This is not a myth: there are indeed drug “marketplaces” on the dark web. On these sites, “invisible” to search engines and accessible through Tor, dozens of “crypto-markets” allow you to buy online (in cryptocurrency) cocaine, ecstasy, cannabis, amphetamines, or even heroin.
Faced with this, the forces of order (national and international) are trying to act by shutting down the main DNM” (darknet markets”): in 2014, the FBI had the skin of an “online drug supermarket”, Silk Road, and then in April 2022, the German authorities and The DEA has taken over Hydra’s servers. The leader in online drug sales for over 6 years, this illegal Russian-language platform has united 19,000 dealers and 17 million customers worldwide. Its turnover was 1.2 billion euros per year.
The closure of Hydra created a vacuum quickly filled by new players such as RuTor, WayAway, Legalizer, OMG!, Solaris, BlackSprut or Nemesis, which had 795,000 new “users” in the fall of 2022. According to a survey conducted by Resecurity, these DNMs are currently at war to become the new market leader. These platforms, which together bring in $315 million a year, have maintained the same model and do not appear to be worried about the threat of a potential closure for now, according to the United Nations Office on Drugs and Crime (UNODC).
Applications dedicated to the drug trade
But at the same time, drug traffickers have banded together to form smaller, more cautious “underground communities” through alternative channels of communication. To avoid the radar of the authorities and therefore a closure like Hydra, these groups prefer to use encrypted instant messaging services like WhatsApp and Telegram… and create their own Android mobile apps.
This new trend has been in place since June 2022, according to Resecurity. Analysts have gained access to several APK files of apps found on smartphones owned by drug trafficking suspects. According to them, these new tools allow dealers and “consumers” to “communicate more easily” (in real time), while “protecting” them more with end-to-end encryption. In short, “personalized” applications, more “careful” and “secure”.
“We are seeing the development of personalized mobile applications for secure shopping and communication, as well as for sending instructions to deliveries. Drug dealers own their communications infrastructure and can easily destroy or erase it if there is a problem,” Resecurity notes in its report. In particular, the cybersecurity company identified 7 “drug stores” that have since been traversed through the APK files of Android apps “captured by the police” whose names rarely evoke memories: Yakudza, TomFord24, 24Deluxe, PNTS32, Flakka24, – 24Cana and MapSTGK. These 7 apps run on the same engine, known on the dark web as “CMS M-Club”, “indicating the involvement of a single developer”.
These “patented” applications allow drug dealers to use more “careful” strategies, making it easier to “deliver” products to places with little control, such as parks, forests, or abandoned buildings. “Typically, pharmacies offering these mobile apps don’t disclose much information, and their customers are already very familiar with the software through their network or their past experience,” explains Resecurity.
“These applications allow you to transfer information about orders for medicines, as well as send the GPS coordinates of the “package” left by the delivery person for later collection. Typically, this information is transmitted as an image to “avoid possible indexing. The additional information sent may contain data on how deep the “package” was buried underground, or any other information that helps to find it (for example, the color of the label),” cybersecurity analysts add. In addition, multiple applications can be used for a single exchange, creating “complicating fragmentation” for law enforcement.
A trend that could supplant darknet platforms?
“This trend of illegal Android apps is expected to be accelerated by the increased availability of instant messengers and automated bots that allow information to be shared through accessible digital channels with a relatively high level of anonymity,” Resecurity notes. The computer security firm estimates that most of the “new marketplaces” that launch in 2023 will have Android apps, a system that will “gradually replace forums and DNMs” that are too visible to investigators and less practical. Actors currently vying for a monopoly on the online drug trade such as RuTor, WayWay or OMG! should also eventually follow suit.
Ultimately, this should be, writes Resecurity, a way to “shop safely”…because in the absence of leading platforms, the quality of goods deteriorates, and the risks of fraud or poor product quality are very high. At the very least, a good point at the center of this entire universe, which must continue to evolve (in and out of the dark web) “due to current geopolitical and economic tensions.” At the same time, law enforcement agencies must adapt over time. “Law enforcement agencies must find new ways to monitor the illegal drug trade and adapt their tactics to its dynamic development,” Resecurity concludes logically. There remains the risk of using such applications: if dealers sell guaranteed “anonymity”, the fact remains that this software is in the hands of their developers, and therefore the data of users (and their devices).