Darknet Cartel Associated Marketplaces

August 09, 2022

In recent months, DarkOwl analysts discovered multiple escrow-enabled decentralized marketplaces on the dark web that claim to be affiliated with the Sinaloa Cartel.

One such marketplace called “Cartel de Sinaloa” is reportedly directly associated with the Sinaloa Cartel and Los Chapitos. Their marketplace uses the same logo – a red and black skull with “Cartel de Sinaloa” written underneath it – as the avatar of a Facebook group page operating with the same name. Another marketplace calling itself “The Sinaloa Cartel Marketplace” focuses on offering hitman for hire style services. Both services require authentication for user access, which forces visitors to create a username and password to view the marketplace past the login screen and adds protection from bots and crawlers.

Upon looking closer at these alleged cartel-tied darknet operations, our analysts found that there are Tor services for numerous other criminal cartels, in addition to the Sinaloa Cartel including: Los Urabenos from Colombia, Cártel de Jalisco Nueva Generación, Cartel Darknet Shop, Gulf Cartel Texas, and a non-specified cartel market simply titled, “DW drugs cartel.” We also found several darknet drug vendor services such as Ausline that advertise possible associations with prominent cartels.

Cartel Marketplaces

Here are some of the noteworthy dark web marketplaces that either claim to be or appear to be (based on our analysis) associated with cartels.

Cartel de Sinaloa (C.D.S. Market)

The C.D.S. Market is hosted on Tor and includes market escrow with the finalize early (FE) option. The market lists the following goods and services categories: Barbiturates, Software & Malware, Hire Services, Prescription, Opioid Antagonists, Money Laundering, Human Trafficking, Disassociates, Weapons, Steroids, Counterfeit, Human Organs, Benzodiazepine, Stimulants, Ecstasy, Fraud, Drugs Paraphernalia, Research Chemicals, Weight Loss, and more. Many of these categories are found on traditional darknet marketplaces, but this market includes the option to purchase human organs and services for hire. Despite these specific illicit goods categories and the fact that the Cartel de Sinaloa market has been active for months, there are zero product listings offered or advertised for sale under any of the categories described. This suggests the marketplace could be a front for other criminal activities or a law-enforcement sponsored honeypot.

The discovery of this marketplace prompted further investigation into similar “cartel-centric” documents in DarkOwl Vision, where we discovered an additional marketplace advertised on Tor as being associated with the Sinaloa Cartel on the darknet.

Figure 1: Login Landing Page for Cartel de Sinaloa Marketplace on Tor
Figure 2: Cartel de Sinaloa Marketplace (post-authentication) on Tor

The second site, The Sinaloa Cartel Marketplace, advertises a variety of products including drugs and hitmen for hire. However, the only option under “shop” is to submit a job request with options such as “shot and get away,” “stabbing,” “kidnapping,” “accidental murder” and more. The most expensive service offered is a sniper job, going for $10,000. The prices on the form included the USD currency and supports payment via Bitcoin.

Figure 3: Job Request Form Fill with Prices Listed per Job Type for the Sinaloa Cartel Marketplace on Tor

After a quick reverse image search across open-sources, we found the same image from the Sinaloa Cartel Marketplace on Tor is also listed with an offer to purchase the “El Chapo” t-shirt on a surface web e-commerce site specializing in anarchist screen printed clothing, called Rancid Nation.

Figure 4: Sinaloa Cartel Marketplace on Tor

Cartel Gulf Texas

Another alleged indirectly Sinaloa cartel-affiliated darknet market is called “Gulf Cartel Texas” and claims they ship drugs across the world via the US Postal Service (USPS) out of Laredo, Texas. There have been ongoing reports of cartel-gang violence in Laredo after the March 2022 arrest of the leader of Cartel del Noreste, Juan Gerardo Trevino-Chavez (a.ka. The Egg “El Huevo”), 39, of Laredo, Texas.

The Gulf Cartel Texas Tor service has been online since 2020 and its design is not as sophisticated as the other services we discovered using our Vision UI product but advertises different drugs in bulk available for purchase, including, coincidentally, “very high quality heroin from the mountains straight from the Sinaloa cartel.” The Gulf Cartel Texas – Straight from the Border – includes a disclaimer reading: “warning scammers are active posing us we will never email or threaten you in bad english.”

