Cybereason Blog | Cybersecurity News and Analysis

A quick tour of Dark Web markets: the Internet's underbelly

Written by Lital Asher-Dotan | May 30, 2017 8:19:22 PM

The Internet is more than a place to search for jobs, watch dog videos and shop on Amazon. There are a few places on Web where you can purchase guns, drugs and malware. Called the Dark Web, it serves as the Internet’s underbelly and is the domain of tech-savvy miscreants and hackers. Using a combination of TOR, Bitcoin, trust and PGP encryption, anyone can buy almost anything in the Dark Web markets with near complete anonymity.

Despite being a haven of illicit substances, the Dark Web markets share some traits with their legal counterparts. For example, Dark Web markets have feedback and review sections, similar to what’s found on Amazon or eBay. Even people buying and selling illegal merchandise understand the importance of customer service, apparently.

And it’s not just hackers who are familiar with the Dark Web. Cybereason asked folks on the streets of Boston to define the Dark Web and we were impressed with their replies. Check out this video to see what they had to say.

Using a search aggregate, Cybereason Labs recently uncovered all kinds of interesting and illegal merchandise without logging into any market. Here’s just a glimpse of what we found.

Crystal meth with free express shipping!

A hacker’s take on Netflix and chill


And this is just a fraction of the illegal items available for purchase. Notice the variety of merchandise: some of the items are for, shall we say, personnel recreational use while others threaten enterprise security, like the WordPress zero day.

Is being able to buy all this stuff a real threat to corporate information security?

Maybe not so much but sort of. Let’s explain that vague answer. Most of the exploits listed on the markets are from script kiddies trying to make a quick buck by reselling code that’s available for free on GitHub and offering to compile it for you. Generally that service costs around $70. These exploits are generally low-level stuff that shouldn’t cause an analyst to freak out.

Now here’s the part that should concern corporate information security types: there are also nastier items for sale that could damage a company. This includes hacked accounts and DDoS and botnet rentals. Those can be also obtained by browsing any good hacker forum.

I want to check this out

If you decide to venture to the Dark Web and browse the markets, don’t buy anything. Remember, everything that’s being sold is illegal and most likely dangerous.

Last week, we went to the streets of Boston to see what people knew about the Dark Web. Here is what we found out: