Hansa Folder: There are various myths circulating on the internet about the dark web or dark web. One of them states that all movements in the dark web are really anonymous and that the FBI or other police authorities can not determine who is who.
This was widely reported in Bitcoin forums until June 2013.
Of course, there is a trace of truth: the owners of Bitcoin addresses are supposed to be anonymous, although the transactions are public and can be seen by everyone. So, if one knows who is hiding behind an address, the authorities can identify the buyer and seller in any illegal transaction.
Hansa file: No anonymity…
Earlier this year, Qatari researchers (PDF) detected 1.500 hidden services, five billionmillions tweets και ένα εκατομμύριο σελίδες στο forum of BitcoinTalk. 88 unique Bitcoin addresses and approximately 45.000 wallet IDs were collected. In many cases, these online identities could very easily be linked to real email addresses, social accounts and sometimes even home addresses.
The introduction was necessary for the main part of the publication. How the Dutch police authorities managed to reveal and arrest all those involved in the dark web market of Hansa.
Hansa File: Method
TNW has asked dark web police officer Nan van de Coevering to reveal the method of detecting criminals on the dark web.
Van de Coevering became head of the Dutch police dark web department in early 2017, about six months before his team achieved one of the biggest technological breakthroughs in police history: the unveiling of one of Hansa's largest online drug markets. Market.
In June 2017, the high-tech police crime team, using information received in 2016, discovered the physical location of the site's server, which was in Lithuania.
Thus began "Operation Bayonet": Police developers constructed an exact copy of Hansa. The goal was to disconnect the real server and give their own live copy of the website. So buyers and sellers would not notice anything suspicious.
Hansa File: Getting Started
"We only had a few minutes off," Van de Coevering recalls. "But we thought they lasted forever."
The process of changing the servers took place at their headquarters in Driebergen. "We were all in a tiny room: Nine developers working frantically to build the site as soon as possible, and the rest of us there for support. It was one of the best nights of my career, but also one of the most nervous. "
Everything went according to plan. For 27 days, every transaction made in Hansa was recorded by Van de Coevering and his team. The site had about 1000 orders every day.
"International data has been transmitted to Europol," Van de Coevering said. The Dutch trading on the platform, about 500 per month, was collected for further research.
"Capturing the big ones (suppliers and managers) was our top priority," Van de Coevering told TNW. But buyers also had problems. The police recorded their data and after the arrest of the "big ones", a "knock and talk" operation was launched. The company was contacted by 37 Dutch people for drug purchases made through Hansa. One of those who turned out to have ordered 150 ecstasy pills was detained, while the others were released with a warning. "We want them to know that they are not anonymous in the dark web."
Hansa File: Verification Identification
Πώς λοιπόν η ολλανδική αστυνομία κατάφερε να εντοπίσει ποιες πόρτες να χτυπήσει; Χρησιμοποιήθηκαν αρκετές μέθοδοι για τη σύνδεση προσωπικών ταυτοτήτων με τις κρυπτογραφικές συναλλαγές, αναφέρει ο Van de Coevering. Όπως και οι ερευνητές του Qatari, η ομάδα της αστυνομίας αναζήτησε πηγές στο Open Source Intelligence (OSINT) για να μπορέσει να κάνει συνδέσεις.
These sources can be social media profiles, internal criminal activity databases, public records or even online newspaper articles.
"Once you have an email address, locating a person on the dark web is not so different from the ways we use the traditional internet. It's mostly about searching and connecting the dots. "
The required logs for each transaction from US and European exchanges were particularly useful. Because they are legally bound to "know their customer" to avoid money laundering, users can only register with these services when they show some of their true identity.
From then on, whatever criminals use to cover their tracks, revealing them is only a matter of time.
The Dutch police Dark Web team often uses the software of Chainalysis, a company that specializes in the analysis of virtual currencies and blockchain in general. This program utilizes machine learning to track people on the blockchain, some of whom may be involved in criminal activity. When there are multiple addresses behind the same transaction, this may indicate that the target is receiving smaller funds and amassing them in a larger "container".
Hansa File: Results
"Operation Bayonet" was a big hit in the dark web drug markets, as it coordinated with the closing of another market: the AlphaBay.
Of course, criminal communities continue to thrive in the dark. New markets have emerged, as well as new types of cybercrime. For the Dutch police, this means that the agency must continue to evolve and innovate.
"We no longer need only good detectives," says Van de Coevering. "We need people from different backgrounds: programmers, financial analysts and cryptographers."
Van de Coevering is self-taught: “I still can't write one line code, but I fully understand how blockchain works – a concept I had never heard of a few years ago. And if I can, so can you. All it takes is time and curiosity. "