In an operation involving 17 countries, law enforcement agencies arrested 17 people believed to be involved with Darknet markets. The operation, code named “Onymous”, first came to light with the announcement by the FBI and Homeland Security Investigations of the arrest of Blake Benthall (also known as “Defcon”) the operator of Silk Road 2.0. This arrest was followed up with news that a number of other Darknet sites had been seized. These sites dealt with the sale of drugs, firearms, stolen credit cards and money laundering.
In addition to the arrests in the US and Europe, US $1 million of Bitcoin was recovered, along with 180,000 Euro, gold, silver and drugs. The FBI also claimed that 27 sites with 400+ addresses pointing to those sites, have been siezed.
Is Tor all you need?
The actions of these law enforcement agencies mark a turning point in the battle against Darknet markets, which up until last week, seemed to be stacked in favour of the Darknet merchants. Using the anonymising and encrypting software Tor , Darknet users had become complacent about their ability to operate without threat of discovery or arrest. Even now,many in that community still hold that the law enforcement organisations succeeded not because of any particular sophistication in their detection, but because those arrested slipped up, and became lax with their “operations security” , or “opsec”.
The Darknet law enforcer’s investigative toolkit
Although this may be a factor in how certain people were arrested, it underestimates the range of approaches that law enforcement, especially with collaboration amongst different countries, have to bring to bear against criminals in the Darknet.
In their arsenal, law enforcement in the US and elsewhere may have found a way to break the anonymity of Tor and through this trace people’s use of sites back to their computers. There is of course no evidence that this is the case but it is theoretically possible, and attacks on the Tor network have previously been discovered.
More likely however is that law enforcement agencies used a more traditional approaches to track down the administrators of the Darknet markets.
Darknet system administrators talk too much
Infiltration of sites by undercover agents has been a tried-and-tested technique used by law enforcement for some time. Then, once arrests are made, it seems that most cyber-criminals are only too happy to inform on others in exchange for leniency in sentencing. Finally, there is the simple technique of participating in discussion forums and waiting for people to reveal too much information about themselves, something that a great deal of those arrested seemed to have been only too willing to do.
This last point is probably one of the more surprising ways of getting information about the “kingpins"behind the sites. One commenter on the discussion site Reddit, made the observation "I can’t believe how much information he gave about himself online” in referrence to Ross Ulbricht, the administrator of the original Silk Road who was arrested in 2013. It seems that Benthall, or Defcon, administrator of Silk Road 2.0 was little different.
When Darknet criminals come up for air
A significant weakness that criminals on the Darknet face in protecting their anonymity comes when they have to actually deal with the “real world”. This happens when they have to buy services like server hosting, deal with their Internet service provider and exchange Bitcoin for a currency they can actually use elsewhere. For drug vendors, there is the actual task of buying and shipping physical objects around the world which again presents a time when they reveal themselves.
It is at these points that Darknet criminals are at their most vulnerable and most likely to make an error giving law enforcement a chance of catching up with them.
The Darknet market drivers
Despite the success of operation Onymous, Darknet markets are still around and will continue to grow to meet an obvious and growing demand. Despite these services being on the so-called Dark Web, finding them is as simple as using Google and downloading the software package Tor. Darknet markets have driven easier access to cheaper and more reliable delivery of drugs to a global audience. The demand for these services is likely to be unaffected by the arrests because for every market that is taken down, someone will see the opportunity to take their place.
Already, markets like Evolution will have taken the clients and sellers from Silk Road 2.0 and other seized sites. Evolution in particular has become much more security conscious, implementing a range of techniques to frustrate law enforcement agencies’ attempts to shut them down.
The drivers for these markets is the enormous amounts of money behind what is a simple business proposition. Silk Road 2.0 drove US $8 million in monthly sales. Assuming other sites were comparable, this represented an annual turnover of US $3 billion for all of the sites that were in operation before the bust. Coincidentally, this is roughly the same amount as annual trading volume of Bitcoin in US dollars, showing how much of Bitcoin’s current use is tied to the drug trade.
Europol chief, Troels Oerting has claimed that sites like Evolution are next in line for closure. Saying that it was only a matter of time before they got to them. Only time will tell if this turns out to be the case.