Library Genesis (LibGen), the largest pirate repository of academic papers, doesn’t seem to be doing so hot.

Three years ago, LibGen had on average five different HTTP mirror websites backing up every upload, to ensure that the repository can’t be easily taken down. But as Reddit users pointed out this week, that number now looks more like two. After the recent takedown of another pirate site, the downturn has caused concern among “shadow archivists,” the term for volunteer digital librarians who maintain online repositories like LibGen and Z-Library, which host massive collections of pirated books, research papers, and other text-based materials.

Earlier this month, the head librarians of Z-Library were arrested and charged in federal court for criminal copyright infringement, wire fraud, and money laundering. After the FBI seized several websites associated with Z-Library, shadow archivists rushed to create mirrors of the site to continue enabling user access to more than 11 million books and over 80 million articles. 

For many students and researchers strapped for cash, LibGen is to scholarly journal articles what Z-Library is to books. 

“It's truly important work, and so sad that such a repository could be lost or locked away due to greed, selfishness, and pursuit of power,” one Reddit user commented on r/DataHoarder. “We are at a point in time where humanity could do so very much with the resources and knowledge that we have if it were only organized and accessible to all instead of kept under lock and key and only allowed access by a tiny percentage of the 8 billion people on this planet.”

There isn’t one clear explanation for what’s happening with LibGen’s HTTP mirrors. However, we do know that maintaining a shadow library is time-consuming and often isolating for the librarian or archivist. It makes perfect sense why a shadow librarian involved in this work for years may throw in the towel. This could also be the seed of a recruitment effort underway, much like we saw several years ago when archivists enacted a rescue mission to save Sci-Hub from disrepair. 

When news circulated that Z-Library was seized by the feds, some supporters stepped in with monetary donations to restore the repository. Members of the Z-Library team also expressed sadness about the arrests and thanked supporters in an official response, as reported by Torrent Freak.

“Thank you for each donation you make. You are the ones who making the existence of the Z-Library possible,” the Z-Library members wrote in the statement, which was posted to a site on the anonymized Tor network. “We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc. This is the only purpose Z-Library is made for.” 

The usage of the anonymized network follows the movement of shadow libraries to more resilient hosting systems like the Interplanetary File System (IPFS), BitTorrent, and Tor. While there might be fewer HTTP mirrors of shadow libraries like LibGen, there are likely more mirrors on alternative networks that are slightly harder to access.

It’s unclear if LibGen will regain the authority it once had in the shadow library ecosystem, but as long as shadow librarians and archivists disagree with current copyright and institutional knowledge preservation practices, there will be shadow information specialists.

“Shadow library volunteers come and go, but the important part is that the content (books, papers, etc) is public, and mirrored far and wide,” Anna, the pseudonymous creator of Anna’s Archive, a site that lets users search shadow archives and “aims to catalog every book in existence,” told Motherboard in a statement. “As long as the content is widely available, new people can come in and keep the flame burning, and even innovate and improve—without needing anyone's permission.”

Anna says the job of shadow librarians closely follows the ethos “information wants to be free,” which was famously put into practice by information activists like Aaron Swartz. 

“Once the content is out there, it's hard to put the genie back in the bottle,” she added. “At a minimum, we have to make sure that the content stays mirrored, because if that flame dies, it's gone. But that is relatively easy to do.” 

Michael Goldberg, a 36-year-old man who sold meth on the darkweb under the name “Drugs R Us,” is going to prison.

As first spotted by Dark Net Daily and detailed in court documents, Goldberg ran a criminal organization with his wife and a few other associates. According to the criminal complaint, Goldberg and his associates purchased drugs from various sources and then shipped them internationally using UPS, DHL, and the United States Postal Service.

Goldberg and company weren’t sneaky and the authorities first figured out something was up in 2018 when they discovered several parcels intended for the Philippines were full of methamphetamine. Goldberg shipped them under fake names but used a phone number registered to his real name.

After the cops arrested him, Goldberg continued to run his criminal empire from a jail. “While detained at the Metropolitan Detention Center…Goldberg has made numerous phone calls to Rabulan, often using other inmates’ phone lines, to discuss drug trafficking, destruction of evidence, and the movement of currency,” the criminal complaint said.

