Operation Dark HunTor: What is the Dark Web?

Key Takeaways

  • Operation Dark HunTor was a law enforcement campaign across the US and Europe that cracked down on illegal drug trade over the dark web

  • The Dark web is accessed via anonymizing browsers like Tor that route and encrypt your web page requests to make it difficult to see who is accessing what

  • The Dark web is not completely anonymous and law enforcement has certain ways of tracking users, but it difficult and resource-consuming

Operation Dark HunTor

An international operation targeting opioid trafficking on the Darknet has led to about 150 arrests in the United States and Europe and the seizure of drugs, cash and guns, U.S. and European authorities said on Tuesday. The DarkNet is a part of the internet accessible only using a specialized web browser and the dark web is the assortment of internet sites residing there. Because the Darknet is difficult for law enforcement to monitor, websites that sell illicit items or services are common on the Darknet. 

The sweeping campaign, named Operation Dark HunTor, spanned 10 months, three continents, and involved more than 12 international law enforcement agencies. The sting confiscated 200,000 pills in the United States, 90% of which were found to contain counterfeit opioids or other narcotics. U.S. law enforcement made 36 arrests across 13 states and the District of Columbia. Law enforcement seized over $31.6 million in cash and virtual currencies, 45 firearms and 234 kilograms of drugs, including enough fentanyl for more than 4 million lethal doses according to deputy attorney general Lisa Monaco.

"We are here to expose those who seek to use the shadows of their internet to peddle killer pills worldwide," Monaco said. Of the hundreds of thousands of pills seized in the U.S. alone, 90% contained dangerous counterfeit opioids and narcotics.

Operation Dark HunTor builds on previous successes in Darknet law enforcement including an effort led by German law enforcement earlier this year that shut down a major illicit online marketplace, DarkMarket. It also builds on the Joint Criminal Opioid and Darknet Enforcement team’s Operation DisrupTor, which in 2020 led to the arrest of 179 alleged dark web drugs traffickers and the seizures of over $6.5 million in cash and virtual currencies and 500 kilograms of drugs.

How does the Darknet work?

The Darknet is an overlay network — a network built on top of the internet — which has been designed specifically for anonymity. Dark websites do not end in .com or .org but .onion. You cannot search Darknet sites from Google or Bing, you need a special anonymizing browser and the most well-known and most-used one out there is Tor, short for “The Onion Router”, which routes traffic to dark web sites through layers of encryption to allow for anonymity.

The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. Tor consists of a three-layer proxy, like layers of an onion (hence Tor's onion logo). Tor encrypts the data, including the destination, multiple times and sends it through a circuit of randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in order to pass the remaining encrypted data on. The final Tor relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source address. This final relay that actually sends your request can be anywhere in the world (it’s random!) so you will often appear to be in a physical location halfway around the world. Note that all of this routing and encryption makes the dark web painfully slow.

What is the Darknet used for?

As mentioned, the Darknet is a hotbed for illegal activities. You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials and hacked Netflix accounts. 

It also facilitates a lot of the necessary operations for the hacker economy. Hackers can be hired or join large cybercriminal groups on the Darknet. The Darknet also becomes the marketplace where hackers can actually make money from their attacks by selling the stolen data. Most hacking groups have their own dark web pages to accept payments. More recently, Ransomware-as-a-service (RaaS) kits have become available on the dark web from groups like REvil.

However, not everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. There are several whistleblower sites, including a dark web version of Wikileaks. Activists and journalists in authoritarian regimes have long used Tor as a way to get information out. You can conduct discussions about current events anonymously on Intel Exchange. Even Facebook has a dark web presence.

How does law enforcement still track criminals there?

Is Tor completely anonymous? Pretty close, but no. Here are some ways that users can be de-anonymized on Tor.

Monitoring exit nodes

Remember that your web page request is bounced around the Tor network until eventually emerging from an exit node. The last Tor node, where your traffic leaves the Tor network and enters the open Internet, can’t access your original location or IP address, but the exit node can spy on your activity if you visit an unsecured website. The Tor network is run by volunteers, so the exit node could be operated by the FBI. 

Monitoring you

Tor prevents someone from seeing what website you are going to, and who is accessing what website. However, it does not prevent somebody from watching your internet traffic and learning that you are using Tor. The list of entry nodes of the Tor network is public information so it’s not hard to see who is connecting. This may be enough to raise suspicion, and could even turn you into a target for government surveillance. One workaround is to connect to Tor while using a VPN, but VPNs can be subpoenaed. 

Web forms

If you visit a website using Tor Browser, they don't know who you are or your true location. However, many sites ask for personal information through web forms. If you sign in to that website, they still don't know your location but they know who you are. Further, if you provide: name, email, address, phone number, or any other personal information, you are no longer anonymous to that website. 

Conclusion

The Darknet is an anonymous internet whose infrastructure depends on volunteers who are willing to relay web page requests between themselves so nobody can tell who is requesting what. Because of its anonymizing capabilities, the Darknet attracts a lot of illegal activity. The dark web is not completely anonymous as evident by the many law enforcement crackdowns in recent years. Darknet content is growing every year and is unlikely to ever disappear. Accessing the Darknet is not illegal and many well-meaning researchers spend time thinking about how to make it more anonymous as a place for free speech.  The Darknet has become a technical arms race between the privacy-seeking and the law enforcement communities.