International Dark Web Bust Operation DarkHunTOR Sees 150 Arrests in Follow-up to DarkMarket Seizure
On October 26, 2021, agencies in the U.S. and European Union (EU) announced the seizure of cash, virtual currencies, and goods, in addition to the arrests of 150 alleged suspects in a follow-up operation to the earlier takedown of dark web marketplace DarkMarket.
The operation, entitled Operation DarkHunTOR, came from a series of coordinated actions from government and law enforcement agencies in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the U.K., and the U.S. The operation was carried out in the framework of the EU’s security initiative EMPACT, the European Multidisciplinary Platform Against Criminal Threats.
Operation DarkHunTOR and DarkMarket
Operation DarkHunTOR seized over €26.7 million in currencies, 45 firearms, and 234 kg of drugs, including amphetamine, opioids, and ecstasy pills. The operation builds upon previous efforts in recent years to dismantle DarkMarket — the world’s then-largest illegal online marketplace — which was taken down in a coordinated attack by Europol and government agencies based in Germany, Australia, Denmark, Moldova, Ukraine, the U.K., and the U.S. A press release from January 12, 2021, revealed that DarkMarket boasted nearly 500,000 users corresponding to, at the time of release’s currency rate, over €140 million. Out of these users, over 2,400 were sellers who managed over 320,000 transactions.
The initial operation against DarkMarket saw the arrest of an Australian citizen, the alleged operator of DarkMarket, near the German-Danish border. Subsequently, the investigation seized more than 20 servers in Moldova and Ukraine under the lead of two German agencies, the Koblenz Public Prosecutor’s Office and the German Federal Criminal Police. These servers provided crucial evidence for investigators and aided them in identifying the 150 alleged suspects arrested during Operation DarkHunTOR.
International Cooperation
The initial seizure of DarkMarket and Operation DarkHunTOR mark an extensive coordination effort between countries on multiple continents and international law enforcement organizations. The two operations collectively spanned Europe, North America, and Australia in investigations across twelve countries. The resulting arrests of alleged suspects took place in eight countries, with the U.S. yielding the most suspects at 65 arrests.
Additionally, Italian law enforcement agents, acting separately from DarkHunTOR but in support of the operation, shut down the DeepSea and Berlusconi, two dark web marketplaces that yielded €3.6 million in cryptocurrencies when U.S. and Italian agents struck and arrested four alleged administrators.
Following the takedown of DarkMarket, Europol created a dedicated Dark Web Team in its European Cybercrime Centre (EC3). The EC3 later played a key role in facilitating information exchange under the Joint Cybercrime Action Taskforce at Europol’s headquarters in The Hague, the Netherlands. This information facilitation included making use of the evidence from criminal infrastructure seized in the original attack on DarkMarket.
Analysis
Europol’s Deputy Executive Director of Operations, Jean-Philippe Lecouffe, noted in a comment on Operation DarkHunTOR that the point of the operation is “to put criminals operating on the dark web on notice: the law enforcement community has the means and global partnerships to unmask them and hold them accountable.” Though DarkHunTOR and the takedown of DarkMarket certainly have made a dent in dark web activities, both operations are also meant to play a significant role in deterring illicit activities on the dark web.
The efficacy of these kinds of operations is clear, but the persistence of dark web activity suggests that sellers on the dark web are able to use networks for short-term profit, abandoning them and changing tactics when law enforcement officials move against them. The obligatory usage of physical servers and traceable data, however, still leaves even the most secretive dark web marketplace vulnerable to penetration — that is, if law enforcement officials can track down where in the world the infrastructure is and who manages it.