The cops, of course, recorded these phone calls. Which is why we know his dark web store’s name. “I don’t know the login for the other thing…the dark web,” Goldberg’s wife said during a call the cops recorded.

“It’s ‘Drugs R Us,’” Goldberg said. 

Later in the conversation, his wife told Goldberg that the business wasn’t going well. “Babe. I was online yesterday. It was all bad. Oh my gosh, oh my gosh. That’s all I’m going to say,” she said.

“How many did they get? A lot? All of them?” Goldberg said.

“I’ve seen everything that you’ve dinged,” she said. “Like everything. Everything.”

“So, they got every last thing that we’ve sent? That’s crazy,” Goldberg said into an unsecured line while sitting in prison. 

Goldberg was a busy international drug dealer. “I have identified a total of 59 international mail parcels that I believe are part of Goldberg and Rabulan’s scheme to distribute drugs,” the criminal complaint said. “Shippers mailed these parcels to the Philippines, Australia, New Zealand, the United Kingdom, Italy, Poland, and France. Fourteen of the 59 parcels have been seized in the United States containing a total of approximately 22.3 kilograms of methamphetamine and 170 grams of marijuana. Authorities in other countries have seized four of the 59 parcels containing 2.1 kilograms of methamphetamine.”

Impressed with himself, Goldberg told an associate he knew what he’d do once he got out of prison. “I was reading this book about this Cocaine Cowboy [A famous drug dealer that inspired ‘Miami Vice’] and I was like, ‘this fool is fucking weak,’” Goldberg said. “I really want to do a movie and book when I get out. I think I’ll make enough money for everybody to get out of the game. Man, damn, this would be a great fucking documentary.”

Five men believed to be behind the web’s most notorious murder for hire scheme were arrested in Romania this week, in part of an operation aimed at putting an end to the infamous dark web scam. 

Since its inception in the 2010s, the operation has funneled users searching for ways to hire an assassin online to a site on the dark web. That site has gone by a series of different names; Besa Mafia, Camorra Hitman, and, most recently, the #1 Hitman Marketplace. Once there, users were asked to submit their target, information about how and when they would like them killed, and to pay a fee, typically $5,000-20,000, in Bitcoin. 

The site was quickly identified as a scam, and yet thousands of orders flowed in over the years, along with plenty of paying customers. Husbands ordered hits on their wives, business partners sought assassins for their colleagues, a man who lost money on a sports betting website asked to murder the customer service rep who failed to return it to him, and a predator paid to arrange the death of a 14 year-old boy. 

Romania’s Directorate for the Investigation of Organized Crime and Terrorism (DIICOT) says that it led the raids at the request of the United States; the Department of Homeland Security and the FBI have been investigating cases related to the operation for years. In a statement made after the arrests, DIICOT said that “authorities in the United States of America have determined that this group consists of five or more persons located in Romania, who acted in a coordinated manner to administer those sites and to launder money obtained as a result of instigating crimes to kill.” Five individuals and four witnesses were detained in the operation, a video of which the agency released along with the announcement. 

The security analyst Christopher Monteiro gained access to the backend of the first scam site run by this group, Besa Mafia, in 2016, allowing him to see a full inventory of the ordered “hits,” which he would then pass along to the authorities. He published a number of blog posts exposing the operation, which angered Yura enough to hire someone to threaten him personally. 

The operation is a scam, but its users are serious about their purchase, and intend to inflict real harms. Monteiro has access to this “kill list,” which I have viewed. Some of the names on that list now belong to homicide victims, killed by the person who originally made the order. Others know that someone in their lives wants them dead, which amounts to a unique form of psychological abuse. I reported extensively on the operation, and the database of evidence it yielded, for Harper’s Magazine in 2020. After years of mostly ignoring his tips, in 2020, authorities began taking them seriously. Since then, Monteiro estimates that around 25 arrests have been made of individuals who have paid to have people killed through the website. (Neither DIICOT nor the DHS immediately responded for a request for comment.)

