Tag Archives: Tor

List of Hidden Marketplaces (Tor & I2P)

Silk Road 2.0

Silk Road 2.0

Silk Road 2.0 Url:  silkroad6ownowfk.onion
Forum Url: silkroad5v7dywlc.onion
Sub reddit URL:  http://www.reddit.com/r/SilkRoad/ & http://www.reddit.com/r/SilkRoadTwo (this one is very new and not so active yet)
Note: Good luck.

Continue reading List of Hidden Marketplaces (Tor & I2P)


The War Against Tor: Russia Takes Aim At Popular Web Anonymizer

With nearly 150,000 users, Russia is currently the third-highest user of Tor in the world. (file photo)

Moscow — The Russian authorities apparently have a new enemy in their crosshairs: web tools that give users online anonymity.

On February 5, lawmaker Leonid Levin proposed blocking so-called web anonymizers including the most popular program, called Tor.

Tor — an acronym for “The Onion Router” — is encryption software that allows users to stealthily surf the Internet and bypass locally-imposed web restrictions.

Levin’s proposal won quick backing from Roskomnadzor, Russia’s state communications watchdog.

Roskomnadzor’s press secretary, Vadim Ampelonsky, derided Tor users as “ghouls” and likened the program to a hangout for criminals. He seconded the call for it to be blocked, saying it is “technically complex, but solvable.”

Internet analysts, however, are skeptical.

“It’s impossible to block Tor,” said Irina Levova, a Moscow-based Internet analyst.

Levova added that the authorities could feasibly block all encrypted Internet traffic. But such a move would wreak havoc on online banking and commerce. They could also address the problem legislatively, by banning software that bypasses web filters.

With 143,000 users, Russia is the third-highest user of Tor in the world, after the United States and Germany.

To conceal users’ locations and usage, the Tor browser, which can be downloaded free of charge, directs Internet traffic through a worldwide volunteer network consisting of thousands of relays.

It is popular among privacy advocates, private investigators, journalists, bloggers, hackers, and criminals.

In Russia, Tor has the additional use of helping dissidents bypass web censorship amid the country’s creeping online clampdown.

Under legislation purportedly to protect minors from suicide, sexual exploitation, and drug abuse, authorities have obtained the power to extra-judicially block websites.

The legislation was used to deny many Russians access to three opposition news portals — Kasparov.Ru, Grani.Ru, Yezhednevny Zhurnal.

Opposition leader Aleksei Navalny has also had his blog blocked, while popular liberal radio station Ekho Moskvy was briefly blocked on some Internet service providers.

The first official call to block Tor came from the Federal Security Service back in June 2013.

Anatoly Kucherena, an FSB-affiliated lawyer, told the pro-Kremlin daily Izvestia at the time that lawmakers should impose penalties for creating websites that allow users to bypass the web black list.

And, in June 2014, the Interior Ministry announced a tender on the government procurement website offering 3.9 million rubles for research that would allow authorities to identify Tor users.

According to the Tor Project’s website, the number of Russian users surged after the tender was announced.

And this, said Internet analyst Levova, illustrates the dilemma the authorities face in confronting Tor: the more they try to block it, the more popular it becomes.

And Tor users say they are not concerned about all the scrutiny.

Mika, a 30-year-old Tor user who runs a smartphone software company, has been using the program to access banned opposition websites since 2014.

“How are you supposed to block constantly changing proxies?,” said Mika, who declined to give his last name.

The dark web: what it is, how it works, and why it’s not going away

The AutoMotovated Cyclist

2014 saw the continued growth of the dark web, a collection of underground websites that allow people to engage in often-illegal activities beyond the reach of law enforcement. Here’s what the dark web is, how it works, and why it’s not going away any time soon.

What is the dark web?

The dark web is a general term for the seedier corners of the web, where people can interact online without worrying about the watchful eye of the authorities. Usually, these sites are guarded by encryption mechanisms such as Tor that allow users to visit them anonymously. But there are also sites that don’t rely on Tor, such as password-protected forums where hackers trade secrets and stolen credit card numbers, that can also be considered part of the dark web.

