At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets — which operate on the portion of the non-indexed Internet, called Deep Web.
The operation, dubbed Hyperion, involved agencies from the UK, Canada, the United States, Australia, New Zealand, the Netherlands, France, Finland, Sweden, Ireland, Spain, and was coordinated by the Five Eyes Law Enforcement Group (FELEG).
Officially, FELEG appeared in April this year, with the mission of establishing cooperation among Australia, Canada, New Zealand, the United Kingdom and the United States, in the fight against cyber threats. However, the agreements of cooperation among the countries of the called ‘Five Eyes’ are much older, going back to the post-World War II.
The intelligence structure that was born in the cold war has had its technological capabilities improved, as Edward Snowden revealed, and more recently focused on another enemy: the Dark Markets where almost everything is sold, especially drugs, under the protection of anonymity provided by the Tor network.
This theme transcends paradigms established decades ago, such as the defense of privacy, drug use and what would be a free market.
The emergence of Silk Road was a landmark in this sense, as this marketplace brought with it not only an environment for the purchase and sale of drugs, weapons, murders, leaked data and various other products and services, but also an ideology that this community, under anonymity protection, was exercising true freedom.
Ross Ulbricht, who used the pseudonym of Dread Pirate Roberts (DPR) on the network, posted messages on the Silk Road forum that extolled this libertarian characteristic: that buying and selling anything you want is a good alternative, not only for drug trafficking, but also for the economic system.
However, just as anonymity has been the only alternative for many people to truly express themselves on the Internet, it carries with it the deception. Taking advantage of this characteristic of anonymity, the experienced FBI agent Carl Force cultivated a friendship with DPR for more than a year, pretending to be NOB, a Dominican drug dealer supposedly named Eladio Guzman. The disguise allowed him to collect all the necessary evidence for the arrest of Ulbricht, on October 1st, 2013.
Ulbricht’s conviction to life imprisonment and the closing of Silk Road opened a vacuum in a newly created market that was in full swing. Soon the space began to be filled by other marketplaces, with protagonism for Silk Road 2.0, which hosted a series of smaller markets.
The FBI needed to lay the groundwork for another investigation, but this time it would no longer be necessary to infiltrate agents and wait for months for information. At that time, the agency had a new weapon and it came from Carnegie Mellon University (CMU).
The lecture ‘You do not have to be the NSA to break Tor: Deanonymizing users on a budget’ was listed among the lectures of the Black Hat 2014 conference. In this presentation, researchers Alexander Volynkin and Michael McCord of CMU promised to demonstrate how to obtain real IP addresses from users on the Tor network by combining two methods: a traffic confirmation attack and a Sybil attack.
The traffic confirmation attack occurs when the attacker controls or observes the relays at the two sides of a Tor circuit.
With this power (in the case of performing an active attack), he or she injects a signal into the packet header and compares time, volume and other characteristics of the connection, to identify, in the middle of the confusion of circuits, where the connection left from and where it arrived, thus discovering the actual IP addresses of origin and destiny.
However, to observe or control the relays, it is necessary to have several identities in the network, and he or she can do that using a Sybil attack. Sybil is a character from a book of the same name released in 1973, which deals with the subject of dissociative identity disorder — a mental condition in which the person manifests two or more personalities.
In technology, this attack has the goal of subverting the reputation of a peer-to-peer network, inserting multiple instances controlled by one person, as if they were several independent machines — reason for the comparison with dissociative identity disorder. Attacks of this type are a constant concern among developers of decentralized systems, for example those based on the Blockchain technology.
According to the researchers, the amount of about US$ 3,000.00 was enough to be able to implement the infrastructure for this attack.
The theme sparked the interest of the FBI, which interacted with the CMU and prevented the presentation of Volynkin and McCord. The agency was interested in using the researchers’ technique to de-anonymise connections to the Silk Road 2.0.
The Tor Project corrected the bug on July 30th, 2014, but, by that time, the FBI had already obtained the information it needed to bring Blake Benthall, maintainer of Silk Road 2.0, to prison on Operation Onymous on November 6th of that year, conducted by US and European agencies.
After the arrests, authorities released the numbers of the operation Onymous: more than 600 closed Dark Markets, 17 prisons, 13 search warrants, 1 million seized Bitcoins and € 180.000 in cash, drugs, gold and silver. These numbers, especially the number of closed Dark Markets, have generated controversy in the media, which claims that the closed marketplaces would be much lower, around 50 markets.
Again, the closure of Silk Road 2.0 has made room for several other Dark Markets; making it clear that executing operations against this kind of crime must be a perennial activity.
The new operation, Hyperion, under the coordination of the Five Eyes Law Enforcement Group, has a more solid feature, with the support of several agencies in the countries involved, but with a focus on the buyer of products or services announced at Dark Markets. This is the most fragile link in the relationship, because, in most cases, he or she needs to offer some real information to get the products.
Among the agencies that participated in the operation, the Dutch police and their public prosecutor are the ones that are providing more information about the investigation process. A Tor network web page was issued mentioning the identified sellers and buyers with various notes regarding how they identified the majority of those involved in the country. Many of the reports involve the use of police officers infiltrating through network as common users.
However, there is no way of ensuring that traditional methods such as agent infiltration and interrogation of suspects were the only tactics used by all FELEG-associated agencies or whether these activities were complemented by further attacks against the Tor network.
The tendency is that the Dark Markets remain as a constant activity and as adaptable as smuggling and drug trafficking. This requires a deep, and constant, approach by law enforcement agencies.
The present moment assumes paradoxical contours, since it requires the support of law enforcement, which needs mechanisms to reach criminals in any areas of the Internet. On the other hand, many of the methods available are quite powerful to the point of abuse in police use — which can violate civil or human rights — or in political affairs, manipulating surveillance tools to favor groups in power.