Tor Black Markets: Economics, Characterization and Investigation Technique
The cyber threat is highly dynamic and evolves in parallel with the innovation of systems and communications, which are outside the control of government authorities and respond exclusively to business logic and free initiative, often contingent on implementation of illegal activities. In particular, the threat posed by the criminal use of the Internet goes far beyond the cybercrime, especially with the Tor network, where black markets are shifted with the shape of renown legal marketplaces as Ebay and Amazon. Hence even common crime can benefit of new modus operandi and new routes to deliver illegal goods or services, enforcing new investigation techniques to Law Enforcement Agencies (LEAs). This paper formerly analyses the goods/services categories of fourteen Tor marketplaces and the related vendors, while the last one provides a discussion on a novel investigative technique related to PGP Keys inter-relations. In particular, with the evolution/growth of the markets, the vendors are increasingly adopting open source tools and technologies, as PGP, which can be exploited to infer information such as the established relationships between users. This public information about the keys can be used to retrace social network of entities connected by PGP relationship and apply well-established graph analysis techniques. Finally, the paper analyses the strength and weaknesses of proposed methods, depicting future research directions.
- Barabasi, A., & Albert, L. R. (1999). Analyzing social networks. In Emergence of scaling in random networks (p. 509512).Google Scholar
- Berte, R., Lentini, A., Me, G., et al. (2009). Fast smartphones forensic analysis results through mobile internal acquisition tool and forensic farm. International Journal of Electronic Security and Digital Forensics (IJESDF), 2. online.Google Scholar
- Borgatti, S. P., Everett, M. G., & Johnson, J. C. (2013). Analyzing social networks. Thousand Oaks: SAGE.Google Scholar
- Celestini, A., & Me, G. (2016). Tor marketplaces exploratory data analysis: The drugs case (J. Hamid, C. Alex, E. David, H.-F. Amin, B. Guy, S. Graham, J. Arshad, Eds.), (pp. 218–229).Google Scholar
- Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The secondgeneration onion router (Technical report, DTIC document).Google Scholar
- Europol. (2016). The internet organised crime threat assessment [Online]. Available: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2016.
- Europol. (2017). Serious organized crime threat assessment [Online]. Available: https://www.europol.europa.eu.
- Firmani, D., Italiano, G. F., & Laura, L. (2014). The (not so) critical nodes of criminal networks. In International conference on social informatics (pp. 87–96). Springer.Google Scholar
- freshonions. [Online]. Available: https://github.com/dirtyfilthy/freshonions-torscraper.
- Global drug survey. (2016). [Online]. Available: https://www.globaldrugsurvey.com/.
- Herley, C., & Florencio, D. A. F. (2009). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In Proceedings (online) of the Workshop on Economics of Information Security (WEIS).Google Scholar
- Hidden marketplace list changelog. (2017). [Online]. Available: https://www.deepdotweb.com/hidden-marketplace-list-changelog/.
- Keyservers. (2016). dsadsa [Online]. Available: https://skskeyservers.net/status/.
- Lewis, S. (2016). Onionscan report June 2016-snapshots of the dark web. Hentet fra https://mascherari.press/onionscan-report-june-2016.
- Sameeh, T. (2017a). An overview of modern tor deanonymization attacks [Online]. Avaible: https://www.deepdotweb.com/2017/09/12/overview-modern-tordeanonymization-attacks/.
- Sameeh, T. (2017b). Targeting adversaries and deanonymization attacks against tor users [Online]. Available: https://www.deepdotweb.com/2017/08/21/targeting-adversariesdeanonymization-attacks-tor-users.
- Scrapy. [Online]. Available: http://scrapy.org.
- Smith, P. (1994). Assessing the size of the underground economy: the canadian statistical perspectives. Canadian Economic Observer, 3, 16–33 Catalogue No. 11-010.Google Scholar
- Soska, K. & Christin, N. (2015). Measuring the longitudinal evolution of the online anonymous marketplace ecosystem.Google Scholar
- Spending on illegal drugs. 2017. [Online]. Available: http://www.worldometers.info/drugs/.
- The Economist. (2016). Shedding light on the dark web [Online]. Available: https://www.economist.com/news/international/21702176-drug-trade-moving-street-online-cryptomarkets-forced-compete.
- Thomas, K., Yuxing, D., David, H., Elie, W., Grier, B. C., Holt, T. J., Kruegel, C., Mccoy, D., Savage, S., & Vigna, G. (2015). Framing dependencies introduced by underground commoditization.In IProceedings (online) of the Workshop on Economics of Information Security (WEIS).Google Scholar
- UNODC. (2017). World drug report 2017.Google Scholar
- Warren, R., Wilkinson, D., & Warnecke M. (2006). Empirical analysis of a dynamic social network built from pgp keyrings. In iCML’06 Proceedings of the 2006 conference on statistical network analysis (pp. 158–171).Google Scholar