Hackers Tried To Hold a Darknet Market For a Bitcoin Ransom

The unknown culprits asked for 10 Bitcoin to stop the distributed denial of service attack.

May 13 2015, 5:32pm

Image: Sarah/Flickr

On Sunday, someone tried to hack a darknet market specialized in selling hacking tools with a distributed denial of service attack, a common and easy way to mount a cyberattack, which works by flooding a site with bogus traffic to overload it.

When the administrators of TheRealDeal Market, a recently launched online bazaar mostly known for selling digital arms and exploits, started investigating the attack, they noticed something unusual. The attacker had left a ransom message inside their bogus traffic: pay us 10 Bitcoin, and we will stop the attack immediately.

One of the administrators of the market detailed the attack on the site Deep Dot Web on Monday. The admin, who wishes to remain anonymous, noticed that other markets were being attacked as well.

Darknet markets were "getting hit one after the other," he told Motherboard in an encrypted chat. "I thought some kind of operation like Onymous was underway," the admin added, referring to the massive police raid that shut down the second iteration of Silk Road, as well as other illicit darknet websites last year.

But then, when he saw the ransom message, the admin realized the people behind the attack must have been someone else, although he has no idea who it could be.

"It doesn't make much sense," the admin told Motherboard. If it was the police they would have been more persistent and perhaps even raided the hosting companies, he added, something of which there is "no sign" of for now.

Yet, the admin suspected the attackers might be going after other markets too, since at the same time as TheRealDeal was getting attacked other markets, such as BlackBank, were having issues staying online, according to some users' reports. The admin also noticed two other darknet markets being down too.

That's why he decided to share the story on Deep Dot Web, in the hopes that other markets could learn and mitigate the attack as well and stay online.

He did it mainly "for the sake of the users," he said, because despite the fact that many darknet market administrators might be happy that competitors go down because of denial of service attacks.

"Some things are more important than money," he told me. "Some people actually rely on these services on a day to day basis, either if they need to get medication that they cannot usually get whilst in physical pain or otherwise sick, or even reliabilities like income as vendors."

"Maybe these greedy attackers should think about this perspective too," he added.

This new wave of distributed denial of service (DDoS) attacks comes just a few weeks after various other darknet markets reported being hit by large amounts of malicious traffic, as reported by
Forbes. At the time, a spokesperson for the Tor Project confirmed that some hidden services were being targeted, though the attacks seemed to have the goal of "slowing down the network but not de-anonymizing users," which seems to be the case here too.

Tor Project spokesperson Kate Krauss did not answer to Motherboard's request for comment.

In those recent DDoS attacks there was no ransom request. But this is not the first time a darknet market received a ransom note during a DDoS attack.

Ross Ulbricht, the convicted mastermind behind the original Silk Road, paid ransoms to attackers when he was the administrator of the drug market, according to his own journal, revealed during the trial earlier this year.

Watch more: Buying drugs and guns on the Dark Web.