Operation Onymous: 17-nation bust takes out over 400 “hidden services”

17-nation bust takes out 27 dark-market sites

Image of spiderweb courtesy of ShutterstockIt turns out that last week’s bust of Silk Road 2.0’s kingpin was just a hint at what was coming: namely, a multinational crackdown on dark-market sites hidden away on the Tor network.

As Europol and the FBI announced on Friday, the sting, dubbed “Operation Onymous,” involved 17 nations that coordinated efforts to take down more than 410 “hidden services” that market contraband – particularly drugs and weapons.

The operation led to 17 arrests and the seizure of $1 million (£629,465) in Bitcoin, along with €180,000 (£141,235, $224,688) in cash, drugs, gold and silver.

So far, law enforcement has only identified one of the people arrested: 26-year-old Blake Benthall, of San Francisco, head of Silk Road 2.0, whose Twitter profile describes him as a “rocket scientist” and “bitcoin dreamer”.

The California-based rocket development company SpaceX – founded by Elon Musk – confirmed to Business Insider that it had previously employed Benthall.

As Ars Technica reported from Benthall’s first court hearing on Thursday, federal prosecutor Kathryn Haun asked the court not to release Benthall, who, she said, has admitted “to everything”:

He was found with over $100,000 in cash at home. ... He has a passport. We're not aware of whether that was secured. In addition to all of the detail, Mr. Benthall did admit to everything after receiving his Miranda rights—that he was the administrator of Silk Road 2.0. Our principle basis is flight risk at this point.

While Operation Onymous is the largest attack on Tor-hidden black markets to date, the number of services taken down (410) does not equate to the same number of Silk Road-like markets going offline. Rather, it means that law enforcement found out where the markets were hosted.

Department of Justice Public Affairs Specialist Peter Carr told Forbes that a full list of seized Tor sites wasn’t publicly available as of Friday, but the number of actual sites seized appears to be just a fraction of that number.

FBI spokesperson David Berman mentioned a dozen sites, Forbes reports, but a complaint filed in the New York Southern District of New York on Friday detailed at least 27 sites having been seized during Operation Onymous, including Silk Road 2.0.

The complaint was issued by the United States “seeking the forfeiture of any and all assets of the following dark market websites operating on the Tor network”. The FBI has refused to comment on how many other sites were seized outside of the ones listed on the complaint.

Gizmodo published a full list of which sites have been shut down – sites that fell into sometimes overlapping categories, including those that sold illegal narcotics, stolen and counterfeit credit cards, counterfeit currency, and fake identity documents, including passports.

Some examples from the complaint: the marketplace “Cloud Nine” which listed “1G Pure Uncut Fishscale Cocaine” for sale by “Mrs. Blanco” for 0.2934 Bitcoin, and a site that advertised “Fake Real Plastic” and which promised cards “printed to look just like real VISA and Mastercards” and guaranteed “to have at least $2500 left on [the] credit card limit”.

It’s unclear how the law was able to infiltrate the Tor network – a question that security and privacy experts are keen to know, as noted by Electronic Frontier Foundation staff attorney Hanni Fakhoury:

Tweet by Hanni Fakhoury

Hanni Fakhoury ‏@HanniFakhoury

Once again, the question is how did the feds "locate" the Silk Road 2.0 server?

By “once again”, he was referring to the ongoing battle over whether the Feds’ takedown of the first Silk Road was done by peeling apart the layers of the Tor anonymizing network without a warrant: a question that the government’s been battling in court, insisting that no, it didn’t hack Tor, but if it did, then that’s just Constitutionally fine and dandy.

In Benthall’s indictment, the FBI revealed that part of its investigation relied on good-old fashioned undercover police work, with a Homeland Security agent going undercover to infiltrate the staff at Silk Road 2.0.

But the indictment says little about how exactly the FBI got its hands on the supposedly hidden server Silk Road 2.0 was using, saying that the FBI simply “identified the server located in a foreign country,” and that law enforcement managed to image it sometime around 30 May 2014.

Image of spiderweb courtesy of Shutterstock.