Operation DisrupTor: Bringing Down the Dark Web

scary hacker in front of a computer with a blue overlay

Share this post

Operation DisrupTor: Bringing Down the Dark Web

On September 22, the Justice Department announced that 179 people had been arrested worldwide following a crackdown on opioid trafficking on the darknet. In coordination with the arrests, large quantities of drugs, weapons, and currency were seized. The bust, Operation DisrupTor, was coordinated internationally and conducted across the United States and Europe. Most of the arrests—121 of them—were made in the United States, with individuals in Germany, the Netherlands, the United Kingdom, Austria, and Sweden also apprehended in the sting. 

Operation DisrupTor comes a little over a year after the takedown of Wall Street Market and the arrest of three administrators. As we discussed in our 2019 Nsight Report, the three Wall Street Market admins were identified by intelligence agencies due to a failure in OPSEC and a lack of comprehensive managed attribution systems. Wall Street Market and Valhalla were the largest dark web drug markets seized by authorities in 2019—causing a significant disruption in the online opioid trade. Now, following Operation DisrupTor, the Deputy Attorney General Jeffrey Rosen warns fentanyl dealers that, “the arrest of 179 of them in seven countries—with the seizure of their drug supplies and their money as well— shows that there will be no safe haven for drug dealing in cyberspace.”  

JCODE & Operation DisrupTor 

The Joint Criminal Opioid Darknet Enforcement (JCODE) team was created in 2018 as a cooperative effort across agencies to address threats where traditional criminal activity intersects with sophisticated online platforms. JCODE combines the efforts of the FBI, USPIS, HSI, Drug Enforcement Administration (DEA), U.S. Customs and Border Protection, Department of Justice, Financial Crimes Enforcement Network, Naval Criminal Investigative Service, Department of Defense, and Bureau of Alcohol, Tobacco, Firearms and Explosives.  

Operation DisrupTor, a nine-month effort, includes two large search and seizure operations near Los Angeles, California in February of this year. The first location was a modest house in Sunland, CA that appeared from the outside as a typical mail-order business. However, when investigated further, JCODE officials believe that this may be one of the biggest bulk methamphetamine darknet sellers yet uncovered.  

When announcing the results of the operation, FBI Director Christopher Wray said, “every day, they’re working to show these criminals that they can no longer count on hiding on the darknet—because we’re going to infiltrate their networks, shut down their online illicit marketplaces, and bring them to justice, no matter what it takes.  

Each successful dark web market takedown gives investigators additional leads and data that give a clearer picture of the next target. This snowballing effect has eroded the market trust of both buyers and sellers, leading to great mistrust and chaos in the dark web marketplaces.  

Nathan Cocklin, lead special agent of the Los Angeles JCODE task force, explains that this upheaval among the criminal networks has pushed buyers and sellers to less centralized sites. This is demonstrated by the increase in criminal activity using peer-to-peer encrypted apps such as Telegram, Signal, and Wikr.me. This new challenge for law enforcement requires a change in tactics. However, the switch to encrypted apps creates difficulties for criminals as well.  

Encrypted Mobile Platforms are Replacing the Dark Web 

This massive dark web bust is just another indicator that the dark web is quickly being sent to an early grave. As we discussed in a previous post, the lack of centralized information, coupled with a general feeling of uneasiness among buyers and sellers, has made it difficult for the dark web community to collectively evolve.  

Instead, many users are connecting through the dark web via mobile applications on Android and iOS, rather than to the dark web via standard browsers, to obfuscate their internet traffic. Encrypted applications like Signal have lowered the barrier to entry for secure communication and illicit transactions.  

In an environment where Tor and the dark web once offered some control over the information users shared over the internet, secure messaging apps facilitate communication between users, preventing unintended parties from intercepting content. 

As a result, just like many other industries, the dark web has been disrupted by technological innovation and aggressive competition, triggering a gradual decline and turning the so-called invisible internet even more opaque.