
Underground Hansa Market taken over and shut down - ukkie
https://www.politie.nl/en/news/2017/july/20/underground-hansa-market-taken-over-and-shut-down.html
======
loeg
I like how they try and color the site by associating it with sites that sell
weapons and child porn.

> It is Hansa Market, currently the most popular dark market in the
> ‘anonymous’ part of the internet, the so-called darknet.

> ...

> The darknet markets enable large-scale trading in chiefly illegal goods,
> such as drugs, weapons, child pornography, and ransom software. ... No
> weapons or child pornography were sold on Hansa Market.

~~~
ch8230
Seems fair to lump in with the rest since it was in fact an illegal market
place.

~~~
atemerev
Not everything that is illegal is wrong. E.g. being gay is illegal in many
places.

~~~
averagewall
There's a big discussion about what's bad about drugs. But I wonder if we can
rationally work out what's bad about child porn.

My understanding is that possessing it means you obtained it from someone, who
probably wanted some kind of payment, who abused children to produce the
material so he could get that payment.

There are quite a few gaps there. What if it was published for free? What if
children weren't physically abused but were secretly and anonymously
photographed? Shouldn't there be exceptions for victimless child porn?

Of course the dominant factor is people are horrified by deviant sexualities.
We're barely managing to accept homosexuality which is probably more common
than peadophilia.

~~~
nnfy
While I believe that western sexual norms are a bit puritanical, the premise
behind protecting children with zealous laws is that it is extremely difficult
to judge whether child pornography is truely victimless, even if you believe
that harm from childhood sexuality is overstated in modern society. Because of
the power imbalance between adults and children, and the permanent effects
that abuse can have on children, it is reasonable to err on the side of
caution and keep all child/adult sexual interactions illegal, and reduce
demand for such interactions by keeping pornography illegal.

As an aside, I am curious as to the reason you are being down voted, besides
your audacity of expressing an unpopular opinion.

~~~
hallman76
That's not expressing an "unpopular opinion". They're being ignorant about the
harm being done to the victims of child pornography and (it seems) trying
legitimize that harm by drawing a dotted line to homosexuality.

It has no place on HN. I would downvote if I could.

~~~
glogla
Depends.

Teenagers sexting each other?

Someone drawing or 3d modelling fictional underage character?

In many jurisdictions thats the same thing as genuine child abuse base child
porn. In my jurisdiction, Harry Potter fanfiction with sex counts as child
porn - and as one with extended penalty because it is "delivered through very
efficient means like computer network".

Not all things are all the same, even with the same label.

------
captainmuon
I would love to know how they got caught. There is probably something to learn
about opsec from this.

The paranoid side of me says Tor is unsafe (due to whatever - the authorities
having backdoors on most hosting services, on your PC, due to the encryption
being cracked by some unknown breakthrough or due to 90% of entry nodes being
controlled by NSA). And NSA and FBI and co just have hundreds of people
working on "parallel construction" of evidence.

Of course, a blunder by the operators is much more likely...

~~~
nfbush
Every time a market has been taken down it's been due to OPSEC failure and
other information leaks (e.g. Silk Road captcha IP leak, DPR's advertising of
market being linked to his personal email address). AlphaBay Which got taken
down first in this operation was due to a personal email being included in the
header of the welcome email sent out to new users 3 years ago [1]

[1] [https://www.justice.gov/opa/press-
release/file/982821/downlo...](https://www.justice.gov/opa/press-
release/file/982821/download) (pdf)

~~~
Analemma_
> Every time a market has been taken down it's been due to OPSEC failure and
> other information leaks (

This is true, but it dangerously misses the point. Every time someone gets
taken down, the know-it-alls on various fora sneer and go "Ha! What terrible
opsec! _I_ wouldn't have made that mistake!" No, you would've made some other
mistake.

To run a darknet market and not get caught, your opsec has to be _perfect_.
Every second, every minute, every day, every person involved, forever. That is
simply not possible once an operation exceeds a certain size. Like the IRA
once said: "We only need to be lucky once. You need to be lucky every time".
This is the "defender's dilemma" that guarantees you will be caught as t goes
to infinity: sooner or later, you'll make some mistake that burns you.

