Essential COVID-19 Supplies via the Darknet


In Episode S2E2 – Essential COVID-19 Supplies via the Darknet – we talk with Dr. David Maimon, Associate Professor in the Department of Criminal Justice and Criminology at Georgia State University.

Dr. Maimon is engaged in a year-long study, funded by the National Science Foundation, which will allow researchers in Georgia State University’s Evidence-Based Cybersecurity Research Group (EBCS) to examine threats related to the sale of critical COVID-19 supplies via darknet markets.

Please click the image below to listen to this podcast episode. If you find it interesting and helpful, please consider subscribing to and liking our podcast.

For those that prefer to read the information, a transcript of this episode is below.

Steve Bowcut:

Welcome to this episode of the Brilliance Security Magazine podcast. And thank you for listening. Today we are discussing darknet markets and specifically the buying and selling of essential supplies needed to combat the COVID-19 pandemic in these underground exchanges. We are very excited today to have as our guest, Dr. David Maimon. Dr. Maimon is an associate professor in the department of criminal justice and criminology at Georgia State University. He received his Ph.D. in sociology from Ohio State University in 2009. Prior to joining Georgia State University, David held a professor position at the University of Maryland. David’s research interests include theories of human behavior, cyber-enabled, and cyber dependent crimes and experimental research methods. Since being at Georgia State University, Dr. Maimon has created an Evidence-Based Cybersecurity Group, where he and his researchers seek to produce empirical evidence and provide a systematic review of existing empirical research and provide tools in preventing the development and progression of cyber dependent crimes.

Steve Bowcut:

And more germane to this conversation that we’ll have today, Dr. Maimon is heading up a year-long study funded by the National Science Foundation, which will allow researchers in Georgia State University’s Evidence-Based Cybersecurity Research Group to examine threats related to the sale of critical COVID-19 supplies via the darknet markets. So welcome, Dr. Maimon. Thank you so much for joining us today. I sincerely appreciate it. Maybe we could start with you telling us a little bit about the darknet markets, what they are, are darknet markets, and the encrypted channels. I guess those are the two methods that these kinds of goods are sold. So maybe you could describe to us a little bit what they are and how they differ from one another.

Dr. David Maimon:

Sure. Thank you so much, Steven, for having me in your show, I’m really excited about this. So darknet markets are essentially intimate websites that are hosted in deep web environments. Deep web environments just make sure that we’re on the same page with our listeners are environments that are not accessible using common browsers and whose are protected and hidden from the regular clear net users. These platforms look very much like any e-commerce website, which our listeners are familiar with a slight difference. The type of commodities that those markets offer for sale. Most of the products on these platforms are illegal or questionable with respect to their legality. Some of the commodities we see on those darknet markets are drugs, stolen personal identifiers, like social security numbers, personal identifiers, like, names, and addresses credit card information.

Dr. David Maimon:

We see malicious software being sold all over the darknet hacking services fake documentation, all these really, fun commodity, if you will that online criminals are looking to both purchase as well as sell. So, imagine, if you, if you would like to better understand how dark markets look like when you go in those markets, they look like Amazon or, or eBay websites. And, and in fact, two of the markets that our team has a presence on are called Amazim and dBay, right. So, pretty much like any eCommerce websites that we are familiar with on the clear net, you can search the darknet websites for products. Once you find the products, the website will route you to the webpage on which you will be able to read information about the product their price.

Dr. David Maimon:

You’ll be able to get some information about vendor contact as well as customer reviews on both the product and the vendor services. These are darknet market platforms that we spent a lot of time and effort understanding downloading data and simply assessing their sheer size. In addition to those platforms, it’s important folks will be aware to encrypt the channels which have emerged during the last five years or so as, as one of the most important platforms that are being used by vendors of illegal commodities to advertise as well as,, sell and purchase illegal commodities. So in this sense, the encrypted channels, when you think about the encrypted channels, our listeners should imagine instant messaging platforms such as WhatsApp, telegram, ICQ and what happens on those channels is vendors simply open their own group chats invite members, help try to grow the group with more and more followers and simply post ads with different commodities that they offer for sale.

Dr. David Maimon:

So, it’s important that we are all aware of these platforms because we see more and more cybercriminals using those platforms to extend their operations in terms of sales, as well as purchases of illegal commodities.

Steve Bowcut:

That is fascinating. So, and it just raises a question in my mind. So when you’re doing this research to you, and your researchers do a little cloak and dagger, I mean, you go in, you create aliases. You have to go into these dark markets and learn about the encrypted channels and get invited to those things under some guise? How does that work?

Dr. David Maimon:

Indeed? I mean, so, we have been doing this for the last two years or so embedded ourselves in a darknet platform, as well as encrypted channels. We were engaged in a couple of other research projects.

