Unveiling the Darkness: Analysing Organised Crime on the Wall Street Market Darknet Marketplace using PGP Public Keys

Darknet marketplaces (DNMs) are digital platforms for e-commerce that are primarily used to trade illegal and illicit products. They incorporate technological advantages for privacy protection and contribute to the growth of cybercriminal activities. In the past, researchers have explored methods to investigate multiple identities of vendors covering different DNMs. Leaving aside phenomena such as malicious forgery of identities or Sybil attacks, usernames and their corresponding PGP public keys are used to build brands around users and are considered a trusted method of vendor authentication across DNMs.
This paper aims to demonstrate a forensic method for linking users on a DNM called the Wall Street Market using shared PGP public keys. We developed a trading reputation system to evaluate the transaction behaviour of each user group sharing PGP keys (i.e., PGP groups). Based on the reputation indicators we introduced, we compared PGP groups with high, medium and low reputation levels. Our research suggests that the observed PGP groups exhibit varying organisational structures in relation to their reputation levels, including a more organised and dense cooperation or a looser form of cooperation. As this paper provides an in-depth understanding of user networks on a DNM associated with PGP keys, it is of particular interest for the detection of organised criminal groups on DNMs.