The site does not appear to have been recently maintained and includes proof pictures of the products dated 2020.

Figure 5: Gulf Cartel Texas Landing Page on Tor

Los Urabenos

The Los Urabenos Cartel – a power criminal and neo-paramilitary group from Colombia – offers their services for hire on Tor and specializes in the sale of high-quality pure cocaine on their marketplace. The landing page has a volcano in the background, and the site is designed to be user friendly with traditional navigation links like: “home”, “about us”, “services”, and “contact us” sections. The market offers a handful of products for sale with tagged photos including, Fishscale Colombian cocaine 90%+ and Dutch MDMA champagne crystals 84%, and stated they used to trade on Darkfox and DarkMarket prior to the decentralized marketplaces’ seizure. They have very strict rules for their orders, including no direct or in-person meet-ups and advertises they have completed over 750 orders with 400 clients.

Figure 6: Landing Page for Los Urabenos Cartel Marketplace
Figure 7: Rules for Transacting with Los Urabenos Cartel

The contact information for the Los Urabenos marketplace references an encrypted chat application account for CDG cartel, which likely refers to the cartel’s more recent designation, Clan del Golfo (Gulf Cartel).

According to open-sources, nearly 200 members of the CDG cartel were arrested by international police and government forces in a multi-national law enforcement operation in 2021 including their leader, Dairo Antonio Úsuga (a.k.a. “Otoniel”).

Cartel Jalisco Nuevo Generation (CJNG)

Another darknet service we found is allegedly associated with the Mexico-based Cártel de Jalisco Nueva Generación (CJNG) and describes themselves as the “most trusted bulk cocaine seller in the world” with anonymous dead drops via sea and air cargo. They advertise that they have had thousands of sales since Empire Market and accept payments via Bitcoin. The site also claims that: “A portion of all sales to go non-profits and organizations that support online freedom.” CJNG is believed to be one of the largest fentanyl suppliers to the US and as recently as late June posted videos to social media with over 60 militarized cartel members proudly flexing a wide array of protective gear, weapons, and vehicles at their disposal for continuous operations.

Figure 8: Landing Page for CJNG Tor Site

The products offered on the CJNG marketplace include a limited selection of drugs such as cocaine, marijuana, and amphetamine crystal shards. The News section for the site is not up to date, with the last post shared in March 2020; the site administrator included Wickr and Jabber encrypted chat accounts and secure email address (with PGP key) for direct messaging and purchase. Some images of their products, such as bricks of cocaine, included an insignia carved into the top.

Figure 9: CJNG Market emphasizes their support of privacy and digital freedom
Figure 10: Product offerings from CJNG Market

Ausline

Earlier this year, another prominent darknet drug vendor, Ausline, recently established their own vendor shop offering drugs for purchase and shipments in Australia and New Zealand. They specialize in deals “in bulk” and advertise they are procured directly from producers in Afghanistan, Colombia, and the Netherlands. Their bulk Fishcale Colombian Cocaine Flakes 90% is allegedly sourced from the “Scorpion cartel.”

Figure 11: Source DarkOwl Vision

There’s little to no open-source information about any “Scorpion” cartel in Colombia, but internationally there is a Red Scorpion Gang in Canada and another known simply as the Scorpion Gang in Haiti are mentioned in news articles. In Mexico, a group called the Escorpiones (Scorpions) were founded after the fallout between two CDG leaders, and were the guards for Antonio Ezequiel Cárdenas Guillén and last reported to be allied with the cyclones after his death.

Henry Loaiza Ceballos (a.ka The Scorpion “El Alacrán”) was a well-known drug trafficker in Colombia and member of the Cali Cartel in the early 1990s. In 2019, he was ‘recaptured’ and is highly regarded across many drug cartels in LATAM. Intriguingly, the symbol of a black scorpion is believed to the “calling card” of the Sinaloa Cartel as pictured by a social media post by John McAfee in 2019.

