Europe, US take down over 400 ‘dark net’ drug marketplaces

p> Following yesterday’s take down of online drugs bazaar Silk Road 2.0, European authorities revealed a much wider effort was underway that targeted over 400 dark net sites.

The EU’s law enforcement agency Europol announced on Friday that it had made 17 arrests of vendors and administrators of marketplaces that operate as hidden services on the Tor network, in addition to seizing US$1bn in Bitcoin, €180,000 in cash, as well as drugs, gold and silver.

The arrests were the result of operation “Onymous”, a joint effort by the Europol’s cybercrime unit, EC3, the FBI, the US Immigration and Customs Enforcement (ICE), Homeland Security Investigations and Eurojust.

According to the UK’s National Crime Agency, a total of 400 dark net websites were taken down. While Europol hasn’t said who was arrested, the NCA revealed the names of six people of the 17 who were arrested in the UK and accused of supplying controlled drugs. Two more people were arrested in Sweden.

Some of the sites taken down include Cloud 9, Hydra and Flugsvamp, but perhaps the largest, Agora, remains online.

European nations involved in the Onymous include Bulgaria, Czech Republic, Finland, France, Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Netherlands, Romania, Spain, Sweden, Switzerland, United Kingdom.

The European action followed yesterday’s announcement that US authorities had seized the website of Silk Road 2.0 and arrested its alleged operator, Blake Benthall.

Silk Road 2.0 emerged shortly after the seizure last October of the original Silk Road and the arrest of its alleged administrator, Ross Ulbricht, also known as Dread Pirate Roberts (DPR). One of the controversies in Ulbricht’s defence is exactly how authorities were able to identify the Silk Road server. Ulbricht has also denied being DPR.

A similar mystery remains in the takedown of Silk Road 2.0, however, the complaint unsealed yesterday revealed a series of blunders that seem to tie Benthall more definitively to ‘Defcon’ — the name of the site’s main administrator. 

Read more: SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices

Benthall, a 26 year old software developer who resided San Francisco and briefly worked for Elon Musk’s Space X, arguably should have known better than to use a Google-hosted email address — registered in his real name — to communicate with providers of servers that hosted his high risk operation

According to documents unsealed on Thursday, that’s exactly what Benthall did, providing law enforcement with information that is crucial to pinning him for operating Silk Road 2.0, which was said to have had a turnover of $8m a month by October this year.

The seeds of Silk Road 2.0’s demise were sewn at the outset. According to the criminal complaint and request for a warrant lodged in May this year, an undercover agent from the Department of Homeland Security had by last October convinced the emerging site’s support staff to grant access to private message boards that were only available to Benthall and his admin staff.

Benthall had also used a Google-hosted email account to submit service requests with the unnamed hosting provider where the Silk Road 2.0 server was hosted. 

Read more: Hackers, Security Pros Talk Penetration Testing, Social Engineering

After investigators had secured a warrant for Google to grant access to the account, they found emails that Benthall had to himself from that account in November 2013 which contained links to private messages viewable only to members of the site’s forum.

Access to the account also revealed that Benthall made a $70,000 downpayment using Bitcoin on a Tesla Model S, which is worth about $127,000.

The complaint also details that Benthall was in April using OS X 10.9.0, which had been outdated since December 16, 2013 and updated twice since then.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Read more: Defcon founder's message to feds fair to some, hypocritical to others



Join the CSO newsletter!

Error: Please check your email address.

Tags Tor networkHydraGoogle-hosted email accountagoraUS Immigration and Customs Enforcemnt (ICE)Europols cybercrime unit EC3Eurojust. Cloud 9Defcondark net sitesEuropolHomeland Security InvestigationsDread Pirate Roberts (DPR)Flugsvampoperation OnymousSilk Road 2.0Bitcoin

More about AgoraCSOEnex TestLabEUEuropolFBIGoogleRobertsSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts