Dismantling a Dark Web Drug Depot
Inside Operation Bayonet, the sting that took down an empire.
- 01
How to take down a dark web drug empire
In the fall of 2016, Dutch police finally caught the trail of one of the dark web’s biggest drug markets: Hansa. More than 3,600 dealers frequented the site, selling everything from MDMA to heroin.\ \ Normally, cops would shut it down—but this time, they started dealing the drugs themselves. This is the story of Operation Bayonet. - 02Before we dive into how cops pulled off one of the most epic drug busts to date, let’s talk about the dark web: a collection of encrypted sites you can only get to via a special browser.\ \ Anyone can visit them, but it’s almost impossible to know where they come from.
- 03This time was different.\ \ The cops stumbled upon Hansa when security researchers found an outdated chatlog that contained a gold mine (at least by dark-web standards): two names and a home address. The police finally had real suspects.
- 04As it turned out, those suspects were also selling pirated ebooks and audiobooks—and were already under investigation in Germany for it. (Not the best at being criminals, clearly.)\ \ The Dutch cops had the bright idea to use the German investigation as a cover—allowing them to secretly seize control of Hansa and throw the dark web into disarray.
- 05Before the cops could spring their trap, though, Hansa went dark: no server activity, nothing to track. The suspects were onto them.\ \ Months went by without a sign of life. Then, an address the cops were monitoring made a bitcoin payment. The authorities were ready to strike.
- 06Late last June, German police raided the homes of Hansa’s admins. At the same time, Dutch police migrated Hansa’s data onto police servers.\ \ Within days, the cops had full control of Hansa—though from the outside, everything looked like business as usual.
- 07Turns out cops are pretty good at running drug markets.\ \ A team of officers studied Hansa’s conversation logs and took turns impersonating the site’s two admins. And when buyers and sellers got into disputes, the undercover agents handled them better than the admins had.
08
- 09But just before the cops had taken over Hansa, another dark-web drug market—AlphaBay, the world’s largest—was shut down. Its users flocked to Hansa, and the cops took advantage.\ \ They rewrote the site’s code to log every user’s password, saved the geolocation data of every picture, and fooled sellers into downloading a GPS tracker.
- 10After 27 days and 27,000 (\!) transactions as drug kingpins, police shut Hansa down.\ \ They arrested a dozen of Hansa’s top vendors, logged data on 420,000 users—including at least 10,000 addresses—and seized millions of dollars’ worth of bitcoin.
- 11Operation Bayonet didn’t end online drug markets, but it sent a shockwave through the dark web. Most of Hansa’s vendors were so shook they either stopped selling on the dark web or changed their online identity entirely.\ \ Forget takedowns—takeovers might be the future of fighting crime on the dark web.
Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More
The Teens Who Hacked a Video Game Empire—and Went Too Far
Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.
Brendan I. Koerner
Inside an Epic Hotel Room Hacking Spree
A vulnerability in hotel keycard locks was a security disaster—and a huge opportunity for one burglar.
Andy Greenberg
How a Dorm Room Minecraft Scam Brought Down the Internet
A DDoS attack that crippled the internet wasn't the work of a nation-state. It was three college kids working an online gaming hustle.
Garrett M. Graff
How So Many Researchers Found a 20-Year-Old Chip Flaw
The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.
Andy Greenberg
Inside the Unnerving Attack That Corrupted CCleaner
CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.
Lily Hay Newman
Google Security Engineer Arrested in Million-Dollar Polymarket Trading Scheme
According to federal prosecutors, Michele Spagnuolo made more than $1 million on the prediction market platform using confidential information about Google Search traffic.
Kate Knibbs
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.
Andrew Couts
Enclayve Is a Drab Black Box for Your Private Group Chats
I put my family on a private social network, and all I got was this lousy group chat. At least it’s secure.
Boone Ashworth
A Woman Was in the US Legally. She Was Deported Anyway
María de Jesús Estrada Juárez was applying for her green card and thought she was doing everything right. Instead, she was arrested and deported to Mexico.
Vittoria Elliott
Foxconn Ransomware Attack Shows Nothing Is Safe Forever
Famous for helping build Apple’s iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world’s most valuable data.
Lily Hay Newman
The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens
The website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immigration crackdown. But some of its details are really out there.
Dell Cameron
Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow
Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more.
Matt Burgess