The deep web, invisible web, or hidden web sounds like a mysterious depth of the world – but the concept is quite simple. The deep web is content on the World Wide Web not indexed by standard search engines. Think about search engines such as Google, Yahoo and Microsoft’s Bing, which give you results for indexed pages. They do this by following the links between sites and crawling the web’s threads like a spider. But that method only lets them gather static pages, like the one you’re on right now. When the web crawler arrives at other sources, such as databases, it typically cannot follow links into the deeper content nor can it capture pages behind private networks or standalone pages that connect to nothing at all. These are all part of the Deep Web.

What is surprising to many is the deep web is 90% of the entire web, which is full of unharmful and legal items – they’re just not indexed for search engines. The opposite term of the deep web is the surface web, which is the internet we use every day. The surface web only consists of 4% of the web. Where things get illegal is on the dark web – or black market, consisting of 6% of the web.


A black market, underground economy, or shadow economy is a secret market or transaction which has some aspect of illegality or is characterized by some form of noncompliant behavior with an institutional set of rules. Black markets are a marketplace for drugs, hacked account credentials, health credentials, bank account details, credit card information, and more. Even worse, confiscated personal data appears within days on black-market sites for purchase. 

The black market can actually be divided into two categories: the black market, and the gray market. Black markets are organized and run for the purpose of cybercrime; they deal in exploit kits, botnets, Distributed Denial of Service (DDoS) attack services, and the fruits of crime (e.g., stolen credit card numbers, compromised hosts), etc. Gray markets are limited to the exchange of vulnerabilities and exploits, and the discovery and development of – which is not illegal. Companies often pay for information about vulnerabilities in their own products. As a cyber rating tool, we focus on black markets in this article to understand the perspective of hacker events and how hackers earn money through black markets to protect our customers, partners, and vendors.

 Request a free, fully functional cyber risk rating for your company today to detect your vulnerabilities.

Characteristics of the Black Market

Black markets are growing in size and complexity.  The hacker market has emerged as a playground of financially driven, highly organized, and sophisticated groups. Understanding these markets is complicated, as they’re geographically spread out, diverse, segmented, and usually hidden under the cloak of dark webs, anonymization, and cryptographic features. The risk associated with the hacker market is high and detecting/collapsing these markets is a very challenging task for security experts. Methods for communication have become more innovative and secure, with greater use of encryption and privacy mechanisms, such as off-the-record messaging and cryptocurrencies. The black market is an increasing threat to businesses, governments, and individuals operating in the digital world. 

How Do Hackers Access the DarkWeb?

Technically, this is not a difficult process. Many simply install free software for enabling anonymous communication and direct internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays. The user’s location and the usage are hidden from anyone conducting network surveillance or traffic analysis. Most of these free software options make it more difficult for Internet activity to be traced back to the user, including website visits, online posts, instant messages, and other communication forms.


As hacker markets have evolved over time, they have also restructured their priorities over time. In the early-mid 2000s, these markets focused on goods and information related to credit card credentials. They then expanded to broker credentials for eCommerce accounts, social media, and beyond. Almost any computer-literate person can enter the market according to her/his skill levels. Like traditional economies, the underground market comprises sellers (supply), buyers (demand), and intermediaries.

With the increase of as-a-service models and do-it-yourself kits (with easy-to-use administration panels), anyone can create and use variants of similar malware. One can buy credentials, credit cards, and personally identifiable information without needing to be highly technical. The organization of groups and forums are highly structured, and the specialization of roles and responsibilities are defined very well. Most of the vendors guarantee that their products will live until the promised lifespan.

Learn more about Black Kite’s 20 technical categories, including hacktivist shares and leaked credentials found on dark forums in black markets here. 

How Items are Purchased on the Black Market

In black markets, most money transactions are completed using bitcoin. Bitcoin dollars, euros, or yen can be used to buy things electronically. However, Bitcoin’s most important characteristic, and the thing that makes it different from conventional money, is that it is decentralized. No single institution controls the Bitcoin network. This concept puts some people at ease because it means that a large bank cannot control its money. However, the money is untraceable, making it extremely valuable to black markets.

Products And Their Prices on Black Market

There has been a steady increase in the availability of goods and services offered in the black markets. Greater availability of as-a-service models, point-and-click tools, and easy-to-find online tutorials make it easier for technical novices to use what these markets have to offer. Despite these markets being generally illicit, they follow the same economic laws and practices as other markets. Participants communicate through various channels, place their orders, and get products. Black-market evolution mirrors the normal evolution of a free market, with both innovation and growth.

Prices for credit cards, for example, are falling because the market is flooded with records, and botnets and DDoS capabilities are cheaper because so many more options are available.

For example, Yahoo announced a hacking incident in September stating 500 million user accounts were hacked in 2014, and another 1 billion accounts were compromised in 2013 in a previous attack. The stolen data included names, email addresses, telephone numbers, birthdays, hashed passwords, and some “encrypted or unencrypted security questions and answers.” Yahoo claims they “believe” no payment card or bank account information was stolen. However, the announcement was not published until September of 2016. According to The New York Times, a billion-user database was sold on the Black Market last August (2016) for $300,000.

The price of a target account varies, however, the typical cost to hack one range from $16 – $325. The average cost to companies per compromised record is estimated at $194, considering lost customers, damaged reputation, and diminished goodwill.

Zero-Day vulnerabilities are also a popular product on the black markets. Zero-day vulnerabilities (“zero-day exploits”, or just “zero-days”) are exploitable vulnerabilities that a software vendor is not aware of and for which no patch has been created. It is difficult to find zero-days and also difficult to develop an exploit for them. For these reasons, prices of zero-days are higher than the price of other products in black markets.

Zero-days are mostly thought to be used for corporate espionage, or for specific targets whose only entry is through a zero-day. Some companies have set up their own bug bounty program to avoid selling their zero-day vulnerability in black markets. Some bug bounty programs are given below.

Request a free, fully functional cyber risk rating for your company today to detect your vulnerabilities.