“Bulletproof” dark web data centre seized by German police

Dark web person with code for a face
(Image credit: Shutterstock)

German authorities scuppered a pervasive dark web operation on Friday, saying it was being run out of a former NATO bunker.

Seven individuals have been arrested on the suspicion of being associated with organised crime and as accessories to hundreds of thousands of crimes through their hosted dark web platforms such as the Wall Street Market and Cannabis Road.

The outfit is believed to be spearheaded by a 59-year-old Dutchman who, authorities understand, acquired the bunker located in the small town of Traben-Trarbach in 2013.

After buying the bunker, the man who is yet to be named by authorities is claimed to have transformed it into a large and highly secure data centre, designed "exclusively for illegal purposes", according to prosecutor Juergen Bauer, as reported by the Associated Press.

Dark web marketplaces are infamous for being cornucopias of crime where people can buy drugs, weapons, credit card information, forged documents and more.

As suspects linked to the operation of such as site, 13 suspects in total, aged 20-59, can all be charged as accessories to every crime and transaction that took place on their hosted sites.

"I think it's a huge success... that we were able at all to get police forces into the bunker complex, which is still secured at the highest military level," said regional criminal police chief Johannes Kunz. "We had to overcome not only real, or analogue, protections; we also cracked the digital protections of the data centre."

Authorities described the facility as a "bulletproof hoster", designed specifically to conceal the activity from law enforcement.

Policing the unknown

The dark web has proven to be a reliable sanctuary for cyber criminals due to its decentralised and anonymous nature. Websites are accessed through The Onion Router (Tor) browser and a user's connection is redirected through multiple different global locations which makes the identification of an online criminal nigh-on impossible.

The proliferation of cryptocurrencies has also contributed to the anonymity of criminals as, like their web traffic, payments made using cryptos are also beamed through multiple addresses making them difficult track.

It started with bitcoin but since then other cryptocurrencies have gained popularity, and new and more anonymous coins have been devised. Monero is one such coin that's favoured by criminals as it conceals the sender and recipient's address more comprehensively than others.

Cryptocurrency tumblers are another tool that hampers policing efforts. They offer a service that's the cryptocurrency equivalent of money laundering; users send their coins to a tumbling service, pay a fee and get completely different coins in return, further complicating tracking efforts made by authorities.

While authorities have famously been able to clamp down on certain marketplace operations, their success, in some cases, hasn't been attributed to sophisticated web tracking techniques - the fatal clues have sometimes been found through the criminals' poor web hygiene.

For example, perhaps the most well-known dark web market Silk Road was eventually seized by authorities after finding posts made by the owner Ross Ulbricht which advertised the marketplace on a 'clear net' bitcoin forum along with his personal email address in a separate post.

The network is difficult to crack, but as the FBI evidenced with the seizure of Playpen, they can take down sites if they hack the endpoint. Authorities deployed malware on the abuse-distribution platform that revealed the IP address of any user that clicked on illegal images, leading to the arrest of the site's operator.

IT Pro contacted the National Cyber Security Agency for comment but it did not reply at the time of publication.

Dedicated global taskforces

As the dark web becomes a more widespread issue, dedicated dark web security organisations have been formed around the world to help tackle the issue.

The seizure of the Alphabay and Hansa marketplaces in 2017 was a global coordinated effort named Operation Bayonet and led by Europol, but required help from law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France.

The huge effort required in Bayonet provided the catalyst that led to the formation of Europol's own dedicated dark web team and the US followed suit six months later with its Joint Criminal Opioid Darknet Enforcement (J-CODE) team.

"Criminals think that they are safe on the darknet, but they are in for a rude awakening," said Attorney General Sessions on the J-CODE launch. "We have already infiltrated their networks, and we are determined to bring them to justice.

"In the midst of the deadliest drug crisis in American history, the FBI and the Department of Justice are stepping up our investment in fighting opioid-related crimes. The J-CODE team will help us continue to shut down the online marketplaces that drug traffickers use and ultimately that will help us reduce addiction and overdoses across the nation."

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.