The Takedown of a Dark-Web Marketplace (2024)

You could buy pretty much any contraband you desired on DarkMarket, an online marketplace that was shuttered last week: illegal drugs, counterfeit passports, malware. The site, a kind of eBay for the dark Web, ran on Tor, the encrypted software that allows users to communicate with one another without betraying their real-life identities or I.P. addresses. Europol, which helped to coördinate an international investigation of the site, recently described DarkMarket as the largest illicit marketplace in the world—an unverifiable claim, since a handful of similarly vibrant bazaars are currently operating on the dark Web. DarkMarket was, without doubt, highly lucrative. Since May, 2019, when the site was constructed, its users have exchanged about a hundred and forty million euros’ worth of cryptocurrency. The owners of such Web sites typically take a commission of two to three per cent on each sale.

DarkMarket had a few interesting quirks. Unlike other successful dark-Web markets, it prohibited the sale of some items—including weapons, fentanyl, and images of child abuse. This tactic was seemingly designed to deter action against the site by police. (In the U.S., in particular, the sale of fentanyl on the dark Web puts a target on your back; a body called the Joint Criminal Opioid and Darknet Enforcement monitors the issue.)

DarkMarket also advertised itself as being the only such site administered exclusively by women. This was an intriguing boast—a prosecutor told me it was made to gain users’ trust—but it was untrue. DarkMarket’s thirty-four-year-old founder and administrator was apparently an Australian man, who was arrested last weekend near the German-Danish border. The police referred to him only as Julian K. Shortly after Julian K.’s arrest, DarkMarket was shuttered by the German police. On the site, a graphic appeared, showing an insect with a female face—a logo for DarkMarket—underneath a flyswatter.

The investigation of DarkMarket was spurred by another, much larger German police investigation into an organization called CyberBunker, which I wrote about in the magazine last year. In 2013, a polyglot group of programmers and hackers, under the leadership of an eccentric fifty-three-year-old Dutchman named Xennt, moved into a Cold War-era bunker near the picturesque town of Traben-Trarbach, in the Mosel Valley. The bunker had previously belonged to the German military, and it was designed to withstand a nuclear attack. Xennt, who had a lifelong fascination with underground fortresses, lived in the bunker. The rest of his crew lived aboveground, in austere barracks. Inside the bunker, Xennt’s team installed servers that hosted dark-Web sites trading illicit products and images, including terrorist material and images of child abuse.

Shortly after Xennt arrived in the Mosel Valley, his activities attracted the interest of a prosecutor named Jörg Angerer, who worked in the nearby city of Koblenz. Angerer, a genial and unassuming man who specializes in prosecuting cybercrime, encouraged a police investigation into CyberBunker. Under German law, the hosting of illicit material is a gray area. It is legal to host sites containing illegal activity, so long as the host is unaware of the content and does not actively assist the site’s owner in illegal behavior. The threshold of proof needed to prosecute such cases is high. A German police unit in Mainz spent about five years spying on Xennt, using digital and phone taps as well as undercover officers—including a man employed as a gardener at the bunker complex. In September, 2019, Xennt and most of his lieutenants were arrested in a nearby restaurant, as German police made a spectacular raid on the bunker. About six hundred and fifty officers were involved in the action. Shortly afterward, eight people were charged with facilitating two hundred and forty-nine thousand criminal transactions.

Xennt and his colleagues are currently being tried in the city of Trier. The trial may not finish this year, and the result is by no means certain. No one has ever been convicted in Germany for hosting sites containing illicit material. Xennt’s position has always been that he has never known or cared to know what was hosted on his servers—a claim that German prosecutors believe is provably false, and which they are currently attempting to unravel. Prosecutors say that they have evidence showing that Xennt and his team actively facilitated illegal behavior by showing clients how to obscure their real-life identities. According to Der Spiegel, Xennt also confessed, shortly after his arrest, to being troubled by the illegal activities of his client base. If he and his colleagues are found guilty, a powerful precedent will have been created. Even respectable Web hosts, such as Amazon, unknowingly facilitate some criminal behavior. The CyberBunker trial may determine what a state deems to be an unacceptable threshold of criminality for such a service.

