Hansa File: There are various myths circulating in the medianetwork for the dark web. One of them states that all movements within the dark web are truly anonymous and that the FBI or other law enforcement agencies cannot ascertain who is who.
This was widely reported in Bitcoin forums until June 2013.
Of course, there is a trace of truth: the owners of Bitcoin addresses are supposed to be anonymous, although the transactions are public and can be seen by everyone. So, if one knows who is hiding behind an address, the authorities can identify the buyer and seller in any illegal transaction.
Hansa file: No anonymity…
Earlier this year, Qatari researchers (PDF) detected 1.500 hidden services, five billion tweets and one million pages in the BitcoinTalk forum. 88 unique Bitcoin addresses and about 45.000 wallet IDs were collected. In many cases, these email identities could very easily be linked to real email addresses, social accounts and sometimes even home addresses.
The introduction was necessary for the main part of the publication. How the Dutch police authorities managed to reveal and arrest all those involved in the dark web market of Hansa.
Hansa File: Method
TNW has asked dark web police officer Nan van de Coevering to reveal the method of detecting criminals on the dark web.
Van de Coevering became head of the Dutch police dark web department in early 2017, about six months before his team achieved one of the biggest technological breakthroughs in police history: the unveiling of one of Hansa's largest online drug markets. Market.
In June 2017, the police's high tech crime team using a information που είχε λάβει το 2016 ανακάλυψε τη physics site server location, which was in Lithuania.
Thus began "Operation Bayonet": Police developers constructed an exact copy of Hansa. The goal was to disconnect the real server and give their own live copy of the website. So buyers and sellers would not notice anything suspicious.
Hansa File: Getting Started
“Είχαμε μόνο λίγα λεπτά vacationς”, θυμάται ο Van de Coevering. “Αλλά νομίζαμε ότι κράτησαν για πάντα.”
The process of changing the servers took place at their headquarters in Driebergen. "We were all in a tiny room: Nine developers working frantically to build the site as soon as possible, and the rest of us there for support. It was one of the best nights of my career, but also one of the most nervous. "
Everything went according to plan. For 27 days, every transaction made in Hansa was recorded by Van de Coevering and his team. The site had about 1000 orders every day.
"International data has been transmitted to Europol," Van de Coevering said. The Dutch trading on the platform, about 500 per month, was collected for further research.
"Capturing the big ones (suppliers and managers) was our top priority," Van de Coevering told TNW. But buyers also had problems. The police recorded their data and after the arrest of the "big ones", a "knock and talk" operation was launched. The company was contacted by 37 Dutch people for drug purchases made through Hansa. One of those who turned out to have ordered 150 ecstasy pills was detained, while the others were released with a warning. "We want them to know that they are not anonymous in the dark web."
Hansa File: Verification Identification
So how did the Dutch police manage to find out which doors to knock on? Several methods have been used to link personal identities to cryptographic transactions, Van de Coevering reports. Like Qatari investigators, the police team looked to sources in Open Source Intelligence (OSINT) for connections.
These sources can be social media profiles, internal criminal activity databases, public records or even online newspaper articles.
"Once you have an email address, locating a person on the dark web is not so different from the ways we use the traditional internet. It's mostly about searching and connecting the dots. "
The required logs for each transaction from US and European exchanges were particularly useful. Because they are legally bound to "know their customer" to avoid money laundering, users can only register with these services when they show some of their true identity.
From then on, whatever criminals use to cover their tracks, revealing them is only a matter of time.
The Dark Web team of the Dutch police often uses software from Chainalysis, a company that specializes in analysis των εικονικών νομισμάτων και γενικότερα του blockchain. Το πρόγραμμα αυτό αξιοποιεί την μηχανική μάθηση για την ανίχνευση ατόμων στο blockchain, μερικά από τα οποία ενδέχεται να εμπλέκονται σε εγκληματικές δραστηριότητες. Όταν υπάρχουν πολλές διευθύνσεις πίσω από την ίδια συναλλαγή, αυτό μπορεί να υποδεικνύει ότι ο στόχος λαμβάνει μικρότερα κεφάλαια και τα συγκεντρώνει σε ένα μεγαλύτερο “δοχείο”.
Hansa File: Results
"Operation Bayonet" was a big hit in the dark web drug markets, as it coordinated with the closing of another market: the AlphaBay.
Of course, criminal communities continue to thrive in the dark. New markets have emerged, as well as new types of cybercrime. For the Dutch police, this means that the agency must continue to evolve and innovate.
"We no longer need only good detectives," says Van de Coevering. "We need people from different backgrounds: programmers, financial analysts and cryptographers."
Van de Coevering is self-taught: "I still can't write a line of code, but I fully understand how blockchain works - an idea I never heard of a few years ago. And if I can, so can you. All it takes is time and curiosity. "
