Hydra Market, one of the oldest and largest marketplaces on the dark web, went offline yesterday. A joint operation by US and German law enforcement saw the servers running the market seized along with $25 million in cryptocurrencies.
Founded in 2015 in Russia, Hydra had 17 million users at the time of its closure and has been the largest dark web market since the closure of RAMP, Russia’s anonymous marketplace, in 2017. Its annual trading volumes have grown from 9 $.4 million in BTC in 2016 to $1.37 billion in 2020, according to a report by cybersecurity firm Flashpoint, which indicates that the market was focused on trading illegal narcotics, data, fake documents and of digital services.
US and German officials hope Hydra’s shutdown will send a clear message to cybercriminals that they can no longer hide their illicit activities on the dark web. “Our actions today send a message to criminals that you cannot hide on the dark net or its forums, and you cannot hide in Russia or anywhere else in the world,” said US Treasury Secretary Janet LYellen. “In coordination with allies and partners, such as Germany and Estonia, we will continue to disrupt these networks.”
Removing Hydra will disrupt cybercrime across the world, albeit temporarily. Criminals will scramble to find new places to buy and sell information, experts say Technical monitor.
How Hydra was shut down
The sting was the culmination of an operation that began in August last year and saw Hydra servers in Germany seized, knocking the market offline. Law enforcement also announced the closure of a currency exchange called Garantex, which was a key money laundering site for cybercrime, especially ransomware. More than $100 million in transactions on Garantex have been linked to illicit stocks and dark markets, including $6 million from the notorious Conti ransomware gang, the US Treasury said.
Now that those services have been shut down, law enforcement will seek to identify Hydra’s “unknown operators and administrators” who were operational in the market. The US Treasury’s Office of Foreign Assets Control has already added more than 100 Hydra and Garantex digital currency addresses to the Specially Designated Nationals List, which details foreign nationals suspected of criminal activity who cannot do business with no US citizen. However, so far there have been no arrests.
Content from our partners
How will Hydra’s shutdown affect the cybercrime landscape?
Seizing Hydra is an important step in the fight against cybercrime, says Louise Ferrett, threat intelligence analyst at Searchlight Security. “I think that definitely sends the message that these crackdowns, which have happened quite frequently over the past couple of years, are going to continue,” she says. “They don’t aim for small targets or soft targets. They go for the big institutions because if they see a player as big as Hydra get knocked out, it shakes the confidence of everyone in the whole ecosystem.
Shutting down Hydra could deter people who are considering turning to online criminal activity, especially those affected by the war in Ukraine, argues Etay Maor, senior director of security strategy at Cato Networks. “I think we’re going to see an increase in the number of people participating in [cybercrime] because of the situation in Ukraine and Russia,” he says. “Some people in Ukraine are talented, they have lost their homes and have to support their families.”
He continues, “If you’re an IT person and you know how to do some of these things, you might be inclined to go a bit to the dark side of security. With inflation, prices go up, and that kind of uncertainty can push ordinary people into those areas. Yes [the takedown of Hydra] serves as a deterrent to that, so I’m extremely happy,” he says.
Will a new dark web market replace Hydra?
Shutting down Hydra is likely to disrupt the sale of illicit malware used in ransomware attacks, Ferrett said, meaning a temporary lull in the number of attempted cyberattacks could follow. “They were selling a lot of malware and that kind of stuff, so there will definitely be a slight lull for a while,” she says. “It could affect [the volume of cyberattacks] if it is difficult to buy certain types of malware. »
But any lull in the number of cyberattacks is likely to be short-lived, Ferrett adds. “It’s almost inevitable that there will be a new source to buy these things,” she says. “These people are well-connected – they will look for other places and will probably be able to find them.”