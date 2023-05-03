Comment on this story Comment Gift Article Share

Years-long dark-web drug bust yields hundreds of arrests

Federal officials on Tuesday touted a sweeping international cybercrime bust that has garnered nearly 300 arrests.

The arrests, part of “Operation SpecTor,” spanned North America, South America and Europe, authorities said. Officials also said they seized “117 firearms and 850 kilograms of drugs, including 64 kilograms of fentanyl or drugs laced with fentanyl,” my colleague Devlin Barrett writes.

The arrests come as law enforcement continues to try to stem the tide of deaths caused by fentanyl. The drug is the leading cause of death for Americans ages 18 to 49, The Post reported last year.

“There is a bit of a whack-a-mole problem, and we are whacking as hard as we can,” Attorney General Merrick Garland told reporters when asked if law enforcement is outpacing the recurrence of drug dealers online.

The operation

The bust was years in the making.

German authorities quietly seized the infrastructure of a dark-web marketplace known as Monopoly Market in late 2021, according to European law enforcement agency Europol. Armed with that evidence, authorities created dossiers on suspected cybercriminals who used the site.

The dossiers were “created by cross-matching and analysing the collected data and evidence,” Europol said in a news release

Dozens of law enforcement agencies in the United States and around the world worked on the operation.

“The intelligence that Europol shared with us, such as transaction data and virtual currency addresses, helped us to start new investigations and to enrich existing investigations,” said Nan van de Coevering, the leader of the Dutch police team that was involved, , helped us to start new investigations and to enrich existing investigations,” said, the leader of the Dutch police team that was involved, per the AP . “In this way we have identified and apprehended a number of important Dutch sellers.” (Dutch authorities arrested 10 people.)

Some cybersecurity experts and journalists have speculated that police also used information gathered from other dark-web operations. As WIRED’s Andy Greenberg put it, “Operation SpecTor appears to have exploited information obtained in previous dark web takedowns too.”

Authorities have also foreshadowed future arrests, warning that more people — including drug buyers — could also be caught up in the operation. “A number of investigations to identify additional individuals behind dark web accounts are still ongoing,” Europol said. “As law enforcement authorities gained access to the vendors’ extensive buyer lists, thousands of customers across the globe are now at risk of prosecution as well.”

The operation had one other notable aspect: More than 150 of the arrests happened in the United States, according to Europol.

Here’s more from NBC News’s Kevin Collier:

It's common for these dark web marketplace busts to spam lots of countries and include huge numbers for the money and drugs seized. Much less so for them to result in mass arrests of Americans. — Kevin Collier (@kevincollier) May 2, 2023

The operation’s origins in 2021 mean it began long before this year, when the Biden administration announced a new cybersecurity strategy that put an emphasis on disrupting cybercriminals.

As my colleague Tim Starks put it at the time, the strategy “calls for increasing the ‘volume and speed’ of disruption campaigns; enhanced collaboration with the private sector to disrupt botnets that take over victim computers to launch malware; and countering ransomware gangs with law enforcement investigations and prevention of the abuse of cryptocurrency.”

The operation also comes amid a steady drumbeat of law enforcement takedowns of darkweb and other cybercriminal marketplaces.

Around a year ago, authorities announced the seizure of the Hydra Market — which the Justice Department said was “the world’s largest and longest-running darknet market.” In March, authorities arrested the suspected operator of BreachForums, a marketplace for hacked data, and announced a disruption operation.

And just last month, authorities announced the disruption of Genesis Market — which offered hacked data and credentials for sale.

The keys

China-based influence operations evolving, Meta threat report suggests

China-linked influence operations are evolving further with a range of tactics that have not been observed before, according to Facebook parent Meta’s first-quarter Adversarial Threat Report out this morning.

The operations took several forms from China-based actors in recent months, including by utilizing fake media fronts and the co-opting of a nongovernmental organization in Africa.

In the last quarter, “we’ve investigated and taken down two CIB networks from China and that brings the total to six CIB takedowns from China since 2017, with half of them disrupted in the last seven months. And these latest takedowns signal a shift in the nature of the China-based … activity,” said Ben Nimmo, Meta’s global threat intelligence lead, in a briefing with reporters.

Most of the influence campaigns were taken down before they gained a legitimate audience, the report notes.

One such instance involved the removal of 107 Facebook accounts, 36 Pages, six Groups and 35 accounts on Instagram for operations that originated in China and targeted Taiwan, sub-Saharan Africa, Japan, Central Asia and the global Uyghur community, the report says.

The operation targeted sites like Blogspot, PayPal, Reddit, Telegram, Twitter, WordPress and YouTube in addition to Facebook and Instagram, which is also owned by Meta, according to the report.

National security experts have warned the U.S. government for years that influence campaigns pose a danger at home and abroad. A Senate panel is set to hold a hearing Wednesday afternoon to discuss U.S. progress in global information wars.

Apple and Google work to fight AirTag stalking

Apple and Google have teamed up to develop a system for alerting individuals when they are being stalked or followed with a tracking device, our colleague Geoffrey A. Fowler reports.

The devices, like Apple’s AirTags, help people track lost or important items but “have been used by creeps and abusers to spy on people by hiding them in bags, cars and other personal belongings,” Geoffrey writes. Cybersecurity and privacy experts have long warned about those risks.

The alert system is designed to be universal and work across different operating systems. According to an announcement, “Apple, Samsung, Tile, Chipolo, eufy Security, and Pebblebee have all expressed support,” Geoff writes.

A planned software release date has not yet been announced, though the companies are seeking feedback through the Internet Engineering Task Force and hope to finalize it by the end of the year.

Tech companies have not collaborated in this manner since the development of covid-19 exposure notifications, Geoffrey writes.

Iran supplementing traditional cyber operations with ‘new playbook,’ Microsoft says

Iran is continuing to accelerate its cyber activities with new strategies that combine cyberattack and influence operations, according to a report out from Microsoft on Monday.

The activities are meant to benefit goals of Iran’s regime, such as harming Arab-Israeli normalization efforts and bolstering Shiite unrest in Bahrain, according to the report.

“Microsoft linked 24 unique cyber-enabled influence operations to the Iranian government in 2022 — including 17 since mid-June — compared to seven in 2021,” it said. The report said that increase could be at least partly because Microsoft has gotten better at detecting such operations.

“While lagging behind their Russian and Chinese counterparts in sophistication, Iranian nation state actors have added some new tools and techniques to their arsenal,” it added.

Those new techniques include taking advantage of software exploits, as well as using bulk SMS messaging and custom hacking tools.

Israel and the United States continue to be the top targets of Iran-linked cyber activity, it said. Notably, Iranian hackers appear to have decreased the amount of ransomware and wiper attacks — a type of destructive malware — deployed against targets.