But the team behind the site orchestrating it all remained elusive. For years, authorities were unclear who was behind the operation; all communications were conducted by a figure who went as “Yura.” Yura would communicate with users who sent messages inquiring into the hitman services, encouraging them to order and easing their concerns in broken English. It was long believed, on the evidence of those chat logs, that he or they resided in Eastern Europe, and Romania, which has a reputation for fostering a culture friendly to web scammers. Yura even conducted interviews, his voice disguised, for TV segments; and yet his identity and whereabouts were unknown. 

Even after the raids, it’s still unclear whether this was the work of one person who grew an operation to the point it needed support from a team, or if it was always a larger effort. The website itself evolved over time, from a clunky and simple page reminiscent of Geocities-era web to one that hosts putative forums, user profiles, and a (slightly) more modern design, replete with gruesome images intended to relay a proof of concept. 

The DIICOT says that the damages of the operation are believed to be around 500,000 euros, though if the scammers held onto the bitcoin they collected back in 2016, it would be worth far more than that today. And whether it’s enough to shut down the operation for good is an open matter; it is easy enough for another to keep running the scam. Furthermore, there are still thousands of people who have contacted Yura about hiring a hitman, and submitting the name of a person they want dead.

This is why Monteiro is ambivalent about the news of Yura’s apparent apprehension, despite years of working to shed light on the operation and its victims. “It's great an international law enforcement operation took down these criminals, but when will they ever proactively investigate the thousands of names on the kill list?” Monteiro wrote me in a message. 

Finally, even if Romanian authorities and U.S. agencies do manage to shut Yura’s operation down, it has already proved successful enough to inspire copycats around the web. Another site, which appears to be operated by different people, and claims to serve the Russian region primarily, is fully operational. I downloaded a Tor browser and logged on, found a link to the Telegram chat of the “Jabba Syndicate” and inquired into getting a hitman in Los Angeles. They replied within minutes. 

Yes, they could get someone to do the elimination right away. It would cost $15,000. 

One of the world’s most wanted pedophiles, who abused dozens of children between the ages of two and 16, has been captured and jailed for close to 50 years after Australian authorities tracked him down to a COVID-19 quarantine facility in Malaysia.

For at least 14 years, Alladin Lanim was found to have sexually abused dozens of children in a sleepy, seaside town called Lundu in Sarawak, Malaysia. 

The 40-year-old man posted his heinous activities on the dark web and boasted on message boards about recording his acts, according to a detailed report published by the Sydney Morning Herald. Using an anonymous online profile, he was also said to have been sharing child abuse material online since 2007, and had been linked to more than 1,000 images and videos depicting sexual abuse of minors.

“He was so prolific with so many victims, that’s why he became a high priority,” Daniel Burnicle, a detective sergeant from the Australian Federal Police (AFP), told the Australian newspaper from Kuala Lumpur. 

“He was so prolific with so many victims.”

Analysis conducted by Australian victim identification specialists initially identified a total of 34 victims who had been abused by Alladin, but authorities warned that the actual number may be higher. 

Officials on the case, trawling through records and hundreds of images, made a breakthrough last year and came across a possible image of Alladin. He was finally apprehended and jailed last month following a painstaking two-year international investigation by Australian and Malaysian authorities. “It’s just a slow, methodical burn,” Burnicle said.

“They’re going through images trying to work out where that location may be so they can follow up. It’s all very difficult with the dark web to track people.”

Alladin was apprehended at a COVID-19 isolation facility on July 5 while serving out a mandatory quarantine after returning to Sarawak, and charged with 18 counts of molesting five boys on a plantation and inducing them to watch pornographic videos by offering to let them play a mobile game on his phone. Malaysian police also say that they are pursuing one more case of child abuse involving Alladin.

He pleaded guilty in court in the state capital Kuching, and was jailed for 48 years and six months and sentenced to 15 strokes of the cane. 

In a statement provided to VICE World News on Monday, AFP commander Warwick Macfarlane said the cross-border investigation that led to Alladin’s arrest was an indication that the pandemic had not obstructed transnational policing efforts, and that authorities around the world were still working tirelessly to combat the exploitation and abuse of children.

