Empire Market specializes in drugs, forbidden medicines and forged documents

3 scenarios for the disappearance of the largest market in the "dark internet"

"Empire Market" first appeared in August 2017. Getty Images

On August 27th, the Empire Market site, which is classified as the largest ever in the "dark internet" in the trade in drugs, forbidden medicines, forged documents, viruses and malware, disappeared suddenly and mysteriously.

None of the major global security agencies with a long tradition in combating cybercrime, including the US Federal Bureau of Investigation (FBI), have issued any statements or data regarding this incident, which analysts described as one of the most exciting facts within the world of the "dark internet". It is the largest shelter for organized cybercrime in the world.

The blog "algosec.com", which specializes in information security and in the dark web, unveiled the incident, with a report published by the technology department in the agency "Bloomberg", which was then covered by most major technology sites for follow-up and analysis. Analysts drew three scenarios for the disappearance. Empire Market.

«Empire Market»

According to experts on the Algosec blog, the Empire Market is currently the largest marketplace within the dark web, in the world of drug trafficking, fake documents, stolen data, viruses and malware, and other forms of forbidden trade.

The market appeared for the first time in August 2017, after the destruction of the largest and largest of its kind, AlphaBay, and its removal from the “dark internet” by the US authorities, as well as the confiscation of the encrypted money found in it, and thus the Empire Market became the de facto heir. For "Alpha Bay", and came as a copy of the original layer of it.

13 steps

The builders of the Empire Market used the same approach that Alfa Bay took, especially with regard to the procedures for accessing it and dealing with it, as they set 13 steps that must be passed in order to reach the site, including how to access the dark Internet, then how to work Through virtual private networks, "VPN", then work through the highly secure "Tor" browser, then access the address, login procedures, registration, create an account, and obtain an "escrow account", a feature that forces sellers to put a certain amount of Funds are in the form of cryptocurrencies "Bitcoin" or others within the site, before viewing their goods and dealing with them. The amounts required to be placed in the "escrow account" vary from one activity to another, and from one person or entity to another, and the sale proceeds are transferred to this account, then after that: training in protection measures, accessing the site’s content, and starting to deal with it, buying and selling.

Incident details

On August 27, information circulated that the Empire Market had become out of service and had been offline for three days. The Bloomberg Network quoted the CEO of Intel 471, a company specialized in cybersecurity and tracking of dark web markets, Mark Arena. He said that in such cases, there are one of two possibilities. The first is that the site’s managers saw that the money placed in “escrow accounts” inflated and became tempting to seize them, and then the site was closed suddenly, in what is called “fraudulent exit”, or that the site He was subjected to a severe security blow by law enforcement agencies, and his officials were arrested, similar to what happened before with the "Alpha Pay" website.

A third possibility

For her part, the expert in the company, "Digital Shadow" for information security, Casey Clark, said that sellers in such markets often have large sums of money stored in escrow accounts, due to the large volume of their transactions, and therefore, managers of these platforms resort to work for a long time. In a professional way, to build trust with sellers, so that any fear of leaving their money in these accounts dissipates. She added, "At some point when the money inside the accounts swells, they loot it and disappear," stressing that in the case of the "Empire Market", it is difficult to estimate the money that sellers used to keep in escrow accounts, but in any case it is counted in the millions.

Clark pointed to a third possibility that might explain what happened, which is that another team of criminals inside the dark web had information about the huge sums accumulated at the Empire Market, so he launched a large-scale service denial attack on him, and managed to drop him, stop him from work, and try Currently, website administrators are blackmailed to get money to stop the attack and restore the market to work.

Another interesting aspect of the incident is that market users set up something like a "funeral" through some Internet forums, and expressed deep mourning over its loss and lost cryptocurrency, lamenting their luck, and that there is no trace of officials, and they can no longer access their accounts. .

Content «Empire Market»

The content of the site includes: prohibited drugs and chemical compounds classified as drugs, and products for sale via the Internet, such as stolen data, malware and viruses, courses and lessons in the areas of piracy and theft, and fake things, such as identity documents and passports, tools for practicing fraud, fraud and extortion, and prescriptions, And means to lose weight. Algocek estimates the size of the Empire Market's business at tens of millions of dollars.