Policing the Darknet: Leading Cybercrime Agencies Go Dark

July 26, 2022

NEW: Interactive Timeline Key Cyber Operations

In DarkOwl’s regular daily collection of content for its Vision SaaS platform, we often witness criminal communities being disrupted and dispersed by law enforcement operations. Usually, these operations are carried out covertly until enough evidence has been gathered to shut down the illicit operation. At that point, oftentimes, the law enforcement group will conduct heavy DDoS attacks (or other attack methodologies) against the marketplace or forum to shut it down, leaving a “this domain has been seized” notice on a website’s landing page.

In this piece, we decided to take a closer look at some of the key intelligence agencies, government groups, and law enforcement organizations that contribute to policing the darknet through targeted cyber operations.

The darknet – compromised of anonymous networks only accessible by special anonymous proxies and/or peer-to-peer systems – is an elaborate web of services. Based on our historical insight into this space, our analysts ascertain that the darknet is largely compromised of criminal activity ranging from the sale of drugs and illicit goods and humans to advanced malware development, data brokerage, fraud, and financial crime. Recent academic research indicates that over half of all Tor-based onion services facilitate crime in some form or fashion.

Much of this criminal activity spills over into the deep web and chat platforms like Telegram where many of the leading administrators establishing ‘mirror’ sites and channels that replicate much of the content shared across Tor and peer-to-peer anonymous networks.

International intelligence, military, law enforcement personnel, and other cybercrime agencies are present both overtly and covertly on the darknet. Marketplace and forum discussion threads are sprinkled with users dismissing posts with derogatory name-calling like “pig” or “spook.”

In 2019, the US Central Intelligence Agency (CIA) replicated their Surface Website (cia.gov) on the Tor network, including the agency’s public announcements, the World Factbook, and careers page all available reportedly via ‘secure and anonymous’ web connections.

In early May, the CIA launched a concerted campaign to encourage Russians dissatisfied with Putin’s invasion of Ukraine to “get in touch on the darknet.” The campaign included detailed instructions in both Russian and English for downloading the Tor browser and accessing their content Tor.

There are any number of organized law enforcement operations on-going in the darknet and adjacent criminal communities. Many times, the seizures of servers hosting and facilitating cybercrime are a result of a multi-agency activity months (or years) in the making. Agents from the Federal Bureau of Investigation’s Cyber Crime Unit (FBI) and Interpol lead many of the operations that result in not only the take-down of criminal sites, but also the indictments and arrests of the criminal masterminds behind the darknet community. 

With so many different groups operating in the space and most heavily rely on acronyms, we’ve compiled a list of the prominent international government, intelligence, and law enforcement organizations that we’ve seen mentioned in significant operations carried out on the darknet. The table below includes their common and formal names, as well as the countries they primarily operate in.

Law Enforcement Agencies (LEAs) on the Darknet

LEA Acronym
or Common Name

Agency

Country
ATFAlcohol, Tobacco & FirearmsUSA
ACICAustralian Criminal Intelligence CommissionAustralia
BundeskriminalamtAustrian Federal Investigation BureauAustria
NISBulgarian National Investigation ServiceBulgaria
BKABundeskriminalamt (Federal Criminal Police Office)Germany
RCMP/MountiesRoyal Canadian Mounted PoliceCanada
CIACentral Intelligence Agency USA
CIBCriminal Investigation BureauInternational
Αστυνομία ΚύπρουCyprus PoliceCyprus
DHSDepartment of Homeland Security USA
DOJ Department of Justice USA
EC3European Cybercrime CentreEuropean Union
FBIFederal Bureau of InvestigationUSA
FSBFederal Security Service (Federalnaya Sluzhba Bezopasnosti ФСБ) Russia 
FinCENFinancial Crimes Enforcement Network USA
GDCOCGeneral Directorate Combating Organized CrimeBulgaria
GCHQGovernment Communications HeadquartersUK
HSIHomeland Security Investigations USA
IRS:CIInternal Revenue Service, Criminal InvestigationUSA
IDFIsrael Defense Force Israel 
JCODEJoint Criminal Opioid and Darknet Enforcement (DOJ) USA
GRUMain Intelligence Directorate Russia 
NCANational Crime Agency UK
NCJITFNational Cyber Joint Investigative Task Force USA
DNREDNational Directorate of Intelligence and Customs InvestigationsFrance
NSANational Security AgencyUSA
NCISNaval Criminal Investigative ServiceUSA
KLPDNetherland’s National PoliceNetherlands
OFACOffice of Foreign Assets Control USA
PSNIPolice Service of Northern Ireland Ireland
PFPolicia Federal Mexico
NPBPolisen Swedish Police Sweden 
PJPortuguese Judicial Police (Polícia Judiciária)Portugal
SBUSecurity Service of Ukraine (СБУ) Ukraine 
Europol European Union Agency for Law Enforcement CooperationEuropean Union
InterpolInternational Criminal Police OrganizationInternational
CBPU.S. Customs and Border Protection USA
ICEU.S. Immigration and Customs Enforcement USA
USDT United States Department of the Treasury USA
USPISUnited States Postal Inspection ServiceUSA
USSSUnited States Secret Service USA
DODUnited States Department of DefenseUSA
DEAUnited States Drug Enforcement AgencyUSA

Stay tuned for future content where we review some of the most historically significant and disruptive darknet “operations” conducted by these organizations. Our interactive timeline is now live!


Learn how DarkOwl supports Law Enforcement & National Security investigations with darknet data tools built for analysts, cybercrime agencies and threat intelligence teams. Contact us to learn more.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2022 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.