Whatever the outcome of the CyberBunker trial, the operation against Xennt has provided police with an Aladdin’s cave of information on other criminal activity. In its raid on the bunker, German police seized four hundred and twelve hard drives, four hundred and three servers, sixty-five USB sticks, sixty-one computers, fifty-seven phones, reams of paper documents, and about a hundred thousand euros in cash. The servers alone contained some two thousand terabytes of data. One of the German officers charged with analyzing the contents of the CyberBunker servers told me that the volume of data was unwieldy, but its content fascinating. “I do not recall any case where this huge amount of criminal-infrastructure data was gathered,” he said.

One of the clues unearthed by the trawl of CyberBunker’s servers was related to the ownership of DarkMarket. In May, 2020, an online-crime unit in the northern German city of Oldenburg was asked to investigate. An I.T. specialist in the Oldenburg unit, Frederik Berg, told me last week that he could not describe exactly how his team had used the CyberBunker data to follow the trail to DarkMarket’s administrators, because it would betray police methods, but that their approach had been to “follow the money.” Everyone who used the site went by a pseudonym, including its owner, but cryptocurrency payments and other data allowed the Oldenburg police to start the process of de-anonymizing Julian K.—and, Berg suggested, other managers of the site who might soon be arrested. British, American, and Australian forces then helped to follow the clues to verify real-world information about them.

Rolf van Wegberg, who studies dark-Web markets at Delft University of Technology, in the Netherlands, explained that, without access to servers, police officers are forced to feed off crumbs. They might get lucky by posing as buyers and hoping that a vender would leave a trace of his real identity during the shipping procedure. But, if police could inspect the servers on which the site was hosted, the odds turned in their favor. “You have the complete administration of the market, you have the communication between the buyer and the vender—and often communication that has been encrypted can be decrypted,” van Wegberg said. “You have the mafia’s blue book: everything from orders to payments to addresses.”

Even before the German police shut down CyberBunker, they had glimpsed inside its blue book. On May 3, 2019, at almost the same time that DarkMarket began using CyberBunker’s services, another massive dark-Web marketplace hosted by CyberBunker was shuttered, after a years-long investigation led by German police, with heavy involvement by the F.B.I. When the site, called Wall Street Market, was taken down, several German federal officers visited CyberBunker to seize the servers on which the site had been hosted. Xennt did not come to the door, but one of his managers spoke to the officers and showed them to the server bank. The police seized the Wall Street Market servers.

Last September, another international police sting, Operation DisrupTor, announced the results of a push to catch drug dealers and other criminals who had used Wall Street Market. A hundred and seventy-nine people were arrested in seven countries, a hundred and twenty-one of them in the U.S. In Ohio, officers arrested several members of a group called Pill Cosby, who had allegedly mailed more than a million pills laced with fentanyl. The Department of Justice noted that DisrupTor was initiated after “U.S. and international law enforcement agencies obtained intelligence to identify Darknet drug traffickers.” I wondered whether “intelligence” referred to information gained from servers seized from CyberBunker after the closure of Wall Street Market, in May, 2019. Claire Georges, a spokeswoman for Europol, confirmed to me recently that DisrupTor was “entirely designed around” that first cache of information from CyberBunker’s servers.

What other bounty might be found in the CyberBunker data, now that investigators have its entirety? Georges could be no more specific than to say, “It’s going to be a very bad year for dark-Web markets.”

Last week, I spoke to Angerer, the prosecutor from Koblenz whose persistence led to the closure of CyberBunker and DarkMarket—significant prizes for a regional German prosecutor. He remained characteristically measured, and self-effacing. “I don’t think it’s done anything for my reputation,” he said. “Perhaps I’ve gained a certain expertise.”

Angerer understood that every time you took down a criminal marketplace, another would spring up in its place. DarkMarket had flourished in large part because Wall Street Market had been crushed. A site called White House Market was currently thriving. I was reminded that, last year, a member of the team that had led the German investigation into Wall Street Market had told me that the war on dark-Web marketplaces was unwinnable. People would continue to have illicit desires; the Internet would find a way to satisfy them.

I wondered if Angerer ever got discouraged. He laughed and said, “It’s prosecution: the nature of the work is that the work is endless.”

The Takedown of a Dark-Web Marketplace (2024)


What is the largest darknet market? ›

The most recent closure occurred in 2022, when German authorities, coordinated by US law enforcement, seized and shut down Hydra Market, the world's largest and oldest darknet marketplace.

