Europol, FBI dragnet: Cybercrime network ‘Dark Web’ plotted Trump, Pence assassinations
Months of preparation and coordination have resulted on Thursday in the takedown of two of the largest criminal Dark Web markets, AlphaBay and Hansa. Besides illegal drugs, fraudulent visas, gun trafficking and hacking, it was discovered that the suspects were seeking contributions to hire assassins to kill U.S. President Donald Trump and Vice President Mike Pence.
While the law enforcement agencies involved in the takedown announced the various activities of the Dark Web including the Trump threat, most of the U.S. news media — except Newsweek — omitted reporting the Trump part of the story.
The Justice Department announced the seizure of the largest criminal marketplace on the Internet, AlphaBay, which operated for over two years on the dark web and was used to sell deadly illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals throughout the world. “The international operation to seize AlphaBay’s infrastructure was led by the United States and involved cooperation and efforts by law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, as well as the European law enforcement agency Europol,” noted Attorney General Jeff Sessions on Thursday.
Two major law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of Europol, have shut down the infrastructure of an underground criminal economy responsible for the trading of over 350 000 illicit commodities including drugs, firearms and cybercrime malware. The coordinated law enforcement action in Europe and the US ranks as one of the most sophisticated takedown operations ever seen in the fight against criminal activities online.
“This is an outstanding success by authorities in Europe and the US,” Rob Wainwright, the Executive Director of Europol, said today, while appearing alongside the US Attorney General, Acting FBI Director and Deputy Director of the US Drug Enforcement Administration (DEA), at a special press conference in Washington DC. “The capability of drug traffickers and other serious criminals around the world has taken a serious hit today after a highly sophisticated joint action in multiple countries. By acting together on a global basis the law enforcement community has sent a clear message that we have the means to identify criminality and strike back, even in areas of the Dark Web. There are more of these operations to come,” he added.
Dimitris Avramopoulos, European Commissioner for Migration, Home Affairs and Citizenship, said: “The Dark Web is growing into a haven of rampant criminality. This is a threat to our societies and our economies that we can only face together, on a global scale. The take-down of the two largest criminal Dark Web markets in the world by European and American law enforcement authorities shows the important and necessary result of international cooperation to fight this criminality. I congratulate the American and Dutch authorities for their successful work, as well as Europol for centrally supporting this endeavor. Our fight against criminal activities online and offline will continue and intensify.”
Julian King, EU Commissioner for the Security Union, said: “This latest success demonstrates not just the growing threat posed by increasingly sophisticated criminal enterprises exploiting the largely unregulated space occupied by the internet but also the vital role of international cooperation among law enforcers, the private sector, national authorities and international organisations in making all of us safer from global, borderless menaces.”
Popular Dark Web marketplaces
AlphaBay was the largest criminal marketplace on the Dark Web, utilizing a hidden service on the Tor network to effectively mask user identities and server locations. Prior to its takedown, AlphaBay reached over 200 000 users and 40 000 vendors. There were over 250 000 listings for illegal drugs and toxic chemicals on AlphaBay, and over 100 000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and fraudulent services.
A conservative estimation of USD 1 billion was transacted in the market since its creation in 2014. Transactions were paid in Bitcoin and other cryptocurrencies. Hansa was the third largest criminal marketplace on the Dark Web, trading similarly high volumes in illicit drugs and other commodities. The two markets were created to facilitate the expansion of a major underground criminal economy, which affected the lives of thousands of people around the world and was expressly designed to frustrate the ability of law enforcement to bring offenders to justice.
Europol has been supporting the investigation of criminal marketplaces on the Dark Web for a number of years. With the help of Bitdefender, an internet security company advising Europol’s European Cybercrime Centre (EC3), Europol provided Dutch authorities with an investigation lead into Hansa in 2016.
Subsequent inquiries located the Hansa market infrastructure in the Netherlands, with follow-up investigations by the Dutch police leading to the arrest of its two administrators in Germany and the seizure of servers in the Netherlands, Germany and Lithuania. Europol and partner agencies in those countries supported the Dutch National Police to take over the Hansa marketplace on June 20, 2017 under Dutch judicial authorization, facilitating the covert monitoring of criminal activities on the platform until it was shut down today, 20 July 2017. In the past few weeks, the Dutch Police collected valuable information on high value targets and delivery addresses for a large number of orders. Some 10 000 foreign addresses of Hansa market buyers were passed on to Europol.
In the meantime, an FBI and DEA-led operation, called Bayonet, was able to identify the creator and administrator of AlphaBay, a Canadian citizen living a luxurious life in Thailand. On 5 July 2017, the main suspect was arrested in Thailand and the site taken down. Millions of dollars worth of cryptocurrencies were frozen and seized. Servers were also seized in Canada and the Netherlands.
Law enforcement strategy
In shutting down two of the three largest criminal marketplaces on the Dark Web, a major element of the infrastructure of the underground criminal economy has been taken offline. It has severely disrupted criminal enterprises around the world, has led to the arrest of key figures involved in online criminal activity, and yielded huge amounts of intelligence that will lead to further investigations. But what made this operation really special was the strategy developed by the FBI, DEA, the Dutch Police and Europol to magnify the disruptive impact of the joint action to take out AlphaBay and Hansa.
This involved taking covert control of Hansa under Dutch judicial authority a month ago, which allowed Dutch police to monitor the activity of users without their knowledge, and then shutting down AlphaBay during the same period. It meant the Dutch police could identify and disrupt the regular criminal activity on Hansa but then also sweep up all those new users displaced from AlphaBay who were looking for a new trading platform. In fact they flocked to Hansa in their droves, with an eight-fold increase in the number of new members of Hansa recorded immediately following the shutdown of AlphaBay. As a law enforcement strategy, leveraging the combined operational and technical strengths of multiple agencies in the US and Europe, it has been an extraordinary success and a stark illustration of the collective power the global law enforcement community can bring to disrupt major criminal activity.
Europol as a central hub
Europol has played a coordinating and de-conflicting role in both investigations. From the outset, Europol’s European Cybercrime Centre (EC3) provided technical and forensic support to the Hansa marketplace investigation. In addition Europol’s technical expertise was made available to the Dutch investigators in clouding on-the-spot deployment, as they gained control of Hansa. Subsequently to this, intelligence packages were prepared and sent out to law enforcement partners across 37 countries, spawning many follow-up investigations across Europe and beyond. Some of the intelligence extracted contains relevant information regarding the destination of drugs and is meant to inform the relevant countries about planned shipments of drugs. Overall more than 38 000 transactions have been identified and Europol sent more than 600 communications. To ensure smooth coordination between the two investigations into AlphaBay and Hansa, Europol hosted a coordination meeting with leading law enforcement partners. Overall, 12 different agencies sat down together and collectively mapped out and agreed the overall strategy for the two operations.
In early July, Europol hosted a command post staffed with representatives from the US FBI, DEA and Department of Justice, working alongside specialist staff from EC3. This command post was the central hub for information exchange during the AlphaBay operation. Europol’s secure communication channels were used to exchange information between and receive data contributions from partners. Europol continues to support the FBI, DEA, the Dutch National Police and other partners on the forensic work that needs to be performed on huge amounts of seized material.