When “Operation Onymous” first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it’s a scorched-earth purge of the Internet underground.
On Friday, the European police agency Europol along with the FBI and the Department of Homeland Security announced that the operation has now arrested 17 people in as many countries and seized hundreds of Dark Web domains associated with well over a dozen black market websites. In addition to the takedowns of drug markets Silk Road 2, Cloud 9 and Hydra revealed Thursday, it’s also busted contraband markets like Pandora, Blue Sky, Topix, Flugsvamp, Cannabis Road, and Black Market. Other takedown targets included money laundering sites like Cash Machine, Cash Flow, Golden Nugget and Fast Cash. And agents have taken from criminal suspects more than $1 million in bitcoin, $250,000 in cash, as well as an assortment of computers, drugs, gold, silver and weapons that they had yet to fully catalogue.
In all, the agency says it’s seized 414 “.onion” domains, the web addresses used by the anonymity software Tor that hides the physical location of those sites’ servers. When WIRED spoke Thursday night with Troels Oerting, head of the European Cybercrime Center, he said his staff hadn’t even had time to assemble the full list of sites it’s pulled down in the sprawling operation.
“One of the primary targets was the Silk Road guy,” said Oerting, referring to Blake Benthall, the 26-year old coder arrested in San Francisco Wednesday and accused of managing the popular Silk Road 2 drug site. “But we also decided to see if we could identify more of the administrators of these sites and remove their infrastructure as well…Some moved before we could act, but we’ve taken most of our targets down.”
Europol didn’t immediately share the details of the 17 arrests related to the operation. But aside from Benthall, it revealed earlier on Thursday that two individuals had been arrested in Dublin in a large Dark Web-related drug bust.
Just how law enforcement agents were able to locate the Dark Web sites despite their use of the Tor anonymity software remains a looming mystery. In its criminal complaint against Benthall, for instance, FBI agent Vincent D’Agostini writes merely that in May of 2014 the FBI “identified a server located in a foreign country believed to be hosting the Silk Road 2.0 website at the time,” without explaining how it bypassed Tor’s protections. The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.
Asked how Operation Onymous located the sites, Europol’s Oerting was unapologetically secretive. “This is something we want to keep for ourselves,” he said. “The way we do this, we can’t share with the whole world, because we want to do it again and again and again.”
The organization that created and maintains Tor, the non-profit Tor project, said it didn’t have any more information on Operation Onymous’ techniques. But it downplayed the threat of a vulnerability in Tor’s safeguards for the tough-to-trace sites it protects known as Tor hidden services. “It sounds like old-fashioned police work continues to be effective,” said Andrew Lewman. “It could be [that law enforcement targeted] common people or organizations running these hidden services, or a hosting company, or something more mundane than a hidden service exploit.”
The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.Despite whatever tricks Europol and its American counterparts used to unmask the sites, several of the most popular Dark Web drug markets have nonetheless eluded them. A study by the non-profit Digital Citizens Alliance in September found that the six most popular Tor-based markets by total product listings were Silk Road 2, Agora, Evolution, Pandora, Andromeda, and BlueSky. Operation Onymous captured fully half of those top sites. But Agora, Evolution and Andromeda remain online and will likely absorb many of the refugee buyers and sellers from the law enforcement busts. In fact, Agora had already passed the Silk Road in total product listings with more than 16,000 mostly-illegal offerings, and the fast-growing marketplace Evolution was already on pace to soon take the second place spot in the underground economy.
Operation Onymous comes just over a year after the takedown of the original Silk Road drug site and the arrest of its alleged creator Ross Ulbricht, whose trial is scheduled for January. In an open letter to Attorney General Eric Holder just last week, New York Senator Charles Schumer called for a renewed crackdown on the flourishing Dark Web sites that have filled the void left by the original Silk Road. He pointed to statistics that show that more than twice as many drugs are now being sold on the Dark Web compared to when the original Silk Road was online.
Though Operation Onymous left many of that underground economy’s major players intact, Europol’s Oerting said he was more confident than ever that the remaining sites can be tracked down and pulled off the Internet.
“This is just the beginning of our work. We will hunt these sites down all the time now,” he said, praising the cooperation of all the international law enforcement agencies involved. “We’ve proven we can work together now, and we’re a well-oiled machine. It won’t be risk-free to run services like this anymore.”