View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 6, 2022updated 07 Apr 2022 8:19am

Dark web marketplace Hydra has been shut down. What will take its place?

The dark web's oldest and biggest marketplace has been taken offline, leaving criminals looking for alternatives.

By Claudia Glover

Hydra Market, one of the dark web’s oldest and largest marketplaces, was taken offline yesterday. A joint operation by US and German law enforcement agencies saw the servers that ran the market seized along with $25m in cryptocurrencies.

Founded in 2015 in Russia, Hydra had 17 million users at the time of closure, and has been the largest market on the dark web since the closure of RAMP, the Russian Anonymous Marketplace, in 2017. Its annual transaction volumes skyrocketed from $9.4m in BTC in 2016 to $1.37bn in 2020, according to a report by cybersecurity company Flashpoint, which says the market’s focus was on trading in illegal narcotics, data, forged documents and digital services.

The US Treasury department led the take-down of Hydra Market. (Photo by Samuel Corum/Bloomberg via Getty Images)

Officials in the US and Germany hope that closing down Hydra will send a clear message to cybercriminals that they can no longer hide their illicit activities on the dark web. “Our actions send a message today to criminals that you cannot hide on the dark net or its forums, and you cannot hide in Russia or anywhere else in the world,” said US Treasury Secretary Janet L Yellen. “In coordination with allies and partners, like Germany and Estonia, we will continue to disrupt these networks.”

Hydra’s removal will disrupt cybercrime across the globe, albeit temporarily. Criminals will be scrambling to find new places to buy and sell information, experts told Tech Monitor.

How Hydra was shut down

The sting was the culmination of an operation which began in August last year, and saw Hydra’s servers in Germany seized, taking the marketplace offline. The law enforcement agencies also announced the termination of a currency exchange called Garantex, which was a key money laundering site for cybercrime, particularly ransomware. More than $100m in transactions on Garantex have been linked with illicit actions and dark markets, including $6m from the notorious Conti ransomware gang, the US Treasury said.

Now that these services have been shut down, law enforcement agencies will be looking to identify the “unknown operators and administrators” of Hydra, who were operational on the marketplace. Already the US Treasury’s Office of Foreign Assets Control has added over 100 digital currency addresses from Hydra and Garantex to the specially designated nationals list, which details foreign nationals suspected of criminal activity who are barred from doing business with any US citizen. However, as of yet, there have been no arrests.

How will Hydra’s closure affect the cybercrime landscape?

Seizing Hydra is a significant step in the fight against cybercrime, says Louise Ferrett, threat intelligence analyst at Searchlight Security. “I think it’s definitely sending a message that these crackdowns, which have been coming pretty frequently in the last couple of years, are going to continue,” she says. “They’re not going for small targets or easy ones. They are going for the large institutions because, if they see a player as big as Hydra getting taken down, that shakes everyone’s faith in the whole ecosystem.”

The closure of Hydra could deter people who are considering turning to online criminal activities, particularly those impacted by the war in Ukraine, argues Etay Maor, senior director of security strategy at Cato Networks. “I think we’re going to see a rise in the number of people participating in [cybercrime] because of the situation in Ukraine and Russia,” he says. “Some of the people in Ukraine are talented, they have lost their homes, and need to provide for their families.”

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

He continues: “If you are an IT guy and you know how to do some of this stuff, maybe you’ll be inclined to move a little bit to the darker side of security. With inflation, prices are going up, and this kind of uncertainty can push regular people into these areas. If [the takedown of Hydra] serves as a deterrent to that, then I am extremely happy,” he says.

Will a new dark web marketplace replace Hydra?

The closure of Hydra is likely to disrupt the selling of illicit malware used in ransomware attacks, continues Ferrett, meaning a temporary lull in the number of cyberattacks being attempted could follow. “They were selling a lot of malware and that sort of thing so there will be a slight lull in that for a time, definitely,” she says. “That might affect [the volume of cyberattacks] if there’s difficulty in buying certain types of malware.”

But any lull in the number of cyberattacks is likely to be short-lived, Ferrett adds. “It’s almost inevitable that there will be a new source to purchase those things from,” she says. “These people are well-connected – they will seek out other places and probably be able to find them.”  

Read more: These are the biggest cryptocurrency hacks of all time

Topics in this article: ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU