Users of the dark web are protected by a veil of technological anonymity. This has given majority of the users a sense of security and belief that they are beyond the reach of law enforcement officer. This has been proven to be wrong in a large number of instances where users have been busted by these officers.
These are ways among others that have been used to bust a majority of the users.
Even after the sophisticated technology to guarantee users anonymity, the dark web market vendors depend on the postal system or ordinary couriers to deliver their products such as drugs.
Even after taking a lot of care to ensure that the products are not seized by the custom authorities, law enforcement officers may investigate where the package is being sent to or where it is being sent from.
In other cases the post offices provide a good surveillance opportunity for the Feds.
A perfect example is of Chukwuemeka Okparaeke who was a Fentanyl dealer in the Alphabay dark web marketplace. According to a filing by the US department of Justice (DOJ), Okparaeke was seen at several post offices in Midtown New York. He was also fond of buying priority delivery stamps in bulk and to add to all this, the postal staff had viewed his driving license. His biggest mistake however was depositing large numbers of packages at US post offices while wearing latex gloves. This caught attention of the postal staff.
Law enforcement was already interested in that area as a source of fentanyl analogs and as such an approach by a postal inspector was seriously taken. The officers placed an order with fentmaster at Alphabay and were able to arrest Okparaeke after successfully being able to tie him to the fentanyl he sent them.
On his arrest his phone was found to have the private internet access VPN app, Orbot TOR proxy app and a bitcoin app. He also had not cleared his browsing history and was thus easily tied to the drug dealing activities.
Delivery of products through the post office continues to pose a big challenge for a majority of vendors in the dark web markets.
Digging through seized data.
An arrest of a vendor or seizure of a marketplace can provide a large amount of data in which investigators find leads they then can use to bust other dark web users.
Through Operation onymous, which was an international law enforcement operation targeting dark web markets and other services operating on the TOR network, marketplaces such as Silk Road 2.0, Hydra and Cloud 9 were seized and shut down.
The operation provided information that led to up to 17 arrests in different countries. One of the arrests made during the operation was of a Durham couple who were operating as cannabis shop on Silk Road 2.0.
More busts as a result of Operation onymous can be read here.
Open source information
Users of the dark web markets may leave digital footprints in open forums or public documents that eventually disclose their identities to investigators.
Ross Ulbricht the creator of the original Silk Road marketplace had his identity revealed by a special agent with the Criminal investigation Unit of the Internal Revenue Service (IRS) Gary Alford, who after googling the onion address of Silk Road on the normal internet, found an advertisement made by Ulbricht on a famous bitcoin forum bitcoin.org under the username altoid in a bid to attract more customers onto the Silk Road. A post from several months later on the same forum showed the personal email of Ulbricht [email protected] in the text of the post, a later search on his email confirmed that he had set up an account on bitcoin.org under his personal email address.
Availability of his personal information highly contributed to his arrest and conviction resulting in a life sentence without parole.
A simple google search took down Ross Ulbricht who was a major player in the development of all dark web markets.
Due to availability of tools that provide users with anonymity, it is impossible to really know who is at the other end of a conversation. Law enforcement have taken advantage of these anonymity tools and posed as vendors, buyers or even administrators of marketplaces without the knowledge of other users. This has enabled them to bring down marketplaces while also busting the administrators, vendors and buyers.
Dutch Law enforcement took control of Hansa on June 20 this year after arresting two of its administrators in Germany. They secretly ran the site while monitoring activities of the users. They were able to obtain addresses and identities of a majority of the users.
The undercover operation led to arrest of a number of Hansa users. In the Netherlands the law enforcement arrested a 28 years old man for allegedly selling cannabis both domestically and internationally through the Hansa site using Quality weeds as his vendor name.
Other arrests attributed to the undercover operation by the Dutch authorities at Hansa has been made in other countries such as Australia by the Australian Federal Police (AFP).
Authorities have tried to circumvent TOR by attacking the endpoint which is usually the computers being used by the individuals visiting the dark web sites. Hacking could be the most effective way of identifying users since once it is successful, a large number of computers can be unmasked and the IP addresses of the users can be disclosed.
Back in February 2015, the FBI seized a dark web child pornography site Playpen in an operation called Operation pacifier and ran the site from a government facility in Virginia for two weeks. During this time the agency deployed a hacking tool they called Network Investigative Technique (NIT). The tool was used to expose IP addresses of those accessing the site on the assumption that they were either trying to distribute or access child pornography.
Using the NIT the FBI were able to obtain over a thousand users of playpen users based in the US.
The hacking operation resulted into arrests of more than 135 people in 18 states in the US over child pornography cases.