The Deep Web: Shutdowns, New Sites, New Tools

2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail.

In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short – and colorful – lives before collapsing.

Figure 1. Timeline of the Deep Web

This was not the only factor that led to chaos and disorder within the Deep Web. Law enforcement actions also shut down multiple market places, and technical developments in anonymity and cryptocurrency technology have also changed the Deep Web in 2014.

Law enforcement strikes back – Operation Onymous

Ulbricht may have been one of the first high-profile arrests related to the Deep Web, but he was far from the last. In what was called Operation Onymous, 17 people were arrested and 414 different .onion domains seized by various law enforcement authorities from various countries. The seized sites included underground marketplaces as well as money laundering sites.

Law enforcement has not said how they were able to locate the servers and persons involved in these underground sites. One of the developers of Tor, Jacob Applebaum, has stated the he believes that the arrests were due to confessions from at least one Deep Web site operator.

One side effect from the Operation Onymous may be the emergence of businesses specifically tailored for Deep Web site hosting. Merely hosting a site on the Deep Web is no guarantee of anonymity and safety on the part of users (a single Bulgarian ISP was responsible for hosting 129 of the seized domains). Some hosting providers and e-commerce platforms may choose to provide advanced services to Deep Web clients such as cryptocurrency support, escrow services, and two-factor authentication.

Let a hundred marketplaces bloom

Even before Operation Onymous took place, multiple marketplaces had appeared in the Deep Web offering all sorts of (mostly illegal) wares. Not all of these marketplaces proved to be particularly enduring. Sheep Marketplace shut down after claiming that they had been robbed of bitcoins, but users alleged that far more money had been stolen by site owners. Atlantis Marketplace shut down, citing security concerns.

Much as had happened before, the shutdown of high-profile Deep Web marketplaces sent users scurrying to various replacement sites. One key difference with the post-Onymous cycle was where these marketplaces were “located”.  Some of these sites used the Invisible Internet Project (I2P) network, in addition to or supplementing Tor.

Some of the most popular marketplaces today are Agora, Evolution, WhiteRabbitmarket (present on I2P), Themarketplace (exclusively on I2P), Tortuga (present on I2P) , and an I2P-exclusive version of Silk Road.

New technology and cryptocurrencies

The technology used in the Deep Web has also evolved. We’ve already noted the adoption of I2P by some deep web sites. In addition to this, we have also seen new cryptocurrencies that attempt to use blockchain technology in interesting ways that add features.

One of these new currencies is Cloakcoin, which claims full anonymity and untraceability of the transaction chain. It scrambles requests across various open wallets (similar to Tor’s onion routing). To entice users to keep their wallets open, a 6% annual interest fee is offered. Cloakcoin also natively includes an escrow function; this allows two parties to securely perform a commercial transaction using a third-party escrow wallet that guarantees money only gets transferred when both sides of the transaction are satisfied.

Another emerging project was OpenBazaar, which was aimed at building a platform for anonymous, untraceable marketplaces. It also used blockchain technology to implement escrow, order management, user identities, and reputation management.


2014 was a year of much turmoil in the Deep Web. Law enforcement took down many high-profile sites, doubts about Tor’s actual anonymity grew, and new tools were deployed by Deep Web actors. We can only expect to see more of the same in the months to come. The arms race between law enforcement and threat actors will only continue to intensify, and we can expect more marketplaces and tools to make their appearance and advance the state of the art in this field.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

The Deep Web: Shutdowns, New Sites, New Tools

Read more: The Deep Web: Shutdowns, New Sites, New Tools

Story added 10. March 2015, content source with full text you can find at link above.