U.S., European authorities strike against Internet’s black markets - shut down more than 400 sites
U.S., European authorities strike against Internet’s
black markets
By Craig Timberg and Ellen Nakashima November 7 at 4:34
PM
U.S. and European law enforcement agencies Friday
announced the largest strike ever against the Internet’s thriving black
markets, shutting down more than 400 sites and arresting 17 people for
allegedly selling drugs, weapons and illegal services to anonymous buyers
worldwide.
The sweep of the crackdown marked a new level of
aggressiveness and coordination by Western governments determined to police
shadowy corners of the Internet.
Government evidence showed the shuttered sites were
offering a remarkable variety of illicit goods, including cocaine, counterfeit
money and explosives.
Many once thought this trade was beyond the reach of
police because the sites were accessible only through Tor, a service created by
the U.S. government that directs Internet traffic through a succession of
routers to hide the identities of users and the locations of servers. The
ability of investigators to unmask the alleged operators of Tor sites sent
shivers through those who use the service for more legitimate purposes, such as
political activists, journalists and diplomats.
Several experts suggested that Tor’s ability to protect
users and the locations of servers may have been compromised on a mass scale by
sophisticated technological tools used by a coalition of Western law
enforcement agencies that has been targeting what is often called “The Dark Web.”
“There are no guarantees of anonymity,” said Steve
Bellovin, a Columbia University computer science professor. “It’s clear that
buying [illicit goods] on something like Tor is not as safe as people thought a
year ago.”
The strike on the Dark Web — code named “Operation
Onymous,” a word meaning the opposite of anonymous — began Wednesday with the
arrest of a San Francisco man, Blake Benthall, 26, for allegedly starting an
illicit online marketplace called Silk Road 2.0. That site began operations a year
ago, one month after the FBI shut down a predecessor, called Silk Road. He was
charged with several felonies that could lead to lifelong imprisonment.
The action spread internationally Thursday and Friday as
authorities in the United States and 16 European nations shut down 410 sites
that were reachable through Tor and allowed anonymous transactions, typically
using virtual currencies, such as bitcoin, that were difficult for police to
track. Police seized bitcoins worth $1 million and $224,000 worth of euros,
along with drugs, gold and silver, authorities said.
“It is a plain fact that criminals use advanced
technology to commit their crimes and conceal evidence — and they hide behind
international borders so they can stymie law enforcement,” said Assistant
Attorney General Leslie R. Caldwell in a statement. “But the global law
enforcement community has innovated and collaborated to disrupt these ‘dark
market’ websites, no matter how sophisticated or far-flung they have become.”
The sites, with names such as “Hackintosh” and “Pablo
Escobar Drug Store,” were found in England, Germany, France, Bulgaria, Spain
and Switzerland, among other nations, according to Europol, the European
Union’s law enforcement agency.
“We are not ‘just’ removing these services from the open
Internet; this time, we have also hit services on the Darknet using Tor where,
for a long time, criminals have considered themselves beyond reach,” said
Troels Oerting, head of the European Cybercrime Centre, part of Europol. “We
can now show that they are neither invisible nor untouchable. The criminals can
run, but they can’t hide. And our work continues.”
Tor — a name that began as an acronym for “The Onion
Router” because it wrapped Internet traffic in protective layers of encryption
to hide a user’s identity — was developed by the U.S. Naval Research Laboratory
and is run by a nonprofit group that receives State Department funding.
It is popular among privacy activists despite its
limitations. A planned talk at a security conference this summer, by
researchers at Carnegie Mellon University, was slated to reveal ways that
attackers could identify Tor users — a process called “de-anonymization.” The
talk was abruptly canceled, raising suspicions that the techniques were
unexpectedly sensitive.
That incident generated considerable discussion in the
online privacy and security community Friday as news of the crackdown spread.
Yet many experts said the takedown may have been unrelated to the Carnegie
Mellon de-anonymization techniques because there are numerous ways to
potentially target illegal sites on Tor, including some traditional ones such
as recruiting informants.
Andrew Lewman, executive director of the Tor Project,
which runs the service, said in an e-mail that it does not condone its use for
illegal purposes and that it was unclear how authorities discovered the
operators of the illicit sites.
“We don’t have any more information. It seems old
fashioned police work continues to work well,” he said. “Until we have more
details, we cannot speculate any further.”
The investigation took at least two years, said
individuals familiar with the matter, who spoke on the condition of anonymity
to speak freely. The actual takedown of the illicit sites was highly coordinated
and took place within one hour.
Court orders and search warrants had to be coordinated.
Key alleged operators, such as Benthall, had to be in custody. Anyone going to
one of the actual sites will now see a message saying the site was seized by
the U.S. government or the relevant law enforcement agency in that country.
Rodney Joffe, a senior vice president of Neustar, a data
analytics firm in Northern Virginia, said: “This is a big deal. They just hit a
large number of bad guys internationally who thought they were operating below
the radar. What it does is send a really big message that operating on the Dark
Web isn’t a guarantee of your staying out of sight. They all thought this was a
new domain where, ‘We can operate for many years without anyone going after
us.’ They just learned that’s not the case.”
Experts said there were several possible avenues of
attack, including using an undisclosed flaw — typically called a “zero-day” —
to gain access to computers on the Tor network. It also would be possible, the
experts added, to gradually test possible routes through the Tor network over
time by tracking certain data packets to map out how traffic flowed.
The National Security Agency has put considerable energy
into penetrating Tor, The Washington Post reported last year based on
top-secret documents provided by former NSA contractor Edward Snowden.
The FBI and its European partners declined to explain how
their operation worked, fueling the speculation.
“I am 95 percent certain that they performed a massive
de-anonymization attack on Tor hidden servers and were able to shut down all
their targeted servers in the U.S., Europe or anywhere else where U.S. law has
meaning,” said Nicholas Weaver, a computer science researcher at the University
of California at Berkeley.
Weaver said the operation probably reached its limits in
nations that have cool relations with the United States, such as Russia, long a
hotbed of illegal activity on the Internet. He predicted that Russia’s
reputation as a safe haven from U.S. law enforcement activity would only grow
after this week’s crackdown.
Andrea Peterson contributed to this report.
Comments
Post a Comment