NCA arrests 24 Brits over ties to global dark web criminal network

International crackdown results in 150 arrests and more than £22.5 million in seized cash and virtual currencies

The UK's National Crime Agency (NCA) announced Wednesday that it had arrested 24 British citizens for their alleged involvement in an international dark web criminal network.

The NCA labelled the operation that led to the arrests as "one of the largest ever international operations targeting a criminal dark web marketplace".

The six-month-long UK portion of the international operation, known as Dark HunTOR, was coordinated by the NCA in collaboration with UK policing partners. As part of the wider investigation, law enforcement agencies in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, and the United States were involved, with international coordination efforts led by Europol and Eurojust.

The overall effort resulted in a total of 150 arrests, with more than £22.5 million seized in cash and virtual currency, 234kg of drugs, and 45 firearms.

UK law enforcement seized £220,000 in suspected criminal cash and Bitcoin, and a drugs haul of more than 50 kilos comprised of cocaine, MDMA, cannabis, methamphetamine, and ketamine.

Following an analysis of data by officers at the Dark Web Intelligence, Collection and Exploitation team (DICE), information on those individuals identified as presenting the highest threat in the UK was then distributed to regional dark web operations teams around the UK, who then made the arrests on suspicion of selling criminal goods online.

Dark HunTOR began earlier this year when German authorities arrested an individual thought to be the chief operator of a major dark web marketplace.

The arrest in Germany gave agencies access to the group's wider criminal infrastructure, which then enabled information on other marketplace vendors to be shared around international law enforcement agencies.

Related Resource

HP Wolf Security: Threat insights report

Equipping security teams with the knowledge to combat emerging threats

Skyscrapers from belowFree download

“The individuals we have targeted who are supplying drugs via the dark web are ultimately preying on the vulnerable and destroying communities," said Damian Barrow, senior NCA manager in the dark web intelligence collection and exploitation team.

“This operation shows that those who try to use the dark web to anonymously commit crimes can be identified and will be tracked down."

Dark web marketplaces are typically used to sell drugs, weapons, data, and other illicit digital goods. For years, they have been the targets of internationally coordinated efforts from law enforcement agencies attempting to shutter them. However, new marketplaces often launch in the wake of a major takedown, restarting the process for those fighting cyber crime.

European authorities were previously lauded for their work in bringing down prominent marketplaces such as Hansa and Alphabay in 2019.

"Law enforcement have become more technically savvy when it comes to the dark web and how it works, and are now able to monitor and track a person’s browsing behaviour, regardless of encryption," said Cliff Martin, cyber incident responder of GRC International Group to IT Pro.

"However, although the risk of being caught has significantly increased over the years, I don’t think that cyber criminals will be any more afraid - bad actors are very aware of the risks they are taking, and are continuously trying to find new ways to dodge around them."

Law enforcement agencies are cracking down on marketplaces and getting better at doing it with each operation. However, some experts believe geography may provide the ultimate hindrance in the long-run.

"While the tempo of law enforcement operations does appear to have increased, the seizures are somewhat limited by the geography in which the targets reside," said Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows to IT Pro.

"Many significant actors within the cybercriminal community—notably those involved in ransomware attacks—are based in either Russia or the Commonwealth of Independent States (CIS), i.e. countries formerly a member of the Soviet Union. There are limited options available for international law enforcement in making arrests within these countries."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021