Focusing on the specific mistakes made by bust-ees only boosts your confidence
and ignores that you, in their situation, would've leaked information
somewhere else.

~~~
nissimk
I'm sorry to nitpick and I mostly agree with you, but similar to a casino game
that favors the house, if you are lucky and quit while you're ahead, you can
avoid capture. Your statement is only true in the long run. Of course
criminals usually become addicted to their risky behaviors just like
gamblers... It's a frequent trope in crime movies: one last job before the
criminal retires, but that last job is the one where he makes a key mistake.

------
5_minutes
The clever thing is that they took it over and for one month monitored it
without the users knowing.

Everyone on obfuscating their persona with Tor and bitcoins, still had to
enter their postal addresses on the website, to receive the goodies.

That database must be a wet dream for law enforcement.

~~~
forgotpwtomain
> That database must be a wet dream for law enforcement.

Because obviously people buying a few pills of ecstasy or a tab of LSD are a
serious danger to society and should be taken of the streets. /s

~~~
mfoy_
Because the police will totally arrest every single user and not focus on the
high-volume buyers / sellers. /s

~~~
tgragnato
I do not think it's really that clear.

Sometimes the state apparatus is precisely the one committing the most heinous
crimes. (with impunity!)

>
> [https://en.wikipedia.org/wiki/Allegations_of_CIA_drug_traffi...](https://en.wikipedia.org/wiki/Allegations_of_CIA_drug_trafficking)

>
> [http://nsarchive.gwu.edu/NSAEBB/NSAEBB2/index.html](http://nsarchive.gwu.edu/NSAEBB/NSAEBB2/index.html)

------
delegate
> Some 10,000 foreign addresses of Hansa Market buyers were passed on to
> Europol.

That's really bad, because not all countries are Holland, which is famous for
its 'relaxed' attitude towards drugs in general, so some users might have
their lives turned around by this - followed, arrested, jailed, extorted, etc.

~~~
mfoy_
To be fair... If you commit a crime, you have to expect there's a risk of
being caught and punished. So how is this "really bad", except from the POV of
the users who may face repercussions?

~~~
kazagistar
When laws are bad, its bad when people face the repercussions of those laws.

~~~
mfoy_
Yeah but debating whether the law itself is bad is a separate discussion.
Until the laws change people can't be outraged or surprised when they got
caught up in them...

Besides, it's possible that many of the users live in countries where _buying_
drugs isn't a crime, or where circumstantial evidence like this isn't enough
to warrant opening an investigation. So it's possible that most of these users
won't even face those repercussions.

~~~
mikeash
Surprised, yes, but why can't people be outraged at people suffering from bad
laws? That makes no sense.

~~~
mfoy_
Not outraged at the laws, outraged at being persecuted.

If you know something is illegal, and it carries a fine of $1,000 and you do
it, you get caught, and they fine you $1,000 you can't be like "What?! How
DARE you catch me and fine me like the law says?! ARRRGH!"

~~~
cowmoo728
Part of the issue with this line of reasoning is selective enforcement. If the
law is unjust and commonly broken, it is fair to be outraged if they choose to
target you for punishment. Drug laws are broken every day, and in some cities
LEOs are even working with the dealers. Unjust laws allow them to pick on
people they don't like and people that threaten their business. Given these
circumstances, I think it's still fair to be outraged at the enforcement of
unjust laws.

~~~
mfoy_
Fair point. Sometimes I think the police state that America has become was in
large part facilitated by this kind of thing. Almost everyone is in violation
of _something_ these days. If the police or the state don't like you then
surprise surprise... you're getting arrested for that thing you've been doing
for the past decade that half your neighbours do too...

~~~
eecc
That's exactly the definition of police state. I remember it being used to
describe China, can't quite the source though. Sorry

------
jorrizza
Services like these give Tor and related projects a bad name. Taking down
illegal market places is part of the police's job and this is definitely a
success story. The article is lacking in details a bit, but it seems they've
taken it down using regular old police work as they mention an "undercover
operation". This proves once more that the weakening of security for everybody
is not needed to catch criminals.

~~~
jug5
You mean they used parallel construction to make it seem like they used
"regular old police work"

~~~
Paul-ish
It may be parallel construction, but in a kind of cynical way we can publicly
praise it as good traditional police work. It takes credibility away from
demands for special or clandestine access.

When we call it parallel construction we buy into the surveillance communities
marketing... that surveillance it is effective.

------
peterwwillis
The darknet they took down is approximately 2,850 times smaller than Europe's
cocaine market, or 12,000 times smaller than the general drug market. The
Netherlands is also the main drug production and trafficking route to Europe.

So, basically, they took down a minor competitor to the bigger drug
trafficking businesses.

