One of the Trump administration’s proudest first-year accomplishments in the struggle against opioid use is being quietly undone with a resurgence in deep web drug sales.
Right now, anyone with $500 can buy enough fentanyl to kill 100 people. More than a dozen dealers are selling the potent synthetic opioid and its analogues — which killed 20,000 Americans in 2016 — on darknet markets accessible with the Tor anonymous browser.
The resurgence comes after the Trump administration boasted of the July takedown of longtime darknet market AlphaBay, formerly the go-to source for illegal drugs.
In a year-end briefing in December, the White House, eager to share successes in battling a surge in U.S. opioid overdose deaths, included the AlphaBay shutdown in a broad roundup of accomplishments.
“They shut down the AlphaBay dark web, a lot of it peddling of the illicit and synthetic opioids,” a senior White House official said in a background briefing. “You see in the [Centers for Disease Control and Prevention] numbers that are out today, they’re very harrowing. Opioids now kill more people than breast cancer. And we see a spike-up — if you look at page four of that particular report — you see a spike-up in fentanyl deaths.”
Indeed, the AlphaBay takedown, alongside authorities seizing the also-prominent Hansa Market, dealt a major blow to illicit online commerce, however temporary. For two years, AlphaBay reigned as the leading illicit goods hub, a span unseen since the pioneering Silk Road market operated from 2011 to late 2013.
A life sentence for Silk Road operator Ross Ulbricht didn’t stop others from following in his tracks. Nor has the apparent prison suicide of Alexandre Cazes, the purported operator of AlphaBay.
It’s hard to quantify the scale of the rebound, but as of last week, leading platform Dream Market boasted about 55,000 drug listings. Another 50,000 listings are for “digital services” including stolen credit card information and hacking tools. Wall Street Market, another platform, had nearly 4,000 drug listings, and hundreds for other goods.
Technology experts familiar with Tor and darknet markets say it’s unlikely that authorities can easily address the issue without a frontal attack on Tor, an action they view as highly unlikely and possibly futile.
“My impression is that this is something that’s very hard to shut down as long as the postal service will deliver packages to your door. Even if Tor goes away, my suspicion is that [darknet markets] would find another way to operate,” Johns Hopkins University computer science professor Matthew Green told the Washington Examiner.
“I don’t think a government would want to destroy Tor as a whole, as it would have highly undesirable side-effects,” said Nicolas Christin, a computer science expert at Carnegie Mellon University who has analyzed trends in darknet market sales.
“Remember how Tor started: as a tool to help the intelligence community to operate undercover. They generally try to adopt much more targeted approaches,” Christin said.
Fentanyl dealers contacted for this story using Dream Market’s messaging function either declined to comment or sent nonsubstantive responses to questions about the evolution of their business and the threat of federal enforcement action.
“Send me nudes, and I’ll talk to you,” wrote vendor iGotFent, who is selling a powdery substance advertised as fentanyl in batches the cost about $500 for 250 milligrams, enough to kill more than 80 average-sized adult men.
iGotFent also sells purportedly real $100 bills — to address difficulty among bitcoin investors who want to cash out gains in the currency’s value — and a substance advertised as carfentanil, an elephant tranquilizer 100 times more potent than fentanyl. The dealer has a 4.88 out of 5 rating from 130 reviewers.
“lol ^^,” responded Dream Market vendor DeutschePost, who markets boxes of medical fentanyl patches from the German drug maker Hexal AG alongside the fentanyl analogue methoxyacetylfentanyl and carfentanil. The dealer, who has a 4.46 out of 5 rating from 190 customers, also advertises Viagra, marijuana, and ecstasy shaped like Lego blocks.
The current darknet rebound reflects earlier trends in digital black markets, where new players emerge after major crackdowns.
It’s difficult to know the volume of commerce because listing figures can be imprecise, Christin said. But a review of leading sites suggests vibrant sales, with the number of drug listings on Dream Market more than double those listed on AlphaBay as it emerged as market leader in late 2015.
AlphaBay was remarkable because its prominence lasted so long. But before it pulled away from the competition, there was turbulence where many markets were busted or voluntarily closed in short spans of time.
