The Dark Web
Ep 3 Black Market Boom
D 1883 Today, the Department of Justice
announces the takedown of the dark web market, AlphaBay. My name is Paul Craig, I'm the Chief Hacking Officer
at Vantage Point Security. Imagine that you have a lot of something
that is illegal, and you want to sell it. You can't go onto Carousell and place a listing for the product
that you want to sell, so the dark web has
really filled that need. It has become a marketplace for where
people can sell things that are illegal. Here, we can get a diploma from
almost any school for 0.1 of a Bitcoin, so that's about $1,000 or $1,100. And here, we can buy a UK passport
with the name of your choice for 1,000 British pounds. Driver's licence, ID cards, big sale So, you want a driver licence
from Norway or Denmark? A Lithuanian ID card. What are we looking for?
One gram of Colombian cocaine? 75% pure uncut for U$40. Right here on the front page. But we see they actually have some quite
dangerous things available for sale here. We have got weapons
available, like AK47s. For $500. This marketplace actually
looks quite well-designed, it looks quite new and
actually looks quite legitimate. But this is all illegal AlphaBay looked very much like a really
simple cut-down e-commerce site, very, very simple. It just had categories and lists
of products and prices. You would click on the link of the product and you could see a photo
and a brief description. Top rated, great reviews,
very strong, lab-tested And a lot of people had comments about
how they secretly shipped their items. It would be shipped in a CD case, or this would be hidden
in a vase or something. The majority of listings on AlphaBay
were narcotics or drug-related. There were hundreds of pages
of listings for different categories. You would see a lot of pictures
of narcotics, guns, and things that are generally illegal. These websites don't have much content
other than listings of illegal goods for sale. Technology will not only allow
legitimate business to thrive, but it will also allow criminals
to use that technology in order to have a better
return on investment. It definitely is a bigger threat
to the overall communities, and therefore it was a priority
for the police to shut it down. Good morning. Today, some of the most prolific drug
suppliers use what's called the dark web, which is a collection of hidden
websites that you can only access if you mask your identity
and your location. He used an old Hotmail account, so, of course, it would lead to his history
and to his additional digital footprint. He also used some other names
across different platforms, the same ones on the dark web
and on the normal visible web. Whatever is on the internet,
it's on the internet forever. If you use an identity
somewhere someday, it is there and might burst anytime
with your information. Nothing that you have put there
is completely deleted. It allows people to sell illegal
products or illegal services without any fear of being caught
or being identified. You could be in any country in the world. It would be quite challenging
to prove that you are the one selling something on the dark web. The first link would be to download Tor. You can download Tor for free online. It's very simple and straightforward
to download and install. Within seconds, you can
be running the Tor browser. On the typical internet that people know,
you'll see .com, .net and .org. On the Tor network, we only see a string
of random characters like .onion, so there's not even a way
to track the domain name, it's just a string of random characters. So you can quite clearly tell that
it is on the Tor network. Journalists would be a great example. Journalists who are researching
a topic inside a country that might be considered
politically sensitive, who need to be able to do things that
might be censored by their government. The Tor network by itself
is really not that harmful. You can share information that
may be unregulated and uncontrolled, but there's no way of buying products
or services through Tor itself directly. But when you add in cryptocurrency, which has the same level of
anonymity and privacy, all of a sudden, these two things together
really do create the perfect storm. So you can list products and receive
money for products, all anonymously. When I was working on the sort of
great project of my life back in 2013, trying to figure out things like how could
I get this archive of materials to journalists. How could they see things
in a safe way that is uncontrolled? There's a question of, Do I need
server infrastructure of my own? Maybe the answer is yes. Okay, how do I pay for that anonymously? Maybe, maybe someone like me may
have used Bitcoin for something like that. This is 0.4 of a Bitcoin
for a Dutch passport. That would be about $4,500
given today's rate of Bitcoin which is about 10,000 for 1 Bitcoin. "We accept all cryptocurrencies." Cryptocurrency is definitely
the payment choice. This is my Bitcoin Wallet,
and this gives me the QR code. If someone else wants
to send me Bitcoin, they just scan this QR code and
then it goes to my Bitcoin address, and the Bitcoin will come to my account. Bitcoin can be used for many
legitimate things and reasons, it just happens to also be
the number one choice for people selling things
