widened with the amount of information that was available to be viewed and sold. You could even rate the meth you purchased on a scale of 1 to 10.
Another selection of data I was interested in pertaining to passwords and sensitive information was for sale and could be viewed for a small price in Bitcoin. The owner who I will call Anonymous, had an appealing description of “Anything you want buy but nothing kid-related.”
Most of the products they were selling were the same as anything else on AlphaBay, largely drugs, malware, and stolen data. They were also recruiting for a Phishing campaign and were willing to split the proceeds. I was not interested, but the data dump they were advertising was of accounts and passwords used for a VPN for a company but not the one I worked for.
The conversation with someone with a high moral compass was intriguing, but I needed to move on. The amount of information for sale was overwhelming and the combination of searching for data that applied to what I was looking for. I decided it was enough for the night, and I was sure I heard a knock at the door. How polite the FBI is.
After talking to Anonymous, the evening was drawing to a close, and I thought, “Are there dark web marketplaces on the clear/public internet?” If there was, how could that be allowed and how wouldn’t people know? After some searching through news stories and technology articles, I came across a website that was known for selling data.
One particular article mentioned this website that publicly disclosed data from the Okta breach that occurred in 2023. The website was called Breachforums, and the data dump was visible without payment. All that was needed was to DM the owner and have a conversation.
The interesting part of this is that the cybercriminals stated they stole sensitive information, but the information disclosed in the data dump was public knowledge and not sensitive as they claimed.
The website was filled with all kinds of stolen data that was up for grabs or could be looked into by anyone of interest. It was at that moment I had an idea that would change how I saw the dark web.
Visiting the dark web marketplaces was an eye-opener for me to say the least. It opened my eyes to the possibilities of how often and how much data was stolen and sold and how easy it was to conduct. It also opened my eyes to the extent that cybercriminals don’t always tell the truth when they are posting stolen information. Most of the time, it is for gloating and looking good to their peers and the world.
If someone was taught how and where to look, individuals and companies would have the ability to use people and tools to continually search the dark web marketplaces and forums using APIs for keywords to gain the advantage. It would also bring light into the conversation about how the dark web market is run and how the cyber security world could harness the potential.