After the Silk Road takedown in late 2013, vendors moved to Sheep Marketplace, which closed after a vendor allegedly stole $6 million worth of bitcoin, and Black Market Reloaded, which also closed. Silk Road 2.0 emerged as the leading platform until alleged founder Blake Benthall was arrested in November 2014 as part of the international investigation called Operation Onymous that affected some, but not all, darknet markets.
Evolution market then served as the largest illicit goods platform until March 2015 when it closed, and operators were suspected of stealing payments stored in escrow for vendors. Agora took over as market leader, but closed in August 2015 for supposed security upgrades. AlphaBay emerged in the dust, edging out the now-defunct Abraxas and Nucleus markets by the end of 2015.
The U.S. Postal Service, with a high bar for package inspection under the Fourth Amendment, is the preferred delivery service for many dealers. Mishandling a fentanyl shipment could kill postal workers, with lethal doses as small as three grains of salt.
Still, Christin said it’s hard to imagine the U.S. government attempting to shut down Tor network nodes, which are volunteer computers that reroute user traffic to disguise its origin, and said it’s improbable that the government could flood the Tor network with enough compromised exit nodes to unmask user behaviors.
Shutting down enough nodes “is probably impossible,” he said. “The Chinese government has been trying hard to blacklist Tor nodes. It doesn’t work well: The network is distributed all over the world, and people can use bridges — transient nodes that are not advertised — outside of China to get to the Tor network, and can get Tor traffic to mimic other, benign traffic to remain hard to identify.”
Using compromised “exit nodes,” which unencrypt Web traffic as a final step before content reaches users, “is also really really hard to do well,” Christin added, because although “flooding with bad nodes is easy … it is also easy for the Tor network to detect these nodes and ban them.”
Christin said he believes government discovery and use of vulnerabilities in the Tor protocol or in the Tor browser, which is a modified version of Firefox, would be short-lived.
In 2015, the government seized a darknet child porn website and used malware to unmask the IP addresses of hundreds of users. The Justice Department dropped a prosecution last year rather than disclose details, saying in a court filing, “Disclosure is not currently an option.” The Tor Project in November urged users to download a new browser version to fix an IP-leaking vulnerability for Mac and Linux systems.
Daniel Gillmor, a senior staff technologist at the American Civil Liberties Union, said it’s unlikely the government would want to destroy Tor, even if it had the ability to do so.
“Anonymity loves company,” Gillmor said. “An anonymity network like Tor is only functional when lots of people are using it. If you care that your spies in country X can communicate back to the home base without being tracked, you want other people in country X to use Tor for other purposes.”
Gillmor said Tor allows anonymity for positive purposes, including use by journalistic sources, whistleblowers, and human rights advocates. Drugs and child pornography existed long before Tor and can be addressed through standard investigative processes, tracking the flow of contraband and cash, he said.
“Several agencies of the U.S. government are major sponsors of the Tor Project, even as other parts of the government try to police Tor’s hidden services,” added Robert Gehl, a professor at the University of Utah. “Tor is an open source project; shutting it down would probably result in a fork and other people carrying it on. [And] Tor isn’t the only anonymizing network; I2P could take its place.”
Gehl outlines a pattern in his forthcoming book, “Weaving the Dark Web: Legitimacy on Freenet, Tor, and I2P,” in which ”the demise of one market typically results in market participants paying increased attention to OPSEC [operations security]. After the Silk Road was seized, many market participants wrote guides to OPSEC and shared them. The emphasis on OPSEC only intensified after AlphaBay and Hansa came down.”
Gehl imagines a running cat-and-mouse game amid increasingly effective policing.
But, he added, “I’m afraid that this will be tied to [an] increasing narrative of ‘cyberwar’ or, in the U.S., the ‘war on drugs’ where governments will claim more and more authority to police online activities and use surveillance on people such as you and me.”
The FBI did not immediately respond to a request for comment, but in the past has vowed to catch and prosecute the operators of darknet markets and their vendors.
Attorney General Jeff Sessions, speaking at a White House event last week, boasted about the takedown of AlphaBay and said the FBI recently doubled resources for tracking darknet dealing while the Drug Enforcement Administration makes undercover buys. “We’re not going to let those sites get so big again in the future,” Sessions said, referring to AlphaBay. “That’s certainly our goal, and we’re going to continue to work on that.”
