Why do Hackers Attack Dark Web Forums?
In a recent incident, Versus Market, a widely known English-speaking criminal DNM (darknet market) has shut down after it was compromised by a hacker named threesixty.
Although this wasn’t the first time the market was attacked, this time the scale of the attack led its admins to decide on the complete shutdown of the Versus Market. The attack was executed by using an exploit that allowed full access to Versus’ database, including IPs, and backup directory, which exposed the personal information of tens of thousands of its users and vendors. The hacker published them across several different dark web platforms.
The news about the attack and the consequent shutdown of Versus Market spread across media sites, with the first article going online on May 25.
We were able to validate the news with data we found on the dark web dating back to May 18- 20, when users started reporting on errors when trying to access the market:
Security is a concern
Shortly after the attack on Versus, Alphabay’s admin DeSnake published a post on the need to make security a priority by darknet market (DNM) admins. He said he was contacted by threesixty who said he challenged Versus and easily hacked it:
But why do hackers usually attack dark web forums and marketplaces? Let’s take a closer look at the underground world of the hacking communities.
What motivates hackers to attack dark web marketplaces?
Market competition
The hacking of dark web marketplaces and forums is not a new trend.
A few years ago, the OGUsers (Original Gangsters) forum, which was trading stolen social and gaming accounts back in 2020, was hacked for the fourth time by a hacker sent from a rival forum. It’s believed to have been carried out by either Raidforums or Cracked. The 200K+ user information was leaked a few weeks later on rival forums.
The motivation, in that case, was eventually financial. Dark web marketplaces are competitive just like legal marketplaces and they are fighting for the same customers. When the competition is eliminated the income can be doubled and even tripled in a very short time period.
The main techniques used to fight the competition are:
- Burn the Store – Hacking and leaking their sensitive information
- Show their Weaknesses – Sharing a series of posts and statements by highly ranked users in an effort to highlight the weakness of their security system in order to intimidate other users and push them to use other “better” forums.
The publication of the leak was intentional and reached a high volume of audience, which hit the reputation of the forum, showing its users that they cannot be trusted anymore.
Hacktivism
In some cases, less frequent than the rivalry games, a dark web marketplace or forum is hacked by hacktivists, who claim to be the Robin Hood of the people.
Take for example the attack against the OpenRoad market, an illegal drug trading dark web marketplace, which was allegedly scamming dark web traders. The marketplace was breached by a hacktivist called Gladiator, who after compromising it shared users’ information, including crypto addresses. All in an effort to shut it down.
The reason, he claimed in the post below, was to remove the scam market from the landscape:
Although we do see a few cases in which hackers attack dark web forums and marketplaces, this is not something that happens daily. There are many more dark web marketplaces that are seized and shut down by law enforcement agencies than ones that are attacked by hackers.
But it is important to note that each of these events is a trigger for the creation of another marketplace or a change of it. Cybercriminals do not stop, they mostly change the landscape of the deep and dark web.
To keep track of these changes, monitor cybercriminals and threat actors, and to keep up with new trends in the deep and dark web, one needs to have access to historical and live data from these spaces. Here at Webz.io, we provide dark web data feeds through our Cyber API with up to 2 years of historical data from thousands of marketplaces, forums, paste sites, and other valuable sources to monitor and analyze cyber threats.