People use the dark web for a variety of purposes: buying and selling drugs, discussing hacking techniques and selling hacking services, trading child pornography, and so forth.

It’s important to remember that the technologies used to facilitate “dark web” activities aren’t inherently good or bad. The same technologies used by drug dealers and child pornographers to hide their identity can also be used by whistleblowers and dissidents in repressive regimes.

What’s Tor? Why is it important for the dark web?

(Jussi Mononen)

Tor, which stands for “the onion router,” is a technology that allows people to browse the web and access online services without revealing their identities. The Tor network consists of thousands of servers located all over the world. They’re run by volunteers seeking to bolster privacy rights.

When you browse the web using a Tor-based browser, your communications are automatically bounced off of several Tor servers before they reach their destination. The process makes it almost impossible for anyone to trace the traffic back to you. According to documents released by Ed Snowden, even the NSA has struggled to unmask Tor users.

Tor allows the creation of hidden services, websites that use the Tor network to hide their physical location. This technology has allowed the creation of websites devoted to illegal activities that are difficult for the authorities to trace and shut down.

Surprisingly, Tor was created with financial support from the US government, which wanted to promote the free flow of information. Government support for Tor has continued in recent years as part of the State Department’s internet freedom agenda, which seeks to help people in repressive regimes gain access to information censored by their governments.

While Tor has many illicit uses, it also has a lot of legitimate ones. For example, Facebookrecently announced a version of its website that can be accessed over the Tor network, which will make it easier to access the site from countries that restrict the service, such as China and Iran.

What kind of information can you find on the dark web?


Almost any type of illegal and legally questionable products and services can be found somewhere in the internet’s underground.

One of the best examples is the Silk Road, a now-defunct website that, for more than two years, operated as a kind of illicit eBay. The Silk Road was most famous for offering a wide variety of illegal drugs, but it offered other illicit products as well. You could buy fake IDs, pirated DVDs, fireworks, and stolen credit-card numbers.

The Silk Road website was a Tor hidden service, which made it difficult for the authorities to shut the site down. All transactions were conducted using Bitcoin, meaning they couldn’t be traced the way credit-card transactions can be. But eventually, law enforcement was able to identify the site’s alleged operator, who was arrested in 2013.

Almost immediately, copycat sites sprang up. A successor site called Silk Road 2 was founded in 2013, but it was infiltrated by law enforcement and shut down in 2014. Currently, one of the largest Silk Road successors is a site called Evolution. Ars Technica recently reported that it had 26,000 product listings.

Even these sites had some lines they weren’t willing to cross. For example, all three sites barred child pornography listings. But other dark web sites exist to help users find and distribute this kind of material. A recent study by computer scientist Gareth Owen suggested that sites related to child abuse and child pornography could account for as much as 80 percent of traffic to Tor hidden services (though hidden services account for a small fraction of Tor traffic overall).

Why has Bitcoin become popular on dark web sites?


If you tried to set up an illicit drug marketplace that used conventional credit cards, it wouldn’t last very long. For one thing, Visa and Mastercard rules would likely bar you from getting a merchant account. And customers would be wary of using a credit card linked to their real identity to make illicit purchases. You’d also have to worry about customers reversing charges after the goods had been delivered, since you can’t exactly go to the authorities if your customers rip you off.

In short, a digital black market needs the digital equivalent of cash. And that’s exactly what Bitcoin is. Bitcoin, like cash, allows transactions to be made anonymously. And with no one in charge of the Bitcoin network, there’s no one with the authority to block illicit transactions.

But we shouldn’t overstate Bitcoin’s anonymity. You don’t need to prove your identity before using the Bitcoin network the way you do with credit cards. But that doesn’t necessarily mean the authorities won’t be able to trace buyers and sellers. Indeed, information about every Bitcoin transaction is publicly available; by examining the pattern of transactions, the authorities may be able to tie a Bitcoin transaction to a real-world identity.

