Dozens of ‘Dark Web’ Criminal Websites Seized in Silk Road 2.0 Investigation

In the November, 2013 edition of Homeland Security Today, we noted that when a propitious misstep by 29-year-old Ross William Ulbricht, proprietor of the estimated $1.2 billion criminal bazaar called the Silk Road was busted by the Feds, it had illuminated a slimy subterranean place secreted deep below the Web where terrorists, narco-traffickers, gun-runners, mercenaries, assassins-for-hire, pedophiles and villains of every lurid ilk were plying their tradecraft in the shadows of this iniquitous digital underworld.

It was a squalid, artfully hidden network of encrypted websites beyond Google, Facebook and stay-at-home online shopping malls, according to the criminal complaint against Ulbricht and the affidavit of FBI Special Agent Christopher Tarbell, who led the investigation of the former physics and engineering student.

Disturbingly, at its most far-flung extremities, the “Dark Web” is estimated to represent as much as 96 percent of the total Internet, according to a study by Steve Pederson, CEO of BrightPlanet, a provider of deep Web intelligence solutions.

Only felonious criminals, it seemed, knew where the artfully hidden access ramps to this outlaw underworld were situated.

This netherworld was the subject of Homeland Security Today’s November 2013 groundbreaking investigative cover report, The Dark Web: The Place Where Digital Evil Lurks. It revealed a place that’s the stuff of celluloid techno-thrillers. A fetid digital ecosystem where the fictional Raymond Reddington’s of the world come to life.

The FBI described the Silk Road as "the most sophisticated and extensive criminal marketplace on the Internet today.”

When the FBI and other federal agencies took action in October 2013 to take down Ulbricht, the mastermind behind the murky Silk Road, it thrust this shadowy domain of the Web into the national spotlight. And it left more than just a few federal agencies scrambling to play catch-up.

Indeed, the Fed’s takedown of Ulbricht’s Silk Road spectacularly threw open the blinds covering this vast underworld of clandestine illicit activities, allowing the vivid illumination of just a portion of the lurid depths of the Internet — a  sketchy place that continues to be a desirable virtual travel destination for both novice and veteran criminals.

But even though authorities closed all the entrances they could find, there were many other highways, byways, roads, paths and foot trails leading to it. Indeed. On the morning of November 6, 2013, barely a month after federal agents shut down the original Silk Road, the so-called “Silk Road 2.0” emerged — launching an international effort to bring down the incarnation.

Homeland Security Today Contributing Writer Matthew Hoey, the Boston-based security analyst who penned the November 2013 Dark Web cover story, cautioned that while for the time being “access to this virtual space may be limited to those with advanced skills … this is sure to soon change.”

“Once the technological hurdles standing between novices and the Dark Web are removed,” he forewarned, “the real perils will truly have escaped from this Pandora’s box.”

Homeland Security Today reported at the time that federal and international law enforcement agencies will have to keep an ever wary eye on the Dark Web. They said they were sure they can.

“People who believe they can commit crimes anonymously using the Internet should reconsider,” said US Attorney for the District of Maryland Rod J. Rosenstein at the time.

Rosenstein’s implied threat to bring down Silk Road 2.0 came to pass – at least in part — this past week when dozens of dark market websites offering a range of illegal goods and services for sale on the Tor network went dark Thursday following a coordinated international law enforcement action.

The seizure of these dark market websites, including Silk Road 2.0, were the result of an extensive investigation by Immigration and Custom Enforcement’s (ICE) Homeland Security Investigations (HSI), FBI and law enforcement agencies of approximately 16 foreign nations working under the umbrella of EUROPOL’s European Cybercrime Center (EC3) and Eurojust.

The seizures followed the arrest Wednesday of Blake Benthall, aka “Defcon,” for his alleged role in operating the Silk Road 2.0 website.

Since its launch in November 2013, Silk Road 2.0 has been used by thousands of drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to buyers throughout the world, as well as to launder millions of dollars generated by these unlawful transactions," the criminal complaint alleged. As of September 2014, Silk Road 2.0 was generating sales of at least approximately $8 million per month.

"This action constitutes the largest law enforcement action to date against criminal websites operating on the Tor network, a special network of computers on the Internet designed to conceal the true IP addresses of the computers on the network,” jointly announced HSI Executive Associate Director Peter Edge, Assistant Attorney General of the Justice Department’s Criminal Division Leslie R. Caldwell, US Attorney of the Southern District of New York Preet Bharara and George Venizelos, assistant director in charge of the FBI New York.

The Tor network is a series of websites with the URL extension “” It’s the designation for sites that reside within what is known as the Tor Hidden Services Gateway, Hoey wrote, emphasizing that the “easily downloadable Tor Browser Bundle is simply anonymizing software that provides its users with the means to communicate and browse the Internet while effectively covering their digital footprints."

Hoey wrote, "Tor allows users to access the Web via a network of more than 4,000 relays scattered around the world to conceal a user’s activity and location, thus undermining law enforcement efforts to conduct network surveillance and traffic analysis. Along the way, data is encrypted and re-encrypted multiple times, making interception, detection and law enforcement surveillance exponentially more difficult — and requires computational power not readily available to state and local investigators.”

“Using the Tor software bundle,” Hoey continued, “users essentially become virtually untraceable. Yet, to enter Silk Road or sites like it, one simply needs the URL, which means if a user has the skills to navigate Google — or any website for that matter — he can also theoretically use the Tor browser to hide his purchase of anything from a .45 Auto Glock G30 to a bogus European passport. And the only firewall that exists between the seller and the streets is the postal carrier.”

