CIP Cyber

Policing the Dark Web (TOR): How Authorities track People on Darknet

Table of Contents

The darknet, especially the TOR network, can be hacked, or the information of the people using it can be extracted in the plain text. FBI and Law enforcement agencies utilize the following techniques to uncover or track down anyone in the darknet.

  • Hacking TOR Network or De-anonymize Tor users.
  • Undercover Agents and Operation
  • Open Source Intelligence and the DarkWeb
  • Tracking the Postal System and the Money
  • Analyzing the Seized Data

Hacking TOR Network

Law enforcement and intelligence agencies consider “de-anonymization” of Tor users a primary goal.

Authorities try to implement techniques to break the encryption used to anonymize the traffic or exploit vulnerabilities in one of the software modules that anonymizes the user’s online experience.

This is what happened in one of the most significant operation called Operation Onymous.

More than 400 darknet servers were taken down, including the most notorious drug marketplaces like Silk Road, Hydra, and Cloud9, along with many money laundering and contraband sites.

In this operation, the LEA exploited a vulnerability in a tor network and got the real IP’s of the operators.

Undercover Agents and Operation

Sending spies or undercover agents in the criminal network is one of the standard practices among the LEA. And, they use the same technique to uncover or track the darknet users and marketplaces. We have numerous examples where the security people went into the dark market and traded in the marketplaces.

Now, look at this report; more than 35 individuals arrested and the seizure of weapons, drugs, and more than 23.6 million dollars. It’s a year-long operation where an agent posed as a money launderer on Darknet market sites, exchanging U.S. currency for virtual currency.

Another recent example; undercover agents bought medication and did surveillance on the local post offices.

There could be many examples,’ but the point is simple. The LEA actively use the darknet to keep an eye on the illegal activities, and they also trade whenever needed.

Open Source Intelligence and the dark web

Human makes a mistake; this is the most vulnerable link in any security chain even in the darknet. People make a mistake, and the LEA takes advantage of it. If you leave a trace behind, then a quick OSINT technique can uncover your complete profile.

This is the breakthrough in the silk road case; the creator mentioned the dark site in a bitcoin forum and even used his real personal email address. Email is sufficient enough to track a person using osint.

In another example, a drug dealer tried to trademark his famous dark marketplace in his name.

Both of the mistakes are blunder, and it shows the power of OSINT as well.

Tracking the Postal System

Despite the online transactions and hidden services, the physical products have to use the physical routes, postal, and shipping companies. The LEA keeps an eye on the packages and the regular transactions of the suspected people.

Apart from tracking the postal system, they also keep track of the bitcoin. Despite the use of Bitcoin transactions to purchase items bought on the dark web, it is still possible for authorities to track buyers and sellers’ [b]y examining the pattern of transactions, the police may be able to tie a Bitcoin transaction to a real-world identity’. David Burchard was initially investigated because of his sale of millions of dollars of bitcoin to an unlicensed currency exchange.

David BurchardAnalyzing the Seized Data

Finally, authorities may find lead and valuable information from the already seized data and criminals.

These were the most common techniques that authority used to track people or take the illegal businesses down. What other methods could you think of? Write in the comment below.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Scan the TOR Exit Relay using Exitmap

Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over (a subset of) all exit relays. If

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings