- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 14 4 Understanding the Shift 4.1 Dark Web related Factors We have identified several factors deriving from changes that had occurred in the Dark Web sphere over the past two years, which may have reduced the interest and usage of the three traditional Dark Web platforms by cybercriminals. These factors are mostly related to law enforcement crackdowns, possible restrictions and their enforcement by admins on the platforms, as well as the risks and technological efforts that Dark Web platforms owners face. All these factors can result in user data being compromised, leading cybercriminals and their customers to fear that their identity and location could be revealed, hence exposing their connections to illegal operations. Ultimately, these factors have the potential to damage the platforms’ credibility and lose the trust of vendors and customers. 4.1.1 Law Enforcement Crackdowns The risk of seizure of underground forums by authorities has become very real and substantial during 2022. In late February 2022, RaidForums, the most popular English-language cybercrime forum, was seized by the authorities. On April 12, 2022, the US Department of Justice (DOJ) announced it had arrested its main owner and shut down the website and user database. RaidForums had been active since 2015 and had over 530,000 registered users at the time of its closure. 32 Popular marketplaces were also seized by authorities in 2022. In April 2022, Hydra Market, one of the largest and oldest underground marketplaces, was seized and shut down by German authorities in coordination with US law enforcement. Since 2015, the market reportedly received about USD $5.2 billion in cryptocurrency for transactions on the site. Among other products, the market facilitated sales of false identification documents, hacking tools and services, and served as a haven for threat actors who offered money laundering services for bitcoin. 33 Shortly after, on June 2022, the FBI seized another notorious marketplace called SSNDOB, used for trading the personal information, including Social Security numbers (SSNs) of millions of Americans. The marketplace has received nearly USD $22 million worth of Bitcoin in more than 100,000 transactions since April 2015 alone, although it is believed the marketplace had been active since at least 2013. 34 32 https://krebsonsecurity.com/2022/04/raidforums-get-raided-alleged-admin-arrested/ 33 https://www.cnbc.com/2022/04/05/darknet-hydra-market-site-seized-and-shut-down-doj-says.html 34 https://techcrunch.com/2022/06/08/fbi-ssndob-millions-social-security- marketplace/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAA ACQlfuYl5gqG590C5_wEme6L9Ley9vw-FKP3X0kl__KdUxxlWzbGDAZ0bzXbsPMf9m00CRBkUOIeCCiSA- J0tupJStdIHCEort3yNSWSbZPjt7nKOzpmIcG8g6cFCInAKs194co7dzH8Csez1kRIV-6U225Uc17mrrSi45bA8yWi