Secure in the Dark? An In-Depth Analysis of Dark Web Markets Security

Abstract As the name implies, dark web markets – also commonly known as anonymous markets – have put in place measures for protecting the privacy of its users, both sellers and buyers, as this is a key priority that can attract users worldwide. With the rapid growth of dark web markets, competition between them has become more intense. In this environment, malicious attacks targeting competitors – for instance, aimed at reducing the availability of rivals' services – have also become more common. These attacks not only affect other services' availability and accessibility, but they may also lead to personal and private information being leaked. As such, it is understandable that dark web markets may want to implement strong security mechanisms to protect themselves and their users both from law enforcement and other operators. This is particularly true as good security can bea matter of survival but also help to gain a competitive edge over rivals. Although the literature has analysed and described dark web markets from multiple perspectives, there is still a gap in understanding the different security mechanisms they deploy. Furthermore, data collection – which is often considered a challenge in this research area – may be hindered by these very security mechanisms. Therefore, and in order to cover this gap, the study presented in this paper aims to investigate in depth the security mechanisms of various dark web markets. This will hopefully help to shed a brighter light on their operation. To achieve this, we performed data collection and experiments in twelve dark web markets. Although data collection practices may need to vary slightly for each market, all the data was collected over the span of four months, between May and August 2023. We found there are three main groups of security mechanisms in dark web markets: (i) those aimed towards increasing web security, (ii) those mostly aimed at improving account security, and (iii) those related to financial security. In addition, it is interesting to note that different types of security mechanisms on a given market may reflect the operator's business philosophy, technical knowledge and security posture, which in turn could have a big impact on the longevity, profitability and overall success of a particular market . The results of this study can help the academic and security research communities to understand the operation and evolution of dark web markets, hopefully to combat the crimes facilitated by these dark web markets more effectively. Additionally, findings in this study may provide some clues on how to improve the efficiency of data collection in this particularly hostile environment.