Alladin’s arrest is the latest in a string of recent child exploitation busts by Australian authorities, following the AFP’s involvement in cracking open a global pedophile ring last year. A spokesperson told VICE World News last September that the amount of child abuse material being shared on the dark web appeared to be increasing, and that some sites hosting online child sex abuse material had crashed due to the overwhelming amount of internet traffic.

In Malaysia, reports of Alladin’s arrest shook the country – prompting outrage online about how a serial pedophile was able to operate in the country, undetected, for so long. Others referenced the case of another convicted pedophile, British man Richard Huckle – who had sexually abused scores of children in various communities in Kuala Lumpur, where he lived – and decried the laid-back reaction of authorities.

“Local authorities need to step up their game,” one Malaysian tweeted. Another wrote: “We have high profile pedophiles arrested by foreign police at least twice now. If this were left to us, these pedos would be scot free and happily ravaging new victims.”

Responding to news of Alladin’s capture by Australian police, Malaysian women’s minister Fatimah Abdullah said her ministry would better protect children against pedophiles and would continue educating not just children but also their parents.

Follow Heather Chen and Gavin Butler on Twitter.

Multiple websites linked to the infamous ransomware gang REvil are currently offline, according to multiple security researchers. REvil is the group linked to the recent hack of information technology firm Kaseya which an REvil affiliate used to then ransom a wealth of other companies around the world.

"Onionsite not found," an error message currently reads when visiting REvil's dark web site where the group ordinarily posts data stolen from victims.

Lawrence Abrams, owner of information security publication BleepingComputer, said in a tweet that the downtime extended to "all" of REvil's sites, including their sites used for ransom payment.

Pseudonymous research group vx-underground added in a tweet that "Unknown," a representative for REvil, has not posted on popular hacking forums Exploit and XSS since July 8.

Do you have new information about REvil? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The reason for the downtime is unclear. Sometimes dark web sites temporarily go offline and swiftly return. The site has been down now for over eight hours. Vx-underground added that the dumping site became unresponsive at 1AM EST.

REvil is a hugely prolific ransomware group, and was also responsible for the attack on the world's largest meat producer JBS. The group is Russian speaking.

President Biden told President Putin last Friday that Russia must "take action" against cybercriminals based in the country who target the United States. Russian and U.S. officials are meeting this week to discuss the issue.

A scammer used a fake court order to convince a domain registrar to transfer ownership of a domain that lists dark web drug markets, and then used that to point the sites to their own copies of the markets designed to steal peoples' bitcoin.

Hackers often make lookalike sites of dark web markets, but the use of a fake court order is unusual. It bears some similarity to how scammers use fake trademarks to convince Instagram to transfer ownership of valuable usernames.

"I had 2FA and PGP enabled on that account. I am not an idiot when it comes to security," Dark Fail, the pseudonymous admin of the site dark.fail which was a victim of the hijacking, told Motherboard during the account takeover late last week.

Do you know anything else about this phishing campaign? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Dark.fail is a site that aims to provide trusted links to dark web marketplaces.

"This resource is intended for researchers only. I do not vouch for any sites," a message on the Tor hidden service version of the site currently reads.

After the domain hijack, the attacker replaced each link with a phishing site, according to a message on dark.fail posted after Dark Fail regained control of the domain.

"Each site looked real but instead shared all user activity with the attacker, including passwords and messages. Cryptocurrency addresses displayed on these sites were rewritten to addresses controlled by the phisher, intercepting many people's money," the message reads.

Dark.fail was registered with the privacy-focused domain registrar Njalla, which in turn uses the registrar Tucows for .fail domains, according to a tweet from Njalla and The Pirate Bay co-creator Peter Sunde Kolmisoppi.

Sunde added that Tucows received a court order on April 28 listing domain names that a German court allegedly wanted handed over.

"The PDF looks like a real court order, I've seen a lot of these," Sunde wrote. "But this one is fake." It used language previously used in a real court order to seize a different domain, he added. He wrote that the fake document also included a gag order, meaning neither Njalla nor Hover, another impacted registrar, was told about the transfer.

Sunde told Motherboard in an online chat that Tucows shared a copy of the fake order with him.

