Tor Black Markets: Economics, Characterization and Investigation Technique

  • Gianluigi MeEmail author
  • Liberato Pesticcio
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


The cyber threat is highly dynamic and evolves in parallel with the innovation of systems and communications, which are outside the control of government authorities and respond exclusively to business logic and free initiative, often contingent on implementation of illegal activities. In particular, the threat posed by the criminal use of the Internet goes far beyond the cybercrime, especially with the Tor network, where black markets are shifted with the shape of renown legal marketplaces as Ebay and Amazon. Hence even common crime can benefit of new modus operandi and new routes to deliver illegal goods or services, enforcing new investigation techniques to Law Enforcement Agencies (LEAs). This paper formerly analyses the goods/services categories of fourteen Tor marketplaces and the related vendors, while the last one provides a discussion on a novel investigative technique related to PGP Keys inter-relations. In particular, with the evolution/growth of the markets, the vendors are increasingly adopting open source tools and technologies, as PGP, which can be exploited to infer information such as the established relationships between users. This public information about the keys can be used to retrace social network of entities connected by PGP relationship and apply well-established graph analysis techniques. Finally, the paper analyses the strength and weaknesses of proposed methods, depicting future research directions.


  1. Allodi, L., Corradin, M., & Massacci, F. (2016). Then and now: On the maturity of the cybercrime markets the lesson that black-hat marketeers learned. IEEE Transactions on Emerging Topics in Computing, 4(1), 35–46.CrossRefGoogle Scholar
  2. Barabasi, A., & Albert, L. R. (1999). Analyzing social networks. In Emergence of scaling in random networks (p. 509512).Google Scholar
  3. Berte, R., Lentini, A., Me, G., et al. (2009). Fast smartphones forensic analysis results through mobile internal acquisition tool and forensic farm. International Journal of Electronic Security and Digital Forensics (IJESDF), 2. online.Google Scholar
  4. Borgatti, S. P., Everett, M. G., & Johnson, J. C. (2013). Analyzing social networks. Thousand Oaks: SAGE.Google Scholar
  5. Celestini, A., & Me, G. (2016). Tor marketplaces exploratory data analysis: The drugs case (J. Hamid, C. Alex, E. David, H.-F. Amin, B. Guy, S. Graham, J. Arshad, Eds.), (pp. 218–229).Google Scholar
  6. Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The secondgeneration onion router (Technical report, DTIC document).Google Scholar
  7. Europol. (2016). The internet organised crime threat assessment [Online]. Available:
  8. Europol. (2017). Serious organized crime threat assessment [Online]. Available:
  9. Firmani, D., Italiano, G. F., & Laura, L. (2014). The (not so) critical nodes of criminal networks. In International conference on social informatics (pp. 87–96). Springer.Google Scholar
  10. Global drug survey. (2016). [Online]. Available:
  11. Herley, C., & Florencio, D. A. F. (2009). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In Proceedings (online) of the Workshop on Economics of Information Security (WEIS).Google Scholar
  12. Hidden marketplace list changelog. (2017). [Online]. Available:
  13. Keyservers. (2016). dsadsa [Online]. Available:
  14. Kolaczyk, E. (2009). Statistical analysis of network data: Methods andmodels (Springer Series in Statistics, p. 386).CrossRefGoogle Scholar
  15. Laura, L., & Me, G. (2017). Searching the web for illegal content: the anatomy of a semantic search engine. Soft Computing, 21(5), 1245–1252. Scholar
  16. Lewis, S. (2016). Onionscan report June 2016-snapshots of the dark web. Hentet fra
  17. Sameeh, T. (2017a). An overview of modern tor deanonymization attacks [Online]. Avaible:
  18. Sameeh, T. (2017b). Targeting adversaries and deanonymization attacks against tor users [Online]. Available:
  19. Schnettler, S. (2009). A structured overview of 50 years of small-world research. Social Networks, 31(3), 165–178.CrossRefGoogle Scholar
  20. Scrapy. [Online]. Available:
  21. Smith, P. (1994). Assessing the size of the underground economy: the canadian statistical perspectives. Canadian Economic Observer, 3, 16–33 Catalogue No. 11-010.Google Scholar
  22. Soska, K. & Christin, N. (2015). Measuring the longitudinal evolution of the online anonymous marketplace ecosystem.Google Scholar
  23. Spending on illegal drugs. 2017. [Online]. Available:
  24. The Economist. (2016). Shedding light on the dark web [Online]. Available:
  25. Thomas, K., Yuxing, D., David, H., Elie, W., Grier, B. C., Holt, T. J., Kruegel, C., Mccoy, D., Savage, S., & Vigna, G. (2015). Framing dependencies introduced by underground commoditization.In IProceedings (online) of the Workshop on Economics of Information Security (WEIS).Google Scholar
  26. UNODC. (2017). World drug report 2017.Google Scholar
  27. Van Hout, M. C., & Bingham, T. (2013). Surfing the silk road: A study of users experiences. International Journal of Drug Policy, 24(6), 524–529.CrossRefGoogle Scholar
  28. Warren, R., Wilkinson, D., & Warnecke M. (2006). Empirical analysis of a dynamic social network built from pgp keyrings. In iCML’06 Proceedings of the 2006 conference on statistical network analysis (pp. 158–171).Google Scholar
  29. Zubcsek, P. P., Chowdhury, I., & Katona, Z. (2014). Information communities: the network structure of communication. Social Networks, 38, 50–62.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.LUISS University “Guido Carli”RomeItaly
  2. 2.Independent researcherRomeItaly

Personalised recommendations