A Tough Defense for the Toughest Offenses®


Policing Domestic Cryptomarkets

The DarkNet

Online Markets for illegal goods and services, such as Silk Road, are commonly referred to as cryptomarkets, or Darknet markets (DNM). In this context, the Darknet is a set of networks within the Internet, based on peer-to-peer technologies as part of encryption processes.[1] Cryptomarkets are websites located on the Darknet and designed to allow the trafficking of illicit goods and services, mainly drugs.[2] Although the bulk of economic is derived from the narcotics trade, the cryptomarkets are online apparatuses that can support the trade of any illicit goods or services – while keeping the identity of sellers, consumers and administrators totally concealed. Connections are established through a sequence of nodes, each of them having encryption features. The most popular method of encrypting these nodes is the commonplace TOR browser (The Onion Router).[3] However, other networks based on enhanced routing techniques are also available, such as I2P (Invisible Internet Project).[4] Moreover, communications between participants are encrypted as well, using PGP (Pretty Good Privacy) cryptography, which implies the sharing of public keys on the marketplace.[5] Lastly, cryptocurrencies – mainly bitcoins – are the exclusive payment method on cryptomarkets. Transactions in bitcoins are requested by buyers and approved collectively through the bitcoin system. For this reason, bitcoin is not a currency centralized by a bank or guaranteed, nor controlled, by a government.[6]

Trade on Cryptomarkets

The online trading of illegal goods and services is a criminal activity that may take various forms. However, drugs constitute the bulk of the online market. Due to the differing legal status of these substances from one country to another, the online selling of traditional illicit drugs (cocaine, heroin, and cannabis) became very popular with the creation of online platforms such as Silk Road. After Silk Road was shut down in October 2013, several other cryptomarkets rose on the Darknet.[7] One of them, Evolution, was launched on January 14, 2014, and shut down on March 18, 2015. By the end of 2014, Evolution was one of the major active cryptomarkets, along with Agora. The success of Evolution and Agora is explained by the fact that they were the sole surviving platforms after Operation Onymous, an international operation held in early October 2014 aimed at shutting down several cryptomarkets.[8]

Evolution transactions were based on an escrow system. And as the cryptomarket grew, the number of bitcoins held in escrow became massive. Evolution shut down on March 18, 2015 (taking with it all bitcoins held in escrow), and it is hypothesized that the administrators “exit scammed” their users.[9]

Policing the DarkNet

In the 2014 World Drug Report, the rise of hidden, Dark Net drug markets was belatedly acknowledged. The Report set out that the variety of drugs available on the Dark Net appeared to be ‘diverse and growing’ and this posed ‘unique challenges for law enforcement.’38 As outlined by Interpol in the September 2014 Internet Organised Crime Assessment (iOCTA), the relationship between customer and vendor in the hidden markets is purely transactional. ‘Criminals in cyberspace do not need to be close to the crime scene, they might never even travel to the target country’, their activities can be conducted transnationally and ‘with minimum effort and risk by hiding their identity’, the Assessment notes. By contrast, in the off-line world ‘criminals normally need to be physically present at the crime scene and can typically only commit one offense at a time.’39

In August 2013 an announcement was posted on Hidden Wiki (Box 10) that Freedom Hosting, a service inside the Tor network providing privacy tools that included TorMail, had been taken down by the US FBI and that its owner resident in Ireland had been arrested.40 This followed an investigation into child sexual exploitation. Servers of Freedom Hosting for Tormail, which included the entire e-mail database were seized, sending shockwaves through the hidden web. The FBI obtained a vast trove of e-mail, highlighting the importance of robust security protocol in hidden market transactions

Arrests following the seizure were widely reported in the media, ensuring continued high profile coverage of Silk Road and hidden markets.42 Two months after Freedom Hosting’s closure, the FBI arrested San Francisco based Ross William Ulbricht as the alleged Silk Road operator Dread Pirate Roberts and seized assets of the site (Box 11), primarily 29,000 Bitcoins valued at approximately $5 million.43 The FBI described Silk Road as ‘the most sophisticated and extensive criminal marketplace on the Internet’ with a turnover of $1.2 billion and generation of $80 million in commissions for its administrators.

However, closing Silk Road and arresting Dread Pirate Roberts had no long term or catastrophic impact on the Silk Road project or hidden markets more broadly; quite the reverse. It stimulated new competition, innovation in business models and the launch of Silk Road 2.0

Caught Buying and Selling on the Darknet

Users are protected by a veil of technological anonymity on the dark web. It is therefore often portrayed as a space beyond the reach of law enforcement, where anything can be bought or sold without fear of prosecution. That could not be more wrong.

In fact, police all over the world use a variety of different techniques to identify and convict dark web drug dealers, weapon buyers, child pornographers, and more in the past several years. If anything, law enforcement agencies have become more accustomed to working in this space, and are likely to develop even more methods of infiltrating the DarkNet markets.


