US, European Authorities Seize ‘Dark Web’ Sites

Silk Road 2.0 was one of the 410 ‘hidden’ pages taken down in ‘Operation Onymous’ coordinated raids

Hundreds of “hidden” websites, including the Silk Road 2.0 underground marketplace, have been seized by law enforcement agencies in the US and 16 European countries in a coordinated raid that resulted in the arrest of 17 people.

“Operation Onymous”, which took place on Thursday, was the biggest strike yet against sites running on the encrypted Tor (“The Onion Router”) network, taking down 410 pages on 27 sites.

network fibre surveillance data pipes abstract © kentoh Shutterstock‘Dark web’

Tor allows users to operate websites using a special .onion address that conceals the true IP address of the server hosting the page, something taken advantage of by political dissidents and whistleblowers, but also by sites selling illegal goods or information.

US authorities including the FBI and US Immigration and Customs Enforcement worked with Europol on the action, arresting among others 26-year-old Blake Benthall, allegedly the operator of Silk Road 2.0.

Europol said the action is intended to send a message to those attempting to carry out illegal activity using Tor.

“We can now show that they are neither invisible nor untouchable,” said Troels Oerting, head of Europol’s European cyber-crime centre, in a statement. “The criminals can run but they cant hide.”

Other sites seized include firearms dealer Executive Outcomes, counterfeit credit card seller Fake Real Plastic, false passport dealer Fake ID, and US and Euro counterfeit currency sites Fast Cash and Super Notes Counter, while other sites dealt in illegal drugs, hacking tools or personal data that could be used for identity theft, authorities said.

Servers unmasked

”We shut down the original Silk Road website and now we have shut down its replacement, as well as multiple other dark market sites allegedly offering all manner of illicit goods and services, from firearms to computer hacking,” U.S. Attorney Preet Bharara said in a statement.

The agencies didn’t disclose how they were able to track down the true locations of the “hidden” sites, but the Tor project itself said that a number of different types of attacks could have been used to unmask the servers.

It is possible that authorities exploited a vulnerability in Tor’s own software, or in the individual target sites, said Andrew Lewman, Tor’s executive director, in a blog post on Sunday.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

Denial-of-service attack

One of the operators of Doxbin, a site that allowed users to post personal data used for intimidation or identity theft, released log files that showed an apparent denial-of-service attack carried out in August on servers hosted in Germany, suggesting that the attack may have been the way that the .onion site was compromised.

The operator, using the name nachash, suggested in messages to the tor-dev mailing list that the attack may have allowed law-enforcement authorities to connect using Tor routering servers that they controlled, allowing them to see the real IP addresses of the server under attack.

Tor has gained increasingly broad interest following the disclosure of widespread spying activity by US authorities, with Facebook recently creating an .onion page to make the service more easily viewable by people connecting via Tor.

Are you a security pro? Try our quiz!