The Dark Web’s biggest marketplace for drugs seems to have learned a lesson from the downfall of the Silk Road: When cracks start to appear in your anonymity’s armor, it’s time to quit while you’re ahead—or, at least, retreat and regroup.
Agora, the reigning marketplace in the Dark Web’s bustling, bitcoin-based narcotics economy, announced Tuesday evening that it will go offline at least temporarily to shore up defenses against potential attacks that it believes might be used to identify the site’s servers and operators. In a message posted both to the market site and to the “darknetmarkets” Reddit forum, Agora’s anonymous admins say they’ve recently moved their servers after detecting “suspicious activity” they believe was intended to break the protections offered by the anonymity software Tor—activity that would reveal their servers’ IP addresses, possibly allowing law enforcement to track down the site’s owners, as well as its buyers and sellers.
The Agora admins say they plan to implement a software update to protect the site, but need to take a hiatus to make those changes. The admins don’t say when the market could be coming back online. “At this point, while we don’t have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy,” reads the message. “Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved.”
The Agora admins don’t spell out exactly what Tor vulnerability they’re referring to. But it’s likely they’re responding to a paper published last month ahead of the Usenix security conference by a group of researchers from Qatar University and MIT. The paper proposed a new method of “fingerprinting” that it said would allow Tor hidden services—the cloaked servers that run dark Web sites—to be identified with as much as 88-percent accuracy.
The Tor Project responded to that research by pointing out that it requires controlling large numbers of Tor nodes, the volunteer computers that bounce traffic around the Tor network. In a blog post, Tor director Roger Dingledine suggested methods that could be used to foil the attack, and pointed out that researchers have long over-estimated the ease of such fingerprinting methods.
In the meantime, Agora’s admins say they’re not entirely comforted by the attack’s high-resource limitations. “Most of the new and previously known methods do require substantial resources to be executed,” they write. “But the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources.”
Agora’s disappearance, even if it is temporary, represents a major blow to the Dark Web’s drug world. It had become the online underground drug trade’s largest site by far, with more than 17,000 listings of drugs for sale and well over 20,000 total listings, including counterfeits, drug paraphernalia and other contraband. (The site had only recently decided to no longer sell guns.) In a recent study, Carnegie Mellon researchers estimated that the site was doing $150,000 a day in sales last February. At that time, it was only the second largest market behind the competing marketplace Evolution. After Evolution went offline in March, stealing all buyers’ and sellers’ bitcoins, Agora took over much of that marketshare.
On Reddit’s darknetmarkets forum, most people applauded Agora’s decision to go offline rather than risk arrest, endanger customers or abscond with their funds as Evolution did. “Props to Agora and their iron testicles,” one redditor wrote. “Yes its a major inconvenience for vendors and users alike, but hey, who knows, maybe some people will even get clean during this period!”
During Agora’s downtime, competing market sites like Abraxas, Alphabay and Nucleus will no doubt absorb its customers, says Nicolas Christin, one of the authors of the Carnegie Mellon study. “I don’t know who will be the new crowned king, but people will pick up the pieces,” he says.
“The demand is here and people aren’t going anywhere. They want their drugs and people will find ways of selling to them.”
But Christin also says the Tor vulnerability, while it’s by no means the end of the Dark Web, should give the administrators of anonymous sites pause. “The world isn’t coming down. It’s not like there’s an attack that immediately de-anonymizes everything,” says Christin. “But it may be a reality check for some of these site operators. Tor is not a magic box that provides you a cloak of invisibility, Harry Potter style.”
by Andy Greenberg
August 26, 2015
Dear Drugs-Forum readers: We are a small non-profit that runs one of the most read drug information & addiction help websites in the world. We serve over 4 million readers per month, and have costs like all popular websites: servers, hosting, licenses and software. To protect our independence we do not run ads. We take no government funds. We run on donations which average $25. If everyone reading this would donate $5 then this fund raiser would be done in an hour. If Drugs-Forum is useful to you, take one minute to keep it online another year by donating whatever you can today. Donations are currently not sufficient to pay our bills and keep the site up. Your help is most welcome. Thank you.