Operation Onymous

Last updated
Operation Onymous
Europol Building; The Hague; Eisenhowerlaan; Statenkwartier; 2014; photo nr. 41860.jpg
Europol headquarters in The Hague
Operation NameOperation Onymous
TypeDark Market takedown
Roster
Executed by Eurojust, Europol, United Kingdom, United States
# of Countries Participated17+
Mission
TargetOnion Services: Silk Road 2.0, Cloud 9, Hydra, various money laundering sites and contraband sites. Website Administrator aliased as Defcon.
Timeline
Date executedNovember 5 and 6, 2014
Results
Arrests17+
Accounting

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

Contents

Background

Operation Onymous was formed as a joint law enforcement operation between the Federal Bureau of Investigation (FBI) and the European Union Intelligence Agency Europol. [1] The international effort also included the United States Department of Homeland Security, [2] Immigration and Customs Enforcement (ICE), and Eurojust. [3] The operation was part of the international strategies that address the problems of malware, botnet schemes, and illicit markets or darknets. [2] It was also linked with the war on drugs effort with the participation of the U.S. Drug Enforcement Administration (DEA). [4]

Raids

Doxbinseized-640x383.png

On 5 and 6 November 2014, a number of websites, initially claimed to be over 400, were shut down including drug markets such as Silk Road 2.0, Cloud 9 and Hydra. [5] [6] Other sites targeted included money laundering sites and "contraband sites". The operation involved the police forces of 17 countries. [7] In total there were 17 arrests. [5] A 26-year-old software developer was arrested in San Francisco and accused of running Silk Road 2.0 under the pseudonym 'Defcon'. [8] Defcon was "one of the primary targets". [5] Within hours of the seizure a third incarnation of the site appeared, 'Silk Road 3.0'; Silk Road had previously been seized in October 2013, and then resurrected, weeks later, as 'Silk Road 2.0'. [9]

$1 million in Bitcoin was seized, along with 180,000 in cash, gold, silver and drugs. [10] Of the "illicit services" that were initially claimed to have been shut down, [7] few were online marketplaces like Silk Road. A complaint filed on 7 November 2014 in the United States District Court for the Southern District of New York, "seeking the forfeiture of any and all assets of the following dark market websites operating on the Tor network", referred to just 27 sites, fourteen of which were claimed to be drug markets; the others allegedly sold counterfeit currency, forged identity documents or stolen credit cards. [11]

US and European agencies sought to publicise the claimed success of their six-month-long operation, which "went flawlessly". [12] The UK National Crime Agency sent out a tweet mocking Tor users. [13] The official Europol press release quoted a US Homeland Security Investigations official, who stated: "Our efforts have disrupted a website that allows illicit black-market activities to evolve and expand, and provides a safe haven for illegal vices, such as weapons distribution, drug trafficking and murder-for-hire." [10] [12]

Other leading drug markets in the Dark Web were unaffected, such as Agora, Evolution and Andromeda. Whereas Silk Road did not in fact distribute weapons, or offer contract killings, Evolution did allow trade of weapons as well as drugs. [14] Prior to the closure of Silk Road 2.0, Agora already carried more listings than Silk Road, and Evolution was also expected to overtake it. [5] [15] Agora and Evolution are more professional operations than Silk Road, with more advanced security; the arrest of the alleged Silk Road manager is thought to have been largely due to a series of careless mistakes. [13] [14] [16]

The figure of 414 dark net sites, which was widely reported internationally, and appeared in many news headlines, [17] [18] [19] was later adjusted without explanation to "upward of 50" sites. [13] [20] [21] The true figure is thought to be nearer to 27 sites, to which all 414 .onion addresses direct. [16] [20] [22] Australian journalist Nik Cubrilovic claimed to have discovered 276 seized sites, based on a crawl of all onion sites, of which 153 were scam, clone or phishing sites. [23]

Tor 0-day exploit

The number of sites initially claimed to have been infiltrated led to the speculation that a zero-day vulnerability in the Tor network had been exploited. This possibility was downplayed by Andrew Lewman, a representative of the not-for-profit Tor project, suggesting that execution of traditional police work such as tracing Bitcoins [24] was more likely. [17] [13] [25] Lewman suggested that such claims were "overblown" and that the authorities wanted to simply give the impression they had "cracked" Tor to deter others from using it for criminal purposes. [24] A representative of Europol was secretive about the method used, saying: "This is something we want to keep for ourselves. The way we do this, we can’t share with the whole world, because we want to do it again and again and again." [5]

It has been speculated that hidden services could have been deanonymized if law enforcement replicated the research by CERT at Carnegie Mellon University up until the July 30th patch that mitigated the issue. [26] If sufficient relay nodes were DDOSed which would force traffic to route over the attacking nodes, an attacker could perform traffic confirmation attacks aided by a Sybil attack. Logs released by the administrator of Doxbin partially supported this theory. [27]

Court documents released in November 2015 [28] generated serious research ethics concerns in the Tor and security research communities [29] about the warrantless exploit [30] (which presumably had been active in 2014 from February to 4 July). [31] The Tor Project patched the vulnerability and the FBI denied having paid Carnegie Mellon $1 million to exploit it. [32] Carnegie Mellon also denied receiving money. [33]

