How the world’s police are taking on the Dark Net

Illustration for article on FBI internet surveillance

This is policing on a global scale.

When the latest big-name Dark Net criminal to be arrested pleaded guilty to 13 child pornography charges in an Australian courtroom earlier this month, it quickly became clear that nothing less than a far-reaching global investigation had brought him down.

The Federal Bureau of Investigation, Australian federal and local police, Canadian law enforcement, and Europol worked together for over two years to shutter the expansive child-pornography network known as PedoEmpire created by now 22-year-old Australian Matthew David Graham, known online as Lux.

“The bad guys, through the use of the Internet, have shrunk the world.”

PedoEmpire was notoriously brutal, even among other Dark Net pedophiles, for the violence of images and video it hosted. Until the network’s abrupt shutdown last year, it previously looked virtually untouchable.

Graham’s arrest might have been a surprise, but the investigation that led up to it followed a familiar pattern.

Vast international law enforcement cooperation on the Dark Net—with the United States often taking a strong lead—is now the new normal.

Sliding down the Silk Road

For the past five years, a concerted effort from the FBI and police around the world have focused in on criminals on the Dark Net, yielding numerous high-profile arrests of suspected cybercriminals of all stripes.

“The bad guys, through the use of the Internet, have shrunk the world,” FBI director James Comey said in a congressional hearing last week. “They’ve made places that are tens, hundreds, thousands of miles apart next door neighbors on the Internet. So the FBI’s strategy is shrink the world back in two ways: Forward deploy FBI cyber agents around the world and also equip our partners around the world with technology, and training, and people so they can help us.”

The most famous Dark Net arrest came in October 2013, when Ross Ulbricht was accused by the FBI of creating and operating the Silk Road drug market, as well as allegedly commissioning multiple murders to secure his business interests.

Instead of the old fashioned way of doing things, Ulbricht did a cyber-perp walk. There were no pictures of him in handcuffs from the trial, but every picture and detail of his life were instantly exposed online as he became the posterchild for Dark Net disaster.

Ulbricht, who was convicted on all counts and sentenced to life in prison earlier this year, was living in the United States when the feds rushed him in a San Francisco library. A crowd of observers and Dark Net denizens instantly criticized Ulbricht as stupid for living inside the U.S. even when it had long been clear that American law enforcement were the website’s biggest threat.

Many of Ulbricht’s employees, however, were not inside U.S. borders. Even so, within weeks of Ulbricht’s arrest, police action in Europe and Australia made obvious the international reach of the investigation.

Talk the talk

For many, the Silk Road case was an introduction to both the Dark Net and the U.S. government’s offensive against criminals using it.

There was clear precedent for Silk Road’s fall, however. Another anonymous drug market known as The Farmer’s Market lived and died on the Dark Net between 2010 and 2012—not to mention being in operation on the normal Internet since 2006 . The investigation to bring down the site included police in the U.S., Netherlands, Colombia, and Scotland.

Police utilized unspecified “new techniques” to deanonymize the Dark Net servers around the globe in an action that shook the very foundation of confidence in Tor’s ability to hide its users.

Just a few months before Silk Road’s reign ended, an FBI-led investigation climaxed with the arrest of Eric Eoin Marques in Ireland. Marques was accused of being the “largest facilitator of child porn on the planet,” according to U.S. law enforcement, a charge that brought focus from American investigators. Marques—who allegedly hosted Graham’s original child porn sites—is still in Irish custody fighting extradition to the U.S., where prosecutors hope to try him in U.S. courts.

In the recent child pornography case involving Graham, the investigation began with the FBI—which has a budget of over $8 billion per year—and was eventually handed off to the Australian Federal Police, which has a small fraction of the budget enjoyed by its American counterpart.

One year after Silk Road was brought down, international cooperation between the FBI and police in 16 other countries launched Operation Onymous against Silk Road 2.0 and other successor markets that ended in the arrest of three people in the United States, two in Sweden, one in Ireland, one in Spain, one in Switzerland, one in Hungary, and eight in the United Kingdom.

The sudden torrent of arrests and the takedown of a wide swath of anonymous websites seized by law enforcement remains perhaps the most stark example of the expansive cooperation between nations to combat Dark Net crimes.

Police utilized unspecified “new techniques” to deanonymize the Dark Net servers around the globe in an action that shook the very foundation of confidence in Tor’s ability to hide its users.

The exact techniques law enforcement used haven’t been revealed. Although the broad scope of the offensive against the Dark Net is increasingly clear, details on how law enforcement carry the offensive out are in exceedingly short supply.