"Designed to fill the void left by the government’s seizure of Silk Road, Silk Road 2.0 was virtually identical to the original Silk Road website in the way it appeared and functioned," the Fed’s said. "In particular, like its predecessor, Silk Road 2.0 operated exclusively on the Tor network and required all transactions to be paid for in Bitcoins in order to preserve its users’ anonymity and evade detection by law enforcement."

“Underground websites such as Silk Road and Silk Road 2.0 are like the Wild West of the Internet, where criminals can anonymously buy and sell all things illegal,” Edge said, noting, “We will continue to use all of our resources and work closely with our US and international law enforcement partners to shut down these hidden black market sites, and hold criminals accountable who use anonymous Internet software to peddle their illegal activities.”

Bharara said, “As illegal activity online becomes more prevalent, criminals can no longer expect that they can hide in the shadows of the ‘dark web.’ We shut down the original Silk Road website, and now we have shut down its replacement, as well as multiple other ‘dark market’ sites allegedly offering all manner of illicit goods and services, from firearms to computer hacking. In coordination with domestic and international law enforcement agencies, we will continue to seize websites that promote illegal and harmful activities, and prosecute those who create and operate them.”

“It is a plain fact that criminals use advanced technology to commit their crimes and conceal evidence – and they hide behind international borders so they can stymie law enforcement. But the global law enforcement community has innovated and collaborated to disrupt these ‘dark market’ websites, no matter how sophisticated or far-flung they have become,” Caldwell added.

“In today’s world, we do everything online from banking to grocery shopping. In much the same way, criminals have taken their illicit business to the ‘Tor’ network,” Venizelos said. “However, websites that offer everything from drugs to illegal services on these black-market sites are not out of reach of law enforcement, as today’s announcement shows. We will continue to work with law enforcement at home and abroad to investigate, disrupt, and dismantle illicit networks that pose a threat in cyberspace.”

According to the forfeiture complaint and other public documents, the Fed’s operation targeted dozens of dark market websites and computer servers operating on what is known as “The Onion Router,” or Tor network, which is part of the deep underground Web ’s specifically designed to make it practically impossible to physically locate the computers hosting or accessing websites on dark market sites.

“These sites were all operating online black markets, openly advertising on their home pages and offering to sell a variety of illicit goods and services to customers in the United States and elsewhere,” the Fed’s said. “The advertised goods and services included, among other things: illegal narcotics; firearms; stolen credit card data and personal identification information; counterfeit currency; fake passports and other identification documents; and computer-hacking tools and services.”

Dark market websites are designed to facilitate illicit commerce by providing anonymity to sellers and buyers in at least two ways. First, the dark market sites are only accessible to users of the Tor anonymizing network. Second, the dark market sites accepted payments for their illicit goods and services in Bitcoin or similar electronic currency designed to be as anonymous as cash.

The federal and international operation to bring down Silk Road 2.0 involved the seizure of over 400 Tor website addresses – known as “.onion” addresses – as well as the servers hosting them.

Examples of the websites seized include:

  • “Pandora” (pandora3uym4z42b.onion), “Blue Sky” (blueskyplzv4fsti.onion), “Hydra” (hydrampvvnunildl.onion) and “Cloud Nine” (xvqrvtnn4pbcnxwt.onion). All were dark markets similar to Silk Road 2.0 offering an extensive range of illegal goods and services for sale, including drugs, stolen credit card data, counterfeit currency and fake identity documents like passports.
  • “Executive Outcomes” (http://iczyaan7hzkyjown.onion) specialized in exotic firearms trafficking. It used “secure drop ship locations” throughout the world so that “anonymity [was] ensured” throughout the shipping process. The sellers also ensured that all serial numbers from the weapons it sold were “remove[d] . . . and refill[ed] with metal.”
  • “Fake Real Plastic” (http://igvmwp3544wpnd6u.onion) sold counterfeit credit cards, encoded with “stolen credit card data” and “printed to look just like real VISA and Mastercards.” The cards were “[g]uaranteed to have at least $2,500 left on [the] credit card limit” and could be embossed with “any name you want on the card.”
  • “Fake ID” (http://23swqgocas65z7xz.onion) offered fake passports from a number of countries. It advertised “high quality” passports that included “all security features” of original documents, and offered the ability to “affix almost all kind of stamps into the passports.”
  • “Fast Cash!” (http://5oulvdsnka55buw6.onion) and “Super Notes Counter” (http://67yjqewxrd2ewbtp.onion) offered to sell counterfeit Euros and US dollars in exchange for Bitcoin.

The seizures were the results of an extensive joint effort in the US by HSI and its Cyber Crimes Center and Chicago-O’Hare Field Office, the FBI and its New York Special Operations and Cyber Branch and the Drug Enforcement Administration’s (DEA) New York Organized Crime Drug Enforcement Strike Force, which comprises agents and officers of DEA, Internal Revenue Service, New York City Police Department, New York State Police, Bureau of Alcohol, Tobacco, Firearms and Explosives, US Secret Service, US Marshals Service, Office of Foreign Assets Control and the New York Department of Taxation. The Department of Justice’s Computer Crime and Intellectual Property Section and the Office of International Affairs also were involved.

Overseas, the operations by law enforcement authorities in Bulgaria, Czech Republic, Finland, France, Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Netherlands, Romania, Spain, Sweden, Switzerland and the United Kingdom were coordinated through Eurojust and EUROPOL’s EC3.

Not surprisingly, the investigation remains ongoing, as law enforcement authorities wait for Silk Road 3.0 – or some variant – to quickly emerge. The reality is, the Dark Web facilitates way too many criminal moneymaking enterprises for an equivalent byway not to be constructed, and very soon.

(Visited 28 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply