Just seven weeks after a widely publicised, all-out assault by international investigators on darknet markets – and their supporting infrastructure of review sites and bulletin boards – the entire drug-dealing cryptomarket ecosystem is today operating just as it was before.
In May, German police shut down Wall Street Market, a thriving marketplace that had more than 63,000 deals and 5,400 sellers, with over 1 million users worldwide. It was a resource-heavy operation, involving hundreds of separate investigations by five EU and US agencies. A few weeks before, Dream – the longest running and largest market – was closed under mysterious circumstances.
Police also took out a vital part of the dark web's infrastructure, the information and review site Deepdotweb.com, arresting two suspected administrators in May in France and Israel, and seizing €7.5 million (£6.7 million) in bitcoins.
FBI special agent Maggie Blanton, who leads the bureau's Hi-Tech Organised Crime Unit, told journalists in May: "We think [seizing DDW is] going to have a huge impact. We viewed DeepDotWeb as a gateway to the dark web." It did indeed have an impact, but only for a few weeks. A new site, dark.fail, listing trustworthy URLS for market services, is now online, hosted on the Tor network as a hidden service, making it harder to identify the owners.
It was claimed by the authorities that these closures could mark the end of the darknet market (DNM) era. Ryan White, the US federal prosecutor who heads cybercrime prosecutions in Los Angeles, told a press conference following the closure of Wall Street: "The charges filed in Germany and the United States will significantly disrupt the illegal sale of goods on the Darknet."
Similar boasts about the prowess of police to nail darknet markets have been made before. When the large darknet market Alphabay was busted in 2017, the FBI said: "The message to criminals is: Don't think that you are safe because you're on the dark web. There are no corners of the dark web where you can hide."
But the dark web is nothing if not resilient. Since the demise of Wall Street and Dream, two new markets, Empire and Nightmare – which both opened over a year ago – have grown rapidly as users have migrated over from closed sites. Today, Empire has over 28,000 drug listings and Nightmare has over 60,000. In the summer of 2017, Dream market, the second-biggest at that time, had just 48,000 deals.
Customers reported little break in service after the closures. One Bristol-based darknet customer told me how he reacted when Dream and WSM closed. "I found URLs for Empire and Nightmare in then minutes, and then I found my usual vendor and scored ten tabs of LSD and 7g of MDMA ready for Glastonbury."
Despite dipping over the new year, the currency of the dark web, bitcoin, has also seen its value surge from £4,346 in early May to over £7,500 at the time of writing, having hit peaks of £10,000 in recent weeks, following the news that Facebook will soon start minting its own cryptocurrency, Libra.
Meanwhile, the slack from the closure of Deeptdotweb has now been taken up by dark.fail. The site's operator, "DF", told VICE their intention in running the service was political: "The public needs to know how to communicate anonymously. Technologies that enable freedom of speech are crucial in this era of surveillance capitalism. Dark.fail exists to protect people from phishing sites, and to learn what they need to learn in order to live a private life. Encryption over a neutral, encrypted protocol can make one individual an unstoppable force against oppression. Tor is that protocol. Governments hate not knowing how to find you."
Market URLs change rapidly nowadays on the dark web, to escape malicious hacking by blackmailers. This exposes users to risk as it is simple to copy a site's code, host a fake version of it, circulate URLs online and steal users' passwords to the official sites – and then steal their bitcoins. "Sites such as DeepDotWeb and dark.fail are more than darknet news sites; [they were] information hubs that provided a market comparison chart, scam reports and a trustworthy list of market URLs," says Patrick Shortis, a criminology researcher at the University of Manchester who specialises in cryptomarkets.
DF claims they are safe from investigation as the site's business model differs from that of DeepDotWeb, which took affiliate sales fees in return for keeping lists of URLs updated. "I do not endorse sites and I do not take payment in exchange for anything. I am an uptime checker and a encryption-signature-verifier," said DF.
"I am funded by donations that barely cover the server costs," he added. "Taking affiliate commissions by referring people to darknet markets is clearly illegal, and a practice I'm firmly against. I do not believe that checking a website's uptime, nor verifying its encryption keys, is illegal in my jurisdiction. I also believe that would be very dangerous precedent to set."
Also thriving despite the heat from the authorities is the darknet's principal gathering point, Dread, a bulletin board where dark web users discuss and review online drugs and vendors. It is run by an admin known as Hugbunter. The site's name is an obvious echo of Dread Pirate Roberts, AKA Ross Ulbricht – the Silk Road’s founding father – and Hugbunter says he runs the site because he "feels strongly about free speech and free trade".
Dread is as integral to the dark web infrastructure as Deepdotweb was, again proving that the police haven't exactly won the war.
Even though new sites have launched and most dealers are still operating pretty much normally, Lawrence Gibbons – drug threat lead for the UK's National Crime Agency – told VICE that investigators "have seen significant successes in disrupting those who use the dark web to sell drugs, and will continue to work hard to ensure that this type of crime doesn't pay".
Gibbons rejects the idea that shutdowns are a pointless and expensive waste of police time. "Although new DNMs have emerged, [our work] impacts on the trustworthiness of those running the sites. The replacement sites often take a considerable time to build up to the same vendor-customer base," he said.
Usually, it takes a few weeks for buyers to transfer to alternative or new sites. Nevertheless, after Dream closed, the launch in July by an ex-Dream admin of a successor called Samsara has not yet gained huge traction; perhaps as users are suspicious that it could be a police-operated honeytrap – a strategy deployed by investigators at the time of the Alphabay takedown. When cops shut that site, they knew users would migrate to any service they could – and many fed to Hansa market, which the cops had seized and allowed to continue operating so they could capture user data. At the time of writing, Samsara features just 2,048 drug listings.
But it is hackers demanding ransom money, not police, that's the main worry for those operating DNMs, says Patrick Shortis. "The biggest source of disruption to markets is currently coming from the ongoing distributed denial of service [DDOS] attacks that have knocked markets and forums offline intermittently over the last few months," he says.
The biggest takedowns in terms of volume – Silk Road, AlphaBay and Wall Street – have been police-led, but in 2018, the EMCDDA published a study which found that, of the more than 100 markets, just 10 percent closed as a consequence of overt police action.
For all of the money spent by police in these investigations, it's fair to say that the net result from a user's perspective is simply the inconvenience of a few searches, followed by registration at a new service. The dark web model endures because it offers great efficiencies to dealers and users.
"I don't think anyone has found a more effective model for selling drugs online," says Shortis. "Of course, cryptomarkets are not perfect – the majority of them have closed by stealing their users' money in exit scams. For those that prefer the large range of products and information made available on cryptomarkets, losing some money occasionally might be seen as an acceptable risk."
The value of these markets was estimated by the UNODC in September of 2018 to stand at $14 million (£11 million) to $25 million (£20 million) per month – a tiny fraction of overall illicit drug sales. Still, the EU has funded a three-year, €5 million (£4.5 million) project, project, TITANIUM, with the aim of de-anonymising criminal bitcoin users and providing "court-proof" evidence of underground market activity.
So, as the darkweb merry-go-round cranks up once more, the FBI and Interpol are still claiming to have ended online drug dealing. But their expensive campaigns are no more effective than a traditional shakedown on a bunch of dealers on one street corner in one city. Their replacements were serving punters before those nabbed served time.
Investigators will soon have to accept that the DNM model is behaving much like a virus: rapidly self-replicating, mutating, and not only surviving, but thriving and evolving.