Officers can circumvent online protection by simply attacking the endpoint; that is, the user’s computers. That’s what happened to a large dark web child pornography site called Playpen: the agency deployed malware, and when a user clicked on any child pornography-related forum their real IP address was sent to investigators.[10]

Hacking is the most effective way of identifying people on the dark web, at least based on the number of computers unmasked. As part of the operation, the FBI harvested over 1000 U.S.-based IP addresses, and Europol generated 3,229 of its own cases.[11] Those leads did not all result in convictions, but over 135 people were charged in the US in 2016, and new cases continue to be charged by Federal and State agencies.


Going undercover on the dark web can be a highly effective tactic. For six months, investigators posed as weapons dealers.[12] Anyone wanting to purchase guns had to provide a postal address, making it a simple task for police to then link real identities to potential customers. In all, law enforcement busted over a dozen people.

Undercover agents have also penetrated wider dark web organizations. On the original Silk Road, authorities took over the account of a staff member. The undercover agent gained enough trust to be invited into the site’s 2.0 launch in late 2014. From the very start of the second Silk Road, police already had an informant able to contact directly with the marketplace’s owners and feed information to other agents.

Law enforcement has taken advantage of the protections offered by Tor to blend in with everyone else—on the dark web, you never really know who is on the other end of a conversation.


The UK and the United States have set up dedicated units for tackling dark web crime, which takes advantage of the country’s mass surveillance capabilities. The National Security Agency (NSA), National Crime Agency (NCA), and Government Communications Headquarters (GCHQ) operate on an international level and utilize technologies that circumvent domestic laws. According to government documentation, bulk data has supported the targeting of several DarkNet platforms.[13] However, evidence obtained by interception is generally not admissible in a domestic court.


The dark web drug trade ultimately relies on the postal system or ordinary couriers. If dealers do not properly package their product and make sure its “stealth” is up to scratch, customs officials may seize the package. Moreover, law enforcement then investigates who the package was being sent to, and where it was coming from.

Charged with Purchasing Illegal Goods or Services Online? We Can Help!

Call Wasatch Defense Lawyers at (801) 980-9965. There are several ways to challenge and even suppress digital evidence. Wasatch Defense Lawyers has a team of experienced attorneys capable of ensuring that our clients get the best possible outcome.


[1] Aked S, Bolan C, Brand M (2013). Determining what characteristics constitute a Darknet. Proceedings of the 11th Australian Information Security Management Conference. Perth, Australia. 12-20

[2] Rhumorbarbe et al. Forensic Science International (2016) [The most frequent categories of illicit drugs offered by vendors were cannabis-related products (around 25%) followed by ecstasy (MDA, MDMA) and stimulants (cocaine, speed].

[3] AlQahtani A, El-Alfy E (2015). Anonymous connections based on onion routing: A review and a visualization tool. Procedia Computer Science, 52, 121-8.

[4] Zantout B, Haraty R (2011). I2P data communication system. Proceedings of the Tenth International Conference on Networks. Sint Marteen, Netherlands Antilles. 401-9.

[5] Broséus J, Rhumorbarbe D, Mireault C, Ouellette V, Crispino F, Décary-Hétu D (2016). Studying illicit drug trafficking on Darknet markets: structure and organization from a Canadian perspective. Forensic Science International, 264, 7-14; Reid F, Harrigan M (2011). An analysis of anonymity in the bitcoin system. Proceedings of the International Conference on Privacy, Security, Risk and Trust (PASSAT) and International Conference on Social Computing (SocialCom). Boston, USA. 1318-26; Soska K, Christin N (2015). Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. Proceedings of the 24th USENIX Security Symposium. Washington D.C., USA. 33-48.

[6] Böhme R, Christin N, Edelman B, Moore T (2014). Bitcoin: economics, technology, and governance. Journal of Economic Perspectives, 29, Harvard Business School NOM Unit Working Paper No. 15-015. Available at http://ssrn.com/abstract=2495572 (06.04.2016).

[7] Rhumorbarbe et al. Forensic Science International (2016); Van Buskirk J, Roxburgh A, Bruno R, Burns L (2014). Drugs and the Internet, Issue 2. Available at https://ndarc.med.unsw.edu.au/sites/default/files/ndarc/resources/Drugs&TheInternet_Issue2.pdf

[8] Van Buskirk J, Roxburgh A, Bruno R, Burns L (2015). Drugs and the Internet, Issue 4. Available at https://ndarc.med.unsw.edu.au/sites/default/files/ndarc/resources/Drugs & The Internet Issue 4.pdf (12.01.16)

[9] Id.

[10] https://motherboard.vice.com/read/fbi-hacking-tool-only-targeted-child-porn-visitors; https://www.vice.com/en_us/article/qkj8vv/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers

[11] https://www.vice.com/en_us/article/aekeq4/the-fbi-may-be-sitting-on-a-firefox-vulnerability.

[12] https://www.vice.com/en_us/article/vvbnn3/dark-web-guns-bust-over-a-dozen-arrested-in-undercover-operation


Craig R. Chlarson