Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Network

German Investigators Shut Down Biggest Illegal Marketplace On the Darknet (apnews.com) 29

An anonymous reader quotes a report from The Associated Press: German prosecutors said Tuesday that they have taken down what they believe was the biggest illegal marketplace on the darknet and arrested its suspected operator. The site, known as DarkMarket, was shut down on Monday, prosecutors in the southwestern city of Koblenz said. All sorts of drugs, forged money, stolen or forged credit cards, anonymous mobile phone SIM cards and malware were among the things offered for sale there, they added. German investigators were assisted in their months-long probe by U.S. authorities and by Australian, British, Danish, Swiss, Ukrainian and Moldovan police.

The marketplace had nearly 500,000 users and more than 2,400 vendors, prosecutors said. They added that it processed more than 320,000 transactions, and Bitcoin and Monero cryptocurrency to the value of more than 140 million euros ($170 million) were exchanged. The suspected operator, a 34-year-old Australian man, was arrested near the German-Danish border. Prosecutors said a judge has ordered him held in custody pending possible formal charges, and he hasn't given any information to investigators. More than 20 servers in Moldova and Ukraine were seized, German prosecutors said. They hope to find information on those servers about other participants in the marketplace.
The move against DarkMarket originated from an investigation of a data processing center installed in a former NATO bunker in southwestern Germany that hosted sites dealing in drugs and other illegal activities.
This discussion has been archived. No new comments can be posted.

German Investigators Shut Down Biggest Illegal Marketplace On the Darknet

Comments Filter:
  • How do these so-called dark-web commerce sites manage to operate for so long before they get busted?

    All it takes is one informant to provide a link, then law enforcement acts as both vendor and buyer, and from there it is just an exercise in tracing down IP addresses.

    It seems to me they can find out who is behind it within days (if not hours) of getting introduced to the site. So what's the trick?

    • Re:Explain to me (Score:5, Insightful)

      by nightflameauto ( 6607976 ) on Tuesday January 12, 2021 @05:30PM (#60935202)

      The law enforcement folks want to take down big fish, so they leave them up even when they know about them until they seem big enough to cause a general stirring of the proverbial fiscal purse strings that fund the agency in question. "Look at all this amazing work we did," sounds a lot better when you can throw around numbers like those in the summary rather than, "Well, we stopped this operation that had 15 people trading illicit drugs."

      • by Anonymous Coward

        The law enforcement folks want to take down big fish, so they leave them up even when they know about them until they seem big enough to cause a general stirring of the proverbial fiscal purse strings that fund the agency in question. "Look at all this amazing work we did," sounds a lot better when you can throw around numbers like those in the summary rather than, "Well, we stopped this operation that had 15 people trading illicit drugs."

        Based on your story here, I can only assume that the Capitol police forces, are looking for a multi-billion dollar bump in their security budget, since they chose to assign 3 cub scouts and a 4th grade schoolteacher to guard the building that day.

        Nothing like allowing a general stirring to happen in order to justify creating a unquestionable slush fund for Congresscritters...

      • Doesn't it make sense for the government to go after the 'big fish' first? Agencies only have limited capacity to enforce and prosecute so it makes sense to seek to end large scale criminality, before petty crime. You make it seem like a government only cares about 'fiscal' revenue but isn't this just a logical prioritization?

        • by rtb61 ( 674572 )

          It is the internet, they are not big fish, what they are is a link to a whole host of petty and not so petty criminals. The main reason to bust them is not to bust them but to nab the people with the passwords and lean on them to expose a whole host of petty and not so petty criminals. Not so much the fish, as the net to catch all sorts of other fishies big and small.

          Generally it would be considered a failure to raid one and every one knows about it. Versus a silent strike upon those that control it at thei

      • by gweihir ( 88907 )

        They also do not want to end this nice source of "positive" messages. So they wait until things have recovered and then very carefully only take down one of them, probably one where they can claim it was the "largest" without actually having to provide any proof. Same reason why the police really likes to go after people that downloaded a certain type of illegal images, but only rarely after those that create them. They do not want to endanger their own jobs and they want to make those jobs as easy and cush

    • by amorsen ( 7485 )

      How do you trace down IP-addresses on Tor?

      • How do you trace down IP-addresses on Tor?

