Federal authorities announced last week several arrests, charges, and guilty pleas from a joint operation dubbed “Operation Darkness Falls,” which targeted people and organizations selling fentanyl and other drugs over the dark web. Among those arrested were the operators behind the dark web username “MH4Life,” which the Department of Justice called the most prolific dark web fentanyl vendor in the US and the fourth most prolific in the world.
Those unfamiliar with the dark web may wonder how it operates and whether it poses a greater threat in the opioid crisis than the surface web. LegitScript investigative analysts explored this issue earlier this year when we conducted in-depth research on dark web opioid sales on behalf of the Center for Safe Internet Pharmacies (CSIP). Our investigation culminated in the report The State of Opioid Sales on the Dark Web.
In this blog post, we answer some of the most common questions about illicit commerce on the dark web.
What is the dark web?
The World Wide Web is made up of the surface web, the deep web, and the dark web. The surface web (also called the clear web and the open web) is what most of us navigate when we check social media, shop online, or read the news. Websites on the surface web are publicly accessible and indexed by search engines such as Google and Bing, permitting internet users to search for them.
The deep web comprises any content on the web that is not indexed for search engines and that is accessed by password or encryption, or through gateway software. This includes content such as medical records, legal documents, financial records, and government resources.
The dark web is a subset of the deep web, which is also not indexed by traditional search engines. Unlike the deep web, the dark web functions not only for security but also for anonymity. Its content is intentionally hidden and requires special browsers to access.
A common metaphor is to think of the World Wide Web as an iceberg, with the visible tip of it being the surface web. | Illustration courtesy the Center for Safe Internet Pharmacies
How are drugs sold on the dark web?
Dark web commerce operates largely on marketplaces that function similarly to surface web third-party marketplaces such as eBay and Amazon. These marketplaces offer mostly illegal products, such as drugs, weapons, counterfeit items, pirated intellectual property, and illicit adult content. Some of the vendors may be scammers, meaning they make sales but don’t actually send anything in return. These are called nondelivery schemes.
Marketplaces also serve an escrow function, meaning that they take a buyer’s payment, hold onto it until the buyer has received his or her purchase, and then release funds to the seller. This helps to reduce the likelihood of nondelivery schemes. For this service, the marketplaces take a small percentage of the proceeds. Like eBay and Amazon, products are sold by vendors who get reviews and ratings based on their reliability and quality of product.
How do buyers and sellers remain anonymous?
Users of the dark web employ technology to obfuscate their identity, including the Tor browser, which routes users through multiple relays to hide their locations and IP addresses. They also typically use a virtual private network (VPN), which creates a secure “tunnel” for sending and receiving data across shared or public networks by configuring their computing devices as if they were directly connected by a private network.
Once on a dark web marketplace, users often maintain their anonymity by communicating through encrypted messages, making it difficult for anyone to intercept and read. Furthermore, all marketplaces accept forms of cryptocurrency, such as Bitcoin. This digital currency allows buyers to pay while maintaining a degree of privacy protection. Holding payment in escrow often has the added benefit of “tumbling” or “mixing” digital currency; this is a form of money laundering that severs the connection between a cryptocurrency address sending coins and the address to which they are sent.
How are drugs sent?
Virtually all drugs sold on the dark web are shipped through the mail. A 2016 LegitScript report prepared for CSIP showed that, without exception, drugs sold through test buys from the surface web were shipped from the country of origin using public (government-run) postal services. The same is likely true for shipments from the dark web. In 2016, the DEA made purchases from four vendors on a major dark web marketplace called Dream Market and received verified controlled substances from each, all of which were shipped through United States Priority Mail, according to a criminal complaint filed by the DEA in August 2017.
Mail services are extremely difficult to anonymize. Because illicit drug dealers on the internet likely cannot avoid using traditional shipping methods to deliver goods to customers, shipping is a key vulnerability that law enforcement may exploit to track down dealers.
Which is more dangerous: the dark web or the surface web?
Both the dark web and surface web offer their own risks and dangers. The dark web was built for anonymity and, as such, it’s often nearly impossible for buyers to know who they are transacting with or where their purchases are being sourced. Drugs may be adulterated, counterfeit, or possibly made by amateurs out of their homes using substandard equipment. These dangers exist on the surface web as well; however, without illicit marketplaces that have built-in escrow and rating systems, there may be a higher likelihood of nondelivery schemes and phishing scams from websites on the surface web. Either way, it can be extremely risky for anyone to attempt to purchase controlled substances or unapproved drugs from the internet.
LegitScript’s investigative analysts frequently conduct research on both the surface web and dark web in our efforts to identify operators illegally selling drugs and other federally regulated products. Contact us to learn more about our expertise in identifying cybercriminals and mapping out the often complex networks they operate.