key on computer hardware

Users are asking what happened, but no one seems to have the answer. 

A crisis of confidence has struck the Dark Net less than a day after law enforcement seized dozens of Dark Net sites for conducting illegal activity.

How could users possibly remain steadfastly confident in the anonymity of Tor, the network that powers much of the Dark Net by anonymizing users, when so many of its were swept up and arrested at once?

Police used unspecified “new techniques to track down the physical location of dark net servers as well as seeing an unprecedented level of international co-operation among law enforcement agencies,” BBC reports. In total, law enforcement shut down around 50 Dark Net sites, many of which allowed people to buy drugs or stolen credit cards.

Across the Web, the world wondered about the future of Tor.

“From this point forward Tor is considered harmful,” one user wrote on Hacker News.

“Planting that seed in your mind was almost certainly one of the goals of this action,” another commenter replied. “Mission accomplished, FBI.”




Both the Federal Bureau of Investigation and Europol have expertly stoked the fires of doubt by broadcasting a triumphant tone and specifically calling out Tor and Dark Net users to watch their back.

“Today we have demonstrated that, together, we are able to efficiently remove vital criminal infrastructures that are supporting serious organised crime,” Troels Oerting, head of Europol’s European Cybercrime Center, said. “And we are not ‘just’ removing these services from the open Internet; this time we have also hit services on the Dark Net using Tor where, for a long time, criminals have considered themselves beyond reach.”

Earlier this year, hackers promised to show how they could break Tor using a $3,000 technique. The presentation was pulled without explanation, although the Tor Project did post a security advisory regarding the talk based on an educated guess. Several observers have speculated that the technique was used in the latest global police actions, but law enforcement has confirmed little or nothing about how most of the sites were seized.

Fear, uncertainty, and doubt surrounding Tor is nothing new. Since the 2013 bust of Freedom Hosting, through the Silk Road 1 shut down, and even when Facebook opened a Tor portal, many have wondered if Tor wasn’t already compromised by the U.S. government.

The United Kingdom’s National Crime Agency joined in the fun, sending out a taunting tweet mocking those who think they are anonymous on Tor.


That’s an interesting tone to take considering different uses of Tor: Businesses use it to stay secure, domestic abuse victims use it to leave abusers, journalists use it to protect sources, and even many cops use it to work undercover and protect their identities.

However, there are a number of reasons to question the increasingly prevalent idea that Tor is broken.

First, despite the fact that some 50 hidden services were seized, only 17 arrests took place and several of those suspects are already out on bail.

Remembering that 17 individuals were taken into custody helps keep the operation in perspective. Because many of the 17 suspects are already out on bail in the U.K., that suggests that these may have been the sort of small time busts that we’ve seen police make for years on the Dark Net by intercepting mail and exploiting users’ poor operational security.

According to the FBI’s criminal complaint, the fall of Silk Road 2 can be credited to a series of profound mistakes by accused mastermind Blake Benthall, including using personal credit cards, giving away his location on social media, and making huge purchases with bitcoins from illicit sources.

Second, the biggest black markets on the Dark Net are still operating smoothly. In fact, Evolution and Agora, two of the top-three largest Dark Net markets, are still growing. The seized websites represent less than a third of total commerce on the Dark Net.

“Still here, working hard, very busy,” Kimble, the owner of the Evolution market, said today after the Silk Road 2 bust. “Please bear with us, thanks.”

Third, if this operation truly represented a break in the anonymity provided by Tor—something that law enforcement clearly wants you to believe—then why are the Dark Net’s biggest child pornography sites still operating? Why are the biggest financial fraud sites still operating? Why are the biggest Dark Net markets still functioning?

The Tor Project declined requests for comment except to remind us that the software’s developers do not condone its use for “these illegal activities.”

U.S. Attorney Preet Bharara piled on the victory party:

“Let’s be clear—this Silk Road, in whatever form, is the road to prison,” he said. “Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”

“Tor has long been considered beyond the reach of law enforcement. This action proves that it is neither invisible nor untouchable,” Alan Woodward, a security consultant for Europol, told the BBC, driving the point home.

In truth, nothing is proven yet either way. But until more details emerge, shaken public confidence in Tor will remain a troubling prospect for the privacy-driven project.

Update 1:35pm ET, Nov. 7: Europol has now told the New York Times that it closed around 50 sites, a marked downgrade from the 414 number previously released. The figures above have been updated with the new information.

Photo by Perspecsys Photos/Flickr (CC BY SA 2.0)

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.