Breaking Bad: Drugs on the Dark Web

In the shadowy corners of the internet, beyond the realm of Google searches and social media, lies the enigmatic domain known as the dark web. This digital underworld is a place where anonymity reigns and illegal drug transactions happen behind a shroud of secrecy.

In a recent episode of CyberWire Daily, our co-founder, Joseph DePlato, had the opportunity to join Dave Bittner to explore the mysteries of the dark web and its thriving drug markets. Joe offers his insights into the workings of this hidden realm.

Interested in learning more?

We'll be attending the 9th Annual OSMOSISCon in New Orleans, Louisiana from October 15–17. Swing by our booth to discover the power of the DarkBlue Intelligence Suite. Learn how our cutting-edge technology can empower you to track down synthetic opioid producers and expose other malicious actors!

Unable to make it to the conference? No worries! We've got an exciting webinar lined up just for you on October 25, 2023, at 1:00 PM. Join us for a captivating session that will shed light on the shadowy realm of illicit fentanyl precursor chemical suppliers operating in China, both on the open and dark web. It's going to be an eye-opening experience, and we can't wait to have you with us! Don't forget to register today.

Transcript

Dave Bittner: There is a certain mystique when it comes to the dark web, the metaphorical back alleys of the internet where buyers can find everything from stolen credit card numbers to databases of login credentials and, of course, physical goods like drugs. Bluestone Analytics, as an organization, supports national security through their DarkBlue Intelligence Suite.

In this sponsored Industry Voices segment, I check in with Joseph DePlato, CTO and co-founder of Bluestone Analytics, for his insights on dark web drug markets.

Joseph DePlato: We define the dark web as a part of the general internet that requires additional input from the user to access and whether that's a username and password or some type of encrypted application that allows the user to have end-to-end encryption, there's an additional item that the user needs to access this environment.

Dave Bittner: Can you help demystify it a bit for us? If I, it was something that I wanted to go poke around and I was curious about, you know, what sort of effort would it take on my part to be able to do that?

Joseph DePlato: Today it's actually very easy. There's projects like the Onion Router, better known as Tor, which is the most popular dark web that's out there. And there's an app for it, so you can actually download an app for your iPhone or Android device or just download a dedicated browser for your Mac or PC and then instantly have access to that specific dark web.

Dave Bittner: Well, let's dig into the topic of drugs on the dark web. I suppose it's that age old thing that when there's a desire, there's a market and this is where we find a popular market for drugs.

Joseph DePlato: Absolutely. So, you can find nearly any drug that you are looking for within this environment. There are both individual sellers that will run their own sites as well as drug marketplaces that are run by, you know, a certain organization or certain individual where multiple vendors can come in and sell their goods.

Dave Bittner: And how does the marketplace work? Where are the providers getting their product? How do things get paid for? How does it all run?

Joseph DePlato: So, it's reputation based. It's on the manufacturers or the vendors to ensure that their product is actually good, high quality, and is not, for lack of a better word, killing their users.

They're finding their drugs or manufacturing their drugs in multiple different places. From our research from our analytical team, there's a lot of traffic of Chinese based companies selling what we call precursor chemicals. And then once you have a precursor chemical, you can ship that anywhere; they're not as well-regulated like regular drugs. You can create other drugs, like fentanyl. You can create those anywhere in the world and then get those into whatever country you need. So what you could do is you could buy precursor chemicals from China—let's say, have them shipped directly— into the U.S. or Mexico, and then actually manufacture and create the drugs there.

You're not moving drugs internationally; you're moving pieces or parts of those drugs internationally.

Dave Bittner: Are there legitimate uses for the dark web here? I mean, beyond the drug markets, I think it has this reputation of being this dark, scary place. Is there another side to it or does its reputation come deserved?

Joseph DePlato: Yeah, so historically, the whole reason the dark web came about was a way for marginalized individuals or citizens of a country who are under a dictatorship, or having their rights taken away, to get information out of that country into the international community without direct connections back to themselves. So, an anonymous way that they could report on the ground information without themselves or their families becoming a target of these oppressive governments. And I think of countries like Iran, Russia, even China, where what we see on news might not necessarily be the truth on the ground.

Dave Bittner: Are there any of these chemicals that are of particular concern to you, that are particularly troublesome?

Joseph DePlato: Yeah. So essentially any synthetic opioid. There's one synthetic opioid in particular, isotonitazine, that has its potency—when compared with other opioids— is a lot, a lot greater. It's more potent than morphine with estimates ranging anywhere from 50 to over 100 times more potent than morphine. This makes it one of the more potent synthetic opioids, although there's even more potent substances out there like carfentanil. When you compare those opioids— like fentanyl, another synthetic opioid—it's approximately 50 to 100 times more potent than morphine as well, giving the potency of isotonitazine in a similar range. And the two can be considered roughly comparable in strength. But again, that's the issue with these synthetic opioids: the potencies can vary based on how they were produced.

Unlike pharmaceuticals—we'll say legal drugs— that have a pretty substantial and reviewed manufacturing process, these don't. People are making them anywhere. Cartels are making them in warehouses, in people's basements. It's difficult to have a consistent strength when you're not consistently making a batch with the same equipment and the same people every single time.

Dave Bittner: And to what degree are these folks aware of your efforts and actively attempting to thwart what you're up to?

Joseph DePlato: That's a great question. We do monitor our backend and obviously, our security team and security crew need to have their T's crossed and I's dotted.

We publish reports and we publish public white papers that will push off to various government agencies and throw up on our websites. Oftentimes, after those reports are published, we do see sudden spikes in traffic against both our website as well as our tools coming from various countries—and I'm not going to name those countries on here— but it does make you a target. But beyond that, what type of target is is unknown. To date, we really haven't had any major compromises, so it's hard to know what specific information these groups are actually looking for. And at the end of the day, we're just a small company, right? To them, it might be more effective to go after the actual government agencies themselves versus, small crew that's just trying to do good in the world.

Dave Bittner: For the folks in our audience who are security professionals, what's your advice for them keeping an eye on these markets, you know, to have intelligence into these sorts of places. How do they dial that in an effective way?

Joseph DePlato: It really depends on the tooling that they have on their backend; however, I am a huge fan of consuming threat intelligence. And my recommendation would be to pull up as much white papers and as much information from experts that are in this space that are actively going in there, collecting and aggregating this information, and presenting it in a digestible way, or purchasing a threat intel feed or an API from some of these vendors that you actually have that information in your specific system, so that when you're doing searches, when you're looking for selectors or trying to find correlations, you have the biggest view and the biggest net possible to catch whenever you see anomalous activity.

Dave Bittner: That's Joseph DePlato from Bluestone Analytics.