Dark Web takedown

CERT-LatestNews Security News ThreatsCybercrime ThreatsStrategic Uncategorized

Law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of the EU policing agency Europol, have shut down the infrastructure of an underground criminal economy responsible for the trading of over 350,000 illicit commodities including drugs, firearms and cybercrime malware. Rob Wainwright, the Executive Director of Europol hailed it as ‘an outstanding success by authorities in Europe and the US’.

AlphaBay was the largest criminal marketplace on the Dark Web, using a hidden service on the Tor network to effectively mask user identities and server locations. Before its takedown, AlphaBay reached over 200,000 users and 40,000 vendors. There were over 250 000 listings for illegal drugs and toxic chemicals on AlphaBay, and over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and fraudulent services. At a conservative estimate by the authorities, a billion dollars were transacted in the market since its creation in 2014. Transactions were paid in Bitcoin and other cryptocurrencies. Hansa was the third largest criminal marketplace on the Dark Web, trading similarly high volumes in illicit drugs and other commodities.

With the help of Bitdefender, an internet security company advising Europol’s European Cybercrime Centre (EC3), Europol provided Dutch authorities with an investigation lead into Hansa in 2016. Enquiries located the Hansa market infrastructure in the Netherlands, with follow-up investigations by the Dutch police leading to the arrest of its two administrators in Germany and the seizure of servers in the Netherlands, Germany and Lithuania. Europol and partner agencies in those countries supported the Dutch National Police to take over the Hansa marketplace on June 20, 2017 under Dutch judicial authorisation, facilitating the covert monitoring of criminal activities on the platform until it was shut down on July 20.


Andrei Barysevich, Director of Advanced Collection at Recorded Future, says: “Coordinated closure of two of the most popular underground marketplaces shows the level of sophistication and, most importantly, the willingness of international law enforcement agencies to combat cybercrime jointly.

“The successful takedown of AlphaBay and Hansa marketplaces — the largest police operation since SilkRoad — has already significantly disturbed the underground economy, and I expect to see the level of cybercrime go down in the short term. Despite recent news, we don’t expect criminals to abandon dark web marketplaces, as the business opportunity of exposure to hundreds of thousands of buyers is too lucrative and as we have seen before, eventually new market leaders will arise, filling the void.”