Dr. David Maimon:

And so once we were exposed to those platforms, we investigated how to become members in these groups. And, we were invited at some point to be a part of several groups. And so, we simply are embedded in those groups and try to understand what folks are talking about. What are some of the trends that, those online criminals are essentially following or sort of developing with the goal of collecting this intelligence and educate our field – the cybersecurity field with respect to what we find in those channels. So it’s kind of a threat intelligence sort of an operation but, what we tried to do in a very scientific way is engaged and collect data in a rigorous way.

Steve Bowcut:

So maybe you could tell us a little bit about what types of essential supplies are being sold on the dark on these darknet markets and encrypted channels, specifically those that relate to the current pandemic that we’re experiencing.

Dr. David Maimon:

It’s a great question. There are different types of COVID-19 related supplies being offered for sale over both darknet and encrypted channel markets. But, if you need to sort of summarize or classify the type of items we find, I think it’s safe for me to classify those to three major types of essentially. The first is protection gear, many vendors offering to sell protection gear, such as face masks, protection gowns, coronavirus test kits, hand sanitizers, all these commodities that at the end of the day is supposed to protect you from getting infected by the disease.

Dr. David Maimon:

The major problem with purchasing this protective gear is that we’re not really sure about its quality. Again, if you’re purchasing this kind of commodity from darknet platforms, the source, the manufacturers are unknown because, as I assume, folks understand everything could be spoofed nowadays and be sold everywhere. So it’s, it’s kind of problematic to assess the effectiveness of this protection gear in protecting you from getting infected by the disease. In addition to the protective gear, we also see vendors posting ads for medications in different remedies against the disease. In this sense, we find vendors, sell medications such as chloroquine, remdesivir, as a type of medication that folks offer for sale. Antidotes, folks actually sell antidotes against the pandemic.

Dr. David Maimon:

The origin of that is supposed to come from China. And folks can go on our website and actually see the ad. It’s kind of an interesting ad to analyze. Serums, right, are also there for folks to purchase. These are the major commodities that we’re able to find at the moment. Again, there are risks embedded in purchasing this kind of commodities because, at the end of the day, you’re buying drugs, which are not really sure who manufactured, what are some of the side effects. So there, there are a lot of questions and a lot of concerns in, in at least in my mind, these back to the effectiveness of those medications and those serums, right. To actually achieve their goals. The last type of commodity that we see relates to online fraud services, which is really interesting, right.

Dr. David Maimon:

Especially here in the United States, we see many vendors offer to either support customer’s own fraudulent activities that it related that it’s related to the pandemic or simply sell personal identifiers of individuals in order for the customers, the darknet customers to use in order to defraud the government and the two major types of frauds that are kind of really big right now, our unemployment as well as loans, right. We see many online vendors offering to support the unemployment applications using, of course, fake credentials. So first social security numbers and names of real individuals, whose information was stolen and then, being sold to people to use in order to apply for either unemployment or business loan. We see these two types of commodities, the personal identifier, as well as support to help guide individual respect to how to apply for those benefits being sold for a different range of prices.

Dr. David Maimon:

Or, of course, for the governments who are essentially,, send money to individuals who are not supposed to get the government, as well as for the individuals whose information being is being stolen and being used right. To defraud the government.

Steve Bowcut:

That was a major thing. It’s a little discouraging that that’s going on, but, but I guess that that is to be expected. Talk to us a little bit about why you feel like this study is needed, and what if there are any expected results from the study? What, what do you think that you’re going to find when you conclude this, this year-long study?

Dr. David Maimon:

Sure. So I think, I think it’s important to conduct this conduct, this kind of research because it’s the first time if you think about it in which we, as a society, I mean the entire world, if you think about it is experiencing this kind of a pandemic, a worldwide crisis where the underground economy needs to adjust to an online environment, right? So everybody talks about 1918,, the Spanish flu, and of course, other types of crisis world war one, world war two when the entire world was facing difficulties in which essentially impacted the economy impacted the presence of different types of commodities in the legal economy, sort of the normative economy. And in all those crises, we see the under underground economy, adjusting to it right.

Dr. David Maimon:

And offering people more opportunities to buy and sell different types of commodities that are sometimes cars, right. In the normative markets, this is the first time thinking about that, that we can do that on an online platform. So in this sense, it’s important to understand how the organized crime groups were we relying heavily on, on the online environments in their operations adjust to the pandemic, how they, respond to the different demands for the different types of products that are out there how their supply chains adjust. We know that,, the supply or organized crime groups are very flexible. It’s really interesting to see how those supply chains adjust right from selling drugs, for instance, to incorporating different types of commodities, like face masks or thermometers, right.