See also

Related Research Articles

<span class="mw-page-title-main">Silk Road (marketplace)</span> 2011–2013 darknet market most known for the sale of illegal drugs

Silk Road was an online black market and the first modern darknet market. It was launched in 2011 by its American founder Ross Ulbricht under the pseudonym "Dread Pirate Roberts." As part of the dark web, Silk Road operated as a hidden service on the Tor network, allowing users to buy and sell products and services between each other anonymously. All transactions were conducted with bitcoin, a cryptocurrency which aided in protecting user identities. The website was known for its illegal drug marketplace, among other illegal and legal product listings. Between February 2011 and July 2013, the site facilitated sales amounting to 9,519,664 Bitcoins.

<span class="mw-page-title-main">European Cybercrime Centre</span>

The European Cybercrime Centre is the body of the Police Office (Europol) of the European Union (EU), headquartered in The Hague, that coordinates cross-border law enforcement activities against computer crime and acts as a centre of technical expertise on the matter.

The dark web is the World Wide Web content that exists on darknets that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

Agora was a darknet market operating in the Tor network, launched in 2013 and shut down in August 2015.

<span class="mw-page-title-main">Evolution (marketplace)</span> Former darknet market

Evolution was a darknet market operating on the Tor network. The site was founded by an individual known as 'Verto' who also founded the now defunct Tor Carding Forum. Evolution was active between 14 January 2014 and mid-March 2015.

<span class="mw-page-title-main">Doxbin (darknet)</span> Defunct document sharing website

Doxbin was an onion service in the form of a pastebin used to post or leak personal data of any person of interest.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

<span class="mw-page-title-main">Utopia (marketplace)</span> Former darknet market

Utopia was a darknet market similar to The Silk Road that facilitated sale of illegal items such as narcotics, firearms, stolen bank account information and forged identity documents. Utopia was based on Black Market Reloaded and has ties to it.

DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin, and related news. The website was seized on May 7, 2019, during an investigation into the owners' affiliate marketing model, in which they received money for posting links to certain darknet markets, and for which they were charged with conspiracy to commit money laundering. In March 2021 site administrator Tal Prihar pleaded guilty to his charge of conspiracy to commit money laundering.

Grams was a search engine for Tor based darknet markets launched in April 2014, and closed in December 2017. The service allowed users to search multiple darknet markets for products like drugs and guns from a simple search interface, and also provided the capability for its users to hide their transactions through its bitcoin tumbler Helix.

Atlantis was a darknet market founded in March 2013, the third such type of market, concurrent with The Silk Road and Black Market Reloaded. It was the first market to accept Litecoin.

The Russian Anonymous Marketplace or RAMP was a Russian language forum with users selling a variety of drugs on the Dark Web.

The Tor Carding Forum (TCF) was a Tor-based forum specializing in the trade of stolen credit card details, identity theft and currency counterfeiting. The site was founded by an individual known as 'Verto' who also founded the now defunct Evolution darknet market.

Nik Cubrilovic is an Australian former hacker and leading internet security blogger.

Operation Bayonet was a multinational law enforcement operation culminating in 2017 targeting the AlphaBay and Hansa darknet markets. Many other darknet markets were also shut down.

Operation DisrupTor was an international investigation targeting drug traffickers on the dark web. Coordinated by the Joint Criminal Opioid and Darknet Enforcement, the operation was initiated and managed by the Federal Bureau of Investigation. The operation also included assistance from the Drug Enforcement Administration, U.S. Immigration and Customs Enforcement, United States Secret Service, United States Postal Inspection Service, IRS Criminal Investigation, Bureau of Alcohol, Tobacco, Firearms and Explosives, and local law enforcement agencies.

<span class="mw-page-title-main">Darknetlive</span> Online news outlet covering the dark web

Darknetlive was a news and information site covering darknet markets and other dark web activities.

Operation Dark HunTOR was an international law enforcement operation targeting opioid trafficking and other illegal activities on The Onion Router (TOR). The operation, which was conducted across the United States, Australia, and Europe, over a period of 10 months. In addition Europol released a statement that said the operation was composed of a series of separate but complementary actions in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the United Kingdom and the United States, with coordination efforts led by Europol and Eurojust; which greatly expands on the initial number of countries that the US press releases indicated.

Operation SpecTor was an operation coordinated by Europol, which involved nine countries, including the United States, Austria, France, Germany, and the Netherlands to disrupt fentanyl and opioid distribution. The operation targeted and took down the darknet market "Monopoly Market."