For example, the authorities were allegedly able to prove that the founder of Silk Road 2cashed out $273,626.60 worth of bitcoins, then used some of the cash to buy a brand new Tesla Model S. We don’t know exactly how the authorities made this connection, but they may have subpoenaed the exchange that converted the bitcoins into dollars. Disguising bitcoin earnings is a complex and difficult task; one slip-up can reveal your real identity.

As with Tor, it’s important to note that not all, or even most, uses of the Bitcoin network are for illicit purposes. There are tens of thousands of legitimate businesses that accept Bitcoin. But criminals have been attracted to Bitcoin for the same reasons they’ve been attracted to conventional cash.

Is the dark web the same thing as the deep web?

No, the deep web is a broader concept. It refers to all online content that’s not accessible to search engines. That includes the internet’s underground economy, but it also includes mainstream websites that simply aren’t set up for Google’s and Bing’s web crawlers. For example, most of Facebook is part of the deep web: most Facebook content is only available to the poster’s friends, not the general public. Similarly, many searchable databases won’t come up in Google results even though anyone can access them.

Can the authorities ever stamp out the dark web?

(Daniel ‘Bucko’ Buxton)

The government is unlikely to ever fully suppress the dark web for the same reason that law enforcement has never been able to eliminate conventional black markets: there’s a lot of demand for the information and products offered on these sites, and there’s always going to be someone willing to take the risks involved in meeting that demand.

And these sites can earn a lot of money. Silk Road 2, for example, reportedly earned $8 millionin a single month before it was shut down. That kind of money will always attract copycats who believe they can succeed where their predecessors had failed.

Moreover, the government probably can’t — and shouldn’t — shut down the underlying technologies that make the dark web possible. Tor provides crucial protection to dissidents and whistleblowers around the world. Bitcoin has the potential to produce significant innovationsin the payments business. And shutting down these technologies won’t stop people from using the internet for illicit purposes. Most likely, these activities will simply shift overseas, where they will be even harder for American authorities to police.

What is the World Wide Web?

The World Wide Web is a popular way to publish information on the internet. The web was created by Timothy Berners-Lee, a computer programmer at the European scientific research organizationCERN, in 1991. It offered a more powerful and user-friendly interface than other internet applications. The web supported hyperlinks, allowing users to browse from one document to another with a single click.

Over time, the web became increasingly sophisticated, supporting images, audio, video, and interactive content. In the mid-1990s, companies such as Yahoo and Amazon.com began building profitable businesses based on the web. In the 2000s, full-featured web-based applications such as Yahoo Maps and Google Docs were created.

In 1994, Berners-Lee created the World Wide Web Consortium (W3C) to be the web’s official standards organization. He is still the W3C’s director and continues to oversee the development of web standards. However, the web is an open platform, and the W3C can’t compel anyone to adopt its recommendations. In practice, the organizations with the most influence over the web are Microsoft, Google, Apple, and Mozilla, the companies that produce the leading web browsers. Any technologies adopted by these four become de facto web standards.

The web has become so popular that many people now regard it as synonymous with the internet itself. But technically, the web is just one of many internet applications. Other applications include email and BitTorrent.

Leaked NSA Documents Reveal The Best Way To Stay Anonymous Online


It’s not easy to be truly anonymous online. Sure, there are plenty of chat apps and secret-sharing sites that claim to offer you privacy, but it’s tricky to know whether US intelligence agencies have a backdoor to access them.

The best way to stay anonymous online has been to use Tor, a special kind of web browser developed to help US government employees hide their tracks online.

But if you want to be properly anonymous, you need a combination of extra services and websites on top of Tor to avoid detection. Plenty of online guides offer advice on the subject, but it’s always been hit and miss.

Now, leaked NSA documents provide a big clue on how to remain hidden. They show that the agency has trouble breaking certain methods of encryption.

Der Spiegel published a collection of documents that detail what systems the NSA has troubling decrypting. Previous documents have focused mainly on what the NSA is good at, not what it finds difficult.