Figure 12: Image of 2,000 pounds of Cocaine with the Sinaloa Cartel “brand”

Cartel Darknet Shop

The Cartel Darknet Shop is user-friendly, resembling any standard e-commerce site on the surface web. There are options displayed at the bottom of pages, like Amazon, with suggestions for other products customers might “also like.” Still, the products offered appear to either be professionally photographed or taken from stock images from the internet. Many of the product’s prices, such as the CBD oil, are higher than what the same products sell for legally. The site does not indicate or state any direct association with a drug cartel.

Figure 13: CBD Oil offered for sale on Cartel Darknet Shop

Regionally-Based Advertisement of Products

During earlier marketplace research we observed that regions known for their drug exports such as Colombia, Peru, Bolivia, and Mexico are often advertised with product listings on darknet marketplaces to prove the quality or the purity of the product and to legitimize the vendor. Advertised geographical indicators can provide potential associations of the products offered with a particular cartel, such as the Sinaloa region and the Sinaloa cartel being famous for their high-quality cocaine. Regions that are famous for their drug trade have also been seen listed in the product title and description, e.g. “Sinaloa Kush.”

It in unsurprising that the most popularly advertised region is Sinaloa, is this is also home to and the name of one of the strongest drug cartels in Mexico at present.

Figure 14: Source DarkOwl Vision

Are Darknet Cartel Markets Scams?

Several of the “Sinaloa-adjacent” darknet marketplaces on Tor featured hitman for hire services in addition to drugs. Hitmen services offered on the darknet are not a new phenomenon. Most “hitman-for-hire” services, especially those attached to prominent criminal groups and mafias, have been determined to be elaborate scams established to steal victim’s money without following through with the murder. There are limited reports of “kill list” victims ending up dead, but no confirmation the murder was carried out via the darknet website and impossible to track. Most chatter in the darknet is dismissive of any violence-centric or hitman-style services advertised.

“99.999999999999999999999999999999999% of all the ‘contract killers’ you see on here are one of two things A. Feds or B. Scammers.” – Darknet post dismissing any hitman services as law enforcement or scammers

Given that attribution on the darknet is difficult, the cartel sites listed above could very easily be scams. There is a history of such hitman-for-hire site turning out to be scams or well-placed honey pots by law enforcement. However, it is likely that organized drug cartels would be one of the few criminal groups capable of offering real hitmen services. Given the extreme and often gruesome violence many of the cartels are known for, the hitmen services advertised could be very real, if they really are the organizations behind the darknet sites as advertised.

We did not perform an in-depth analysis of the extent prominent drug cartels are active as vendors on traditional decentralized marketplaces like AlphaBay. The Los Urabenos Cartel’s affiliated site claims they previously traded on Empire, Darkfox and DarkMarket prior to the decentralized marketplaces’ seizure or exit scams. According to open-sources, DarkMarket was taken down by international law enforcement agencies. Empire went offline due to unknown circumstances. DarkFox was feared at to be exit scamming but has since returned and is active again.

The emergence of dedicated separate marketplaces linked to cartels could point to a broader trend of vendors moving away from traditional drug-focused decentralized marketplaces. After over two years of watching cartels on the darknet we have found fewer marketplaces advertise drugs by their origin/regional name and there are generally fewer marketplaces that sell large quantities of drugs, typically for resale in the case of cartel-based drug distributors. Vendors known for selling drugs on darknet marketplaces in large quantities could have decided that it is not worth the risk given the extent markets are targeted by law enforcement.

For example, in 2019, we identified a well-established darknet drug vendor, UKWhite who sold drugs in high volume – likely affiliated with cartels – across multiple marketplaces was arrested in October 2021 in Barcelona, Spain. They are facing and contesting extradition to the US.

Another drug vendor we observed in 2019 who is still active now almost exclusively engages in ‘direct dealing’ as a seller. These sellers will advertise themselves on discussion forums and appear limitedly on marketplaces only to establish alternative secure communication methods.

Regardless if cartel-affiliated marketplaces and vendor shops like the ones discussed in this research are merely scams or elaborate law enforcement operations, we anticipate a continuance of cartel-affiliated marketplaces and vendor shops in the darknet and a darknet-wide trend of vendors transacting with their buyers and drug network distributors via one to one communication and/or encrypted communication chat platforms for enhanced security and privacy.


Interested in learning how darknet data applies to your use-case? Contact us!

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.