"We've looked at it quite in detail and quite certain it's possible to narrow down the suspects quite a bit with access to more evidence," Sundes added. He told Motherboard he agreed not to share a copy of the fake order itself since it's a piece of evidence in a potential criminal investigation.

Sundes said in another tweet that the dark.fail domain was transferred to the registrar Namecheap, which did not suspend the domain despite it being used for an active phishing campaign because it believed the court order was legitimate. Days later, Njalla was able to retrieve the dark.fail domain.

Namecheap said in a statement that "Namecheap responsibly and thoroughly investigates every allegation of reported abuse. We are also proactive in identifying individual abuse, broad scale abuse patterns, and working with federal agencies to collectively get in front of new forms of abuse.We are in regular contact with law enforcement agencies and voluntarily provide analysis of what we are seeing, how we are trying to combat the abuse, and how we can best work together to find ways to stop any uncovered fraud."

The statement also disputed that Namecheap believed the fake court order to be legitimate. "In this case, we were not provided any actionable evidence of phishing or abuse from Tucows or Njalla (a Tucows reseller) and immediately began an internal investigation upon receipt of a transfer dispute request. For clarity sake, Namecheap never stated that the court order was legitimate, nor have we received a copy of a court order from Tucows or Njalla. Upon investigating the case, and without knowledge of what had led Tucows to initially allow the transfer of the domains to Namecheap, we quickly determined a court order provided to us by the new registrant to be a falsified document. We then commenced the process to transfer the domains back to Tucows. Namecheap suspended the domains for phishing prior to their transfer back to Tucows, along with two other associated domains that we identified were used in this incident of abuse," the statement added.

"Our findings show that Tucows was the victim of an intricate phishing scheme presented under the guise of a secret court order. This was a hyper-targeted phish designed with the direct intent of hijacking select domains," Madeleine Stoesser, PR and corporate communications lead at Tucows, said in a statement. "We immediately began steps to successfully retrieve the domains and have implemented new processes to mitigate future issues. As the second-largest domain name registrar in the world by volume, Tucows is committed to the continued privacy and security of domains and our customers."

In 2016 the Justice Department announced charges against someone for running dark web phishing sites. He was sentenced to just over a year in prison.

"Once someone controls your domain you're toast," Dark Fail told Motherboard.

Updated: This piece has been updated to include statements from Tucows and Namecheap.

Subscribe to our cybersecurity podcast CYBER, here.

The FBI paid a non-profit organization focused on unmasking child predators $250,000 for access to a series of hacking tools, according to public procurement records viewed by Motherboard.

The news provides more insight into how the FBI obtains some of its hacking tools, or so-called network investigative techniques (NITs). The contract also highlights the close relationship between private parties and the FBI when hacking suspects. Facebook, for example, previously bought a hacking tool for the FBI to use to unmask one of the social network's users who was aggressively targeting minors on the platform.

The procurement record says the FBI's Child Exploitation Operational Unit (CEOU) is "purchasing a set of NITs." The contract dates from June 2020.

The NITs "have been demonstrated for OTD and CEOU and which have the capability, if activated, of providing the true internet address of the subject," the product description continues, referring to the Operational Technology Division, a part of the FBI that carries out hacking operations. The latter half of the product description is cut-off, but reads in part "of providing the true internet address of the subject even when hidden behi," presumably referring to whether the target is behind a proxy or anonymization network.

Do you produce NITs for the government? Do you know someone who does? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The non-profit that the FBI paid for the NITs is called the Innocent Lives Foundation (ILF).

"We unmask anonymous child predators to help bring them to justice," the organization's website reads. "We use Open Source Intelligence Gathering (OSINT) methods to identify child predators. Once we have gathered the appropriate amount of information to confirm the identification of the predator, that file is then submitted to law enforcement," the website continues.

The ILF includes a board of directors, various corporate roles such as a Chief Operating Officer, and a number of volunteers who are accepted by invitation only, the website reads. In 2019, hacking conference DerbyCon selected the ILF as one of the featured non-profits of the conference, and provided the charity with more than $25,800 in donations, the ILF website adds.

U.S. law enforcement's umbrella term of network investigative technique has previously encompassed a wide range of different technologies and approaches. In some investigations NIT has referred to a booby-trapped Word document that once opened phoned home to an FBI controlled server, revealing the recipient's IP address. At the higher end, the FBI has deployed non-public exploits that break through the security protections of the Tor Browser. 

