On July 20, 2017, U.S. and European law enforcement authorities announced they had jointly taken down two major darknet marketplace sites: AlphaBay and Hansa. These sites, which aspire to operate in the shadows beyond the reach of national and international police forces and organizations, present a significant risk to national security and to financial systems.
To understand how this works, think of the internet as an iceberg. The darknet is the portion that exists beneath the water’s surface, invisible without additional efforts – passwords and special software – to see it. By contrast, the tip of the iceberg is what most people know, see, and use – but constitutes just a small fraction of the overall. The vast majority of the internet is not indexed. In fact, according to a study published in Nature, Google only indexes 16 percent of the surface internet. Put differently, any single search produces up to only 0.03 percent of the information that exists online.
To be clear, not all of the activity that takes place on the darknet is nefarious. However, a subset is, and that portion – where criminals and other bad actors undertake illicit action online – is akin to a dark alley in the physical world. There is little in the way of illegal goods or services that cannot be found on the darknet. From illicit weapons and drugs, to counterfeit documents and malware, the black market is booming online. Darknet sites are virtual safe havens for trafficking in stolen credit card numbers, medical records, and intellectual property. Before its takedown, AlphaBay was the largest such venue. For a sense of scale, consider that at takedown, AlphaBay was ten times the size of Silk Road – a predecessor black marketplace, considered a darknet “giant” – when shuttered by authorities in 2013.
The darknet thus facilitates criminal activity, both online and off, by providing a venue for those who are up to no good to meet, transact, and profit; and thereby further their ends and plans. Just imagine, as the Executive Director of the European Union Agency for Law Enforcement Cooperation (Europol), Robert Wainwright, has asked us to: “a physical marketplace [akin to AlphaBay] where criminals can buy and sell 350,000 types of illegal goods.”
The good news: secret marketplaces, whether virtual (darknet) or physical (dark alleys), fear the light. International law enforcement operations invoked a variation of this principle in their targeting of AlphaBay and Hansa. Specifically, before the shutdown of AlphaBay, Dutch authorities took covert control of Hansa pursuant to domestic legal authorities – in anticipation of AlphaBay users migrating to another such site. And sure enough, when AlphaBay was seized, there was an eight-fold increase in new traffic to Hansa. By watching and waiting in this way, police were able to identify and disrupt far more criminal activity than would otherwise have been the case. Authorities also gained important insights into how these sites operate, including learning who the primary perpetrators were that allowed them to thrive.
Granted, this strategy will not stop bad actors in their tracks forevermore. Ultimately, they will find a way and a place to congregate elsewhere, online. But the tactics employed did, and will continue to, make it harder for criminals to engage in illicit business. Moreover, Europol’s Director has underscored the determination of law enforcement officials worldwide to sustain their commitment to identifying and prosecuting those who use the darknet for criminal purposes.
While that may not be a foolproof deterrent, it is significant that the AlphaBay/Hansa case plants the seeds of doubt about just how anonymous criminal actors really are on the darknet. Keep in mind that trust, between and among criminal actors, is the coin of the underworld. Anything that erodes that confidence in turn undermines illicit enterprise, and is a step towards thwarting it.
Also noteworthy is the level of cooperation and collaboration demonstrated in this case. The Alpha Bay/Hansa takedown involved a wide range of U.S. and European officials – from the U.S. Department of Justice, the FBI, the U.S. Drug Enforcement Administration, the Dutch Police, and Europol – with each bringing to bear their unique operational and technical strengths, making the combined whole much greater than just the sum of its parts. The complexity of this multi-partner approach, and the follow-on activity generated by the principal takedowns, was substantial: no less than 37 countries received intelligence packages from Europol, which worked to de-conflict and support the various investigations.
Be it the darknet or a dark alley, the way to subvert secret criminal marketplaces is to shine a light on them – deftly. This means quietly and patiently monitoring these sites, for intelligence purposes – which, notably, is something that select private sector entities also do skillfully – before closing them down. Whether and when to round up bad actors, rather than string them along, is an age-old question for law enforcement officials. In the internet era, the means may be somewhat different, but the principles and equities at play in this decision remain much the same. At some point, however, the arguments in favor of takedown will outweigh those against – and when they do, the darkest corners of the web are illuminated and a signal is sent, that criminal activity is a risky business – just as it has always been.
Co-authoring this article is Sharon L. Cardash, Associate Director of the George Washington University Center for Cyber and Homeland Security. She previously served as Security Policy Advisor to Canada’s Minister of Foreign Affairs.
