For anyone who has watched the last few years of cat-and-mouse games on the dark web's black markets, the pattern is familiar: A contraband bazaar like the Silk Road attracts thousands of drug dealers and their customers, along with intense scrutiny from police and three-letter agencies. Authorities hunt down its administrators, and tear the site offline in a dramatic takedown—only to find that its buyers and sellers have simply migrated to the next dark-web market on their list.
So when Dutch police got onto the trail of the popular dark-web marketplace Hansa in the fall of 2016, they decided on a different approach: Not a mere takedown, but a takeover.
In interviews with WIRED, ahead of a talk they plan to give at Kaspersky Security Analyst Summit Thursday, two Netherlands National High Tech Crime Unit officers detailed their 10-month investigation into Hansa, once the largest dark-web market in Europe. At its height, Hansa's 3,600 dealers offered more than 24,000 drug product listings, from cocaine to MDMA to heroin, as well as a smaller trade in fraud tools and counterfeit documents. In their probe into that free-trade zone, which would come to be known as Operation Bayonet, the Dutch investigators not only identified the two alleged administrators of Hansa's black market operation in Germany, but went so far as to hijack the two arrested men's accounts to take full control of the site itself.'We thought maybe we could really damage the trust in this whole system.'
Marinus Boekelo, NHTCU
The NHTCU officers explained how, in the undercover work that followed, they surveilled Hansa's buyers and sellers, discreetly altered the site's code to grab more identifying information of those users, and even tricked dozens of Hansa's anonymous sellers into opening a beacon file on their computers that revealed their locations. The fallout of that law enforcement coup, the officers claim, has been one of the most successful blows against ...