AlphaBay and Hansa shutdown — just the tip of the iceberg

Last week, two of the largest dark web marketplaces — AlphaBay and Hansa — were shut down by international law enforcement agencies. These sites were used by thousands of cyber criminals buying and selling highly dangerous products and illicit material including weapons, drugs and indecent images of children.

>See also: The ineffectiveness of siloed cyber security thinking

What didn’t make the headlines was that these dark web markets were also famous for selling vast amounts of corporate data, such as employee network login credentials, intellectual property, company secrets and other sensitive data.

Fig 1. What used to be the number 1 dark web marketplace, AlphaBay
Fig 1. What used to be the number 1 dark web marketplace, AlphaBay

While the shutdown of AlphaBay and Hansa is certainly great news, when you consider that 80% of the internet is made up of the deep dark web, you realise that these two sites are only the tip of the iceberg. There are dozens more marketplaces out there, like Dream Market, Valhalla and Wall Street Market — and we as dark web specialists at RepKnight have already seen AlphaBay and Hansa users switch to some of these alternatives, carrying on with “business as usual”.

In fact, as the US authorities moved on AlphaBay, swarms of AlphaBay users migrated to Hansa, or at least tried to. Ironically, Hansa rejected some AlphaBay sellers and users because of their choice of merchandise (Hansa did not allow sale of certain goods, like guns).

>See also: The world’s biggest data hacks revealed

But unbeknown to the AlphaBay refugees, Hansa had already been taken over by Dutch authorities on 20th June 2017. So if you’ve recently bought or sold any contraband on AlphaBay or Hansa, you can expect an early morning knock on your door from local police.

Before the shutdown, RepKnight saw the top dark web marketplaces as:

1. AlphaBay
2. Dream Market
3. Valhalla (Silkkitie)
4. Hansa Market
5. Outlaw Market
6. Acropolis Market
7. Tochka
8. House Of Lions
9. Apple Market
10. TradeRoute
11. Wall Street Market
12. Zion Market
13. Crypto Market
14. Silk Road 3.0
15. The Majestic Garden
16. Ramp (Russian Forum)
17. Bloomsfield
18. Darknet Heroes League
19. Minerva
20. RsClub Market
21. PekarMarket
22. The Open Road
23. CGMC
24. Placemarket

>See also: 10 cyber security trends to look out for in 2017

Now, Dream Market has taken AlphaBay’s place as the largest of the dark web marketplaces, while Outlaw Market has disappeared and Acropolis Market has been downgraded.

Fig 2. The new number 1 marketplace for corporate data on the dark web
Fig 2. The new number 1 marketplace for corporate data on the dark web

Fig 2. The new number 1 marketplace for corporate data on the dark web

The sale of corporate data on these remaining websites is rife. There are hundreds of thousands of posts relating to email addresses, PIN numbers, login credentials and more, all being offered for sale for the price of peanuts — probably with no knowledge from the owners of the data.

The good news for law enforcement agencies monitoring the dark web is that they will see users switch to new dark web sites and use that as evidence for a pattern of crime, and we’ll hopefully see more convictions in court. However, gathering evidence in this way is time consuming, and in the meantime, business and consumer data remains at risk.

Traditionally, businesses have had no way to detect if their data ends up on the dark web for sale. Most organisations invest in strong cyber security tools to protect their networks, and try and keep attackers out, in the hope that data does not fall into the wrong hands in the first place — although with high-profile data breaches making the headlines most days, it’s clear that this doesn’t always work. And monitoring the dark web ‘by hand’ is definitely a bad idea for corporates — not least because of the nasty things your employees will come across, but also the risk of getting phished by cyber criminals. It would be a bit like going into the lion’s den completely unarmed.

>See also: WannaCry — how the NHS actually got quite lucky

Given the ease with which a cyber criminal can obtain your data, which is often undetectable by traditional cyber security tools — think social engineering, disgruntled employees, or ‘spear phishing’ — organisations cannot exclusively rely on old-style cyber security approaches any longer. They need a better way to monitor the dark web safely, and find their data immediately if it ends up being sold, marketed or leaked there.

That’s where advanced dark web monitoring tools can help — and they’re available today. These kind of tools actively monitor the dark web for your data and alert you as soon as someone posts your intellectual property online. It’s like having a Google Alert for the dark web.

These are the new wave of cyber security tools — those that focus on looking after your data, not just your network. Keeping your corporate data safe is especially important, given the implications of GDPR coming up in 2018, where regulatory fines for data breaches are set to skyrocket by up to 200x. So, don’t make the mistake of thinking the dark web is just about guns, drugs and other illegal material. Your company’s confidential data may already have been stolen and offered for sale — without you even knowing it’s gone.


Sourced by Tim Haynes, CEO, RepKnight


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...