An international law enforcement effort that involved multiple agencies from the United States and Europe has taken out a significant chunk of the dark web, putting 179 vendors of illegal drugs and firearms out of business. The sweep saw suspects arrested in six different countries and the seizure of 500 kilograms of drugs, millions in cash and a large number of illegal weapons.
An international law enforcement dragnet
The coordinated effort known as “DisrupTor” was headed up by the German Federal Criminal Police (Bundeskriminalamt) in partnership with the Dutch National Police (Politie) Europol, Eurojust and a number of US government agencies including the Drug Enforcement Administration (DEA). The majority of the 179 arrested were from the US and Germany; some additional arrests were carried out in the Netherlands, United Kingdom, Austria and Sweden.
Head of Europol’s European Cybercrime Centre (EC3) Edvardas Šileris made the following statement about the operation: “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”
As the operation’s moniker indicates, the international law enforcement investigation penetrated markets conducted via the Tor network that have strong elements of encryption and anonymity in place. Europol boasted of its ability to penetrate the network in a public statement, announcing that the “golden age of dark web marketplace is over.”
A statement from the US Department of Justice focused on the disruption of the illicit trade in opioids, a problem that has plagued the country for over two decades. 274 kg of the seized drugs were taken in the US, including large quantities of the powerful opiate fentanyl that has caused a major spike in overdose deaths in the past year. The department cited other specific busts including the shutdown of a major methamphetamine distribution network that spanned most of the country, a drug smuggling operation coming in from Canada and China, and a plot to raid and firebomb a pharmacy in Nebraska.
Disrupting the dark web’s dealers
The international law enforcement action did not appear to take down any of the major marketplaces, but instead focused on sellers and buyers active on dark web sites. While previous takedowns of similar sites (such as Wall Street Market) have made substantial dents in the drug trade, these disruptions tend to be temporary with the illicit trade quickly coalescing around alternative markets. This recent effort may signal a potential shift by international law enforcement to targeting the users rather than the platforms, particularly a focus on punitive measures directed at buyers.
However, Europol did indicate that information obtained from seizure of the Wall Street Market backend server led to the investigations into many of the subjects that were eventually scooped up; the underground market apparently had 1.15 million users at its peak. And the Dutch police apparently gleaned much of their information from the seizure of the Hansa dark web market server and use of it as a honeypot, logging and tracking users as they flocked to the site after the FBI shut down AlphaBay in 2017.
Kacey Clark, Threat Researcher at Digital Shadows, elaborated on how taking down even relative handfuls of producers and buyers on these dark web marketplaces can have a “ripple effect” that greatly benefits international law enforcement: “Throughout our research, we’ve touched on the volatility of criminal marketplaces and forums, and a crucial part of this ecosystem is trust. Marketplaces can be vulnerable to attacks, law enforcement can take down the site, and technological problems can disrupt the marketplace’s flow. Trust is weaved into all of this; buyers wonder, ‘can I get the drugs, will I get the cards?’ while vendors are curious if they’ll get their money. Vendors will still need to advertise to an open platform to acquire as many buyers as they can … The operation which took down the AlphaBay and Hansa marketplaces three years ago spooked cyber criminals since it resulted in many follow up prosecutions as law enforcement pieced evidence together often many months later. Wall Street market emerged from these ashes and was the most significant one in existence at the time. It would appear that law enforcement have followed the same pattern and that is why we are seeing arrests today. There is now very limited trust amongst cyber criminals who rightly remain paranoid about law enforcement action but also from their fellow cohort since many marketplaces also collapse from so-called ‘cash out’ scams where administrators run off with cash held in escrow accounts.”
Innovation in dark web operations and law enforcement
However, as long as there is strong demand and a lucrative market to be tapped there will be cyber criminals attempting to make it work. Clark sees these markets taking on added security measures in the near future; enhanced encryption in all communication, requirements for two-factor authentication (2FA) to verify buyers, and a move to more private forms of cryptocurrency as the required coin of the realm. This change is already beginning in some ways with criminals shifting heavily to the use of Monero as a means of payment, and some are also moving to encrypted communications apps like Wickr as their means of interacting with customers.
As in most other areas of security and law enforcement, this creates a seemingly interminable cat-and-mouse game as the criminals develop innovative new methods and international law enforcement is forced to innovate as well to temporarily get ahead of them. Monero has been a target of this innovation as of late; the US Department of Homeland Security claims to have a contractor that has given it the ability to lift some of the veil of secrecy surrounding the notorious privacy coin, while the Internal Revenue Service has offered grants to enterprising developers that can offer it similar capabilities.
While the primary dark web threat to most organizations is the contents of a data breach showing up for sale (or even free public access) there rather than drug and weapon deals, an underlooked risk that international law enforcement is warning about is the potential of insiders monetizing their confidential business knowledge in an anonymous way. Examples that have already been seen in the wild include a subscription service that provides a steady flow of insider trading tips supplied anonymously by company employees, an IT professional offering live real-time access to a travel company’s credit card database, and someone selling access to a hedge fund’s trading algorithm.