Policing the Darknet: Leading Cybercrime Agencies Go Dark
July 26, 2022
NEW: Interactive Timeline Key Cyber Operations
In DarkOwl’s regular daily collection of content for its Vision SaaS platform, we often witness criminal communities being disrupted and dispersed by law enforcement operations. Usually, these operations are carried out covertly until enough evidence has been gathered to shut down the illicit operation. At that point, oftentimes, the law enforcement group will conduct heavy DDoS attacks (or other attack methodologies) against the marketplace or forum to shut it down, leaving a “this domain has been seized” notice on a website’s landing page.
In this piece, we decided to take a closer look at some of the key intelligence agencies, government groups, and law enforcement organizations that contribute to policing the darknet through targeted cyber operations.
The darknet – compromised of anonymous networks only accessible by special anonymous proxies and/or peer-to-peer systems – is an elaborate web of services. Based on our historical insight into this space, our analysts ascertain that the darknet is largely compromised of criminal activity ranging from the sale of drugs and illicit goods and humans to advanced malware development, data brokerage, fraud, and financial crime. Recent academic research indicates that over half of all Tor-based onion services facilitate crime in some form or fashion.
Much of this criminal activity spills over into the deep web and chat platforms like Telegram where many of the leading administrators establishing ‘mirror’ sites and channels that replicate much of the content shared across Tor and peer-to-peer anonymous networks.
International intelligence, military, law enforcement personnel, and other cybercrime agencies are present both overtly and covertly on the darknet. Marketplace and forum discussion threads are sprinkled with users dismissing posts with derogatory name-calling like “pig” or “spook.”
In 2019, the US Central Intelligence Agency (CIA) replicated their Surface Website (cia.gov) on the Tor network, including the agency’s public announcements, the World Factbook, and careers page all available reportedly via ‘secure and anonymous’ web connections.
In early May, the CIA launched a concerted campaign to encourage Russians dissatisfied with Putin’s invasion of Ukraine to “get in touch on the darknet.” The campaign included detailed instructions in both Russian and English for downloading the Tor browser and accessing their content Tor.
There are any number of organized law enforcement operations on-going in the darknet and adjacent criminal communities. Many times, the seizures of servers hosting and facilitating cybercrime are a result of a multi-agency activity months (or years) in the making. Agents from the Federal Bureau of Investigation’s Cyber Crime Unit (FBI) and Interpol lead many of the operations that result in not only the take-down of criminal sites, but also the indictments and arrests of the criminal masterminds behind the darknet community.
With so many different groups operating in the space and most heavily rely on acronyms, we’ve compiled a list of the prominent international government, intelligence, and law enforcement organizations that we’ve seen mentioned in significant operations carried out on the darknet. The table below includes their common and formal names, as well as the countries they primarily operate in.
Law Enforcement Agencies (LEAs) on the Darknet
| LEA Acronym or Common Name | Agency | Country |
|---|---|---|
| ATF | Alcohol, Tobacco & Firearms | USA |
| ACIC | Australian Criminal Intelligence Commission | Australia |
| Bundeskriminalamt | Austrian Federal Investigation Bureau | Austria |
| NIS | Bulgarian National Investigation Service | Bulgaria |
| BKA | Bundeskriminalamt (Federal Criminal Police Office) | Germany |
| RCMP/Mounties | Royal Canadian Mounted Police | Canada |
| CIA | Central Intelligence Agency | USA |
| CIB | Criminal Investigation Bureau | International |
| Αστυνομία Κύπρου | Cyprus Police | Cyprus |
| DHS | Department of Homeland Security | USA |
| DOJ | Department of Justice | USA |
| EC3 | European Cybercrime Centre | European Union |
| FBI | Federal Bureau of Investigation | USA |
| FSB | Federal Security Service (Federalnaya Sluzhba Bezopasnosti ФСБ) | Russia |
| FinCEN | Financial Crimes Enforcement Network | USA |
| GDCOC | General Directorate Combating Organized Crime | Bulgaria |
| GCHQ | Government Communications Headquarters | UK |
| HSI | Homeland Security Investigations | USA |
| IRS:CI | Internal Revenue Service, Criminal Investigation | USA |
| IDF | Israel Defense Force | Israel |
| JCODE | Joint Criminal Opioid and Darknet Enforcement (DOJ) | USA |
| GRU | Main Intelligence Directorate | Russia |
| NCA | National Crime Agency | UK |
| NCJITF | National Cyber Joint Investigative Task Force | USA |
| DNRED | National Directorate of Intelligence and Customs Investigations | France |
| NSA | National Security Agency | USA |
| NCIS | Naval Criminal Investigative Service | USA |
| KLPD | Netherland’s National Police | Netherlands |
| OFAC | Office of Foreign Assets Control | USA |
| PSNI | Police Service of Northern Ireland | Ireland |
| PF | Policia Federal | Mexico |
| NPB | Polisen Swedish Police | Sweden |
| PJ | Portuguese Judicial Police (Polícia Judiciária) | Portugal |
| SBU | Security Service of Ukraine (СБУ) | Ukraine |
| Europol | European Union Agency for Law Enforcement Cooperation | European Union |
| Interpol | International Criminal Police Organization | International |
| CBP | U.S. Customs and Border Protection | USA |
| ICE | U.S. Immigration and Customs Enforcement | USA |
| USDT | United States Department of the Treasury | USA |
| USPIS | United States Postal Inspection Service | USA |
| USSS | United States Secret Service | USA |
| DOD | United States Department of Defense | USA |
| DEA | United States Drug Enforcement Agency | USA |
Stay tuned for future content where we review some of the most historically significant and disruptive darknet “operations” conducted by these organizations. Our interactive timeline is now live!
