Authorities Take Down Darknet Marketplace
5.5.2017 securityweek CyberCrime
Europol announced Thursday that it had assisted the Slovak NAKA crime unit in the arrest of a Slovak national believed to operate a small darknet marketplace dealing in drugs and arms. The individual is in police custody, and several of his premises have been searched.
"In one of the locations searched," says the Europol statement, "Slovak authorities discovered and seized five firearms and approximately 600 rounds of ammunition of different calibres. The investigators also found a sophisticated indoor cannabis plantation, 58 cannabis plants and a Bitcoin wallet containing bitcoins worth EUR 203 000, which is thought to have been obtained from illegal online activities."
An associated video shows armed Slovak NAKA personnel dragging an individual from a motor vehicle, and subsequently searching premises. Several of the individual's premises have been searched. The server used to run the marketplace has been seized and is being forensically examined. "Slovak authorities and Europol have extended the investigation into the users and vendors who utilised the marketplace," states Europol.
There are some suggestions on Twitter that the marketplace concerned is Bloomsfield. Darknet Markets describes Bloomsfield as a "Market started as the vendor shop of the vendor 'Biocanna' and later expanded to server other vendors. Offers Multisig transactions and low fees. The site itself does not look that poor, it is built to look clean and easy to navigate, but the lack of any added security measures and limited range of products to choose from makes it look like a bad place to do business on."
Deep.dot.web currently reports Bloomsfield as "Down from unknown reason – Market started as the vendor shop of the vendor 'Biocanna' / Thcsupport (Note – Using Bitwasp) and later expanded to server other vendors. Offers Multisig transactions and low fees."
It seems that Biocanna was originally a cannabis supplier on the Silk Road who later established his own marketplace; not apparently very successfully. 'C' has posted a conversation snippet on Twitter concerning the 'owner of the failing Bloomsfield market.'
It includes, "It is obvious you have no clue about security or cryptography or even basic understanding of the linux gpg package. Oh wait, you also expose all your users and their pgp keys by allowing anyone to download the public key ring..."
If it is indeed the Bloomsfield server that has been seized and is being analyzed, and its security is lax as that suggested, it is likely to lead Europol to other illegal product suppliers. Europol's announcement already comments, "a crosscheck performed during the house searches generated a hit on Europol's databases which helped investigators identify a Darknet vendor living in another EU country. The individual was suspected of supplying one of the firearms found during the house searches in Bratislava."
Europol notes that "The online trade in illegal firearms has expanded to the extent that nowadays it is considered a key facilitator for firearms trafficking." Its Serious and Organized Threat Assessment 2017 report (PDF) explains, "There is a shift from sales on the surface web to sales on the Darknet, typically when the status of a product or substance changes from being legal to illegal. For example, the sales of gun parts or de-activated firearms is legal in certain jurisdictions and therefore available on the surface web, but when the gun is assembled or re-activated it is illegal and will be sold on the Darknet."
Europol's concern is that darknet trade in illegal firearms can fuel real world terrorist activity in Europe.