Feds Dismantled the Dark-Web Drug Trade—but It’s Already Rebuilding

Credit to Author: Andy Greenberg| Date: Thu, 09 May 2019 11:00:00 +0000

On the dark-web drug market Empire this week, business proceeds as usual. "Satisfied customer, will be back," writes one user on the product page of a meth dealer with the handle shardyshardface. "Excellent," reads a plaudit posted by a buyer of the opiate oxycodone. "Bravo," says another for a $5 sample of fentanyl, one of 18 reviews posted on the product's profile page in the last week. In all, Empire lists over 18,000 narcotic offerings, including hundreds for oxycodone alone.

Judging by that buzzing trade, there's little hint that just the week before, global law enforcement announced the takedowns of two of the world's largest dark-web drug sites, known as Wall Street Market and Valhalla. Or that the most popular market, called Dream, had taken itself offline at the end of last month, perhaps sensing law enforcement closing in. Or that a multiagency US law enforcement task force devoted to stemming opioid sales on the dark web arrested more than 60 people in a major operation the month before.

On Wednesday, the FBI and Europol announced their latest win: The takedown of dark-web news and information site DeepDotWeb, which had quietly made millions of dollars from offering promotional links to black market sites in a kind of underground affiliate marketing scheme. "We think it's going to have a huge impact," FBI special agent Maggie Blanton, who leads the bureau's Hi-Tech Organized Crime Unit, told WIRED. "We viewed DeepDotWeb as a gateway to the dark web."

Taken together, those operations represent the most far-reaching collection of law enforcement actions against the dark web's economy in at least two years. "You’re seeing the evolution of a coordinated law enforcement effort," the director of Europol's European Cybercrime Centre said. "It’s not whack-a-mole anymore."

But despite those wins, a years-long war of attrition seems to be exactly the pattern that the dark web's booms and busts now follow, argues Carnegie Mellon computer scientist Nicolas Christin, a longtime dark web researcher. In an economy where the demand—drug-addicted users—remains constant or growing, that's only to be expected.

"History has taught us that this ecosystem is very, very resilient," Christin says. "It's part of a cycle, and we’re in the chaotic part of the cycle. We’ll have to see how it recovers. But if I were a betting person I would put more money on it recovering than on it dramatically changing."

The cycle Christin describes—law enforcement takedowns followed by a slow but robust recovery—has played out on the dark web again and again, repeating roughly every year or two. After the late 2013 takedown of the Silk Road, the first real dark-web drug market, more than a dozen replacements rose up to fill the demand for anonymous online narcotics sales. A massive crackdown called Operation Onymous followed in late 2014, seizing a broad swath of the dark web and arresting 17 people by exploiting a vulnerability in the anonymity software Tor, which serves as the dark web's fundamental cloaking tool.

Yet by 2017, another site, AlphaBay, rose up to become far bigger than the Silk Road had ever been. In a well-coordinated, two-pronged attack, the FBI took down Alphabay in July of that year while Dutch police hijacked the second-largest dark-web market, Hansa. That maneuver drove Alphabay's refugees into a trap: The Dutch police had rewritten parts of Hansa's code to de-anonymize users, grab their passwords, and even install beacons on their computers. The double takedown, called Operation Bayonet, was intended not only to ensnare dark-web buyers and sellers but to scare them, too, as the Dutch police's National High Tech Crime Unit told WIRED at the time, creating a deterrent to keep users from migrating to the next dark-web drug bazaar.

The FBI's Blanton told WIRED that no dark-web market has reached AlphaBay's scope since. But Christin counters that, by early this year, he had observed that Dream Market had roughly matched AlphaBay's previous size. (He declined to share detailed numbers, which he says are part of a still-unpublished study.) "What happened in 2017 was very unique, that one-two punch," Christin says. "But that doesn’t seem to have dented the ecosystem in a major way."

The last two months of arrests have at least sent the dark web into a temporary state of turmoil. In March, apparently enabled in part by information gathered in the Hansa sting, the US Department of Justice announced it had carried out what it calls Operation SaboTor. It arrested 61 people, and seized more than 650 pounds of illegal drugs, 51 firearms, and nearly $10 million in cash, gold, and cryptocurrency. SaboTor also underscored an aggressive new approach to law enforcement's dark-web operations: The agents from the Joint Criminal Opioid Darknet Enforcement team that carried it out—from the FBI, Homeland Security Investigations, Drug Enforcement Administration, Postal Service, Customs and Border Protection, and Department of Defense—now all sit together in one room of the FBI's Washington headquarters. They've been dedicated full-time to following the trail of dark-web suspects, from tracing their physical package deliveries to following the trail of payments on Bitcoin's blockchain.

If you'd like to tip WIRED anonymously, we have a couple ways for you to do that here.

Following those J-CODE arrests, Dream Market announced that new management would take over at the end of April. Instead, it went offline altogether. Then came the seizure of Valhalla and Wall Street Market last week. The latter's takedown began, the head of the Dutch federal police's darknet-focused team Nan van de Coevering tells WIRED, through a tip that led them to part of Wall Street Market's infrastructure hosted in the Netherlands. From there the three alleged administrators were further exposed through a combination of security mistakes: A faulty VPN revealed one of the men's IP address when he connected to its backend infrastructure, while another administrator had received bitcoins from the market with the same wallet he'd used to pay for a videogame account. A rogue staffer who had blackmailed the site's users also leaked the site's backend credentials, which may have aided in law enforcement's investigation.

But don't expect the dark web's downtime to last, says Roman Sannikov, an analyst at security firm Recorded Future. "My guess would be the lower-tier markets just grow in prominence again," he says. "Probably a couple of markets will step up."

By some measures, they already have. In addition to Empire Market's more than 18,000 drug listings, another site called Nightmare Market now lists 28,000 drug products, along with the dark web's usual assortment of stolen credit card numbers, counterfeits, and hacking tools. A new, Reddit-style forum site called Dread, hosted on a Tor hidden service, has already replaced the seized DeepDotWeb as a community hub, where users discuss which site to use when one is taken down by police or turns out to be run by scammers.

On Dread, the reactions to the recent law enforcement activity were a mix of dismay and defiance. "Are there any trustworthy markets left?" one user wrote, complaining that they used the dark web markets as a source for anti-seizure drug Lyrica and now had no good source. "This is so fucked up man, we have the right to do whatever we want to our bodies."

"Waste your resources on seizing petty websites because they know the use of darknet services is ever growing," another user wrote. "The war on drugs is a complete failure, a bottomless money pit."

But both the FBI and Europol officials who spoke to WIRED argued that while their battles against dark-web drug sites are far from over, that fight remains necessary—even if only to limit the dar- web markets' growth and make it even incrementally harder to buy dangerous drugs like fentanyl online. "Any small win is a victory," the FBI's Blanton says. "We care about stopping even one more person from overdosing."

"Some people you’re not going to deter from going to these markets. But there are a large number of people who would never considering buying drugs on a street corner or from a shady dealer but who will use the perceived anonymity of the internet to do this," Europol's Steven Wilson says. "If we can dissuade those people, how many lives to do we end up saving?"

Updated 5/9/2019 1:50 EST with more information from the Dutch national police.

https://www.wired.com/category/security/feed/