In Dark Web Crackdowns, FBI Sticks To Its ‘J-CODE’

Published on June 12, 2019

San Francisco, CALIFORNIA –Since the take-down of the largest online drug market back in 2013, numerous markets have followed. Authorities in the United States and Europe recently took down two of the largest drug markets on the dark web—Wall Street Market and Valhalla.

The “dark web” is known to users as a place where one can go to obtain goods and services they wouldn’t ordinarily be able to find in the normal and legitimate streams of commerce. The dark web has played host to marketplaces that allow thousands of parties to anonymously purchase and sell drugs, weapons, hacking tools, stolen identities, and a host of other illegal goods and services.

Looking Back At ‘The Silk Road’

Six years ago, when the Silk Road was taken down and its creator, Ross Ulbricht was imprisoned, there was a widespread assumption that the inevitable failure of the online drug marketplace would deter copycats.

How wrong they were. Dealers who had been selling their drugs and products on the Silk Road, migrated to competing sites who were set up with similar infrastructures, using the Tor web browser, hiding the IP address of users as well as the geographical locations of the websites.

Over the years, illicit online drug sales have grown on complexity and volume, paving the way for two of the Silk Road’s biggest successors—the AlphaBay and Hansa markets. These markets contained five times as much traffic as Silk Road had during its peak, according to reports.

Last month, Dream Market, one of today’s top dark web marketplaces, announced its plans to shut down after Europol, the FBI, and DEA officials announced tens of thousands of arrests and a massive crackdown on web drug trafficking. It also is worth mentioning that Dream was subject to a number of DDoS attacks, which seemed to shift over to other dark web marketplaces, such as Empire Market and Nightmare Market.

The fears were the result of the Hansa market, more below, take down back in June when Dutch police took over the market after running the site for a month and collecting evidence on the portal’s users. Law enforcement was able to collect passwords from the Hansa market in order to gain access to accounts on other dark web marketplaces.


Back in July 2017, the FBI announced the takedown of the largest marketplace on the dark web, since the Silk Road—AlphaBay. Operating for more than two years, with transactions exceeding $1 billion in Bitcoin and other digital currencies, AlphaBay was a major source of heroin and fentanyl, linked to multiple overdose deaths in the United States.

In what the FBI described as “a landmark operation,” requiring the cooperation between the U.S. Department of Justice, Europol, and other international law enforcement agencies, the marketplace’s founder, Alexandre Cazes, a 25-year-old Canadian citizen living in Thailand, was finally arrested.

“We’re talking about multiple servers in different countries, hundreds of millions in cryptocurrency, and a Darknet drug trade that spanned the globe.”

A dedicated team of FBI agents, intelligence analysts, and support personnel worked alongside domestic and international law enforcement partners to shut down the site and stop the flow of illegal goods.

“AlphaBay was truly a global site,” said Special Agent Nicholas Phirippidis, one of the FBI investigators who worked on the case from the FBI’s Sacramento Division.

Hansa Market

The now defunct, Hansa Market

Back in the fall fo 2016, Dutch law enforcement caught wind of the popular darkweb marketplace, Hansa. The Hansa takedown was completely different in how authorities approached the darkweb martketplace.

The 10-month investigation, led by the Netherlands National High Tech Crime Unit (NHTCU), was nicknamed “Operation Baynet,” led to the identification and arrest of two administrator’s of the marketplace, which allowed Dutch investigators to hijack the two men’s accounts to take full control of the site itself.

Let’s read that again. This was no ordinary take-down…this was a take-over.

“When a dark market is taken down, everyone goes to the next one,” said Marinus Boekelo, one of NHTCU investigators who worked on the Hansa operation. “It’s a whack-a-mole effect.”

By secretly seizing control of Hansa, rather than merely unplugging it from the internet, Boekelo said he and his Dutch police colleagues aimed at more than just catching unsuspecting users, but rather dealing a psychological blow to the dark-web drug trade as a whole.

“We thought maybe we could really damage the trust in this whole system,” Boekelo added. The operation required the close cooperation of American and German law enforcement.

Dutch police had control of the site for more than a month.

Global Threats Require Global Partnerships: The “J-Code”

As the world faces a global opioid epidemic, governments have dedicated substantial resources to fighting dark net markets.

Early last year, the F.B.I. created the Joint Criminal Opioid Darknet Enforcement team, or J-Code, with more than a dozen special agents and staff.

During the first few months of this year, American officials conducted an operation called ‘SaboTor,’ which focused on the vendors selling drugs on the dark net. In just a few weeks, officials arrested 61 individuals and shut down 50 Darknet accounts being used for illegal activity. Law enforcement executed 65 search warrants, seizing 299.5 kilograms of drugs, 51 firearms, and more than $7 million ($4.5 million in cryptocurrency, $2.48 million in cash, and $40,000 in gold).

The operation was a collaborative effort across the J-CODE entities, including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), U.S. Immigration and Customs Enforcement Homeland Security Investigations (HSI), U.S. Customs and Border Protection (CBP), United States Postal Inspection Service (USPIS), U.S. Department of Justice (DOJ), and the U.S. Department of Defense (DOD), with participation from international partners during the Cyber Patrol Action Week at Europol.

“Law enforcement is most effective when we work together, and J-CODE is the global tip of the spear in the fight against online opioid trafficking,” FBI Director Christopher Wray said. “

When the authorities took down the Wall Street Market in early May, there were 5,400 vendors, one-seventh the size as AlphaBay when it was closed down two years prior.

While many think these take-downs haven’t worked, you’re wrong. They did. These take-downs have been incredibly disruptive for certain dark web communities, prompting an unparalleled scramble among vendors, buyers, and site operators.

So why are these dark markets still up and running?

#1 –You’re Not Cutting the Head Off the Snake

If we’ve learned anything from the shutdown of Silk Road, AlphaBay, and Hansa, it’s that these dark web criminal communities are not single entities. Just because these major outlets have been taken down, does not mean the rest of the other networks freeze up. Taking down AlphaBay was the equivalent of taking down or arresting a mob boss—whenever one is taken down, two more pop up.

#2—The Illicit Community As a Whole Was Not Affected

Remember, there are many factions within the dark web—drugs, fraud, counterfeits, weapons, most of which operate independently from one another. For those faction who used the marketplace as their headquarters or operations base, suffered the most damage when the sites came down.

#3—Cyber-Crime Makes Legal Remedies Much More Difficult

As you know, today’s laws are not caught up with the digital age. With the rapid advancement of technology, there is no way for our laws to be caught up. Currently, the world of cyber-crime in comparison to traditional crime is increasingly blurry.

The dark web acts as a distribution platform and an operating hub, while traditional crime rings physically exist as syndicate and system itself. Cyber-crime provides an effective, scalable extension of existing criminal business models.

Where do we go from here? These communities are resilient and will persist for one simple reason—the cyberspace world is inherently adaptable to technology.

Andrew "Drew" Rossow is a former contract editor at Grit Daily.

Read more

More GD News