Dismantling a Dark Web Drug Depot
Inside Operation Bayonet, the sting that took down an empire.
- 01
How to take down a dark web drug empire
In the fall of 2016, Dutch police finally caught the trail of one of the dark web’s biggest drug markets: Hansa. More than 3,600 dealers frequented the site, selling everything from MDMA to heroin.\ \ Normally, cops would shut it down—but this time, they started dealing the drugs themselves. This is the story of Operation Bayonet. - 02Before we dive into how cops pulled off one of the most epic drug busts to date, let’s talk about the dark web: a collection of encrypted sites you can only get to via a special browser.\ \ Anyone can visit them, but it’s almost impossible to know where they come from.
- 03This time was different.\ \ The cops stumbled upon Hansa when security researchers found an outdated chatlog that contained a gold mine (at least by dark-web standards): two names and a home address. The police finally had real suspects.
- 04As it turned out, those suspects were also selling pirated ebooks and audiobooks—and were already under investigation in Germany for it. (Not the best at being criminals, clearly.)\ \ The Dutch cops had the bright idea to use the German investigation as a cover—allowing them to secretly seize control of Hansa and throw the dark web into disarray.
- 05Before the cops could spring their trap, though, Hansa went dark: no server activity, nothing to track. The suspects were onto them.\ \ Months went by without a sign of life. Then, an address the cops were monitoring made a bitcoin payment. The authorities were ready to strike.
- 06Late last June, German police raided the homes of Hansa’s admins. At the same time, Dutch police migrated Hansa’s data onto police servers.\ \ Within days, the cops had full control of Hansa—though from the outside, everything looked like business as usual.
- 07Turns out cops are pretty good at running drug markets.\ \ A team of officers studied Hansa’s conversation logs and took turns impersonating the site’s two admins. And when buyers and sellers got into disputes, the undercover agents handled them better than the admins had.
08
- 09But just before the cops had taken over Hansa, another dark-web drug market—AlphaBay, the world’s largest—was shut down. Its users flocked to Hansa, and the cops took advantage.\ \ They rewrote the site’s code to log every user’s password, saved the geolocation data of every picture, and fooled sellers into downloading a GPS tracker.
- 10After 27 days and 27,000 (\!) transactions as drug kingpins, police shut Hansa down.\ \ They arrested a dozen of Hansa’s top vendors, logged data on 420,000 users—including at least 10,000 addresses—and seized millions of dollars’ worth of bitcoin.
- 11Operation Bayonet didn’t end online drug markets, but it sent a shockwave through the dark web. Most of Hansa’s vendors were so shook they either stopped selling on the dark web or changed their online identity entirely.\ \ Forget takedowns—takeovers might be the future of fighting crime on the dark web.
Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More
The Teens Who Hacked a Video Game Empire—and Went Too Far
Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.
Brendan I. Koerner
Inside an Epic Hotel Room Hacking Spree
A vulnerability in hotel keycard locks was a security disaster—and a huge opportunity for one burglar.
Andy Greenberg
How a Dorm Room Minecraft Scam Brought Down the Internet
A DDoS attack that crippled the internet wasn't the work of a nation-state. It was three college kids working an online gaming hustle.
Garrett M. Graff
How So Many Researchers Found a 20-Year-Old Chip Flaw
The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.
Andy Greenberg
Inside the Unnerving Attack That Corrupted CCleaner
CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.
Lily Hay Newman
Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society
More than 200 of the world's elites registered for a retreat whose agenda runs from panels on cult-building and sex to prepping for World War III. An associated app offers matchmaking.
Dell Cameron
ICE’s Internal Watchdog Is Now Investigating Online Critics
The Office of Professional Responsibility has opened more than 100 cases over what ICE officials call “incidents of doxing and threats” against ICE employees.
Maddy Varner
How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members
Leaked files show the invite-only network grades members by their money and fame, shaping who’s in, who’s out, and who pays.
Dell Cameron
LastPass Users Had Their Data Stolen—Again
Plus: Former national security advisor John Bolton pleads guilty in classified-materials case, Microsoft helps take down major infostealer infrastructure, and more.
Lily Hay Newman
The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials
Exposed records from the private group included the personal information of a senior White House intelligence official and an active-duty special operations officer.
Dell Cameron
Trump Administration Allows Anthropic to Release Mythos to Select US Organizations
After weeks of negotiations, the White House permitted Anthropic to grant access to its most advanced AI model to a select group of US companies and government agencies.
Maxwell Zeff
I Tried DeleteMe, the Original Data-Broker-Removal Service
Everyone is sick of spam calls and creeper sites that show weirdos where you live—but can any service solve it?
Martin Cizmar
