A Dark Web Tale of DDoS Attacks, Phishing, and 'Deals With the Devil'
One episode of treachery and deceit in the soap opera of the deep web.
The dark web is a space ripe for treachery and back-room dealings. Over the past week, one scuffle involving an owner of a hacking site, a serial blackmailer, and an opportunistic drug market admin has shown just how dodgy the dark web can be.
Throughout May, "TheRealDeal", an administrator of a dark web market by the same name that specialises in the sale of computer exploits, had his site held to ransom. Either pay up 10 Bitcoin, or the site would continue to suffer from DDoS attacks, the blackmailer demanded in a message. These attacks had already been happening for weeks to other marketplaces, and TheRealDeal was sick of it.
"We don't like being taken as fools," TheRealDeal said. "We wanted to teach them a lesson tbh."
So instead of coughing up the cash, TheRealDeal and his staff hatched a plan. They would set up a trap: a phishing website that would steal the blackmailer's password. TheRealDeal convinced the blackmailer to come to the new site, under the guise of wanting to use it to negotiate the ransom. The blackmailer apparently fell for it, and entered a user name and password.
TheRealDeal could then try the same login credentials on other sites in the hope of accessing the blackmailer's accounts.
They got lucky: TheRealDeal claims the login worked for an account on the site "Mr Nice Guy", a small dark net market. Once inside the account, TheRealDeal found some unexpected messages: It seemed the admin of Mr Nice Guy, who was also a victim of the rampant DDoS attacks, was trying to turn the blackmailer onto his side.
"I will pay you to DDoS other markets, and not mine!" Mr Nice Guy proposed to the blackmailer, according to chat logs provided by TheRealDeal to Deep Dot Web. Mr Nice Guy offered to pay $200 each day if seven select markets were brought offline. If customers then flooded to his market he would have the option of pulling an "exit scam", according to the chat logs. An exit scam is when a market takes its users' bitcoins and disappears, as happened recently with the popular Evolution marketplace.
When asked whether these accusations of conspiring with the blackmailer were true, Mr Nice Guy told Motherboard, "Yes they are!", although he denied planning to run off with his customer's coins, saying that he had had to "make a deal with the devil" to ensure his own market's survival.
Over the next few days the blackmailer continued to hit a number of other marketplaces, according to the chat logs.
The blackmailer, who went by the username "ddosforsale", did not respond to a request for comment.
Mr Nice Guy said that after the chat logs were published, his site was bombarded with a DDoS counter-attack, although that onslaught seems to have subsided for now.
This twisting tale may just be a short episode in the life of the dark web, but TheRealDeal says it provides "a small insight of how competitive [dark web markets] can be, and also how stupid some people can be."