Dr. David Maimon:

Or another type of COVID-19 related commodities in order to either expand the operation or compensate for what we think is some of the losses they take because of shipment problems right now. And customers lack interest in some of the commodities that these groups are offering to sell on a, on a usual, on a regular basis. So that is the first reason why it’s really important to understand how the dark market sort of how the COVID-19 related supplies are being sold on the darknet. The other major reason, in my opinion, is very much embedded in our, in our need to understand and educate the public about whatever we find. The fact that it could be that some of the commodities that are being offered for sale over those platforms are is faulty will not be able to achieve its goals. So, increased awareness and vigilance, among internet users, among government officials, simply make sure that they are aware of everything that we find. We report and that we see on the darknet platform. These are, these are the major reason in my mind why this study is so important.

Steve Bowcut:

Absolutely fascinating. So, and it raises a question in my mind. So is there any law enforcement engagement or interface, is there any point during the, during the study like this, that you will go to law enforcement and say, here here’s some bad guys are doing bad things, or do you just publish your results and law enforcement, if they’re on top of their game, they’ll look at your research and go do what they need to do.

Dr. David Maimon:

Well, one of the cool things about our research group is that we do have a very close relationship with some of the local as well as federal law enforcement agencies in the Southern region of the United States. So in fact, we keep a monthly meeting with few of the organizations in which we enlighten them with the type of ads, the type of commodities that, we find there in the darknet, as well as in the encrypted platforms that we sit in, we, at the end of the day we can just,, talk about whatever we find and, and try to enlighten law enforcement agencies with respect to what we find, but to take it to the next step is pretty much the on.

Steve Bowcut:

Yeah. Okay. Alright. So when we come back, we’re going to find out who’s buying essential medical supplies on the darknet. So stay with us.

Steve Bowcut:

Dr. Maimon, tell us about the buyers of these essential supplies. If that is even known who they are, or if you don’t know who they are, maybe you have some insight as to who you suspect is buying these essential supplies on the darknet.

Dr. David Maimon:

It’s a really good question, which we are trying to answer. But unfortunately, at the moment, I think we do not have the answer for definitely not in the context of COVID-19 related items. Based on our experience during the last couple of years in the darknet in encrypted channels, we know that anyone right; everyone is pretty much on the darknet. It could be individuals, it could be individuals who represent organizations that are trying to get different types of commodities on their behalf. Consultants, you name it. I mean, anyone who has access to the darknet and who’s, trying to either purchase products for its own sake or for on behalf of an organization they work for, is fair game, right.

Dr. David Maimon:

In terms of the potential consumer on the darknet platform, even though I’m not really sure about the buyer’s profile relating to COVID-19 related items, I wouldn’t be surprised it will be the same actors we find—, in the context of other types of commodities that are being offered for sale on the darknet. So individuals, consultants, people who work for companies we’re trying to understand the darknet, right. And people who worked for companies were essentially trying to get some of the, from some of the commodities that they just simply scarce at the moment in the legal normative economy.

Steve Bowcut:

Interesting. So if I understand what you’re saying correctly, it sounds like maybe you suspect, and your research will show that these are more organizations. So either other criminal organizations or even legitimate organizations that, that have a need. And so they just turned to the darknet for what they want as opposed to individuals. So like, if I was just a very paranoid individual and, and I, I thought that some,, the darknet could offer me something that would protect me from COVID-19 for example, that as an individual, I would, I would,, spin up my TOR browser and go out there and find it. So is it some of each, or is it mainly just organizations buying and selling from each other?

Dr. David Maimon:

Again, it’s important to understand it as a scientist. I’m not trying to prove anything I’m just trying to learn. Right. So it’s not that I’m trying to prove that it’s an individual or a group. We’re just trying to understand the profile of the customer. I think that my hypothesis is that it’s both individuals and individuals who represent organizations. So it’s both of the customers.

Steve Bowcut:

Right. And largely you could tell that probably from the quantities purchase. So if you see purchases happening where they’re buying cases of something, and that’s not an individual, but if they’re buying, just a few doses of some, some drug, then that it may just very well be an individual.

Dr. David Maimon:

Exactly. Yeah. So, if you buy a large quantity of masks and I have strong reason to believe that you have something that we’re an organization that you are trying to, buy this product for versus if you buy only one box, of face masks. Right.

Steve Bowcut:

Okay. So maybe you can give us a sense of that again, if you know, fine and if you don’t, then, that’s fine as well, but maybe you can give us a sense of where do these supplies come from. So a mask or hand sanitizer is, is somebody stealing these things from a legitimate manufacturer or do legitimate manufacturers just use the darknet as another, another channel, the distribution channel, or are they the people that are selling it actually manufacturing some of this stuff in their own little,, warehouse or something. Do you have any sense about that?

