The success of the recent law enforcement operations that have cracked down on criminal services operating on the Tor network is now causing a shift in the criminal landscape.
There are now criminally-focused services that are actively moving sites or are being asked by customers to move operations from the Tor network to an alternative known as the Invisible Internet Project (I2P).
Libertas Market moves exclusively to I2P
Yesterday, the Libertas Market, a Tor-based portal for selling illegal products, became the first criminal marketplace that permanently abandoned the Tor network for I2P.
"The Tor network is not suitable for hidden services due to flaws in the network which allow denial of service attacks," administrators of the Libertas Market wrote on their now-closed Tor portal.
"These flaws allow law enforcement to determine which hidden services are allowed to operate, whether they are legitimate services or sting operations."
The Libertas Market administrator referenced the Tor network's predisposition for DOS attacks as the primary reason for the move. They referenced an unconfirmed Tor vulnerability that allows law enforcement to determine a Tor site's real-world IP address.
However, similar DOS vulnerabilities have also been exploited for other purposes, and not by law enforcement. For example, ZDNet reported last month on a wave of distributed denial of service (DDOS) attacks that targeted the Dream Market, Empire Market, and Nightmare Market, three of the biggest dark web marketplaces today.
Hackers launched DDoS attacks and requested ransom payments from the operators of these marketplaces.
Dream Market admins cited the ongoing DDoS attacks and subsequent extortion attempts (asking for a $400,000 ransom) as the primary reason why they shut down their service at the end of April.
Dream Market admins claimed the hackers exploited a supposedly new Tor vulnerability to take down Tor-hosted websites. However; some dark web researchers say that attacks don't need to be so sophisticated, and not all use this "new" vulnerability. For example, some attacks appear to have used a four-year-old Tor DDoS tool instead.
Other marketplaces asked to move to I2P as well
But long before Libertas announced it was moving exclusively to I2P, users of other marketplaces were making similar requests.
Annoyed by the almost non-stop DDoS attacks and subsequent downtime, and frightened by the ever-increasing attention to Tor sites by law enforcement, multiple users had requested that other marketplaces move their operations to I2P in the previous months.
There are multiple users on Dread, a Tor-based Reddit-like clone for dark web users, urging administrators of various criminal services to move to I2P alternatives. Pleas have been made in topics for the Dream Market, Wall Street Market, Cryptonia, and the Empire Market.
Previous I2P push failed
This is not the first time that there's a general push the customers of criminal marketplaces from Tor to I2P. Something similar happened in the summer of 2017 when authorities shut down three major Tor marketplaces in the span of a few months -- AlphaBay, Hansa Market, and RAMP.
Panicking and thinking they might be targeted by law enforcement, some users tried to push Tor marketplaces toward I2P, to no success. Instead, marketplaces continued to operate on Tor, while some vendors either set up their own "shops" (personal Tor sites) or moved to Telegram or Discord.
Now, with Dream Market shutting down, and authorities taking down Valhalla and the Wall Street Market, Tor users are going through the same phase they went through in 2017.
The last time, things didn't work out because Tor-based markets didn't see the benefit of moving to I2P, an anonymity network with far fewer users than Tor -- and mostly considered a "ghost town."
However, due to the recent DDOS extortions that have recently hit marketplaces, there are incentives on both sides of the aisle -- for both site users and administrators.
The general idea right now is that Tor is neither safe or stable enough to host crime-focused portals anymore.
I2P fans hope that with major markets moving to I2P, users will follow, and the move to I2P will put law enforcement behind the eight ball again when it comes to investigating I2P networks, giving vendors and customers an edge once again.
The problem now remains I2P itself, which is notoriously difficult to install and get running correctly, something that several Tor users have pointed out in recent Dread discussions.
Related cybersecurity coverage:
- Google research: Most hacker-for-hire services are frauds
- Chinese military to replace Windows OS amid fears of US hacking
- Some Elasticsearch security features are now free for everyone
- Root account misconfigurations found in 20% of top 1,000 Docker containers
- CI build logs continue to expose company secrets
- Microsoft releases new version of Attack Surface Analyzer utility
- How WannaCry is still launching 3,500 successful attacks per hour TechRepublic
- The best identity theft monitoring services for 2019 CNET