DarkMarket is no more as a concerted police action has taken the largest illegal marketplace on the dark web offline. Police forces from Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS) were all involved. Europol supported and coordinated the strikes across the world.
The action was sparked by the arrest of an Australian citizen by the Central Criminal Investigation Department in the German city of Oldenburg. He is the alleged operator of DarkMarket, and his arrest was key to the takedown.
The police claim they have now seized all the servers and infrastructure used by DarkMarket. That includes more than 20 servers in Moldova and Ukraine. Intelligence teams will now start analysing all the computers and storage devices seized in this operation.
It means that the 2,400 sellers and roughly 500,000 users will now be scrambling to avoid further detection. In December, data from the WeLeakInfo takedown, led to arrests in the UK more than a year after the site was shutdown.
What was DarkMarket?
It was arguably the last of the big hitters in terms of illegal marketplaces. It sold everything from drugs, anonymous SIM cards, stolen and fakes credit card data, counterfeit money, and malware. Buyers paid for goods in cryptocurrency, mainly bitcoin and monero.
According to Europol, over 4,640 bitcoin and 12,800 monero passed through DarkMarket. This means over €140 million in transactions. How much of that cryptocurrency has been seized or is in wallets yet to be accessed by law enforcement is not yet known. However, giving up access to cryptoassets is normally part of plea bargains, and governments later sell the currency.
What will be interesting is where those current users and sellers go next. Police intelligence teams have become adept at tracking sellers across multiple marketplaces. They track the crypto wallets used by all parties and where they reuse user names. As such, break one marketplace, and you get intel on others for free.
Europol creates dedicated Dark Web team
As the amount of criminal activity on the dark web increases, so does the need for specialised crime-fighting units. Europol’s European Cybercrime Centre (EC3) has created a dedicated Dark Web Team. According to the press release, it will deliver a complete, coordinated approach:
- sharing information;
- providing operational support and expertise in different crime areas;
- developing tools, tactics and techniques to conduct dark web investigations;
- identifying threats and targets.
Importantly, it will also look to support actions by national police services in their fight against the dark web. What is less clear is how this will affect the UK. The UK Brexit agreement meant it gave up membership of Europol, which is already having impacts on access to operational data. It also means the UK has to fill out additional paperwork for any data sharing requests.
Will this lead to the UK being targeted as a new hosting base for dark web sites? Will the UK get future access of any intelligence from such operations to support the National Crime Agency (NCA) programmes against cybercrime?
Enterprise Times: What does this mean?
Any global takedown of a dark web marketplace is a cause for law enforcement to celebrate. Removing one of the largest, dark web markets is extra cause for celebration. In the last five years, these large sites have fallen like dominos. A key element in that has been the intelligence gathered from tracking buyers and sellers.
The question now is, can these operations be just as successful against smaller marketplaces, especially the pop-up marketplaces that are beginning to appear? These operate for short periods and focus on specific types of criminality.
A more pressing need is to break the large cybercrime groups who operate malware as a service sites. Breaking a few of those will have an immediate impact on the growing cybercrime levels.