Security

Dismantling a Dark Web Drug Depot

Inside Operation Bayonet, the sting that took down an empire.
  • 01

    How to take down a dark web drug empire

    In the fall of 2016, Dutch police finally caught the trail of one of the dark web’s biggest drug markets: Hansa. More than 3,600 dealers frequented the site, selling everything from MDMA to heroin.\ \ Normally, cops would shut it down—but this time, they started dealing the drugs themselves. This is the story of Operation Bayonet.
  • 02
    Before we dive into how cops pulled off one of the most epic drug busts to date, let’s talk about the dark web: a collection of encrypted sites you can only get to via a special browser.\ \ Anyone can visit them, but it’s almost impossible to know where they come from.
  • 03
    This time was different.\ \ The cops stumbled upon Hansa when security researchers found an outdated chatlog that contained a gold mine (at least by dark-web standards): two names and a home address. The police finally had real suspects.
  • 04
    As it turned out, those suspects were also selling pirated ebooks and audiobooks—and were already under investigation in Germany for it. (Not the best at being criminals, clearly.)\ \ The Dutch cops had the bright idea to use the German investigation as a cover—allowing them to secretly seize control of Hansa and throw the dark web into disarray.
  • 05
    Before the cops could spring their trap, though, Hansa went dark: no server activity, nothing to track. The suspects were onto them.\ \ Months went by without a sign of life. Then, an address the cops were monitoring made a bitcoin payment. The authorities were ready to strike.
  • 06
    Late last June, German police raided the homes of Hansa’s admins. At the same time, Dutch police migrated Hansa’s data onto police servers.\ \ Within days, the cops had full control of Hansa—though from the outside, everything looked like business as usual.
  • 07
    Turns out cops are pretty good at running drug markets.\ \ A team of officers studied Hansa’s conversation logs and took turns impersonating the site’s two admins. And when buyers and sellers got into disputes, the undercover agents handled them better than the admins had.
  • This image may contain Text Word and Face
    08
  • 09
    But just before the cops had taken over Hansa, another dark-web drug market—AlphaBay, the world’s largest—was shut down. Its users flocked to Hansa, and the cops took advantage.\ \ They rewrote the site’s code to log every user’s password, saved the geolocation data of every picture, and fooled sellers into downloading a GPS tracker.
  • 10
    After 27 days and 27,000 (\!) transactions as drug kingpins, police shut Hansa down.\ \ They arrested a dozen of Hansa’s top vendors, logged data on 420,000 users—including at least 10,000 addresses—and seized millions of dollars’ worth of bitcoin.
  • 11
    Operation Bayonet didn’t end online drug markets, but it sent a shockwave through the dark web. Most of Hansa’s vendors were so shook they either stopped selling on the dark web or changed their online identity entirely.\ \ Forget takedowns—takeovers might be the future of fighting crime on the dark web.
Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More
Senior Writer
Read More
The Teens Who Hacked a Video Game Empire—and Went Too Far
Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.
Inside an Epic Hotel Room Hacking Spree
A vulnerability in hotel keycard locks was a security disaster—and a huge opportunity for one burglar.
How a Dorm Room Minecraft Scam Brought Down the Internet
A DDoS attack that crippled the internet wasn't the work of a nation-state. It was three college kids working an online gaming hustle.
How So Many Researchers Found a 20-Year-Old Chip Flaw
The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.
Inside the Unnerving Attack That Corrupted CCleaner
CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.
Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has pleaded guilty to two counts of stealing trade secrets and selling them to an unnamed Russian software broker.
Teachers Get Death Threats After MAGA Claims Their Halloween Costumes Mocked Charlie Kirk
A Turning Point USA official inaccurately claimed a high school's math department wore Halloween costumes that mocked Charlie Kirk. Those teachers are now facing a flood of online attacks and death threats.
Nancy Mace Curses, Berates Confused Cops in Airport Meltdown: Police Report
At an airport in South Carolina on Thursday, US representative Nancy Mace called police officers “fucking incompetent” and berated them repeatedly, according to an incident report.
DHS Wants a Fleet of AI-Powered Surveillance Trucks
US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowers—combining radar, cameras, and autonomous tracking to extend surveillance on demand.
Zohran Mamdani’s Campaign Figured Out How to Channel Fandom
Much of the content about Mamdani online hasn’t come from his campaign or the dozens of political influencers invited to cover it. It has also come from fans.
How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA
WIRED recently demonstrated how to cheat at poker by hacking the Deckmate 2 card shufflers used in casinos. The mob was allegedly using the same trick to fleece victims for millions.
DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound
A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.