Naked Security Naked Security

DeepDotWeb seized, suspected admins arrested

The suspected admins of the DeepDotWeb site are alleged to have sent buyers to illegal markets in exchange for millions in kickbacks.

When authorities last week announced an international bust of the Dark Web drugs-n-stuff marketplace Wall Street Market (WSM), they said stay tuned: there’s more where this came from.

Well, that didn’t take long: Europol announced on Wednesday that two suspected admins of DeepDotWeb – a site that indexes Dark Web marketplaces – were arrested on Monday, in Paris and Israel.

They were charged in the US on Wednesday. The FBI seized the DeepDotWeb site, which is now displaying the logos of 10 law enforcement agencies that helped pull off the investigation and the busts.

It’s not illegal to provide a directory to markets selling illegal things on the Dark Web. It’s another thing entirely if you make money off those sites, though. According to Europol, authorities believe that DeepDotWeb’s admins made millions of dollars in kickbacks from the Dark Web sites they referred people to.

Money laundering

In its take-down notice, the FBI cites federal statutes on money laundering conspiracy and civil and criminal forfeiture.

Both of the suspects arrested on Monday are Israeli citizens. They’ve been charged with money laundering conspiracy for allegedly receiving commissions on sales of illegal narcotics such as fentanyl and heroin, weapons, hacked data, hacking tools, payment cards, other illegal counterfeit items, and other illegal goods.

The two allegedly owned and operated DeepDotWeb since 2013. The WSM was just one dark web market for which DeepDotWeb provided news, reviews and direct access for interested buyers. Authorities estimate that the site funnelled hundreds of thousands of users to dark web markets over the years.

Europol says the payments were made in virtual currency and paid into a Bitcoin wallet controlled by DeepDotWeb. The suspects allegedly hid the money by transferring it into other Bitcoin accounts and to bank accounts taken out in the name of shell companies.

The pair allegedly took in a total of about €7.5 million worth of bitcoins – about USD $8.4 million – when adjusted for the trading value of the currency at the time of each transaction.

Gathering in the admins

The three German men whose arrests were announced on Friday are suspected of being the admins of WSM: a platform that hosted about 5,400 sellers and more than 1 million customer accounts, according to what Frankfurt prosecutor Georg Ungefuk told reporters in Wiesbaden.

Authorities showed off a slew of luxury watches and banknotes when they laid out the evidence they seized in the international raids. The investigation had taken nearly two years and is considered to have broken up one of the world’s largest online criminal trafficking operations.

Besides the three German men arrested last week and the two Israelis arrested this week, police also charged a Brazilian man who they allege was the moderator for WSM. In the US, Los Angeles law enforcement say they arrested two men alleged to have been major drug dealers and top WSM vendors. Europol said in its press release:

This is yet another law enforcement success in the fight against the sale of illegal goods on the dark web.

You can hide, but you might still have to run

It’s also yet another reminder that in spite of the anonymity provided by the dark web’s clever encryption, you can still be tracked down. There have been many criminals who have thought pretty highly of their own skills at covering their tracks… yet still left tracks that investigators followed to their computers.

Take, for example, the case of Ryan S. Lin: a then-25-year-old who pleaded guilty in April 2018 to seven counts of cyberstalking, five counts of distribution of child abuse imagery, nine counts of making hoax bomb threats, three counts of computer fraud and abuse, and one count of aggravated identity theft.

Lin, a computer science graduate from Rensselaer Polytechnic Institute, was savvy enough to use a two-pronged approach to protecting anonymity: both a virtual private network (VPN) and an anonymizing service to mask his true IP address. He was also smart enough to know that VPNs keep logs.

Fortunately for the FBI, he did a terrible job at hiding his tracks in spite of all his supposed tech smarts. When investigators got access to Lin’s Gmail account, they found that he’d sent himself two screenshots of what looked to be his iPhone. The images showed what apps were installed, including several apps for anonymous texting, encrypted email, and free burner telephone numbers.

Lin thought the IP address-anonymizing Tor service would protect him. He thought VPNs would hide him. He also seemed to put his faith in anonymous overseas texting services and overseas encrypted email providers that don’t respond to law enforcement and/or don’t maintain IP logs or other records.

In October 2018, he was sentenced to 17.5 years in jail.

The DeepDotWeb and WSM busts were just the latest notches in the belts of international law enforcement agencies who’ve learned a thing or two about shining a light into the web’s dark corners.

This was a big bust, and DeepDotWeb was drowned by just one resulting ripple. We can no doubt expect yet more ripples from the WSM investigation.

Leave a Reply

Your email address will not be published. Required fields are marked *