From Washington to London and beyond, police knew that Onymous would seed doubt in Tor users. High-ranking law enforcement lent a megaphone to the doubt too, mocking any criminal who thought they were above being caught on the Dark Net.

“Today we have demonstrated that, together, we are able to efficiently remove vital criminal infrastructures that are supporting serious organised crime,” Troels Oerting, head of Europol’s European Cybercrime Center, said. “And we are not ‘just’ removing these services from the open Internet; this time we have also hit services on the Dark Net using Tor where, for a long time, criminals have considered themselves beyond reach.”

The same tone was struck last week when the FBI’s Comey told Congress that criminals who believe they can use services like Tor to hide from the reach of the FBI are “kidding themselves.”

The confident talk set off a wave of reactions, including an attention-grabbing headline from The Intercept: “FBI Director Claims Tor and the ‘Dark Web’ Won’t Let Criminals Hide From His Agents.”

The article’s premise is that Comey was purposefully implying that the American government had already beat Tor and was able to deanonymize users on the Dark Net at will. When the reporter asked security experts, all of them said Comey was likely bluffing.

The boasting tone parallels that which came through in November 2014, when Silk Road 2.0 was brought low by an FBI-led international investigation.

While Europol claimed as many as 600 “Darkmarkets” were closed by Operation Onymous, European police tweeted a mocking question: “Still think you’re anonymous on the Dark Web? #Onymous.”

A familiar wave of fear took hold as many users questioned whether Tor offered any privacy whatsoever.

Soon, two things became clear. First, the actual number of Dark Net markets closed down in Onymous sits at most at about 50, or 8 percent of what law enforcement originally claimed. Just 17 people were arrested as part of the investigation and, although details are sparse, several were released shortly following the investigation. Second, projecting overwhelming confidence may simply be a job requirement for men in Comey’s position.

While it’s important to note that FBI-centered Dark Net investigations have led to hundreds of arrests around the world over the past five years, it’s equally accurate that dozens of Dark Net markets and thousands of customers are still buying uncounted amounts of illicit substances online, making Dark Net drug dealers millions of dollars every year.

In short, the truth is more complicated than any boastful cop’s tweet will allow.

Where the FBI’s reach ends

Illegal activity on the Dark Net is not limited to child pornography and drug sales. Data breaches of all sorts often involve the Dark Net in some way, including the eventual sale or distribution of the stolen data over anonymous networks.

“The bad guys think it’s a freebie. They’re in their pajamas at their keyboards and they think they can steal anything in America.”

“The bad guys think it’s a freebie. They’re in their pajamas at their keyboards and they think they can steal anything in America. What we’re trying to do is make them look over their shoulder,” Comey explained to a House Intelligence Committee hearing earlier this month. “It’s getting a lot better. Countries around the world see this.”

Comey emphasized the Five Eyes partnership, an intelligence alliance between the U.S., Australia, Canada, New Zealand, and the U.K., that plays a major role in cybercrime investigations, not to mention counterintelligence and counterterrorism.

The U.K. is currently making a concentrated effort to expand its cybercrime investigative reach around the world. The National Crime Agency (NCA), the country’s equivalent of the FBI, is launching into a strategy to work with private security firms globally. The idea is explicitly modeled after the American example.

The Americans, meanwhile, are placing more agents overseas including permanent Cyber Assistant Legal Attachés in London, Ottawa, and Australia.

As far as the United States and its allies are concerned, the biggest problem in this world is apparently Russia, “where it’s very hard for us to get cooperation and get the actors apprehended,” Comey explained. “And so we have to hope to grab them when they leave the country and travel. The good news is, all the successful cybercriminals have lots of dough and want to go on vacation and that’s where, with our partners, we grab ‘em up.”

Russia occupies a privileged position in the dark corners cyberspace. Russia, coupled with China, was mentioned dozens of times at last week’s congressional hearing as the two most advanced nation-state adversaries the United States faces in cyberspace.

In the world of Dark Net crime, however, Russia receives unique focus for the sheer quality of successful cybercriminals within its borders.

Two of the top fugitives on FBI Cyber’s Most Wanted list are said to be currently residing in Russia, including Evgeniy Bogachev, who has a record $3 million reward on his head.

“If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe. But in terms of quality, then Russia is probably the leader,” Vitaly Kamluk, a cybersecurity researcher in Moscow, said in 2013.

It’s no surprise, then, that the lack of cooperation between Moscow and Washington gains special attention. Of course, the United States is home to its own considerable population of cybercriminals.

However, the Internet and the Dark Net within it have enabled an unprecedented globalization of crime, allowing thieves to reach into your bedroom from theirs, even if half the globe separates you from them.

Illustration by Tiffany Pai

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.