OnymHoax Revealed: 153 Out of 276 Seized Domains Are Phishing/Clones

2 minute read

Posted by: DeepDotWeb

November 18, 2014

A new study was published today (November 18, 2014) by  Nik Cubrilovic , a security researcher, which found that  there are some significant differences between the data  published by the law enforcement agencies involved in Operation Onymous  and the actual numbers of the seized sites. More specifically, a large portion of the seized sites were nothing but cloned or phishing sites that resemble the actual sites that Law Enforcement agents meant to target.

Cubrilovic crawled and indexed onion sites to find out how many real, dark net market sites were seized and reported that:

Initial reports said 410 sites were seized, then 400 and this number has continued to be revised down until Europol said only some two-dozen sites were seized. Our crawl of just over 9,000 onion sites has found 276 seized onion sites.

The most important of his findings in his research were as follows:

  1. The number of 400 seized domains was incorrect. In reality, approximately 276 domains were seized by Law Enforcement.
  2. Out of these 276 domains, at least 153 were either clones, scam, or phishing sites that were designed to resemble legitimate dark net markets.
  3. In several cases, the FBI seized the fake site while leaving the real site remained active.
  4. A large number of the sites were onion cloner sites—an onion proxy that clones major dark net sites in order to steal account passwords and hijack Bitcoin transactions
  5. As we previously claimed, out of the 32 onion addresses mentioned in the DOJ seizure notice filed in United States federal court, 3 are scam sites and 9 are clone websites.

This information shed new light on Operation Onymous and the statements made by the Law Enforcement agencies involved in the dark net site seizures. It seems as though Nik came to the same conclusion that we have previously advanced: that the main method used by Law Enforcement to find and take down the site was to target specific hosting services, quoting:

That the FBI seized so many clone and fake websites suggests a broad, untargeted sweep of hidden services rather than a targeted campaign. The slapshot nature of how sites were seized suggests that rather than starting with an onion address and then discovering the host server to seize, this campaign simply vacuumed up a large number of onion websites by targeting specific hosting companies. We have tracked down the hosting companies affected and the details will be published in a follow-up.

For the full data about the seized sites, visit Nik’s blog. We will follow up on this story once Nik publishes the second post with the hosting providers data.

As a final note: The Dark Net Markets Community thanks Europol, Eurojus and the FBI for removing all these scam sites—including Silk Road 2—and phishing operations, while leaving most of the major services active, thereby reducing the risk of losing money when purchasing goods on dark net markets

This article is another part in the article series dedicated to coverage of Operation Onymous, a global crackdown on dark net markets. During the operation, there were:

  • 17 arrests
  • 13 search warrants issued
  • 276 hidden sites seized (27 sites total – among them, some known scam sites)
  • Hardware and digital media seized
  • Bitcoins worth approximately USD 1 000 000 and EUR 180 000 in cash, drugs, gold and silver seized

Countries involved in Operation Onymous include Bulgaria, the Czech Republic, Finland, France, Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, the Netherlands, Romania, Spain, Sweden, Switzerland, the United Kingdom and the United States.

Read all our other articles regarding Operation Onymous Here.


Updated: 2014-11-18