The documents reveal that the NSA ranks targets according to how difficult they are to decrypt. There are five internal levels: One to five. Level one is known as “trivial,” meaning it’s pretty easy for the NSA to track targets or decrypt messages. But level five is “catastrophic,” which essentially means that the NSA can’t break the encryption.

The NSA says that reading someone’s Facebook message is a level two “minor” task. And monitoring people using Tor is tricky, with the NSA classing that as a “major” level four problem.

So any level of anonymity classed as level five, known as “catastrophic,” means that the NSA will find it nearly impossible to break.

The NSA identifies one anonymity method that it warns is virtually impossible to break. Here’s the method outlined in the leaked documents:

  • Tor
  • VPN
  • CSpace
  • ZRTP

Let’s break that down.

Tor is the special kind of web browser that helps people stay anonymous online by encrypting their web traffic.

A VPN is a service that makes an internet connection more secure, using proxy servers to hide their real-world location.

CSpace is a kind of anonymous internet chat service that uses heavy encryption to protect any files sent over its network.

ZRTP, the last part of the method, is a kind of encryption for voice calls and text chats.

Combine the above stack of services together, using multiple kind of encryption, a special web browser, and a service to hide your location, and the NSA says in its internal documents that it probably won’t be able to read your messages. The leaked NSA document says that the encryption method results in a “near-total loss/lack of insight to target communications, presence.”

The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users


For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who’s interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes.

Now Metasploit has a new and surprising fan: the FBI. WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the “Decloaking Engine” to stage its first known effort to successfully identify a multitude of  suspects hiding behind the Tor anonymity network.

That attack, “Operation Torpedo,” was a 2012 sting operation targeting users of three Dark Net child porn sites. Now an attorney for one of the defendants ensnared by the code is challenging the reliability of the hackerware, arguing it may not meet Supreme Court standards for the admission of scientific evidence.


“The judge decided that I would be entitled to retain an expert,” says Omaha defense attorney Joseph Gross. “That’s where I am on this—getting a programming expert involved to examine what the government has characterized as a Flash application attack of the Tor network.”

A hearing on the matter is set for February 23.

Tor, a free, open-source project originally funded by the US Navy, is sophisticated anonymity software that protects users by routing traffic through a labyrinthine delta of encrypted connections. Like any encryption or privacy system, Tor is popular with criminals.

But it also is used by human rights workers, activists, journalists and whistleblowers worldwide. Indeed, much of the funding for Tor comes from grants issued by federal agencies like the State Department that have a vested interest in supporting safe, anonymous speech for dissidents living under oppressive regimes.

With so many legitimate users depending upon the system, any successful attack on Tor raises alarm and prompts questions, even when the attacker is a law enforcement agency operating under a court order. Did the FBI develop its own attack code, or outsource it to a contractor? Was the NSA involved? Were any innocent users ensnared?

Now, some of those questions have been answered: Metasploit’s role in Operation Torpedo reveals the FBI’s Tor-busting efforts as somewhat improvisational, at least at first, using open-source code available to anyone.

Created in 2003 by white hat hacker HD Moore, Metasploit is best known as a sophisticated open-source penetration testing tool that lets users assemble and deliver an attack from component parts—identify a target, pick an exploit, add a payload and let it fly.


Supported by a vast community of contributors and researchers, Metasploit established a kind of lingua franca for attack code. When a new vulnerability emerges, like April’s Heartbleed bug, a Metasploit module to exploit it is usually not far behind.

Moore believes in transparency—or “full disclosure”—when it comes to security holes and fixes, and he’s applied that ethic in other projects under the Metasploit banner, like the Month of Browser Bugs, which demonstrated 30 browser security holes in as many days, and Critical.IO, Moore’s systematic scan of the entire Internet for vulnerable hosts.

That project earned Moore a warning from law enforcement officials, who cautioned that he might be running afoul of federal computer crime law.

