What does it take to take down the largest dark web market in Europe, with 3,600 dealers and thousands of drug and other illicit product listings? Patience, attention to detail, and the wiles to be able to take over the accounts of the admins and impersonate them.
In a 10-month undercover investigation, Dutch investigators sought to not just shut down the dark web marketplace, but to also instill fear and uncertainty among those who participated in commerce activities there. To achieve that mission, the investigators kept the site in business, but secretly took control.
Andy Greenberg from Wired reports, “They surveilled Hansa’s buyers and sellers, discreetly altered the site’s code to grab more identifying information of those users, and even tricked dozens of Hansa’s anonymous sellers into opening a beacon file on their computers that revealed their locations. The fallout of that law enforcement coup, the officers claim, has been one of the most successful blows against the dark web in its short history: millions of dollars worth of confiscated bitcoins, more than a dozen arrests and counting of the site’s top drug dealers, and a vast database of Hansa user information that authorities say should haunt anyone who bought or sold on the site during its last month online.”
The masterminds behind Hansa were living in Germany. A fact discovered after security researchers found a testing development server that had been left exposed in the data center of a web-hosting firm in the Netherlands. This opened a trail to its IP address and eventually to its Tor-protected server that ran the live site, and two additional servers in Germany. Excellent progress, but anonymized data was still an obstacle.
And then another opening. Writes Greenberg, “After poring through the contents of the servers, the police found a major operational slip-up: One of the German servers contained the two alleged founders’ chat logs on the antiquated messaging protocol IRC. The conversations stretched back years, and amazingly, included both admins’ full names and, for one man, his home address.”
To infiltrate the site, the Dutch police reached out to German authorities who were conducting their own investigation into the men on a separate matter. The plan: Let the German police take over and make arrests for their case so the Dutch police could then slip in and take over as the site administrators to further build their dark web marketplace case. Quoting one of the Dutch investigators, Greenberg writes, “We had to get rid of the real administrators to become the administrators ourselves.”
And that’s just the beginning of the story.
Get the full story, with all its twists and turns, at Wired.