Russian darknet market conflict

Last updated

The Russian darknet market conflict is a cyber conflict in the Russian darknet drug market, which began after the closure of the largest marketplace Hydra in April 2022. The struggle manifests itself in mutual cyber attacks of sites and an aggressive advertising campaign.

History

In April 2022, the servers of Hydra, the largest Russian darknet drug market, were closed in Germany. [1] After this event, Russian darknet markets began to fight for the place of the market leader, arranging cyber attacks on each other and using aggressive advertising on the streets of Moscow.

In July 2022, Kraken and Solaris warned subscribers of their telegram channels to withdraw any cryptocurrency they had on the forum of the competing platform RuTor. A few days later, RuTor was subjected to cyber attacks and was temporarily closed. RuTor soon reopened and launched a cyberattack on the WayAway site, posting screenshots of the hack, claiming WayAway's security was too weak to be trusted. [2]

In the fall of 2022, an advertisement for the Kraken site appeared on one of the advertising cubes in Moscow City, which caused a huge scandal in society. [3] In October, the Solaris darknet marketplace attacked Kraken, RuTor, Mega, BlackSprut and other competitors using the services of the Russian hacker group Killnet, which later financed the Russian army in the Russian invasion of Ukraine with money stolen from drug shops. [4] In December of the same year, a bus plastered with logos and a QR code from the darknet site Kraken blocked traffic on the Arbat in Moscow for several hours. [5] In the same month, the Moldovan streamer and tiktoker Necoglai held a stream in a T-shirt with the logo of the Mega marketplace, suggesting people to use the legal file sharing service of the same name, he denies any involvement in advertising. [6]

In January 2023, the Moriarty channel appears on YouTube. On it, an unknown man in a black suit and mask introduces himself as the creator of the Mega darknet market, talks about drug cartels and advertises his platform. [7] And in the Moscow metro, ads of the Mega site began to appear with a QR code to go to the site. That same month, the WayAway forum hacking team hacked into the Solaris platform and attached it to Kraken. [8] Powering on the Solaris Darknet Marketplace site now automatically opens the Kraken site. In mid-January, personal android applications of the darknet markets began to appear on Google Play, after their removal, sites began to place APK files for downloading the application in their telegram channels and sites. [9]

In February 2023, advertisements for the BlackSprut site began to appear on Moscow's electronic billboards. Huge signs featured a woman wearing a futuristic mask and the text: "Come to me in search of the best." [10]

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">ShadowCrew</span> Cybercrime forum (2002–2004)

ShadowCrew was a cybercrime forum that operated under the domain name ShadowCrew.com between August 2002 and November 2004.

<span class="mw-page-title-main">MegaFon</span> Russian telecommunication provider

MegaFon, previously known as North-West GSM, is the second largest mobile phone operator and the third largest telecom operator in Russia. It works in the GSM, UMTS and LTE standard. The company serves 62.1 million subscribers in Russia and 1.6 million in Tajikistan. It is headquartered in Moscow.

The dark web is the World Wide Web content that exists on darknets that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

<span class="mw-page-title-main">Operation Onymous</span> International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

Monero is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.

<span class="mw-page-title-main">AlphaBay</span> Defunct darknet marketplace

AlphaBay was a darknet market operating at different times between September 2014 and February 2023. At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake. The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin, and related news. The website was seized on May 7, 2019, during an investigation into the owners' affiliate marketing model, in which they received money for posting links to certain darknet markets, and for which they were charged with conspiracy to commit money laundering. In March 2021 site administrator Tal Prihar pleaded guilty to his charge of conspiracy to commit money laundering.

Grams was a search engine for Tor based darknet markets launched in April 2014, and closed in December 2017. The service allowed users to search multiple darknet markets for products like drugs and guns from a simple search interface, and also provided the capability for its users to hide their transactions through its bitcoin tumbler Helix.

The Russian Anonymous Marketplace or RAMP was a Russian language forum with users selling a variety of drugs on the Dark Web.

Rescator is the name of a Ukrainian hacker specialising in the sale of credit card details. According to Russian cyber-security consultancy Group-IB, "Rescator" runs his own marketplace at rescator.cm and uploaded over 5 million card details onto the SWIPED carder marketplace.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Zen is a personal recommender system that uses machine learning technology.

<span class="mw-page-title-main">Dream Market</span> Online black market

Dream Market was an online darknet market founded in late 2013. Dream Market operated on a hidden service of the Tor network, allowing online users to browse anonymously and securely while avoiding potential monitoring of traffic. The marketplace sold a variety of content, including drugs, stolen data, and counterfeit consumer goods, all using cryptocurrency. Dream provided an escrow service, with disputes handled by staff. The market also had accompanying forums, hosted on a different URL, where buyers, vendors, and other members of the community could interact. It was one of the longest running darknet markets.

The Mikhailov Case refers to an espionage scandal surrounding the activities of the Center of Information Security (CIS) of FSB, whose employees were implicated in high treason after participating in a number of high-profile criminal cases. January 31, 2017 was arrested that the head of the 2nd department of the CIS Sergei Mikhailov (FSB) and his deputy Dmitry Dokuchaev In the same case, the head of the department of investigation of computer incidents of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov were arrested. The men were convicted of giving information to American private sector researcher Kimberly Zenz, but Zenz herself was never charged, and her requests to testify for the defense were ignored.

<span class="mw-page-title-main">Dread (forum)</span> Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter.

Hydra is a Russian language dark web marketplace, founded in 2015, that facilitated trafficking of illegal drugs, financial services including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. Hydra was shut down by American and German law enforcement action in April 2022, and its operator was sentenced to life in prison by a Russian court in December 2024.

References

  1. "В Германии закрыли серверы крупнейшего в мире русскоязычного даркнет-рынка". 5 April 2022. Archived from the original on 2022-04-05. Retrieved 2023-07-20.
  2. "There's a Wild Scramble for Control of the Dark Web Taking Place in Russia". 27 January 2023. Archived from the original on 2023-02-28. Retrieved 2023-07-20.
  3. "В России развернулась война за рынок наркотиков". Archived from the original on 2022-10-01. Retrieved 2023-07-20.
  4. "Spotlight on KillNet: The Cybercriminal Group Raising Funds for Russia's War in Ukraine". Archived from the original on 2023-02-28. Retrieved 2023-07-20.
  5. "Купил автобус, обклеил рекламой: полиция Москвы вышла на след интернет-наркоторговцев". Archived from the original on 2023-01-10. Retrieved 2023-07-20.
  6. "Некоглай прорекламировал магазин наркотиков на Twitch. В пике его стрим смотрели 54 423 человек". 10 December 2022. Archived from the original on 2023-02-27. Retrieved 2023-07-20.
  7. Kraken против всех
  8. "Даркнет-маркетплейс Solaris взломан конкурентами". Archived from the original on 2023-01-20. Retrieved 2023-07-20.
  9. "Даркнет-площадки, продающие наркотики, переходят на использование Android-приложений". Archived from the original on 2023-02-15. Retrieved 2023-07-20.
  10. "Нелегальный даркнет-маркетплейс BlackSprut рекламируют на московских уличных баннерах". 5 February 2023. Archived from the original on 2023-03-08. Retrieved 2023-07-20.