------
bahjoite
I visited Hansa a few days ago and the first thing I noticed was a banner that
read something like:-

"New registrations are disabled because of high demand caused by the exodus
from AlphaBay"

~~~
r721
>This involved taking covert control of Hansa under Dutch judicial authority a
month ago, which allowed Dutch police to monitor the activity of users without
their knowledge, and then shutting down AlphaBay during the same period. It
meant the Dutch police could identify and disrupt the regular criminal
activity on Hansa but then also sweep up all those new users displaced from
AlphaBay who were looking for a new trading platform. In fact they flocked to
Hansa in their droves, with an eight-fold increase in the number of new
members of Hansa recorded immediately following the shutdown of AlphaBay.

[https://www.europol.europa.eu/newsroom/news/massive-blow-
to-...](https://www.europol.europa.eu/newsroom/news/massive-blow-to-criminal-
dark-web-activities-after-globally-coordinated-operation)

~~~
bahjoite
So the banner must have been placed there after the server was seized. Keeping
the server running long enough to gather evidence of the actions of their
high-value targets was probably a higher priority than sweeping-up as many
customers as possible.

~~~
kazagistar
Possibly there are laws related to entrapment? Allowing new user signups on a
police controlled website might cross the line, where allowing existing users
to finish their deals might not?

~~~
ceejayoz
That's not how entrapment works.

Entrapment requires the cops to push someone into doing something they
wouldn't otherwise have done.

Cops buying drugs from a dealer isn't entrapment, but repeatedly begging
someone to sell you some drugs after they initially say no would be.

~~~
kpil
If the police operates the server, I'm pretty sure they would be reluctant to
accept new users as it might be illegal. The law in Europe is not as in US and
although I'm not certain here, it's generally much more strict in regards to
entrapment in most countries.

~~~
ceejayoz
I'd imagine sting operations are permitted in Europe, and that's all this
would've been.

------
abrkn
It's just a matter of time until the store fronts are developed open source on
Github and hosted decentralized on a network like MaidSafe. People love to get
high and are willing to pay. Innovation will follow to meet demand.

~~~
amyjess
> It's just a matter of time until the store fronts are developed open source
> on Github

Given that Richard Bates faced prosecution for working on the code of the
original Silk Road, this could result in very, very bad repercussions.

GitHub would very likely be raided, and anyone who committed to or forked the
repo could be prosecuted. I don't think anyone wants that to happen. Actually,
I wouldn't be surprised if GitHub will update their TOS to ban this kind of
software before anyone gets prosecuted in order to prevent themselves from
being raided.

~~~
mason55
I think it would be much more difficult to prosecute someone for working on a
generic storefront application that COULD be used as a darknet market vs.
someone who was directly building a darknet market.

There's obviously gradient, because on one side you have Richard Bates and on
the other side you have the people who work on Tor. I think that writing a
generic "white label anonymous storefront" is much closer to the Tor side than
the Silk Road side.

------
tomjen3
>This was made possible by the arrest of the two administrators of Hansa
Market in Germany, aged 30 and 31. Since their arrest, the two men, from
Siegen, NorthRhine-Westphalia, have been kept in pre-trial detention, and are
only allowed to have contact with their lawyers.

So admins of the other markets: always have a dead-mans switch.

~~~
aqme28
I'm curious how you would construct a switch that couldnt be bypassed by the
police once they have full access to the servers.

~~~
dankent
Even if the primary service itself was compromised, it would be possible to
have an automated dead man's switch running on an alternative service that
would alert the world that you were being held incommunicado.

Of course, failing to disclose the switch to the authorities and thus allowing
it to trigger could be considered a violation of a court order and lead to
punishment.

~~~
thaumasiotes
Also, it doesn't look good when you're arrested on suspicion of running Hansa
and next morning Hansa has a big banner saying "the admin hasn't checked in,
we think something is wrong".

~~~
hkon
The best point of them all.

~~~
mfoy_
"the alleged admin hasn't checked in"

X'D

------
ryanlol
Dream Market is still up since Nov 2013. (1 year older than even AlphaBay)
Perhaps they're the ones that are _actually_ based in Russia ;P

You seriously have to be a moron to host your DNM in Canada or NL though, NL
LE especially has many years of experience and millions worth of equipment for
these investigations. Pick a place where they're less likely to have advanced
DMA equipment handy! Even better though, is to choose a place where the FBI
won't be able to fly a team with advanced DMA equipment.

In fact, I wouldn't be too shocked if the rather sophisticated wiretap gear
the Dutch police have at AMS-IX was capable of identifying hidden sites with
timing attacks.

Supposedly this was posted on Hansa forums by the staff in the middle of the
takedown [http://i.imgur.com/yowD1Vr.png](http://i.imgur.com/yowD1Vr.png)

~~~
mindcrime
It leads one to wonder... what _is_ the "best" place to host servers if you're
going to run a darkweb market? Seems like you'd want a place where the
government/police/spooks aren't as tech savvy and sophisticated, and perhaps
somewhere where the government isn't on the best terms with traditional
Western powers.

