How Cops From Four Countries Busted a Dark Web Drug Ring

The dark web allows people to deal drugs from wherever they happen to be based. Although not necessarily a global phenomenon, the dark web drug trade is very much international in scope, with vendors on both sides of the Atlantic, and further afield, stocking digital shelves with cocaine, heroin, and a plethora of other drugs.

Bearing that cross-border relationship in mind, one recent series of arrests shows law enforcement's coordinated response, with Belgian, Romanian, French, and US authorities all working in tandem on a complex investigation to take down alleged members of a dark web ecstasy ring.

On Monday, the US Attorney's Office in the District of Colorado announced the extradition of Filip Lucian Simion, 23, from Romania to Denver. Simion is allegedly the leader of "ItalianMafiaBrussells," or "IMB," which primarily exported MDMA to the US and Canada. But the investigation into IMB started way back on the original Silk Road marketplace.

On June 14, 2013, US Customs and Border Protection intercepted over 60 grams of MDMA sent from Belgium and addressed to an individual in Boulder, Colorado, according to a court document. The intended recipient agreed to cooperate with law enforcement when confronted by a local task force, and told investigators he had ordered the drugs from IMB.

Authorities seized other packages for US-based customers too, including at JFK airport in New York City, and got them to inform on their supplier. Some suspects then gave investigators access to their dark web marketplace accounts, and as a result, their messages with IMB.

Meanwhile, Belgian law enforcement intercepted other IMB packages between February and September 2014. These packages contained fake invoices claiming to be from real businesses, likely included to give the packages an air of legitimacy. In all, Belgian police intercepted 19 parcels they believed to come from the same person or organisation, and told US law enforcement about the seizures.

In return, Belgian authorities were provided with data from the server of Silk Road, which included private communications between IMB and their customers. Whoever was behind the IMB account was fluent in Dutch and English, talked about Romania, and seemed to be familiar with the Belgian Federal Judicial Police (Federale Gerechtelijke Politie, or FGP). In messages, IMB also claimed to be living near Brussels.

But in a seemingly unrelated investigation, the FGP had already searched a house and storage garage belonging to Simion in December 2013. It's not clear what spurred on this drug search in the first place, but investigators found mailing labels, presumably for Simion's suspected customers. Several of those names matched customers US authorities had flipped, and Belgian investigators found records related to the fake invoices: Simion was now linked to the dark web parcels.

Armed with all this information, the FGP and the Romanian Federal Police began physical surveillance of Simion and his apparent associates. With telephone wiretaps, the FGP found the gang was using encrypted messaging apps for texts and calls, including RedPhone.

"Based on this, coupled with activities observed by police on surveillance, the FGP believes that the members of the organization primarily use internet communication apps and encrypted email for substantive communications," a court document reads. In one case when the group weren't using encryption, the FGP says it heard someone cutting or preparing drugs in the background of a call, as well as typing on a computer.

Authorities determined that Simion and Leonardo Cristea, another alleged member, lived in Bucharest, Romania, while suspected associates Andy Nestor and Yman Djavatkhanov were based in Bruges, and would make trips to the border areas of France and Germany. Just to make the whole thing even more complicated, French police also intercepted dozens of parcels bound for the US, including one that had been ordered by an undercover Drug Enforcement Administration (DEA) agent in Chicago.

The FGP bugged a garage in Bruges that the group had been using, and recorded them talking about their business in detail.

In May, the culmination of these distant law enforcement agencies came together: 10 defendants were arrested as part of the joint US/European law enforcement action. Simion and Cristea face a maximum sentence of 20 years in prison.