Dr. David Maimon:

Yeah, I mean, it’s, it’s, again, a very good question, and it really depends on the type of commodities we’re talking about. Some of the commodities folks will be able to manufacture themselves. The quality, again, of that specific type of commodity, will be questionable. But, we know some organized groups actually are doing that. Other groups and, there’s a specific group that I have in mind that we know works in Thailand simply sell face mask or sell sort of equipment that has been used in the past by other people. So that specific group that we identified on March 1st, I think was one of the first groups that we found, one of the encrypted channels we are embedded in, which suggested that they are able and willing to sell large quantities of face masks to anyone who is willing to purchase.

Dr. David Maimon:

And, I don’t know if you remember Steven, but during early March, the entire world was struggling with trying to find face masks to bring on the market. But yet these guys were offering to sell boxes and boxes and boxes of face masks and boost the customer’s confidence. They actually on the encrypted channel uploaded video from their storage in which they showed everybody how many, how many boxes with masks they have, and they’re willing to sell. So we were very curious about,, how they got their hand on, on, on this type of commodity. We investigated, again, we talked to people in the encrypted channels. Quite quickly, we realized that essentially what these guys were doing was, again in Thailand, going to trash cans across the country, taking used face masks from trash, shipping them to a warehouse in Thailand, washing those face masks.

Dr. David Maimon:

They wash the face mask, iron the face mask, box them, and then shipped it to any customer. Wow, that’s shocking. It was right. It wasn’t. And the cool thing again, because we were in those markets because we were talking to people, we were able to get an answer to this question we had in mind, right. With respect to how, how could these guys get access to all those masks, but when the rest of us are struggling with it, we were able to get the answer for that in like three or four days period. So, so again, I mean, people are manufacturing their own questionable products. People recycle some of the products. And in terms of the origin, we know about Asian groups who are involved in that. We know about Russian groups who are also very much involved in both the COVID-19 related products that I discussed earlier.

Dr. David Maimon:

So, protection gear, of course, but also the fraud-related items. We also are aware of several local suppliers. One supplier we discussed again at the beginning of the crisis is essentially a legitimate marijuana supplier in California who got hit by the crisis because California shut down everything, right. In mid-February, early March. And so the guy was losing a lot of money. And, because, because he had sort of pay his bills, he started to explore ways to ship his products marijuana, to be more specific anywhere and to any customer who’s interested in around the country and around the globe as well. So again, it’s people from all over, we have local suppliers, we have people from Asia, people from Russia sending us and trying to sell us commodities with respect to customers. Again, we don’t have too much information about them. Hopefully, we’ll have the answer for that. And then your future.

Steve Bowcut:

Fascinating. All right. So as we wrap up here Dr. Maimon why don’t you, if you, if you have something to contribute, if you take a couple of minutes and if there’s anything else that you think our audience should know about Georgia State University’s Evidence-Based Cybersecurity Research Group or anything else that you think fits along with this topic? Go ahead and take a couple of minutes and tell us about that.

Dr. David Maimon:

Sure. I mean, I’m happy to discuss the research group. Our research group essentially seeks to understand what works and what doesn’t in the context of cybersecurity. We are aware of many companies, Many security teams out there who are offering their products with, at the end of the day. We’re not really sure how effective those products are, products, and policies that you should add in achieving their goals in terms of the security posture that the clients really want. So what we are trying to do is test rigorously using scientific methods, the effectiveness of different tools, different policies in achieving their goals. We take into consideration the overall ecosystem of cybercrime and focused on the key human actors. So it’s not only that we deal with technology.

Dr. David Maimon:

In fact, our major focus is on the human actors, hackers, targets, the guardians, chief information security officers, and their team, as well as law enforcement agencies, as well as enablers. And we’re bringing that technology that these actors use, to collect data as close as we can to the individual and really assess the effectiveness of policies and tools. We believe that rigorous scientific research should guide any policy decision. And that’s what we are trying to accomplish. Our three goals that we highlight in the context of our group we are trying to identify and educate vulnerable targets of cybercrime, guide policy development and guardian efforts to secure cyberspace, and finally guide the design and configuration of computing environments that can mitigate effectively the consequences of cybercrime events. Our group embeddedness in the cybercrime ecosystem is to identify new security trends. And this is how we actually ended up conducting this really cool research related to the pandemic.

Steve Bowcut:

Interesting. Okay. Well, thank you so much for the work that you do. I mean, that is terribly important and relevant work, not just with the COVID based dark market stuff, but all of the cybersecurity work that you’re doing, that’s a big concern for a lot of people. So thank you very much for that. And thank you for your time today. I really appreciate you spending some time with us here at Brilliance Security Magazine, and we appreciate our listeners that tuned in and listened to this. And with that, we’ll sign off. And thanks for listening to the Brilliance Security Magazine podcast.


Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.