In a phone call with Motherboard, Chris Hadnagy, founder, executive director, and board member of the ILF declined to specify what sort of tool the NITs were, nor whether the charity developed the NITs itself or sourced them from another party.

At one point a company that sources zero-day exploits and then sells them to governments offered $80,000 for an attack targeting Firefox, which the Tor Browser is based on. That company, Exodus Intelligence, later provided a Firefox exploit to an offensive customer; a law enforcement agency deployed it to visitors of a dark web child abuse site, Motherboard previously reported.

Law enforcement agencies have used NITs to investigate financially-motivated crime, bomb threats, and hackers. Most prolifically, the FBI has deployed NITs in child abuse investigations, particularly on the dark web. Among other large scale cases, in 2015 the FBI hacked over 8,000 computers in 120 countries based on one warrant. Some judges threw out evidence in subsequent cases as they ruled that the judge who signed the warrant did not have the authority to do so. The campaign, dubbed Operation Pacifier, led to the arrest of 55 hands-on-abusers and 26 producers of child pornography, as well as recovering 351 children, according to a report from the Department of Justice Office of the Inspector General. 

The report also mentioned how between 2012 and 2017 the FBI’s Remote Operations Unit, which is part of the OTD, was largely responsible for the development and deployment of dark web solutions. 

"However, over the past 2 years, its dark web role has eroded due to budget decreases and an increased prioritization on tools for national security investigations. This has resulted in the operational units seeking tools useful to dark web investigations independently without a mechanism to share the product of their efforts," the report added.

The FBI declined to comment.

Update: This piece has been updated with a response from the FBI.

Subscribe to our cybersecurity podcast CYBER, here.

On Friday, a Wisconsin federal court charged a woman with trying to hire a hitman online and paying with Bitcoin. Court records suggest that from October to December 2020, Kelly Harper scoured murder-for-hire websites on the dark web to murder an unidentified Wisconsin man, referred to in the complaint as Known Victim or KV.

The story is very bizarre, not least because murder-for-hire sites on the dark web are known to largely be scams that fleece malicious marks. The complaint contains very few details about the alleged murder-for-hire site other than noting it was supposedly “located outside of Wisconsin.” Regardless, Harper is being charged with using interstate commerce facilities (in this case, the internet) in the commission of a murder-for-hire; an offense for which a murder does not actually need to take place for the defendant to be found guilty. 

The saga began in January, when a Sun Prairie police officer responded to a suspicious person call. What they found was a local journalist sitting with KV at the kitchen table, both of whom were in a video call with two other journalists. According to the complaint, the journalists explained that they were working on an investigative report into a murder-for-hire site on the dark web and had uncovered a plot to murder KV. The complaint states that KV then handed police a document “included chat communications that took place from December 3 through December 10, 2020 between an unknown subject (UNSUB) and an individual purporting to be a murder-for-hire site administration on the dark web.”

In one chat, the UNSUB named KV, provided their address, and added, "The target needs to be killed, he is a white 5 foot 5 male, dark brown short hair, blue eyes, weighs 165 pounds." They also provided details about the target's vehicle, workplace, cell phone number, as well as pictures of KV and their vehicle. After the site administrator asked for proof of payment, UNSUB shared a screenshot of a bitcoin wallet containing $5,633.87.

KV's girlfriend filed a complaint with the FBI the next day and provided the bureau with the document the journalists had given to KV.  An FBI agent interviewed the journalists, who corroborated KV’s girlfriend’s story. 

According to the complaint, the document contained information on an October 9, 2020 transfer of bitcoins from the UNSUB to a second murder-for-hire site administrator. A review of that transfer by the FBI’s Money Laundering, Forfeiture, and Bank Fraud Unit identified an IP address, email account, and telephone number associated with the Bitcoin wallet. A grand jury subpoena revealed that the IP, email, and phone number were connected to Harper. 

A search warrant executed at Harper's residence in Columbus, Wisconsin found photos of KV, a murder-for-hire site, and Harper confessed to an FBI agent that she tried to hire someone to kill KV.

