Tor darknets rise again after Operation Onymous
Tor darknets rise again after Operation Onymous

In early November, the FBI and Europol announced ‘Operation Onymous' – a joined-up international law enforcement action which saw the take-down of hundreds of dark markets on anonymous networks like Tor. These websites – which included Silk Road 2.0 - were selling illegal goods including weapons, drugs and hacker tools.

15 EU member states were involved in a campaign that was – from the European side - co-ordinated at the Europol's coordination centre (the European Cybercrime Centre) in The Hague, with the newly-established J-CAT also involved.

The six-month investigation eventually saw the arrest of 17 vendors, the take-down of more than 410 hidden services and the capture of around US$ 1 million in Bitcoins (approximately £640,000), €180,000 in cash (£115,000) and the discovery of drugs, gold and silver.

However a report recently uncovered by sheds some doubt on how effective this action has been, with most darknet sellers, advertisers and buyers moving onto new – or undisturbed – market places.

In a recent investigation of Operation Onymous, UK-based internet and darknet intelligence service provider Centient found that 27 specific sites were taken down, including Silk Road 2.0, Alpaca, Black Market and Hydra, as well as a ‘large number' of .onion domains that were connected to these sites.

Most of these darknets had a limited user base however; the report notes that most on the list were either ‘some sort of scam or a small marketplace with a limited number of adverts and no growth'.

Interestingly, two of the bigger darknets – Agora and Evolution – were not taken down by the law enforcement action and investigators at Centient say that the overall marketplace is bigger than it was before Operation Onymous was carried out. Estimates have not been verified but – in the second week of November– Centient believes that there was a 20 percent rise of adverts on Evolution and 27 percent across Agora's forum and marketplace.

“Vendors migrating from the closed markets most likely caused this increase, to minimise disruption to trade,” reads the Centient report.

Elsewhere some markets briefly reappeared; Alpaca returned with a new server and Tor domain, while Cloud9 reinstated a back-up from two weeks prior to the operation.

Lead investigator Benjamin Ali told that other vendors have simply ‘filled the void' since the law enforcement crackdown.

“The FBI targets these people but not the actual vendor – so they feel quite safe really. There's been a movement to new platforms and the take-down has really been a good push to decentralise the whole thing”, he said of Tor, where most services are hosted. He added that the two biggest markets would offer thousands of credit card details, log-in credentials for hacked accounts and illegal goods.

Ali said that the majority of services remain on Tor, although some have appeared in new and emerging platforms. One marketplace – imaginatively called ‘The Marketplace' - was available on i2P before it was taken down, while OpenBazaar is open-source.

However, the Centient spokesman said that most of these are on new platforms simply for testing purposes.  “There are no real products yet – they're all in testing,” said Ali.