In 2006, Moore launched the “Metasploit Decloaking Engine,” a proof-of-concept that compiled five tricks for breaking through anonymization systems. If your Tor install was buttoned down, the site would fail to identify you.

4691324827 589799d64c O


But if you’d made a mistake, your IP would appear on the screen, proving you weren’t as anonymous as you thought. “That was the whole point of Decloak,” says Moore, who is chief research officer at Austin-based Rapid7. “I had been aware of these techniques for years, but they weren’t widely known to others.”

One of those tricks was a lean 35-line Flash application. It worked because Adobe’s Flash plug-in can be used to initiate a direct connection over the Internet, bypassing Tor and giving away the user’s true IP address. It was a known issue even in 2006, and the Tor Project cautions users not to install Flash.

The decloaking demonstration eventually was rendered obsolete by a nearly idiot-proof version of the Tor client called the Tor Browser Bundle, which made security blunders more difficult. By 2011, Moore says virtually everyone visiting the Metasploit decloaking site was passing the anonymity test, so he retired the service.

But when the bureau obtained its Operation Torpedo warrants the following year, it chose Moore’s Flash code as its “network investigative technique”—the FBI’s lingo for a court-approved spyware deployment.

The FBI Used Open Source Hackerware to Uncover Tor Users In 2012

Torpedo unfolded when the FBI seized control of a trio of Dark Net child porn sites based in Nebraska. Armed with a special search warrant crafted by Justice Department lawyers in Washington DC, the FBI used the sites to deliver the Flash application to visitors’ browsers, tricking some of them into identifying their real IP address to an FBI server. The operation identified 25 users in the US and an unknown number abroad.

Gross learned from prosecutors that the FBI used the Decloaking Engine for the attack — they even provided a link to the code on Archive.org. Compared to other FBI spyware deployments, the Decloaking Engine was pretty mild.

In other cases, the FBI has, with court approval, used malware to covertly access a target’s files, location, web history and webcam. But Operation Torpedo is notable in one way. It’s the first time—that we know of—that the FBI deployed such code broadly against every visitor to a website, instead of targeting a particular suspect.

The tactic is a direct response to the growing popularity of Tor, and in particular an explosion in so-called “hidden services”—special websites, with addresses ending in .onion, that can be reached only over the Tor network.

Hidden services are a mainstay of the nefarious activities carried out on the so-called Dark Net, the home of drug markets, child porn, and other criminal activity. But they’re also used by organizations that want to evade surveillance or censorship for legitimate reasons, like human rights groups, journalists, and, as of October, even Facebook.


A big problem with hidden service, from a law enforcement perceptive, is that when the feds track down and seize the servers, they find that the web server logs are useless to them.

With a conventional crime site, those logs typically provide a handy list of Internet IP addresses for everyone using the site – quickly leveraging one bust into a cascade of dozens, or even hundreds. But over Tor, every incoming connection traces back only as far as the nearest Tor node—a dead end.

Thus, the mass spyware deployment of Operation Torpedo. The Judicial Conference of the United States is currently considering a Justice Department petition to explicitly permit spyware deployments, based in part on the legal framework established by Operation Torpedo.

Critics of the petition argue the Justice Department must explain in greater detail how its using spyware, allowing a public debate over the capability.

“One thing that’s frustrating for me right now, is it’s impossible to get DOJ to talk about this capability,” says Chris Soghoian, principal technologist at the ACLU. “People in government are going out of their way to keep this out of the discussion.”

For his part, Moore has no objection to the government using every available tool to bust pedophiles–he once publicly proposed a similar tactic himself. But he never expected his long-dead experiment to drag him into a federal case.


Last month he started receiving inquiries from Gross’ technical expert, who had questions about the efficacy of the decloaking code. And last week Moore started getting questions directly from the accused pedophile in the case— a Rochester IT worker who claims he was falsely implicated by the software.

Moore finds that unlikely, but in the interest of transparency, he answered all the questions in detail. “It only seemed fair to reply to his questions,” Moore says. “Though I don’t believe my answers help his case at all.”

