[bilbopotter]

Let's say I decide to pay $800 for ddos attack. Provider pockets the $800 and doesn't carry out the attack. What's my recourse? Contact customer service? Nope. Contact the police? Hmm. You see the whole thing is a scam. There are plenty of articles online about it.

[evook]

It's not a scam. Those scenes live by reputation alone. If you need something as a once in a lifetime service you are well advised to use a trusted third party within the scene. Those are either trade mods or well known veterans.

If you become familiar and known in the scene the risk of being scammed is very low and if it happens it's more like a "one last money grab and I am done thing" where the person offering the service will disappear. But since this works once per online persona this really doesn't happen that often.

[torben-friis]

how does one even begin to become known in a scene if you don't even know where (or if) it exists?

Not that I'm planning to purchase any of those services of course, I'm just curious because it sounds like there's no possible starting point, unless by pure chance one of your personal friends happens to be already involved in the area and lets you know.

[colinmhayes]

Dark web markets have escrow systems as well as review systems which show how much each customer paid for the service. One can see if a vendor is well reviewed and it's unlikely the reviews are astroturfed if they are on large transactions because the fees on these markets are relatively high.

[malaya_zemlya]

you start working through an established escrow service, and gain positive feedback on darknet platforms. You can also do what above-ground companies do and promote yourself via ads, branding and so forth. At the very least that signals you've invested serious money into your image and are therefore unlikely to disappear overnight.

[doublerabbit]

There is a very easy starting point. Google

Use the phrase "darknet" then just apply the word "markets" and you'll already started the jump down the rabbit hole.

[WJW]

You pointed out the possible starting point yourself: one of your acquaintances is already involved with the scene. That seems quite sufficient for the scene to keep existing.

[bilbopotter]

Online reputation is very easy to build. These people are scammers they're hardly going to worry about giving themselves good reviews. It's done all over amazon, trip advisor etc yet somehow the darkweb has a full proof online reputation system - don't make me laugh.

[celticninja]

Dark Web reviews are linked to purchases. you can't just had a load of fake reviews without completing a transaction which means you have to pay a fee to the darknet site. So it is possible but it can be expensive, the easy option is to run a legitimate service and then at some point you could just start taking people's money and not providing the service. Of course this has a limited shelf life, because new reviews are going to be a positive

[michaelt]

Your concern is a reasonable one: Ross Ulbricht was literally the founder of Silk Road and so should have been able to make darknet transactions as well as anyone - and yet he (allegedly) engaged in six different murder-for-hire attempts spending $730,000 - and none were successful [1].

For more mundane services, though, most 'darknet markets' like Silk Road have a seller account reputation system, like ebay; and a payment escrow system. So you can choose a seller who has 100 previous transactions and a 99.5% positive reputation. And if they don't deliver, they don't get paid.

You can also ramp your purchases up gradually, buying the $10 1-hour DDOS and the $60 1-day DDOS, thus confirming the supplier can deliver before spending more than you can afford to lose.

And of course it's traditional for every bitcoin/darknet service to eventually fold with some insider making off with everyone's money. For that, I don't know what the common mitigations are, apart from not carrying an account balance larger than you can afford to lose.

[1] https://www.theguardian.com/technology/2013/nov/21/silk-road...

[thatcat]

That was shown to be a scam by some of the investigating officers who were later arrested for trying to keep some of the btc.

[michaelt]

It was indeed a scam - which is what I mean when I say bilbopotter is reasonable to be concerned that some darknet services are scams.

[nefitty]

Presumably, the most efficient markets are operating on a trust-based model. Reputation on the dark web is probably extremely valuable, and so vendors and buyers change their behavior based on each other’s ratings. Buying from a new vendor with no rep is extremely risky, so the buyer should expect a steep discount or otherwise for taking the risk.

[lifeformed]

Well, depending on how you find them, they still usually want to preserve their reputation. It'd be risky paying a completely anonymous person for a service, but if the darkwebsite indicates that there are 100 people who have said, "A+++++, would do cyberattacks with them again", then it might be safe to do crimes together.

[bsza]

Actually, there is a cryptocurrency for that:

https://www.usenix.org/system/files/conference/woot16/woot16...

It uses the outputs of the key exchanges as proof that the attack was carried out. I doubt anyone uses it in practice though.

[waihtis]

I don't think it's that straightforward.

If you're in a "law enforcement free-zone" and can bank a recurring service fee versus a one-time scam running these kind of services, why not engage in such behaviour?

There are career criminals with reputations also.

[CyberDildonics]

A ddos attack is something that can be scaled. Someone could pay a small amount for something small and keep making payments to extend it or scale it up.

[jackpeterfletch]

Dark net markets have review systems, and sellers pay a small but large enough sum for accounts to make doing this impractical.