        I used to run a Tor relay at my co-host location, using some spare cores and bandwidth that I have. (That system crashed and I haven't recovered it so it is offline at the moment.)

        I observed the traffic going in and out of it and it is pretty easy to understand that a) one observation point is not enough to identify clients/servers, and b) if you have visibility into enough Tor relays you will eventually be able to draw graphs of who is accessing what. Exactly what percentage of them you would have to

      • How do you trace down IP-addresses on Tor?

        By controlling enough entrance and exit nodes to track packets using traffic analysis.

        There are about 7000 nodes. At least several hundred are run by the FBI. The NSA runs nodes as well.

        When the FBI seizes a site, they often keep it running for a while as a honeypot.

        • by gweihir ( 88907 )

          There is no actual strong indication this is happening. It may be, but if so it is not really used in any publicly visible way. For these shops being taken down, standard attack techniques on server, application and libraries used are likely more than enough and are far easier to use.

        • by AmiMoJo ( 196126 )

          Controlling most of the nodes doesn't help much. An incoming packet could be from a user or another node, there is no way to tell. Timing is randomized, data is padded. With a lot of effort it might be possible to glean some useful information, assuming the user was careless, but so far we haven't seen any evidence that it is being done.

          Of course that doesn't meant the NSA/GCHQ isn't doing it, it may just be that they are not willing to reveal the capability in open court. In any case Tor is effective for m

      • by fred911 ( 83970 )

        Well, it appears in the past that site administrators had ran scripts that leaked the real host namely a CAPTCHA https://en.wikipedia.org/wiki/... [wikipedia.org] . Surely there are governmental entities running exit nodes, but even if they ran both the entrance and exit node for a given client that is properly configured it still is nearly impossible.

        The protocol is super robust and effective in assuring anonymity. The weakest point of even the most secure systems is users.

        Here's what the FBI says which includes basicall

        • by gweihir ( 88907 )

          Indeed. They can also directly try to hack the site without knowing were it is. This is a criminal act in most countries without a court order in that country, even if law enforcement does it. But the FBI does not care and most countries look the other way (also usually illegally).

      • by gweihir ( 88907 )

        How do you trace down IP-addresses on Tor?

        Usually, you do not. Instead, you carefully wait for a vulnerability in the shop software or the libraries and server it uses. Then you use that vulnerability before it gets patched to get the real IP of the site (requires sending a single non-Tor packet) and erase the attack. Not that hard to do.

        Of course, for a Tor site with good security, this does not work. It will have a firewall before that makes sure nothing besides Tor traffic gets through and also makes sure the Tor server does not know its own IP

      • "How do you trace down IP-addresses on Tor?"

        They don't, they forced the owners to rent a new server somewhere else, that's all.
        These servers are like corner-boys, there's an endless number of them.

    • by gweihir ( 88907 )

      Simple: Nobody wants to take down small ones and nobody really want to end the whole process. This nicely provides (meaningless) grand messages about how great the police is doing its job. Perverted incentives.

    • "How do these so-called dark-web commerce sites manage to operate for so long before they get busted?

      All it takes is one informant to provide a link, then law enforcement acts as both vendor and buyer, and from there it is just an exercise in tracing down IP addresses. "

      Did you every hear of VPNs?

      • If you knew how VPNs actually work you wouldn't make this suggestion.

        Hint: in many countries in the middle east using a VPN is illegal, leading to a fine of like $50K and possible imprisonment. They have no trouble finding infractions if they occur. A VPN might hide the content of your traffic, but not the fact that it is being used or the endpoints of the VPN.

  • I missed a huge source for my drugs! How did I not know? /s
  • Now we know why Bitcoin dropped: people cashing out of the site!

  • by BAReFO0t ( 6240524 ) on Tuesday January 12, 2021 @06:39PM (#60935464)

    Or is thos just for show and the dealers will just use one of the many others now?

    • Shutting down dealers is a waste of time. You have to shut down producers and traffickers. There's always another dealer.

    • by AmiMoJo ( 196126 )

      Summary says they have the servers, so it is likely they will be able to extract some information from those. These criminals are not usually very good at opsec and will have leaked a lot of information.

  • After all, there are zillions of sales of stolen goods on there.

  • Heaven forbid we should be able to communicate anonymously!

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...