The anonymity afforded by the Tor network has led to the creation of numerous “darknet markets,” where people buy and sell illegal goods like drugs, malware, fake IDs, weapons, and more. These operations have been famously difficult to stop. But an international team of law enforcement agencies just executed an impressive takedown of two of the largest darknet markets. Law enforcement even ran one of the services for weeks to gather information on users.
The darknet markets in question are Alphabay and Hansa, both of which have similar setups to the infamous Silk Road. That site was taken offline several years ago, landing founder Ross Ulbricht in prison for life. These so-called “hidden services” operate on the Tor network, so they cannot be accessed without first connecting to Tor. The Tor network is made up of encrypted nodes across the globe, none of which know anything about the packets that pass through except which node they came from and which one they’re going to next. After a few hops, a connection is mostly anonymous.
For a long time, Tor hidden services seemed to be beneath the notice of law enforcement, but that’s no longer the case. In its latest operation, law enforcement agencies from the US, the Netherlands, Germany, Canada, Thailand, and other countries worked together to take down Alphabay and Hansa. Dutch authorities began investigating Hansa in 2016, and were able to arrest two admins of the site last month. However, instead of shutting Hansa down immediately, the police kept the lights on. It was a honeypot, and police set it up to catch a lot of users.
According to Dutch police, they began logging all Hansa transactions on June 20th. It wasn’t until July 5th that the trap was sprung. That’s when Thai police arrested Canadian Alexandre Cazes, the founder of Alphabay. Police claim they were led to Cazes by an email address he accidentally left in a welcome email that was sent to new users of Alphabay. However, users of the site contend no such emails were sent out, so it’s unclear to what police are referring. Cazes can’t offer any clarification as he committed suicide in Thailand while awaiting extradition to the US.
Alphabay was the largest darknet market before its seizure by authorities, and shutting it down sent users in search of other sites—including Hansa. Dutch police say traffic on Hansa spiked by more than eight-fold in the wake of Alphabay’s shutdown. With the site already equipped to unmask users, police gathered a wealth of data on both buyers and sellers. The scale of the deception was only revealed Thursday when police took Hansa offline and replaced it with the above page. It lists vendors that have been arrested, as well as buyers who have been identified.
The full scale of the operation is still unclear, but it’s far from over. Europol says it alone has received more than 10,000 shipping addresses for buyers of illegal goods on Hansa. The numbers could be similar elsewhere.