References

  1. Blowers, Misty (2015). Evolution of Cyber Technologies and Operations to 2035. Dordrecht: Springer. p. 133. ISBN   9783319235844.
  2. 1 2 Chaudhry, Peggy E. (2017). Handbook of Research on Counterfeiting and Illicit Trade. Cheltenham: Edward Elgar Publishing. pp. 182, 375. ISBN   9781785366444.
  3. Kremling, Janine; Parker, Amanda M. Sharp (5 September 2017). Cyberspace, Cybersecurity, and Cybercrime. SAGE Publications. ISBN   9781506392288.
  4. Adorjan, Michael; Ricciardelli, Rose (10 June 2016). Engaging with Ethics in International Criminological Research. Routledge. ISBN   9781317382874.
  5. 1 2 3 4 5 Greenberg, Andy (7 November 2014). "Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains". Wired .
  6. Greenberg, Andy (6 November 2014). "Not Just Silk Road 2: Feds Seize Two Other Drug Markets and Counting". Wired .
  7. 1 2 Fox-Brewster, Tom (7 November 2014). "Silk Road 2.0 targeted in 'Operation Onymous' dark-web takedown". The Guardian. Retrieved 7 November 2014.
  8. McMillan, Robert. "Alleged Silk Road 2 Mastermind Worked for Ex-Googler's Secret Startup". Wired. ISSN   1059-1028 . Retrieved 6 April 2023.
  9. Cook, James (7 November 2014). "There's Already A Silk Road 3.0". UK Business Insider. Retrieved 8 November 2014.
  10. 1 2 "Global Action Against Dark Markets On Tor Network". Europol. 7 November 2014. Retrieved 9 November 2014.
  11. Vinton, Kate (7 November 2014). "So Far Feds Have Only Confirmed Seizing 27 "Dark Market" Sites In Operation Onymous". Forbes. Retrieved 8 November 2014.
  12. 1 2 Cook, James (7 November 2014). "More Details Emerge Of How Police Shut Down Over 400 Deep Web Marketplaces As Part Of 'Operation Onymous'". UK Business Insider. Retrieved 9 November 2014.
  13. 1 2 3 4 O'Neill, Patrick Howell (7 November 2014). "The truth behind Tor's confidence crisis". The Daily Dot. Retrieved 10 November 2014.
  14. 1 2 Greenberg, Andy. "The Dark Web Gets Darker With Rise of the 'Evolution' Drug Market". Wired. ISSN   1059-1028 . Retrieved 6 April 2023.
  15. Ingraham, Christopher (6 November 2014). "The FBI promises a perpetual, futile drug war as it shuts down Silk Road 2.0". Washington Post. Retrieved 7 November 2014.
  16. 1 2 Hern, Alex (11 November 2014). "Operation Onymous may have exposed flaws in Tor, developers reveal". The Guardian. Retrieved 12 November 2014.
  17. 1 2 Wakefield, Jane (7 November 2014). "Huge raid to shut down 400-plus dark net sites". BBC. Retrieved 10 November 2014.
  18. Alistair Charlton (7 November 2014). "Operation Onymous: Six Britons Arrested as Police Bust 400 Drug Dealing Dark Websites". International Business Times. Retrieved 10 November 2014.
  19. Williams, Martyn (7 November 2014). "Biggest ever Tor raid hits 410 underground sites; 17 arrested". PC World. Retrieved 10 November 2014.
  20. 1 2 O'Neill, Patrick Howell (7 November 2014). "Just how many Dark Net sites did cops really shut down?". The Daily Dot. Retrieved 10 November 2014.
  21. Carvajal, Doreen; Weiser, Benjamin (7 November 2014). "International Raids Target Sites Selling Contraband on the 'Dark Web'". New York Times. Retrieved 10 November 2014.
  22. Lee, Dave (10 November 2014). "Dark net experts trade theories on 'de-cloaking' after raids". BBC. Retrieved 11 November 2014.
  23. Cubrilovic, Nik (17 November 2014). "Large Number of Tor Hidden Sites Seized by the FBI in Operation Onymous were Clone or Scam Sites". Archived from the original on 18 November 2014. Retrieved 14 January 2015.
  24. 1 2 Lee, Dave (10 November 2014). "Dark net raids were 'overblown' by police, says Tor Project" . Retrieved 22 August 2015.
  25. Knight, Shawn (7 November 2014). "Operation Onymous seizes hundreds of darknet sites, 17 arrested globally". Techspot. Retrieved 8 November 2014.
  26. Gingold, Naomi (8 December 2014). "Did the FBI Break Tor?" . Retrieved 9 August 2015.
  27. Gallagher, Sean (11 November 2014). "Did Feds Use DDoS Attacks to Deanonymize Darknet Sites Seized in Operation Onymous?". Archived from the original on 30 November 2014. Retrieved 9 August 2015.
  28. Cox, Joseph (11 November 2015). "Court Docs Show a University Helped FBI Bust Silk Road 2, Child Porn Suspects". Motherboard.
  29. Green, Matthew (12 November 2015). "Why the attack on Tor matters". Ars Technica.
  30. Zorz, Zeljka (12 November 2015). "Tor Project claims FBI paid university researchers $1m to unmask Tor users". Help Net Security.
  31. Knibbs, Kate (30 July 2014). "Attack on Tor Has Likely Stripped Users of Anonymity". Gizmodo. Gawker Media.
  32. Farivar, Cyrus (13 November 2015). "FBI: "The allegation that we paid CMU $1M to hack into Tor is inaccurate"". Ars Technica.
  33. Vaas, Lisa (20 November 2015). "Carnegie Mellon denies FBI payment for Tor-cracking technique". Sophos.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.