Russian darknet was pretty shaken in 2017: top marketplace RAMP was closed, Russian Silkroad merged with Hydra market, and one of the oldest drugs forums Rutor was sold to new owners. Competition between main marketplaces led to using DDoS attacks and provocations. The same tendency persists in 2018 – servers are periodically offline, several markets have exit scammed or are unavailable for months (as for example Paradise market). This situation contributes to emerging hackers and scammers seeking for easy money. In the article we decided to tell about five most notorious of them.
Existencia is a former RAMP admin, who solved disputes between customers and vendors. Not long before the marketplace closed, his associates warned everyone that Existencia pgp key was stolen, meaning that he likely became someone else since that time. He allegedly started work on launching RAMP 2.0 while dead droppers, dealers and growers were posting hysterical messages about the system’s theft. RAMP 2.0 started to work but it turned out that the drug business became not only dangerous but also unprofitable because of fierce competition. Existencia, who introduced himself using an old pgp key, encouraged reputable vendors to register on the new marketplace, got a lot of bonds and deposits and suddenly vanished. Public searched through forums waiting for a sign from hateful Existencia, no matter who was hiding behind this nickname. Some people remembered that in a few days after the fall of RAMP on a cryptocurrency forum there appeared an anonymous user looking for an intermediary in order to sell 10,000 bitcoins for cash.
Many people linked him to Existencia, although there was no valid information.
Sber is a young and vigorous screwball who has scammed half of the Russian darknet. Sber has lots of nicknames which include CTS, Gazprom, Azbuka Vkusa, Starbuds, and his real name is Narek Surikovich Nadzharyan born in 1990. Doxxing on the deep web is difficult and risky: firstly, you deanonymize someone, then you get deanonymized yourself. But Sber made doxxing his brand name of madness. Nadzharyan reveals personal data of undesirable former associates and business partners. Sber’s nicknames are names of unreliable darknet shops which he managed, Nadzharyan created dozens of stores, promoted them and closed after the first bulk order, repeating the process again and again.
Sber emerged from the shadows when RAMP 2.0 exit scammed robbing all registered users and picking up personal information. While the website was working, users noted that their money was stolen by changing a withdrawal address in account settings. Many people recalled Sber’s style and after the marketplace stopped working there were no doubts left – Sber was blamed for the RAMP 2.0 shutdown and theft of Existencia’s pgp key. Then Sber announced that his former worker and a police officer Ilya was the one standing behind RAMP 2.0 exit scam and uploaded a photo of his passport. Doxxing caused a flood of accusations from all sides and paranoia among dead droppers (who had to provide photos of their IDs to get employed in most cases). Eventually public came to a conclusion that Sber was not a single person but well-organized and protected group of scammers acting together.
Hacker Sleepwalker started with advising on anonymity and creation of virtual personalities, later took responsibility for the collapse of the international marketplace Amberoad. He was a technical director of Ruonion but after the website’s administration left the project, he continued alone and did not cope with it, bringing the marketplace down. Sleepwalker behaved unprofessionally – he tried to enter the business aggressively crashing everything around. Once he went into a rage when one of his potential customers looking for a hacker sent an email from an unprotected mailbox. Sleepwalker published his personal data and later did the same with a dealer who opened a shop on a marketplace developed by Sleepwalker.
An ideologist and an admin of the oldest darknet forum Runion began with propaganda of libertarian ideas and promoted himself as a warrior of light fighting against everything limiting, repressive or greedy. However, after the RAMP closure, he announced about emerging a new marketplace on Ruonion, got vendor bonds and went offline for a month explaining it with a DDoS attack. When the market came back online Zed asked for more money. Users called to boycott the forum, which contains nothing but instructions on how to crack social networks accounts and is visited by a crowd of teenagers nowadays.
Nikkon was a moderator and orders guarantor, Zed’s partner, and was also responsible for destroying the reputation of Ruonion. He is remarkable for scamming users on carding forums and large-scale extortion.