More than 400 .Onion Addresses, Including Dozens of 'Dark Market' Sites, Targeted as Part of Global Enforcement Action on Tor Network
Federal law enforcement has taken action against over 400 Tor hidden service .onion addresses, including dozens of “dark market” websites, that were offering a range of illegal goods and services for sale on the “Tor” network, a special network of computers on the Internet designed to conceal the locations of individuals using it.
The website addresses and computer servers hosting these websites were seized yesterday as part of a coordinated international law enforcement action involving the Justice Department’s Criminal Division, U.S. Attorney’s Office for the Southern District of New York, and law enforcement agencies of approximately 16 foreign nations working under the umbrella of Europol’s European Cybercrime Centre (EC3) and Eurojust. This action follows the arrest on Nov. 5, 2014, of Blake Benthall, aka “Defcon,” for charges brought in the Southern District of New York for his alleged role in operating the Silk Road 2.0 website. This action constitutes the largest law enforcement action to date against criminal websites operating on the “Tor” network.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Preet Bharara of the Southern District of New York, FBI Executive Assistant Director Robert Anderson and Executive Associate Director Peter Edge of Homeland Security Investigations (HSI) made the announcement.
“It is a plain fact that criminals use advanced technology to commit their crimes and conceal evidence – and they hide behind international borders so they can stymie law enforcement,” said Assistant Attorney General Caldwell. “But the global law enforcement community has innovated and collaborated to disrupt these ‘dark market’ websites, no matter how sophisticated or far-flung they have become.”
“As illegal activity online becomes more prevalent, criminals can no longer expect that they can hide in the shadows of the ‘dark web,’” said U.S. Attorney Bharara. “We shut down the original Silk Road website and now we have shut down its replacement, as well as multiple other ‘dark market’ sites allegedly offering all manner of illicit goods and services, from firearms to computer hacking. In coordination with domestic and international law enforcement agencies, we will continue to seize websites that promote illegal and harmful activities, and prosecute those who create and operate them.”
“Working closely with domestic and international law enforcement, the FBI and our partners have taken action to disrupt several websites dedicated to the buying and selling of illegal drugs and other unlawful goods,” said FBI Executive Assistant Director Anderson. “Combating cyber criminals remains a top priority for the FBI, and we continue to aggressively investigate, disrupt, and dismantle illicit networks that pose a threat in cyberspace.”
“Underground websites such as Silk Road and Silk Road 2 are like the Wild West of the Internet, where criminals can anonymously buy and sell all things illegal,” said HSI Associate Director Edge. “We will continue to use all of our resources and work closely with our U.S. and international law enforcement partners to shut down these hidden black market sites, and hold criminals accountable who use anonymous Internet software to peddle their illegal activities.”
According to public documents, the seizure operation targeted the Silk Road 2.0 website and more than 400 hidden services related to dozens of other “dark market” websites that are only accessible to operating on what is known as “The Onion Router” or “Tor” network, a part of the Internet designed to make it practically impossible to physically locate the computers hosting or accessing websites on the network. These sites were all operating online black markets, openly advertising on their home pages and offering to sell a variety of illicit goods and services to customers in the United States and elsewhere. The advertised goods and services included, among other things: illegal narcotics; firearms; stolen credit card data and personal identification information; counterfeit currency; fake passports and other identification documents; and computer-hacking tools and services.
The “dark market” websites were designed to facilitate illicit commerce by providing anonymity to users. The sites were only accessible to users of the Tor anonymizing network. The sites also accepted payments for their illicit goods and services in bitcoin or similar virtual currency designed to be as anonymous.
The operation involved the seizure of over 400 Tor website addresses – known as “.onion” addresses – as well as the servers hosting them. Examples of the websites seized in the operation include:
- “Pandora” (pandora3uym4z42b.onion), “Blue Sky” (blueskyplzv4fsti.onion), “Hydra” (hydrampvvnunildl.onion), and “Cloud Nine” (xvqrvtnn4pbcnxwt.onion), all of which were dark markets similar to Silk Road 2.0, offering an extensive range of illegal goods and services for sale, including drugs, stolen credit card data, counterfeit currency, and fake identity documents.
“Executive Outcomes” (http://iczyaan7hzkyjown.onion), which specialized in firearms trafficking, with offerings including assault rifles, automatic weapons, and sound suppressors. The site stated that it used “secure drop ship locations” throughout the world so that “anonymity [was] ensured” throughout the shipping process, and that all serial numbers from the weapons it sold were “remove[d] . . . and refill[ed] with metal.”
“Fake Real Plastic” (http://igvmwp3544wpnd6u.onion), which offered to sell counterfeit credit cards, encoded with “stolen credit card data” and “printed to look just like real VISA and Mastercards.” The cards were “[g]uaranteed to have at least $2500 left on [the] credit card limit” and could be embossed with “any name you want on the card.”
- “Fake ID” (http://23swqgocas65z7xz.onion), which offered fake passports from a number of countries, advertised as “high quality” and having “all security features” of original documents. The site further advertised the ability to “affix almost all kind of stamps into the passports.”
“Fast Cash!” (http://5oulvdsnka55buw6.onion) and “Super Notes Counter” (http://67yjqewxrd2ewbtp.onion), which offered to sell counterfeit Euros and U.S. dollars in exchange for Bitcoin.
This ongoing investigation is being conducted by the FBI and its New York Special Operations and Cyber Branch, along with its Washington, Philadelphia and Indianapolis Field Offices, and by HSI and its Cyber Crimes Center and Chicago-O’Hare Field Office, with assistance from Drug Enforcement Administration’s (DEA) New York Organized Crime Drug Enforcement Strike Force, which comprises agents and officers of the DEA, the Internal Revenue Service, the New York City Police Department, HSI, the New York State Police, the Bureau of Alcohol, Tobacco, Firearms and Explosives, the U.S. Secret Service, the U.S. Marshals Service, the Office of Foreign Assets Control, and the New York Department of Taxation. The law enforcement authorities of Bulgaria, Czech Republic, Finland, France, Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Netherlands, Romania, Spain, Sweden, Switzerland, and the United Kingdom, whose actions have been coordinated through Eurojust and Europol’s EC3, provided substantial assistance.
The Criminal Division’s Computer Crime and Intellectual Property, Organized Crime and Gang, and Narcotic and Dangerous Drug Sections and the U.S. Attorney’s Office for the Southern District of New York are prosecuting these cases. Substantial assistance was provided by the U.S. Attorneys’ Offices for the District of Columbia, the Eastern District of Washington, the Eastern District of Louisiana, the Western District of New York, the Northern District of Texas, and the Northern District of Georgia. The Criminal Division’s Office of International Affairs and Asset Forfeiture and Money Laundering Section provided substantial assistance.