p> Following yesterday’s take down of online drugs bazaar Silk Road 2.0, European authorities revealed a much wider effort was underway that targeted over 400 dark net sites.
The EU’s law enforcement agency Europol announced on Friday that it had made 17 arrests of vendors and administrators of marketplaces that operate as hidden services on the Tor network, in addition to seizing US$1bn in Bitcoin, €180,000 in cash, as well as drugs, gold and silver.
The arrests were the result of operation “Onymous”, a joint effort by the Europol’s cybercrime unit, EC3, the FBI, the US Immigration and Customs Enforcement (ICE), Homeland Security Investigations and Eurojust.
According to the UK’s National Crime Agency, a total of 400 dark net websites were taken down. While Europol hasn’t said who was arrested, the NCA revealed the names of six people of the 17 who were arrested in the UK and accused of supplying controlled drugs. Two more people were arrested in Sweden.
Some of the sites taken down include Cloud 9, Hydra and Flugsvamp, but perhaps the largest, Agora, remains online.
European nations involved in the Onymous include Bulgaria, Czech Republic, Finland, France, Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Netherlands, Romania, Spain, Sweden, Switzerland, United Kingdom.
The European action followed yesterday’s announcement that US authorities had seized the website of Silk Road 2.0 and arrested its alleged operator, Blake Benthall.
Silk Road 2.0 emerged shortly after the seizure last October of the original Silk Road and the arrest of its alleged administrator, Ross Ulbricht, also known as Dread Pirate Roberts (DPR). One of the controversies in Ulbricht’s defence is exactly how authorities were able to identify the Silk Road server. Ulbricht has also denied being DPR.
A similar mystery remains in the takedown of Silk Road 2.0, however, the complaint unsealed yesterday revealed a series of blunders that seem to tie Benthall more definitively to ‘Defcon’ — the name of the site’s main administrator.Read more: SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices
Benthall, a 26 year old software developer who resided San Francisco and briefly worked for Elon Musk’s Space X, arguably should have known better than to use a Google-hosted email address — registered in his real name — to communicate with providers of servers that hosted his high risk operation.
According to documents unsealed on Thursday, that’s exactly what Benthall did, providing law enforcement with information that is crucial to pinning him for operating Silk Road 2.0, which was said to have had a turnover of $8m a month by October this year.
The seeds of Silk Road 2.0’s demise were sewn at the outset. According to the criminal complaint and request for a warrant lodged in May this year, an undercover agent from the Department of Homeland Security had by last October convinced the emerging site’s support staff to grant access to private message boards that were only available to Benthall and his admin staff.
Benthall had also used a Google-hosted email account firstname.lastname@example.org to submit service requests with the unnamed hosting provider where the Silk Road 2.0 server was hosted.Read more: Hackers, Security Pros Talk Penetration Testing, Social Engineering
After investigators had secured a warrant for Google to grant access to the account, they found emails that Benthall had to himself from that account in November 2013 which contained links to private messages viewable only to members of the site’s forum.
Access to the account also revealed that Benthall made a $70,000 downpayment using Bitcoin on a Tesla Model S, which is worth about $127,000.
The complaint also details that Benthall was in April using OS X 10.9.0, which had been outdated since December 16, 2013 and updated twice since then.
This article is brought to you by Enex TestLab, content directors for CSO Australia.Read more: Defcon founder's message to feds fair to some, hypocritical to others