Is Dream Market still active? ›

On March 24, 2019, a banner was added to the Dream Market site announcing its shutdown on April 30, 2019, with the addition that it "is transferring its services to a partner company" followed by an .

How much of the internet is the dark web? ›

The dark web is much smaller than you think

Let's put some numbers into perspective. The deep web is approximately 400 to 500 times greater than the surface web. The dark web is only a small fraction of the deep web—constituting only 0.01% of it and 5% of the total internet.

What website is used for the dark web? ›

The dark web, also known as darknet websites, are accessible only through networks such as Tor ("The Onion Routing" project) that are created specifically for the dark web.

Who owns the Darkweb? ›

It's a decentralized and anonymous part of the internet, making it difficult to attribute ownership. It's composed of various websites and services operated independently. While some entities may be associated with creating or hosting parts of the dark web, there isn't a single owner in the traditional sense.

What is bigger than the dark web? ›

The deep web is significantly larger in size than the dark web. In 2001, the deep web was estimated to be 400-550 times larger than even the 'surface web' and its expansion has continued exponentially. On the other hand, the dark web is relatively small, consisting of only a few thousand sites.

What is the incognito market? ›

According to the investigation, Incognito Market was an online narcotics bazaar that existed on the dark web. It formed in October 2020.

Is Empire Market still running? ›

Empire Market shut down in August 2020. Pavey and Hamilton were already in custody for separate charges – prosecutors had previously charged the pair with allegedly selling counterfeit currency on another darknet market, AlphaBay, which shut down in 2017.

What happened to the White House Market? ›

One of the biggest dark web marketplaces, White House Market (WHM), officially announced its retirement on October 1st, 2021. “We have reached our goal and now, according to plan, it's time to for us to retire.

Is Tor Browser illegal? ›

In almost all countries, Tor is legal. Given that the Tor Browser enables you to reach the dark web, it is understandable that many people assume Tor is illegal. However, in most countries around the world, that is not the case.

What's the difference between the deep web and the dark web? ›

Simply put, the deep web is any part of the Net that is not indexed by search engines. This includes websites that gate their content behind paywalls, password-protected websites and even the contents of your email. The dark web, on the other hand, uses encryption software to provide even greater security.

What are the three types of web dark web? ›

A: The three types of Dark Web are the Deep Web, the Darknet, and the Surface Web. The Deep Web is the largest, containing information that can't be found through regular search engines. The Darknet is a smaller part of the Dark Web that is designed for people to communicate anonymously.

Is my info on the dark web? ›

How to Find Out if Your Information is on the Dark Web. All you need is a service that automatically checks the Dark Web for you. Bitdefender Digital Identity Protection scans the Dark Web to find if your personal information was exposed. It also helps you take action to protect your data.

What is the dark web in Google? ›

The dark web is a part of the internet that lets people hide their identity and location from other people and from law enforcement. As a result, the dark web can be used to sell stolen personal info.

How to access Tor Browser? ›

Download Tor Browser from the Tor Project website or open the Google Play Store, search for Tor Browser, and tap Install. After installation, you can open Tor directly or launch it from your home screen. After you get Tor set up on your device, you may want to change your default browser for maximum privacy.

What is the darker market? ›

What Is a Darknet Market? Darknet markets are dark web black markets that offer illicit goods for sale, often using cryptocurrencies as a method of payment. Although some products for sale are legal, illicit goods such as drugs, stolen information, and weapons are common items in these markets.

What was the first modern darknet market? ›

Silk Road was an online black market and the first modern darknet market.

What are the different dark web marketplaces? ›

Here are the top five dark web marketplaces worth keeping an eye on.
  • InTheBox. Dubbed by security researchers as the largest marketplace for mobile malware, InTheBox is a relatively new site that came online in early 2020. ...
  • Genesis Market. ...
  • 2Easy. ...
  • Russian Market. ...
  • OMG!
Apr 6, 2023

What is the Hydra market? ›

At its peak, Hydra Market was the single largest darknet market as well as the largest marketplace for online narcotics in countries of the former Soviet Union.

Top Articles
Latest Posts
Article information

Author: Rubie Ullrich

Last Updated:

Views: 5449

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.