Even if Harper paid someone with the expressed purpose of killing KV, it's worth noting again that it is entirely unclear whether you can actually hire a hitman through the dark web. In an academic paper shared with The New York Times, twenty-four murder-for-hire sites were reviewed by researchers who came to the conclusion that they were largely scams.

“It’s a fantastic opportunity to defraud people because you give them just enough sense of danger,” Emily Wilson, the head of a cybersecurity dark web firm, told The Times. “What are you going to do if they don’t go through with it?” 

Before that study, one of the best examinations of murder-for-hire on the dark web was offered by Chris Monteiro, a systems administrator who pursued his own investigation and broke into some of the more well-known murder for hire sites. After hacking these sites, he found messages suggesting that "the markets may have been scams, but the desire for violence was real". Monteiro also spoke with The Times, and shared that he found messages "suggesting that the operators had little intention of going through with the killings."

There have been killings connected to various activities on the dark web, as an investigation by the BBC found, but so far there seem to have been none that happened as a result of the murder-for-hire websites. Regardless, paying someone to kill someone else is a terrible, bad, no good idea.

More people are buying their drugs on the dark web than any other time in recorded history, according to the findings of the latest Global Drug Survey (GDS). 

Researchers found that in 2020, 15 percent of GDS participants who reported using drugs in the previous 12 months obtained them from darknet marketplaces—either by purchasing them first-hand or via someone else. This equated to a threefold increase of the percentage of people who reported the same in 2014, when the survey first started measuring the trend.

Over the past seven years that number has steadily climbed, but never as significantly as it did in 2020: jumping by four percent of the total respondents compared to 2019 levels. And the global pandemic is only part of the reason.

Dr Monica Barratt, a senior research fellow at Melbourne’s RMIT University and co-lead researcher of the GDS, told VICE World News that cultural trends, shifting taboos, market innovators and a growing population of people who spend more of their lives online are all likely contributors to the significant increase in dark web drug crime.

“If you’re coming of age in 2021—say you’re 18 or 19 years old—this isn’t that odd to you; there’s been 10 years since Silk Road was founded in 2011, so you’ve sort of grown up with it,” Dr Barratt explained over the phone. “Partly, I think, that cultural difference and generational difference may explain why this is happening.

“If you buy everything online, why wouldn’t you also buy your drugs online?”

It is for this latter reason in particular, she suggests, that darknet drug markets may have attracted more new customers in 2020 than any previous year.

“When you think about it, in the last 12 months there were many people who weren’t really keen on buying things online, but who had to buy things online because they had no choice; the shops weren’t open and they were in lockdown and they needed to use the post to get goods to them,” she noted. “I think once they get over that hump some people will decide that they want to continue not going shopping for clothes and only using the Internet—and they may feel the same way about everything.”

There is some anecdotal precedent for this trend of homebody buyers. In 2017, Dr Barratt sought to find out why it was that Scandinavian countries like Finland consistently reported the world’s highest proportion of drug buyers who were using the dark web to purchase their supply. A local source explained that, due in part to the climate and the prohibitively cold weather, Finnish people are typically “more isolated” than other peoples around the world and “tend to stay home”. 

“He said it makes perfect sense to him, culturally, that they would be one of the highest users of the [drug] servers that deliver to home,” Dr Barratt recalled. “And the question is: ‘Well, where else would they buy from?’”

That goes some way toward explaining the cultural patterns. But another factor that’s worthy of consideration is the way in which drug dealers and darknet vendors are diversifying their offering and creating a more reliable service—even in the face of transnational cybercrime crackdowns and rampant fraudulent activity.

Dr Barratt points to a dark web marketplace that introduced multi-signature authentication a few years ago, as a way to insulate buyers and sellers against so-called “exit scams”—when the site administrator runs away with people’s funds—and garner some trust from consumers. Other operators have gone even further, leveraging social media apps and chatrooms to create new channels of illegal commerce: like Televend, the fully-automated system that allows users to buy drugs from bots via the encrypted messaging app Telegram.

