Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers

Law enforcement agencies are always looking for new ways to identify suspects on the dark web, whether that means using malware to unmask people, executing wide ranging attacks on the Tor anonymity network, or tracking a drug dealer’s physically mailed packages.

But on Wednesday, the Department of Justice announced dozens of dark web arrests thanks to a relatively novel technique. By posing as a cryptocurrency money launderer on dark web marketplaces, investigators from Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) were able to allegedly identify a number of people selling illegal narcotics, and open more than 90 active cases.

“Criminals who think that they are safe on the Darknet are wrong,” Deputy Attorney General Rod Rosenstein said in a statement. “We can expose their networks, and we are determined to bring them to justice.”

The DOJ announcement added that on Wednesday various law enforcement agencies arrested more than 35 alleged dark web vendors, including those allegedly selling cocaine, marijuana, and LSD. Investigators also seized quantities of Xanax and the high-powered opioid fentanyl. A number of the defendants are charged with weapon possession offenses.

But it’s the technique used to identify these suspects that makes the operation stand out.

“Posing as a money launderer for Bitcoin seems like a great mechanism to find the dealers: There are so many paths for the dark net dealers to get drugs. There are much fewer paths for them to get cash,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an online chat.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

At a hearing of the House of Representatives Financial Services Subcommittee on Terrorism and Illicit Finance on June 20, HSI official Greg Nevano stated that the agency’s cryptocurrency seizures have already amounted to more than $25 million in the current fiscal year to date, compared to nearly $7 million in all of the 2017 fiscal year.

Transferring large sums of cryptocurrency, typically Bitcoin, into fiat currency is one of the biggest issues facing serious dark web dealers. Once they move their bitcoins to an exchange in order to cash it out, law enforcement, with the right tip, can follow Bitcoin’s public ledger to the specific exchange and probe the company for relevant customer records. Or, in this case, authorities can interact directly with the alleged criminals at the point of transfer, potentially learning information about their identities.

“Worse, for the drug dealers, they need to avoid the reputable exchanges. Which means they can only really hope for ‘entrepreneurs’ on LocalBitcoins and the like to buy in bulk and buy in cash,” Weaver added. LocalBitcoins is a site that allows nearly anyone to buy and sell bitcoin to individual customers, making it more direct than transferring through a more traditional exchange service.

Homeland Security Investigations Acting Executive Associate Director Benner said in the DOJ announcement, “The Darknet is ever-changing and increasingly more intricate, making locating and targeting those selling illicit items on this platform more complicated. But in this case, HSI special agents were able to walk amongst those in the cyber underworld to find those vendors who sell highly addictive drugs for a profit.”

The arrests spanned across New York, Maryland, Ohio, Sacramento, and other states, and impacted vendor accounts on various marketplaces, including the now defunct Silk Road, AlphaBay and Hansa, the announcement added. As well as HSI, the operation involved the DEA, US Secret Service, and US Postal Inspection Service, it read.