Searchlight presents

The practitioner’s guide to the Dark Web

Welcome to Searchlight Cyber’s Dark Web Hub, the digital companion to our book, The Practitioner’s Guide To The Dark Web. This site is designed to provide you with the latest updates on the marketplaces, forums, and ransomware leak sites mentioned in the book – so you can keep up to date with the dark web as it evolves.

One of the key aspects of the dark web is that it is always changing. Threat actors appear, disappear, and reappear with new names; cybercriminal tactics change as they find new products to sell; and law enforcement takedown sites and arrest the operators. This site will be updated to help investigators stay on top of the latest developments on the dark web.
Scroll down to read on.

Searchlight presents

The practitioner’s guide to the Dark Web

Welcome to Searchlight Cyber’s Dark Web Hub, the digital companion to our book, The Practitioner’s Guide To The Dark Web. This site is designed to provide you with the latest updates on the marketplaces, forums, and ransomware leak sites mentioned in the book – so you can keep up to date with the dark web as it evolves. Scroll down to read on.

Part One

Escrow Marketplaces

As the name suggests, a dark web marketplace is a site that offers (mostly illegal) products and services in exchange for payment. On escrow marketplaces, anyone with enough cash to pay the “vendor bond” can sign up and start selling. Imagine the dark web equivalents of Amazon or eBay, except with less reputable products and payments typically made anonymously using cryptocurrencies. As these examples demonstrate, there are a vast variety of goods and services for sale - ranging from hacking services, to counterfeit goods, to weapons - but especially drugs. Click on the marketplace names to learn more.

Part One

Escrow Marketplaces

As the name suggests, a dark web marketplace is a site that offers (mostly illegal) products and services in exchange for payment. On escrow marketplaces, anyone with enough cash to pay the “vendor bond” can sign up and start selling. Imagine the dark web equivalents of Amazon or eBay, except with less reputable products and payments typically made anonymously using cryptocurrencies. As these examples demonstrate, there are a vast variety of goods and services for sale - ranging from hacking services, to counterfeit goods, to weapons - but especially drugs. Click on the marketplace names to learn more.

Part Two

Autoshop Marketplaces

Autoshops are a particular type of dark web marketplace that specialize in the sale of digital products - such as financial data, login credentials, remote access, and cookies. They differ from escrow marketplaces in two main ways. Firstly, the transaction is automated (hence the name), meaning that there is little to no contact with the seller. Secondly, there are usually far fewer vendors active on the site, suggesting a somewhat closed ecosystem unlike the “open applications” ethos of escrow marketplaces. Autoshops are also more likely to operate on the clear web but often have some form of entry barrier, such as requiring a minimum account balance or an invite from a known user.

Part Two

Autoshop Marketplaces

Autoshops are a particular type of dark web marketplace that specialize in the sale of digital products - such as financial data, login credentials, remote access, and cookies. They differ from escrow marketplaces in two main ways. Firstly, the transaction is automated (hence the name), meaning that there is little to no contact with the seller. Secondly, there are usually far fewer vendors active on the site, suggesting a somewhat closed ecosystem unlike the “open applications” ethos of escrow marketplaces. Autoshops are also more likely to operate on the clear web but often have some form of entry barrier, such as requiring a minimum account balance or an invite from a known user.

Part Three

Hacking Forums

Dark web forums are very similar to their clear web counterparts in almost every way, except for the content they discuss. Indeed, some began life on the clear web before migrating to the dark web to evade surveillance or censorship, though others continue to maintain a clear web presence. As with marketplaces, forums cover the breadth of wider criminal activity. However, these examples show that in particular there is a thriving community of cybercriminals on dark web forums, sharing information, tutorials, access, and exploits. Some of these forums have been around for decades and, while the cybercriminal landscape has changed drastically, the perseverance of the markets shows that the dark web community remains very much the same.

Part Three

Hacking Forums

Dark web forums are very similar to their clear web counterparts in almost every way, except for the content they discuss. Indeed, some began life on the clear web before migrating to the dark web to evade surveillance or censorship, though others continue to maintain a clear web presence. As with marketplaces, forums cover the breadth of wider criminal activity. However, these examples show that in particular there is a thriving community of cybercriminals on dark web forums, sharing information, tutorials, access, and exploits. Some of these forums have been around for decades and, while the cybercriminal landscape has changed drastically, the perseverance of the markets shows that the dark web community remains very much the same.

Part Four

Ransomware Leaksites

As ransomware groups have become increasingly prolific over the past five years, one of the “newer” aspects of the dark web has been ransomware leak sites. These are effectively publicity sites where ransomware groups share the details of their latest victims. However, they also play an important role in how these groups orchestrate and monetize their attacks. Traditional ransomware tactics of encrypting data and holding it “ransom” changed when the groups realized that organizations were equally as fearful of the data being leaked. This has led to the rise of “double extortion”, where groups encrypt an organization’s data and also threaten to publish it - on their dark web leak sites. These sites provide the ransomware operators with a platform to accept payments from the victims, and a space to shame them if they don’t pay.

Part Four

Ransomware Leaksites

As ransomware groups have become increasingly prolific over the past five years, one of the “newer” aspects of the dark web has been ransomware leak sites. These are effectively publicity sites where ransomware groups share the details of their latest victims. However, they also play an important role in how these groups orchestrate and monetize their attacks. Traditional ransomware tactics of encrypting data and holding it “ransom” changed when the groups realized that organizations were equally as fearful of the data being leaked. This has led to the rise of “double extortion”, where groups encrypt an organization’s data and also threaten to publish it - on their dark web leak sites. These sites provide the ransomware operators with a platform to accept payments from the victims, and a space to shame them if they don’t pay.