“What happens is that everyone innovates: the people who are selling drugs on the darknet, and the people who are producing these new applications, they try to work out what the issues are that mean people aren’t taking up their particular platform,” Dr Barratt explained. “Maybe it’s just a bit too hard to go on the darknet, but people like to use messaging apps. So Televend is sort of like a cross between social media app-purchasing and the darknet. And I’m just fascinated as to whether the future of the darknet might be some other hybrid thing that has only just begun.”

These trends are likely to continue, as online marketplaces become more sophisticated and more people turn to e-commerce outlets to score their illegal products. But this brave new world of darknet drug-dealing is fraught with pitfalls and slippery slopes.

One unsurprising consequence is that it gives consumers unprecedented ease of access to illicit—and oftentimes mysterious—substances. Each year, somewhere around a quarter to a third of GDS respondents say that they’ve consumed a wider range of drugs since using the dark web. The breadth of the darknet’s product offering, combined with the relatively low barrier to entry, creates gateways to novel drug-using behaviours, where people try new substances just because they’ve suddenly been made available to them.

But another worrying knock-on effect is that people who buy drugs off the darknet, rather than through a contact or a friend, may be using those drugs alone.

For that reason, Dr Barratt urged darknet drug users to stay diligent and exercise caution—and, wherever possible, to let someone else know what they’re going to be consuming, as well as when and where.

“It may be that a person’s entire experience of using drugs has actually started through the darknet, and may indeed be confined to the darknet,” she explained. “The risk of that is that they may be using alone—so one of the things to consider is ensuring that if you are going to take something for the first time, even if you’re alone, that somebody out there knows you’re about to do this, and somebody out there has a ‘check-in with me in an hour’ and has your details. 

“That’s hard, obviously; this stuff is mostly illegal and a lot of people are secretive about what they’re doing. But the concern would be that someone buys something, maybe takes the wrong dose or the wrong drug or they're having a bad time, and they don’t necessarily have someone with them.”

Take part in the Global Drug Survey 2021 here

Follow Gavin on Twitter

Earlier this month, German authorities arrested a 34-year-old Australian man who was accused of being the primary administrator behind DarkMarket: the largest illegal marketplace on the darknet.

The site, which boasted almost half a million users, more than 2400 sellers and some $170 million USD worth of transactions, allowed anyone with a Tor browser and some cryptocurrency to buy and sell drugs, forged money, stolen credit cards, anonymous SIM cards and malware. It was shut down shortly after the Australian man’s arrest.

The crackdown didn’t stop there, though. Last week, the Australian Federal Police (AFP) executed a series of search warrants across Brisbane and the Gold Coast, in Queensland, in connection to the shutdown of DarkMarket. Across Wednesday and Thursday, authorities seized a laptop, four mobile phones, six USB thumb drives and five hard drives, as well as SIM cards and bank cards.

Cybercrime Operations and Digital Forensic Teams are reviewing the seized items, and police say they aren’t ruling out further arrests as a result of their findings.

They believe Australian criminals most likely operated on DarkMarket and purchased illicit products via the site.

“Some of these items could have been used or acquired by Australians in Australia,” said Jayne Crossling, Acting Commander of Investigations with AFP Southern Command, in a statement. “If police knew there was criminal activity occurring in geographic location, action would be taken. 

“There is no difference with the dark web, although the anonymising features of the dark web makes it harder for law enforcement to identify perpetrators, who commit abhorrent crimes.”

Despite these apparent difficulties, January has been an eventful month in relation to the seizure and prosecution of international cybercriminals.

Three days after DarkMarket was taken offline, another, mid-seized illegal marketplace named Yellow Brick Market (YBM) disappeared from the dark web without warning—along with all of its users' cryptocurrency. Rumours suggest that a worker at DarkMarket also worked at YBM.

A day later, the owner of a Bulgaria-based cryptocurrency exchange, allegedly designed for the purpose of money laundering and used by fraudsters and online criminals, was sentenced to 121 months in prison.

Last Monday, a father and son in the Netherlands were each sentenced to three-and-a-half years behind bars for selling drugs on the dark web. And on Friday, a New Zealand man who tried to buy a three-year-old girl on the dark web, with the intention of using her as a sex slave, was jailed for five years.

Follow Gavin on Twitter