Hydra: How German police dismantled Russian darknet site

2 years ago 17
ARTICLE AD BOX

By Joe Tidy
Cyber reporter

Image source, BKA

Image caption,

German police say shutting down the infamous darknet site took months of cyber investigation

"It gave us all goosebumps" says Sebastian Zwiebel, as he recalls the moment his team shut down Hydra, the world's largest darknet marketplace.

The website was a bastion of cyber-crime, surviving for more than six years selling drugs and illegal goods.

But, after a tip-off, German police seized the site's servers and confiscated €23m (£16.7m) in Bitcoin.

"We've been working on this for months and when it finally happened it felt big - really big," adds Mr Zwiebel.

Police say 17 million customers and more than 19,000 seller accounts were registered on the marketplace, which now carries a police seizure notice.

Image source, BKA

Image caption,

Written in Russian, Hydra served multiple countries with same day drugs deliveries

Hydra specialised in same-day 'dead drop' services, where drug dealers (vendors) hide packages in public places before informing customers of the pick-up location.

Shortly after the German action was announced, the US Treasury issued sanctions against Hydra "in a coordinated international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site."

In the past six months, many high-profile darknet markets have shut down but Hydra was seemingly impervious to police attempts to stop it.

The website launched in 2015 selling drugs, hacked materials, forged documents and illegal digital services such as Bitcoin-mixing - which cyber-criminals use to launder stolen or extorted digital coins.

The site was written in Russian, with sellers located in Russia, Ukraine, Belarus, Kazakhstan and surrounding countries.

Mr Zweibel says the operation to close it down began with a tip-off which pointed to the possibility that the website infrastructure might be hosted in Germany.

"We got some hints through monitoring darknet activity from US officials. So we started in July or August last year to dig deeper and to investigate this field," he says.

Image source, BKA

Image caption,

Visitors to the darknet site are now greeted with a police seizure notice

It took many months to locate which firm might be hosting Hydra in Germany. Ultimately it was found to be a so-called 'bullet-proof hosting' company.

A bullet-proof hosting company is one that does not audit the websites or content it is hosting, and will happily host criminal websites and avoid police requests for information on customers.

Mr Zweibel says his investigators then took their evidence to a German judge to get permission to approach the server company and issue a takedown notice.

The company was forced to comply otherwise they too could have been arrested.

Visitors to the site are now greeted with a police poster saying "the platform and the criminal content has been seized".

Media caption,

Watch: The BBC's Joe Tidy investigates the darknet drug dealers who keep coming back

Although celebrating their success, German authorities say they fear this won't be the end of the Hydra cyber-crime group, unless they can find and arrest them.

"We know they will find another way to do their business. They will probably try to build a new platform, and we will have to keep our eye on it. We don't know the perpetrators, so that's the next step," says Mr Zweibel.

The news comes during a turbulent time for darknet markets with the most prominent sites closing down in recent months, either voluntarily or as a result of police activity.

Many of the closures have come from criminals choosing to gradually bring their operations to a close, and disappear with their riches.

In January the administrators of UniCC, a darknet site selling stolen credit card details, retired, citing health reasons.

Voluntary closures also brought to an end the White House Market in October 2021, Cannazon in November and Torrez in December.

However, BBC research earlier this year revealed the most common way for darknet sites to close is via so-called 'exit scams' where the administrators voluntarily shut down the sites but steal their customer's funds in the process.

Media caption,

Watch: What is the dark web?

Read Entire Article