It’s almost one year since the AlphaBay and Hansa dark web marketplace takedowns, also known as Operation Bayonet. Looking back, no single marketplace has managed to fill the AlphaBay-shaped gap left behind, at least among the English-speaking community. Existing sites such as Dream and Trade Route have failed to consolidate this empty space, hampered by a combination of poor communication by administrators and suspicion that these sites could be police honeypots like Hansa had been. Our latest report, Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Age, looks at how the criminal ecosystem has developed.

This broad sense of fear and mistrust has also stymied new marketplaces. Without a strong reputation new sites often struggle to get off the ground. And when they do, maintaining that trust and standing is difficult to achieve. We recently blogged on the rapid rise and fall of the Olympus marketplace, which tarnished a growing reputation in seconds after its administrator provoked the ire of its customer base by “hacking” a reddit-style online community called Dread.

Introducing Market.ms Marketplace

One alternative that has been patiently developing in the background is market[.]ms, a marketplace run by founders of the prestigious Exploit[.]in hacking forum. Market[.]ms has been in development since 2015, and the current beta mode has a relatively small userbase (451 members and 79 items for sale according to the latest count).

 

 

Figure 1: market[.]ms homepage as it appears to registered users

 

Despite not being fully-developed, there are several reasons why this particular marketplace has better chances of succeeding than those that have gone before:

  1. Street cred – Marketplaces live and die by their reputation, and Exploit[.]in holds good standing among both the Russian- and English-speaking cybercriminal communities. The site operates strict vetting and access restrictions, adding a greater sense of legitimacy for the goods and services being sold, and also easing some concerns regarding law enforcement operatives posing as normal users.
  2. Deep pockets – As well as overcoming trust issues, new markets have financial obstacles they need to hurdle. Setting up a new marketplace comes with a variety of hidden costs (a more in-depth discussion of the barriers to entry for new marketplaces will follow in a future blog) that include web development, bulletproof hosting services, bug bounty programs and customer support capabilities. As a well-established and highly popular forum, Exploit[.]in is in a stronger position than most to devote the necessary experience and financial resources to maintain a successful marketplace.
  3. Security and trust focused – Given the climate of fear and uncertainty, the developers of market[.]ms have gone to great lengths to demonstrate their dedication to security and privacy for their users. The site has a dedicated FAQ page for its security features, which includes providing “maximum anonymity”, using “encrypted servers”, carrying out “constant security tests” and “only [requiring] minimum data from users”. The site describes itself an “automated safe trading platform”, providing the opportunity for “anyone” to buy and sell on a site with a built-in guarantor using Bitcoin. Funds can allegedly easily be withdrawn from the system, there is a guarantee that goods will be paid for, buyers can challenge low-quality goods and will receive instant receipt or delivery of goods.

In a move that is being mirrored by many other forums, market[.]ms also has its own dedicated customer support and official Telegram channels. This is a trend that we’ve noticed more broadly across the criminal ecosystem, with users retreating from the marketplace model in favor of specialized forums operating chat channels on communication networks such as Telegram, Discord and Jabber.

 

Figure 2: Market[.]ms Telegram channel

 

  1. Cautious advertising – As well as taking steps to make their site more secure, the brains behind market[.]ms are also taking a guarded approach to online advertising. Rather than marketing the site as far and wide as possible – and potentially soliciting unwanted attention – the only publicly available references to the marketplace at this time are a post on Exploit[.]in with links to the site and a Pastebin page advertising the platform.
  2. Don’t do drugs kids – One of the main reasons why AlphaBay and Hansa became high-priority targets for law enforcement was the sale of illegal substances on the site, particularly fentanyl, which was associated with a large number of deaths worldwide. Market[.]ms, on the other hand, specifically focuses on digital goods such as databases, compromised accounts, malware, exploits, and counterfeit documents. The site also offers services such as VPN access, socks and proxies. While the sale of these goods will still be of concern to law enforcement, it’s likely that market[.]ms will be less of a priority for takedown operations in comparison to sites selling more high-profile items such as narcotics, weapons and abusive content.

 

Figure 3: Goods and services offered on market[.]ms

Market.ms: Success does not come overnight

While the creators of market[.]ms may be well-placed to succeed, that the site has been in development since 2015 and is still only in beta mode demonstrates how creating and sustaining a prosperous marketplace is a task that takes time and can’t be rushed.

In our latest research report, Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Age, we look at the impact that the AlphaBay and Hansa marketplaces have had on the criminal ecosystem. One year on, it appears as if the marketplace model is in decline, at least for the time being, with cybercriminals turning to alternative platforms and technologies to continue their operations. Market[.]ms may buck this trend, but in the post-AlphaBay age sites have to tread carefully in terms of not being too overt with their advertising, making it clear how they protect their users, while still facilitating enough transactions to remain financially viable.

 

To find out more on how cybercriminals are acclimatizing to this new environment, download our report: Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Age.

 

Photon logo small