Dark Web Drug Dealers Are Making Sloppy Mistakes
Motherboard used the recently released OnionScan, and found issues with eight illegal websites.
Staying anonymous on the so-called dark web can be really hard. Despite the protections offered by the anonymizing network Tor, site owners can still inadvertently leak details about themselves.
Using a newly released tool for scanning Tor hidden services, Motherboard found eight illegal sites that are leaking potentially identifying information about their owners.
On Mollyworld, a hidden service run by a team of vendors selling MDMA, metadata in an image revealed that the camera used was a NIKON D3100. A site run by vendor Doctor Drugs is being hosted on the same server as another hidden service, called "The Polish Connect," possibly alluding to the vendor's location (on other marketplaces, Doctor Drugs lists the dispatch location as the Netherlands).
The forum of Outlaw Market, a site predominately selling drugs, has its "server status" page exposed, allowing anyone to see technical information about the site, as does The Real Deal, a marketplace focusing on the sale of computer exploits, and Charlie UK, a cocaine dealer's site. Counterfeit-goods vendor Rechard Sport, and Intelligent Black Market and The French Connection also had issues.
These indiscretions put the dealers at risk, and also, potentially, the buyers
Motherboard uncovered these issues by using OnionScan, a custom tool developed by independent security researcher Sarah Jamie Lewis, and deployed it against every site listed on the news site Deep Dot Web.
The point of OnionScan, "is to make you a better onion service provider. You owe it to yourself and your users to ensure that attackers cannot easily exploit and deanonymize," the tool's Github page reads. It scans for common issues, such as image data, open directories, and exposed server status pages. All of the data that OnionScan collects is public.
The tool was released over the weekend, and Lewis previously told Motherboard, "I want anonymity tools to be the best; there are people whose lives depend on them."
In her research, Lewis also found many drug sites making sloppy security mistakes. "If so may of those sites are failing themselves and their users, I am willing to bet so are anonymous political blogs and other users who desperately need the anonymity," she previously said.
It appears drug dealers who start their own sites are making more sloppy mistakes than the administrators of dark web marketplaces such as, say, AlphaBay. That may suggest that drug dealers who have made the switch from selling on marketplaces to their own digital shops aren't as tech-savvy as those behind the main sites. That being said, mistakes were still apparent on normal marketplaces.
Often, dark web criminals are arrested largely due to their own mistakes, such as linking a personal email address to their site, or by using a highly localised piece of slang. These indiscretions put the dealers at risk, and also, potentially, the buyers. OnionScan shows that, despite the spectacular undoing of the original dark web drug site Silk Road, overlooked digital footprints are still fairly common on the dark web.