Dark web match fixing – an issue of trust

Our research shows that online demand for sports event fixing services is still high and may even be growing.  At the heart of these services is a dilemma of trust. A match-fixing customer only wants to pay for results they know to be accurate, which is not provable until after the fact.  As you’d expect we found that many sites offering such services are unreliable, despite their best efforts to prove otherwise which is a good sign for the integrity of sports.  

In 2019, as part of our focus on sports and cyber, we published a blog on dark web match fixing. Since publication, the article has generated a huge number of visits, nearly five times as many as any other blog post we have published.

Since then, the MDR Cyber team have been regularly contacted by individuals wanting more information on dark web match fixing. Some directly asked us for fixed matches, and some enquired as to where they could find reliable sources.  This demonstrates the demand for this kind of information online.

Our initial research led us to discovering several sites on the dark web claiming to offer fixed matches. In this initial research, we questioned the authenticity of the sites. Some of the sites themselves have now introduced “trust pages” in a flawed attempt to show their reliability.

The demand for fixed matches

The messages we received since our first article showed that the demand for fixed matches is alive and well, although some senders indicated that they had been the victims of scammers. Many of the messages that we received were overt, often bold approaches from individuals, easily traced back to their real identities. One email even contained a corporate signature with details of the company the individual worked for.

“I’m looking for sure fix odd”

“how can I get your games please I have lost a lot”

“Are you dealing with fixed match? How can I get the games?”

“I really want to know everything about fixed match and when will your next fixed match be ready?”

“I need free sure soccer game prediction”

“I want a dark site which offers true fixed matches I can work for them we make great money am super broke”

We should be quick to point out that while many of our incident response and intelligence services bring us into proximity of cybercrime and fraud, we are not in the business of promoting it – our services are aimed at countering illegal activity. The sheer level of contact by e-mail and social media surprised the team.

Nonetheless, it appears our blog may have given some readers the wrong impression. Visitors to our blog were driven there from search phrases such as “dark web fixed matches” and variations of this. This demand indicates both a thriving demand for fixing, as well as desperation on the part of some prospective customers looking to profit from this illegal activity.

Search engine trends show that over the past 12 months, worldwide search activity for “fixed matches” declined during the period associated with the global pandemic, coinciding with the cancellation of many live sports events. Since June, interest in fixed matches resumed to above normal levels.

Figure 1 – Search engine trends over time for “fixed matches” (source: Google Trends)

The marketplace now

On the face of it, the services available now are like those we discovered previously. Various sites are still active on the dark web, and many were showing “fixed” matches within the last few weeks. Most sites observed were offering tips on fixed football matches, some claiming to offer European minor leagues, and one site offering Central and South American football matches.

All of the sites offered to accept payment via Bitcoin but sites offered multiple other cryptocurrencies, including Monero, Ethereum, Litecoin, NEM and Ripple. None of the sites accepted bank transfers or other regulated forms of payment. This is likely for the security and anonymity of the operators as cryptocurrencies are partially anonymous in the nature.

Trust issues

However, some elements of the match-fixing sites have changed. One of the main problems with dark web match fixing is the issue of trust; it is almost impossible to tell if a provider is credible without first spending money. To overcome this, several of the sites have introduced trust mechanisms to prove the authenticity of their fixed matches.

One such mechanism is that of the match fixing site publishing the score line of a match in an encrypted format. This, the site alleges, is a string of alphanumeric characters that, when decrypted with a private key, will provide the customer with the score.

The purportedly encrypted data is published before the match, meaning that the prospective customer can copy and keep the encrypted data. Once the match ends, the private key is published, which can then be used on a “decryptor” site along with the encrypted data to reveal the true score line.

The issue we discovered is that the decryptor site offered no details about the encryption algorithm used, and the decryptor site was very likely run by the operators of the match-fixing sites themselves. We found at least two of the match-fixing sites had clear web sites which were hosted on the same IP address as the decryptor site, indicating a close connection between the operators, and likely that they are one in the same.

This means that despite claiming the data is encrypted, the site operators are probably easily able to interfere with the results of the “decryption” to provide an accurate scoreline, regardless of the data that is inputted.

While seemingly a good way to get you to trust the site operators, this mechanism cannot ultimately be trusted and is likely to be a complex way for the site operators to create the illusion of credibility to scam the users out of their money.

Figure 2 – “Trust” mechanism for one dark web match fixing site

Several other trust mechanisms were offered – one of the sites we reviewed gave a “post-pay” option. This, the site alleged, meant that a customer could pay after the match. Sites also claimed to offer escrow services and 100% money-back guarantees, although none provided clear information about how these services operated.

While the customer-base for fixed matches is thriving, many of the sites that are offering these on the dark web are not to be trusted. To prove their trustworthiness and authenticity, some of these sites inadvertently left a trail of breadcrumbs which ultimately casts more doubt on their credibility.

While the examples we investigated may show that scammers are ready to exploit the demand for fixed matches, the problem of genuine match fixing has not gone away. Europol released a report in August 2020 estimating global annual criminal proceeds from betting-related match-fixing at €120 million with football the most heavily exploited sport. The problem of genuine match-fixing and corruption in sport is assessed to be driven by increasing interest from organised crime groups who cooperate internationally to corrupt officials and players. As expected, online betting is increasingly preferred over cash-based betting, with e-wallets and alternative banking platforms being used also.

MDR Cyber frequently uses internet forensics, open-source intelligence and concepts from cyber threat intelligence to provide investigative and intelligence services to our clients. To find out more about our online investigative services, contact cyber@mishcon.com.