Feds Crack Down on Darknet Vendors of Illicit GoodsDHS Agents Posed as Money Launderers, Helping Suspects Cash Out Cryptocurrency
Reminder: Using darknet sites and cryptocurrency isn't a foolproof way to disguise illicit activities.
See Also: DevOps - Security's Big Opportunity
On Tuesday, federal prosecutors said that in recent weeks, federal agents have arrested more than 35 suspects as part of what the U.S. Justice Department is billing as "the first nationwide undercover action to target vendors of illicit goods on the darknet." Authorities say that as part of the operation, so far they've seized of massive quantities of illicit narcotics - including one psychedelic mushroom grow farm - as well as weapons and $24 million in allegedly ill-gotten gains.
Darknet refers to ".onion" websites that can only be reached via the anonymizing browser known as Tor - short for The Onion Router - which can confer a degree of anonymity on buyers and sellers, especially if they also use pseudonymizing cryptocurrencies such as monero to complete their transactions.
But using pseudonymization and darknet sites doesn't provide magical immunity from law enforcement agencies (see Bitcoin-Amassing AlphaBay Drug Barons Get US Prison Time).
Indeed, after a year-long, continuing investigation, the Justice Department says it has opened more than 90 active cases and has identified more than 65 suspects who bought and sold illicit goods via such darknet sites as AlphaBay, Dream, Hansa, Silk Road 2, Trade Route and Wall Street Market (see The Myth of Cybercrime Deterrence).
The government says that as part of the operation, special agents of the Homeland Security Investigations division in New York, working with U.S. Attorney's Office for the Southern District of New York, "posed as a money launderer on darknet market sites, exchanging U.S. currency for virtual currency."
"Criminals who think that they are safe on the darknet are wrong," said Deputy Attorney General Rod J. Rosenstein. "We can expose their networks, and we are determined to bring them to justice.
The investigation has been led from New York by HSI Special Agent in Charge Angel Melendez.
"For the past year, undercover agents have been providing money-laundering services to these darknet vendors, specifically those involved in narcotics trafficking," Melendez said in a press conference on Tuesday, the Verge reported.
"When we take down a darknet marketplace, these criminals will move to other marketplaces," Melendez added. "So the focus of this operation was really the bad actors, the people utilizing the darknet to sell drugs."
Seized: Grenade Launcher, Psychedelic Mushroom Farm
As part of the operation, Justice Department says federal agents executed 70 search warrants and seized:
- $20 million worth of cryptocurrency, including bitcoins;
- Devices for mining cryptocurrency;
- More than $3.6 million in U.S. currency and gold bars;
- More than 100 firearms, "including handguns, assault rifles and a grenade launcher";
- Massive quantities of illegal narcotics, "including 333 bottles of liquid synthetic opioids, over 100,000 tramadol pills, 100 grams of fentanyl, more than 24 kilograms of Xanax, and additional seizures of Oxycodone, MDMA, cocaine, LSD, marijuana and a psychedelic mushroom grow found in a residence";
- 15 pill presses, "which are used to create illegal synthetic opioids."
One of the men arrested - on June 18 - as part of the operation was Antonio Tirado, 26. He's been accused of helping to operate the darknet moniker "Trapgod," and charged with possessing a wide variety of narcotics, intent to distribute narcotics, as well as for possessing a loaded shotgun in furtherance of alleged drug trafficking offenses. "Investigators in Tirado's apartment recovered additional evidence of darknet narcotics distribution, such as numerous U.S. Postal Service shipping boxes, already addressed to customers around the United States," containing hairbrushes that had "been packed with powder cocaine for distribution," the Justice Department says.
Choke Point: Money Laundering
As the arrests demonstrate, buying or selling goods via a darknet site isn't a risk-free endeavor.
In particular, money laundering remains a weak point for anyone attempting to convert illicit cybercrime profits to cash (see Cybercrime Groups and Nation-State Attackers Blur Together).
In the case of this month's darknet crackdown, for example, Jose Robert Porras III, 21, and Pasia Vue, 23, both of Sacramento, California, were indicted by a California federal grand jury on charges of drug distribution, illegally possessing firearms and money laundering. The pair allegedly used the online monikers "Cannabars" and "TheFastPlug" to sell marijuana, Xanax, and methamphetamine via multiple darknet marketplaces.
"Porras and Vue then laundered the bitcoin proceeds of their drug distribution through the HSI undercover agent located in New York," the Justice Department says. "After receiving the bitcoin from Porras and Vue, the undercover agent mailed parcels of cash to them in Sacramento. HSI and USPIS agents seized nine weapons including an AK-47 magazine and ammunition, 30 pounds of marijuana, $10,000 in U.S. currency, a vehicle, and over 100 bars of Xanax."
While law enforcement agencies continue to highlight when they arrest buyers and sellers of illicit goods via darknet sites, it's unclear how many users continue to operate with impunity. Indeed, the EU's law enforcement intelligence agency, Europol, estimates that criminals are using cryptocurrencies to launder an estimated $4 billion to $6 billion per year in ill-gotten gains - via cybercrime as well as more physical types of crime (see Criminals Hide 'Billions' in Cryptocurrency, Europol Warns).
Shipping physical goods to buyers can also expose vendors to law enforcement scrutiny.
Postal inspectors, for example, have tracked down alleged darknet vendors who practice poor operational security - or OPSEC. In one case, postal employees grew suspicious after a suspect repeatedly sent multiple packages from the same Post Office mailboxes while wearing latex gloves (see Glove Use Key to Arrest of Alleged Darknet Drug Trafficker).
As security expert Mikko Hypponen, chief research officer at Finnish security firm F-Secure, has noted, failures of this type might be better known as "OOPSEC."
Another challenge for darknet vendors is knowing if the marketplace they're using is safe, or if it might have been infiltrated or even completely taken over by law enforcement agencies.
On July 4, 2017, darknet marketplace AlphaBay, which processed more than $1 billion in narcotics sales, went dark. In response, many users switched to rival marketplace Hansa, which processed about 1,000 orders per day, mostly for hard drugs. Unbeknownst to Hansa users, however, Dutch police had already seized the site on June 20, 2017, and they carefully monitored everyone who was using it (see Police Seize World's Two Largest Darknet Marketplaces).
"The Dutch police collected valuable information on high-value targets and delivery addresses for a large number of orders," Europol said in a statement at the time. "Some 10,000 foreign addresses of Hansa market buyers were passed on to Europol."
The FBI appears to have identified AlphaBay administrator Alexandre Cazes in part thanks to his reusing a personal Hotmail address (see One Simple Error Led to AlphaBay Admin's Downfall).
Cazes, who was running AlphaBay from Thailand, had amassed about $23 million, thanks to the site charging a commission of 2 percent to 4 percent on every transaction, and reportedly led a life of luxury. That was until he was arrested by Thai police, at the FBI's request. He was later found dead in his Thai jail cell, after apparently taking his own life.
Vendors Exit Darknet Markets
Stung by mass takedowns of the likes of Alphabay and Hansa, criminals are continuing to evolve, not least by avoiding these types of marketplaces (see Era of the eBay-Like Underground Markets Is Ending).
Increasingly, security experts say, criminals may hang their shingle on darknet marketplaces, but they're often turning to end-to-end encrypted chat tools to disguise the details of what they're buying or selling (see Cybercrime as a Service: Tools + Knowledge = Profit).