Using the outdated Decloaking Engine would not likely have resulted in false identifications, says Moore. In fact, the FBI was lucky to trace anyone using the code. Only suspects using extremely old versions of Tor, or who took great pains to install the Flash plug-in against all advice, would have been vulnerable.

By choosing an open-source attack, the FBI essentially selected for the handful offenders with the worst op-sec, rather than the worst offenders.

Since Operation Torpedo, though, there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation.


For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”

A Computer Science Professor Found A Way To Identify Most ‘Anonymous’ Tor Users


Tor was supposed to be an anonymous means of browsing the Internet, but a study by computer science professor Sambuddho Chakravarty reveals that 81 percent of those using Tor can be de-anonymized by exploiting a technology in Cisco routers called Netflow. The ploy reveals a user’s originating IP address, which is analogous to identifying someone’s home address even if he or she uses a P.O. box.

By facilitating anonymity online, Tor enables people around the world to communicate securely and get around firewalls that might block certain sites in their countries. It’s also the technology that facilitated the notorious Silk Road (and subsequent iterations), seeing people trade bitcoins for assorted black market paraphernalia through the mail. The nonprofit project enables freedom of the press around the world and, for at least a time, presented a means to mail-order drugs.

The Tor browser works by way of decentralization. Your Web traffic doesn’t come directly to you, but instead arrives by way of a number of relays. Each relay makes it increasingly difficult to identify the traffic’s ultimate destination, shielding you from being associated with it. The trade-off is one of speed for purported anonymity, but this Netflow exploit is only the latest among a few incidents that seem to be punching holes in the browser’s popular conception as a bulletproof security fiend.

“That general understanding is wrong,” Kevin Johnson, CEO of independent security consulting firm SecureIdeas, said. “Tor runs on top of a complex series of interconnections between apps and the underlying network. To expect that everything in that system is going to understand and respect it, it becomes very complex.”

Consider Web traffic as though it were automobile traffic flowing down a highway. To assume that all Web traffic will follow Tor’s anonymizing “rules” is akin to assuming that every car on the highway follows all the traffic regulations, but “as we know by looking at any news report, a number of people have accidents every day,” Johnson said. “The exact same thing happens with Tor. It’s a highway system with an application that says ‘go this way,’ and we expect all of our apps to follow those signs.”

Johnson says that Cisco’s Netflow, which sits at the heart of the exploit that can de-anonymize these Tor users, is comparable to the Department of Transportation’s analytics on a given stretch of road. Instead of identifying the types of traffic — 15 percent motorcycles, 25 percent sedans, 40 percent semi trucks, and so on –Netflow can break down Internet traffic into its various types, say 50 percent email, 35 percent Web traffic, and the remainder being Tor.

Chakravarty’s technique for exploiting Netflow works by injecting a repeating traffic pattern, such as the common HTML files that most Tor users are likely to be accessing, into the connection and then checking the router’s flow records to check for a match. If it finds a match, then the user is no longer anonymous.

“When you’re looking at those kind of attacks, they’re done by government state agencies, usually foreign governments suppressing protesters or tracking dissidents. It’s harder to do in America because there’s so much other traffic,” said Jayson Street, who bears the job title of Infosec Ranger at security assessment firm Pwnie Express.

The takeaway is clear: Tor used by itself is hardly some one-stop shop to ensure anonymity online. “End users don’t know how to properly configure it — they think it’s a silver bullet,” Street said. “They think once they use this tool, they don’t have to take other precautions. It’s another reminder to users that nothing is 100 percent secure. If you’re trying to stay protected online, you have to layer your defenses.”

Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains

Photo: Josh Valcarcel/WIRED

When “Operation Onymous” first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it’s a scorched-earth purge of the Internet underground.

On Friday, the European police agency Europol along with the FBI and the Department of Homeland Security announced that the operation has now arrested 17 people in as many countries and seized hundreds of Dark Web domains associated with well over a dozen black market websites.

