Recommendations on Establishing a Departmental Framework for Darkweb Marketplace Investigations

Guest Blogger: John Bamford, Detective, Arlington County Police Department

In July of 2017, the Federal Bureau of Investigation announced a multiple country operation which resulted in the take down of one of the largest illicit marketplaces.  This virtual marketplace, known as Alphabay, was alleged to have operated for more than two years with transactions totaling over $1 billion dollars in cryptocurrencies, such as Bitcoin.  At its peak, it was estimated that Alphabay had more than 200,000 users and 40,000 vendors supplying illicit substances.

What is vital to know is that unlike the physical transfers of the past, users of Alphabay completed all their transactions online in what is known as the “darkweb.”  The dismantling of Alphabay and another marketplace called Hansa has since multiplied the number of websites specifically involved in the sale of illicit items. For law enforcement, this means there are more avenues for suspects to obtain items such as heroin, fentanyl, weapons, or stolen credit card numbers that can bring harm to communities. With this increase in suspects, local police departments can no longer rely solely on federal authorities to investigate these marketplaces. Local authorities should begin learning how to initiate their own investigations and understand the important role they play in identifying these suspects.

This blog provides guidance for local departments in setting up a system to undertake their own investigations into the various darkweb marketplaces.

  1. Selecting the right person for the job

Unlike your traditional narcotics investigations, these investigations don’t usually involve a lot of hand to hand purchases and physical undercover work. Rather, these investigations require a large amount of paperwork and willingness to pour through documents looking for a single mistake that allows identification of a suspect.  Since they are almost exclusively cyber-based, having a detective who is either technologically inclined or who has a willingness to learn the various ins and outs of cyber investigations is also vital.

Due to many marketplaces being centered around either fraud or narcotics, many departments utilize white collar or vice detectives who have shifted into investigating darkweb marketplaces. Detectives who typically work narcotics or fraud investigations also already have experience with sorting through documents and dealing with legal nuances and maybe prepared for the inevitable pitfalls and roadblocks that occur in the investigations into darkweb markets.

  1. Obtaining the necessary training

In order to investigate a darkweb marketplace effectively, officers have to know what to look for and should be thoroughly trained. For example, understanding cryptocurrency or hiding a computer’s Internet Protocol (IP) Address are skills that law enforcement should not learn through trial and error. It is very easy to ruin an entire case by leaving a digital trail right back to your department. Officer training is vital because it legally allows law enforcement to make logical assumptions when executing search warrants.

The good news for many departments is that there is a large amount of training available that does not require physical travel.  This training, offered online by many companies, is almost always beneficial no matter the investigator’s experience level due to the the various forums and marketplaces where criminal activity occurs. There are also numerous training opportunities available through federal government entities such as the Federal Bureau of Investigations Criminal Justice Information Services Division (CJIS) and various federal task forces.

  1. Joining a Task Force

When undertaking an investigation into a darkweb market, it is very likely that some of the vendors or administrators of the marketplace live outside of your jurisdiction. To effectively investigate and identify suspects, it is advised to join a federal task force. A task force provides your department with additional technical experience and knowledge. Being part of a task force can help avert conflict between investigations being conducted by different departments or alternatively, it can allow for investigators to combine their investigations into a larger one.  Finally, it serves as a force multiplier allowing for the pooling of both personnel and financial resources.

  1. Picking targets of investigations

While the owner of a darkweb marketplace likely lives outside of a department’s jurisdiction and reach, it is very common that individual users of the darkweb marketplace live within the department’s jurisdiction. Local departments should utilize situations where they have actual day-to-day interaction with the suspects utilizing the darkweb marketplace to work their way up the chain.  Consider this example:

An overdose death occurs in a local jurisdiction which pulls in both homicide and narcotics detectives. Upon arrival, they discover that the victim of the overdose obtained the controlled substance via an online order. Using the victim’s laptop and cellular phone, law enforcement may be able to identify the actual supplier of the narcotics through the darkweb marketplace. While identifying the owner of the website may be extremely difficult, the chances of identifying the supplier of the narcotics and working up the supply chain is a more feasible challenge for local law enforcement.

  1. Working with prosecuting attorneys

To successfully prosecute a complex case involving a darkweb marketplace, it is vital that law enforcement officers and prosecutors are on the same page. While both sides may not see eye-to-eye on every single issue, they must be able to work together to move the case towards a successful prosecution. In darkweb marketplace cases, much of the case development and investigation will involve legal processes directed to various entities such as internet service providers or internet companies such as Facebook or Google. Working with the prosecuting attorneys can help ensure that the evidence is obtained through the correct legal processes. The prosecutors must also work with law enforcement to ensure sufficient evidence has been collected, especially since the investigation into a darkweb marketplace oftentimes requires a technical and specialized understanding that many prosecutors may not have.

In conclusion, many local departments have the ability to investigate crimes arising from darkweb marketplaces. However, to obtain a successful prosecution, it is important that departments position the right investigators for the job, ensure investigators receive proper training and resources, pursue the right suspects, and work with prosecutors to reach a favorable case conclusion.

Interested in learning how to successfully conduct dark web investigations including how to seize cryptocurrencies in a forensically sound manner? Join us at the 2018 IACP Technology Conference in Providence, Rhode Island, May 21-May 23, 2018. Visit: for more information!


This entry was posted in Cybercrime, Global Policing, Technology. Bookmark the permalink.