on the dark web. There's no way of tracking it. There's no way of tying a cryptocurrency
wallet or address to a person. Traditionally, a lot of crime has been
caught by busting the trail of money because money always leaves quite a trail. You can send millions of dollars to
someone else in the other end of the world and receive goods in return without anyone
in between actually seeing or knowing. The growth of cryptocurrencies
has been very much pitched directly on the growth of the dark web
and financial services on the dark web. For this, we need to register an account. I can see that they use PGP authentication,
so it's quite privacy focused. Let's see if we can find
another marketplace Okay, we need a username
and password for that. I think that AlphaBay was quite unique, that it was so quick and easy
to get onboard and to get in. It definitely contributed to its success. In 2015, AlphaBay really
got into the spotlight for selling stolen Uber
and TalkTalk information. That's a great example of an
illegal product, data in this case, being sold online, and
I would imagine very cheaply, because this is information
that there would a lot of, so it would be sold
person by person for a few dollars. But there are a lot of accounts
that were being sold on AlphaBay, not just things like Uber,
but also Netflix and Hulu. These are the things I think
people would buy quite frequently because it's considered as being not
so illegal, but something that they want. There is a certain ego
present within the community. The knowledge that the general public
lacks in understanding cybersecurity makes some of the cybersecurity hackers
think that they might have superpowers, and they are so good
that no one will find them. In the particular case of the
AlphaBay marketplace and its reach, and the amount of users
that marketplace had reached, the owner probably had a feeling
of success and of being untouchable, because he had reached a certain level. They haven't found me until now,
I don't think they will catch me. Seeing someone's laptop logged into
the marketplace also shows that intent. It shows that you are actually the person
who's administering this marketplace. People who are using Tor
and cryptocurrencies will almost certainly be using extra
security precautions on their laptop. If law enforcement came,
you just close your laptop, and it's a giant encrypted brick. There is nothing more watertight
than being logged in as an admin to an illegal marketplace. You're clearly involved. If you think about a passphrase,
not a password, but say a phrase that's
a paragraph from a book, all of a sudden, it becomes very, very
challenging to try and guess that. This is a landmark operation. AlphaBay was roughly 10 times
the size of the Silk Road. We're talking about multiple servers,
different countries, hundreds of millions of dollars
in cryptocurrency, and a dark net drug trade
that spanned the globe. These apps, such as
WhatsApp and Telegram, provide the users with
the ability to communicate in a private and secure environment. That's why in this case, for instance, they can build a chat group
which is point-to-point encrypted and easily share the information
in a private and secure environment. The evidence remains on your own device,
which is known as the client device, and obviously, the moment
you delete the evidence, the evidence can be permanently
deleted and destroyed. There's no way to recover it. When you meet them, they are usually
very pleasant and quite eloquent. You wouldn't know that they have been
molesting and abusing children if nobody had told you. Those are the exact qualities that would
make a child warm up to such a person, because they don't appear
to be threatening at all. This is the whole modus operandi, because by being so friendly, warm
approachable, and "trustworthy", parents would leave their children
with these individuals, and then these individuals
take advantage of the children. There is a certain persona and presentation
that these individuals develop that has worked to their advantage. This is the whole process of grooming, where the person connects with you
with intentions of exploiting you totally. This group used social media for
the exact purposes that it was built for, they need to communicate with people,
that's why they use the same strategy. They create a profile and groups, and invite other like-minded people
to join them and share information. Many of these tools are easily
accessible and publicly available. But obviously, most of the people who run
these syndicates do have IT knowledge. They know these platforms, and can misuse these platforms
to conduct their crimes. Let's take the example of an URL. If that URL contains a keyword,
that will be flagged by the software. However, if the URL is shortened, the
keyword is no longer present in the URL, and that particular software
might not detect it. What we currently see on the internet
through the search engine and the information that has
been indexed by the search engine represents only 5% of the overall internet. After that is what we call
the deep web and the dark web. The dark web is a hidden
part of the internet. Obviously, they must have
a social media platform, because they need
to inform other members of what information is available
on the dark web.
