Dismantling a Dark Web Drug Depot
Inside Operation Bayonet, the sting that took down an empire.
- 01
How to take down a dark web drug empire
In the fall of 2016, Dutch police finally caught the trail of one of the dark web’s biggest drug markets: Hansa. More than 3,600 dealers frequented the site, selling everything from MDMA to heroin.\ \ Normally, cops would shut it down—but this time, they started dealing the drugs themselves. This is the story of Operation Bayonet. - 02Before we dive into how cops pulled off one of the most epic drug busts to date, let’s talk about the dark web: a collection of encrypted sites you can only get to via a special browser.\ \ Anyone can visit them, but it’s almost impossible to know where they come from.
- 03This time was different.\ \ The cops stumbled upon Hansa when security researchers found an outdated chatlog that contained a gold mine (at least by dark-web standards): two names and a home address. The police finally had real suspects.
- 04As it turned out, those suspects were also selling pirated ebooks and audiobooks—and were already under investigation in Germany for it. (Not the best at being criminals, clearly.)\ \ The Dutch cops had the bright idea to use the German investigation as a cover—allowing them to secretly seize control of Hansa and throw the dark web into disarray.
- 05Before the cops could spring their trap, though, Hansa went dark: no server activity, nothing to track. The suspects were onto them.\ \ Months went by without a sign of life. Then, an address the cops were monitoring made a bitcoin payment. The authorities were ready to strike.
- 06Late last June, German police raided the homes of Hansa’s admins. At the same time, Dutch police migrated Hansa’s data onto police servers.\ \ Within days, the cops had full control of Hansa—though from the outside, everything looked like business as usual.
- 07Turns out cops are pretty good at running drug markets.\ \ A team of officers studied Hansa’s conversation logs and took turns impersonating the site’s two admins. And when buyers and sellers got into disputes, the undercover agents handled them better than the admins had.
08
- 09But just before the cops had taken over Hansa, another dark-web drug market—AlphaBay, the world’s largest—was shut down. Its users flocked to Hansa, and the cops took advantage.\ \ They rewrote the site’s code to log every user’s password, saved the geolocation data of every picture, and fooled sellers into downloading a GPS tracker.
- 10After 27 days and 27,000 (\!) transactions as drug kingpins, police shut Hansa down.\ \ They arrested a dozen of Hansa’s top vendors, logged data on 420,000 users—including at least 10,000 addresses—and seized millions of dollars’ worth of bitcoin.
- 11Operation Bayonet didn’t end online drug markets, but it sent a shockwave through the dark web. Most of Hansa’s vendors were so shook they either stopped selling on the dark web or changed their online identity entirely.\ \ Forget takedowns—takeovers might be the future of fighting crime on the dark web.
Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More
The Teens Who Hacked a Video Game Empire—and Went Too Far
Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.
Brendan I. Koerner
Inside an Epic Hotel Room Hacking Spree
A vulnerability in hotel keycard locks was a security disaster—and a huge opportunity for one burglar.
Andy Greenberg
How a Dorm Room Minecraft Scam Brought Down the Internet
A DDoS attack that crippled the internet wasn't the work of a nation-state. It was three college kids working an online gaming hustle.
Garrett M. Graff
How So Many Researchers Found a 20-Year-Old Chip Flaw
The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.
Andy Greenberg
Inside the Unnerving Attack That Corrupted CCleaner
CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.
Lily Hay Newman
Using a VPN May Subject You to NSA Spying
US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.
Dell Cameron
CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations.
Sammy Sussman
US Takes Down Botnets Used in Record-Breaking Cyberattacks
The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.
Andy Greenberg
Politicians Are Spending More Money on Security as They Increasingly Become Targets
Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.
Maddy Varner
Tech Companies Are Trying to Neuter Colorado’s Landmark Right-to-Repair Law
A bill in Colorado is a glimpse into the future of how corporations are working to limit the freedom people have to make their own fixes and upgrades.
Boone Ashworth
The DOJ Misled a Judge About How It’s Using Voter Roll Data
The acting head of the DOJ’s voting section told a judge last week that the agency had not touched the nonpublic voter roll data it has collected. That wasn’t true.
David Gilbert
Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s
Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more.
Andrew Couts