In addition to the takedowns of drug markets Silk Road 2, Cloud 9 and Hydra revealed Thursday, it’s also busted contraband markets like Pandora, Blue Sky, Topix, Flugsvamp, Cannabis Road, and Black Market. Other takedown targets included money laundering sites like Cash Machine, Cash Flow, Golden Nugget and Fast Cash.

And agents have taken from criminal suspects more than $1 million in bitcoin, $250,000 in cash, as well as an assortment of computers, drugs, gold, silver and weapons that they had yet to fully catalogue.

In all, the agency says it’s seized 414 “.onion” domains, the web addresses used by the anonymity software Tor that hides the physical location of those sites’ servers.

When WIRED spoke Thursday night with Troels Oerting, head of the European Cybercrime Center, he said his staff hadn’t even had time to assemble the full list of sites it’s pulled down in the sprawling operation.

“One of the primary targets was the Silk Road guy,” said Oerting, referring to Blake Benthall, the 26-year old coder arrested in San Francisco Wednesday and accused of managing the popular Silk Road 2 drug site. “But we also decided to see if we could identify more of the administrators of these sites and remove their infrastructure as well…Some moved before we could act, but we’ve taken most of our targets down.”

Europol didn’t immediately share the details of the 17 arrests related to the operation. But aside from Benthall, it revealed earlier on Thursday that two individuals had been arrested in Dublin in a large Dark Web-related drug bust.

Silk Road 2 seized

Just how law enforcement agents were able to locate the Dark Web sites despite their use of the Tor anonymity software remains a looming mystery. In its criminal complaint against Benthall, for instance, FBI agent Vincent D’Agostini writes merely that in May of 2014 the FBI “identified a server located in a foreign country believed to be hosting the Silk Road 2.0 website at the time,” without explaining how it bypassed Tor’s protections.

The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.

Asked how Operation Onymous located the sites, Europol’s Oerting was unapologetically secretive. “This is something we want to keep for ourselves,” he said. “The way we do this, we can’t share with the whole world, because we want to do it again and again and again.”

The organization that created and maintains Tor, the non-profit Tor project, said it didn’t have any more information on Operation Onymous’ techniques. But it downplayed the threat of a vulnerability in Tor’s safeguards for the tough-to-trace sites it protects known as Tor hidden services.


“It sounds like old-fashioned police work continues to be effective,” said Andrew Lewman. “It could be [that law enforcement targeted] common people or organizations running these hidden services, or a hosting company, or something more mundane than a hidden service exploit.”


Despite whatever tricks Europol and its American counterparts used to unmask the sites, several of the most popular Dark Web drug markets have nonetheless eluded them.

study by the non-profit Digital Citizens Alliance in September found that the six most popular Tor-based markets by total product listings were Silk Road 2, Agora, Evolution, Pandora, Andromeda, and BlueSky. Operation Onymous captured fully half of those top sites.

But Agora, Evolution and Andromeda remain online and will likely absorb many of the refugee buyers and sellers from the law enforcement busts.

In fact, Agora had already passed the Silk Road in total product listings with more than 16,000 mostly-illegal offerings, and the fast-growing marketplaceEvolution was already on pace to soon take the second place spot in the underground economy.

Operation Onymous comes just over a year after the takedown of the original Silk Road drug site and the arrest of its alleged creator Ross Ulbricht, whose trial is scheduled for January.

In an open letter to Attorney General Eric Holder just last week, New York Senator Charles Schumer called for a renewed crackdown on the flourishing Dark Web sites that have filled the void left by the original Silk Road.

He pointed to statistics that show that more than twice as many drugs are now being sold on the Dark Web compared to when the original Silk Road was online.

Though Operation Onymous left many of that underground economy’s major players intact, Europol’s Oerting said he was more confident than ever that the remaining sites can be tracked down and pulled off the Internet.

“This is just the beginning of our work. We will hunt these sites down all the time now,” he said, praising the cooperation of all the international law enforcement agencies involved.  “We’ve proven we can work together now, and we’re a well-oiled machine. It won’t be risk-free to run services like this anymore.”