The opening lyrics to Mr Roboto by US Prog rock band STYX might just be one of my most tenuous titles to a blog, but when I heard of the new Dark Web marketplace for all things cyber-crime, it was the first thing that came to mind…
The article I read was one posted by Bleeping Computer – A site which typically has really well researched articles – however, in this case, I’m not 100% sure.
According to the Bleeping computer article, STYX launched in January 2023, and is rapidly becoming the go-to place for all types of criminal services.
As is typically the case in many Bleeping Computer articles, they augment their reporting with screenshots of the site in question with a view of the services on offer – as seen below:
When I research a blog post, I don’t like to simply regurgitate the work done by others – I like to use their data as a start point and then I go out on the Internet to locate my own information, images, etc.
This helps me validate the data I write about, which helps me understand the topic more, it also allows me to distill the data for my blog so that I can write about the topic in a more accessible way for those who might not be familiar with many of the terms used – but mainly it ensures that I’m not plagiarizing other peoples work.
The Bleeping Computer article mentioned a company called Resecurity who had conducted the research into this emerging market place, so I took a look at their post and found that the Bleeping Computer article was a re-working of their original blog with the same graphics and similar words.
So, armed with the Resecurity article, I fired up Tor and set about trying to find STYX, so that I could take a look at the site for myself, maybe grab a few different screenshots, etc.
After about an hour of searching I had found nothing, no mention of the site on any of the Dark Web forums I typically use, it was as if this new, fancy go-to marketplace was being deliberately hard to find.
So I returned to the surface web to do more searching. And I found LOADS!
Loads of reworkings of the same article that is…
Nearly every article I found about this new market place was either a regurgitation of the Bleeping computer article, or a regurgitation of the Resecurity post.
A number of widely used sites seemed to be posting almost word for word the same articles, with no actual independent research.
All the above, and more seemed to be touting the same data from the Resecurity post
And then I came across this YouTube post…
Before watching the video, I was skeptical of the existence of STYX, but after watching this video, my mind was made up – STYX really does seem to be 100% fake.
In the video, Brett, who I’ve never come across before* makes a number of statements as to why he believes that STYX is not what the cyber-security world thinks it is. One of his 1st claims backs up my research – STYX simply cannot be found on the Dark Web.
In his video, Brett does manage to find STYX – on the surface web – which is the absolute opposite to a “Dark Web” market place. The URL for STYX is actually styxmarket.com
He makes a number of other statements which I won’t go into here – you can watch the video to see his evidence that STYX is not a genuine cyber-crime market place. And whilst I’m not a fan of his delivery style, he does make some good points, and shows that he has taken the time to do some independent research, which is something I can’t say has happened in many of the articles I’ve mentioned in this post.
Now, I might be wrong here, and so might Brett – STYX may turn out to be using some very good marketing techniques to draw attention to its services, but I don’t think so.
Needless to say, I’ll be keeping an eye out for more stories about STYX, but also taking the words of other cyber-security sites with a pinch of salt in the future.
*Apparently Brett is very well-known in the industry – so I’m amazed this is the 1st I’ve heard of him – but hey – I don’t know everything!
Brett is a former US Most wanted Cyber-criminal turned good – he was the founder of one of the oldest cyber-crime forums on the WWW (shadowcrew.com), but now is considered one of the leading authorities on cybercrime, identity theft, and cybersecurity on the planet. – who knew – I didn’t!