Venezuela? But do they even have electricity for running servers?

Maybe some smaller African nations? Botswana? Mali? Burkina Faso? Togo? But
what's the state of 'net connectivity there? Is sufficient bandwidth
available? Are there colo centers or hosting providers there? I honestly don't
know...

Other possibilities?

~~~
blattimwind
> Venezuela? But do they even have electricity for running servers?

Venezuela isn't a third world country. Yes, they have electricity (and it is
very cheap, hence a lot of BTC mining there).

~~~
mindcrime
OK, maybe I was being a little glib. But still, the news reports I hear from
that area haven't been very positive as of late, and I do wonder if the
country is fundamentally stable enough to rely on hosting anything there.

~~~
pizza
You may want to consider how where you're getting news from is related to what
they're saying.

~~~
mindcrime
I'm not sure what you're trying to say. Are you suggesting that Venezuela
hasn't been undergoing a recent period of extreme economic and political
turmoil and uncertainty?

~~~
pizza
No, something else.

------
jitix
> More than 500 Dutch delivery addresses were reported to couriers and postal
> services with the intention of stopping the deliveries

Does this mean that the goal of the LEO was to only stop the deliveries
without actually arresting the recipients? If that's true then it seems the
way law enforcement works in the EU is very different than that in the US.

~~~
burger_moon
unless they can link your computer to entering that address, isn't there some
plausible deniability that someone else entered your address. Having drugs
delivered to your house isn't illegal if someone else sent them there right?
(Asking about in the US, but also interested in hearing if it's different or
the same in EU)

~~~
sjy
Whether your denial is plausible is a matter for a judge or jury. Your
credibility might be stretched if, say, the drugs were worth a lot of money,
you didn't report it when they turned up at your house, you had drugs in your
house when the police searched it under a warrant, and you bought
cryptocurrency which you can't account for a few days earlier. You might
choose to take a plea rather than rolling the dice at that point.

------
DiscoKing
How many lessons do people need before they learn? Prohibition doesn't work.
It creates more violence than it solves.

~~~
pessimizer
You're assuming that the goal of drug prohibition is to reduce violence.

------
xutopia
I wished I knew about these underground markets before they get shut down!

------
StavrosK
I wonder why vendors and buyers aren't using distributed markets like
OpenBazaar or the like. Are those not anonymous?

~~~
SamPatt
The current version of OpenBazaar doesn't use Tor. The upcoming 2.0 version
does work with Tor, but it wasn't built as a darknet market so it might not
work well for that use case.

------
blubb-fish
interestingly during the past two weeks the second largest market (dream
market) was unusually unresponsive and at times not reachable ... maybe they
were testing and deploying their fork of the market ...

------
jack9
What are soft drugs now? Interesting new neologism.

~~~
onorton
It's a distinction under The Opium Act in the Netherlands, apparently [0]

It's generally used to distinguish psychological dependence and physical
addiction. [1]

[0] [https://www.government.nl/topics/drugs/difference-between-
ha...](https://www.government.nl/topics/drugs/difference-between-hard-and-
soft-drugs)

[1] [http://www.drugwise.org.uk/soft-drugs/](http://www.drugwise.org.uk/soft-
drugs/)

------
TausAmmer
Thugs will be a thugs. This will only drive innovation.

------
RutZap
I think this is brilliant. A very efficient way of policing and removing a lot
of drugs from the market without spending a lot of public money and wasting
time on the streets.

Also the darknet is great as it reduces the violence associated with drug
crime, by taking the drugs off the streets and into the legitimate courier
business. You have to love technology sometimes.

~~~
olegkikin
How does that reduce the violence? Now the buyers have to go to the streets to
get their drugs.

Prohibition doesn't work. It creates much more violence than it solves.

~~~
RutZap
I agree that prohibition doesn't work, but the police needs to do their bit as
well. And if a darknet marketplace is taken offline, I don't think its users
will have to go on the streets, there are many other marketplaces out there;
just in the same way as when a street dealer is arrested, people will just end
using a different one.

It seems that you are actually agains policing it, which is not the way
forward, as there is a large amount of the population which is against drugs,
and their needs need to be accounted for by the Government. So by catering for
both parties (users/dealers and police), the darknet is a viable solution that
helps everybody in the end (efficient purchase, efficient policing, less
violence, less waste).

