In early February this year, what appeared to be a website glitch sent thousands of drugs-buyers into a panic. Liam (not his real name), a student at Manchester University, needed to buy some MDMA for the weekend’s big party. So he did what he had been doing for the last two years: he opened up the Tor browser to get on to the dark web, and typed in the address for Dream Market, the world’s biggest and most dependable source of illegal drugs. Nothing happened. When he tried again, a message popped up on the screen: ‘Hmm. We’re having trouble finding that site. Here are three things you can try: try again later; check your network connection; if you are connected but behind a firewall, check that Tor Browser has permission to access the web.’ Dream Market’s usually excellent customer forum wasn’t working either. It wasn’t until he checked the chatter on Dread, another dark web forum, that Liam discovered that Dream Market had come under attack, through a Distributed Denial of Service (DDOS). A ‘botnet’, a network of zombie computers, had been instructed to access the site repeatedly, triggering its collapse by overloading it – a standard technique used by both cybercriminals and government agencies to disrupt online activity. For as long as this went on, nobody would be able to access Dream Market at all. On Dread, many shared Liam’s pain. ‘I give it two days before I start freaking out all crazy,’ warned Genghis the Xanlord, his moniker suggesting he was fretting about his supply of benzodiazepines (Xanax for preference, but Valium would be fine).
Dream Market had enjoyed an almost complete monopoly on the online illegal drugs trade since 2017, when a combined operation of European and American law enforcement agencies seized the servers of the Hansa and AlphaBay markets, its two most recent predecessors. (The first, biggest and most famous, Silk Road, was taken down in 2013.) Before this year’s DDOS attack, Dream Market had boasted between one and two million users, the majority from just five countries: the UK, Germany, France, the Netherlands and the US. Its customers bought more MDMA – the most sought-after item on the dark web in the UK – than anything else, but cocaine, marijuana, heroin, Xanax, ketamine and LSD weren’t far behind. Prices were reasonable, quality was assured, delivery was fast. By 2013, when Dream Market opened for business, the dark web already accounted for 15 per cent of the illegal drugs sold to UK residents; this year, 29 per cent of drug users admitted to having bought online. The growth of dark web markets has been rapid, and with good reason: customer reviews, much as with Amazon, give a sound indication that you’ll be getting what you paid for; put in your order on a Tuesday and you can pretty much guarantee that an unsuspecting Royal Mail employee will be slotting a package through your letterbox by Friday at the latest. Gaining access to such sites is barely any more difficult than using the everyday web: you just need a little practice with the Tor browser and a Bitcoin wallet – a lesson from a friend, perhaps, or a brief YouTube tutorial – and you’re rewarded with the promise of anonymity, security, reliability and convenience.
New technologies and globalised demand have made it vastly easier to shift and sell illegal drugs with low risk of detection. Once the products reach the UK, there are now four major methods of distribution. The simplest and most old-fashioned, with the highest risk for consumers, involves opportunistic purchases on the street. Word will get out that one corner or another is the place to go to get hold of your drug of choice: this may be your only option if, say, you’re a first-time buyer in a big city or haven’t yet managed to find a network you trust. The quality of the drugs varies dramatically and the chances of being ripped off, arrested or physically attacked are relatively high. But if you’re prepared to pay, just ask around and you will find.
Next, if you are a drug user in a small town or a rural region, there are the ‘county lines’ networks, named for the local phone number advertised to potential buyers in a particular area. County lines networks have attracted a lot of publicity recently. In a major blitz, the police claim to have arrested 743 of the sellers involved and seized drugs worth more than £400,000, along with guns, knives, swords and machetes. The National Crime Agency estimates that the county lines trade is worth £500 million a year, so this wasn’t quite the coup it was presented as being: it’s a 0.1 per cent tip of the iceberg. ‘If you want to start a county line, you take a train to Bournemouth with ten wraps of crack and ten wraps of heroin,’ said Tyler, who operated a county line on the south coast for a few months. ‘You find a user and offer free samples to show the quality of your product. You then strike a deal with the user – if you can deal from their home, using their local contacts, you will continue to supply them with free drugs.’ If the runner is unable to ‘cuckoo’, as this practice is known, he will rent an Airbnb in town and conduct operations from there.
County lines customers tend to be from dysfunctional backgrounds. Those in charge of the networks, who usually operate from bases in the cities, view their clients with a degree of contempt, calling them ‘nitties’ and ‘fiends’. Their biggest-selling products are crack and heroin; the bosses and runners avoid using the drugs themselves. They have little regard for customer satisfaction: they aren’t going to lose sleep over the occasional dead junkie, except as a possible security risk: a death could attract the interest of the police and local media. Nor do they have much regard for those lower down the distribution ladder: these are often teenagers or – the police said after the latest operation – ‘children as young as seven’ who have been coerced or bribed by older gang members. As far as the bosses are concerned they are entirely expendable. After a police operation in May, Sky News reported that ‘519 vulnerable adults and 364 children [were] taken into safeguarding.’ The police often seek to charge those running county lines networks under modern slavery legislation.
A step up from the county line networks is the urban full-service party supplier. Fallowfield in Manchester, Hyde Park in Leeds and Camden Town in London: three places where you may be handed a smart business card indicating that full service is available. One such card recently distributed in Ladbroke Grove had a phone number printed under the name Omar and beneath that the Givenchy logo. But Omar wasn’t selling perfume. Over the last decade, full-service suppliers have placed a good deal of emphasis on customer satisfaction. Their well-off, well-educated clients can afford to be more discerning than county lines users and if they aren’t satisfied they will turn to the dark web instead. So full service means offering quality products at competitive prices with a decent guarantee of security from arrest.
One way full-service dealers advertise their wares is through Snapchat or WhatsApp: they will include a carefully illustrated menu on a ‘story’ – a broadcast to all their contacts that automatically disappears after 24 hours, making it hard for police to trace. All the customer has to do is find out whom to befriend. A little while ago a student dealer in Bristol, nicknamed Narcs, was offering his followers four strains of hash (Malana Cream! Blonde Critical Leb!), various types of weed (Stardawg!), plus ketamine, MDMA, cocaine, speed, LSD, psilocybin, Valium and Xanax. On a formidable menu like this, an emoji is placed beside each item for easy identification of the drug in question. Ketamine is illustrated with a picture of a horse in reference to its origins as an animal tranquilliser. Dutch speed – a loose term that could include any type of amphetamine – has a little man running by in a puff of smoke. Once you’ve placed your order, you should expect to pick up the drugs at the designated rendezvous point within an hour or so. If you find yourself having to wait any longer you may want to choose another supplier: there are plenty of other Omars and Narcses out there. They usually deliver in black Audis or Mercedes – not exactly inconspicuous, but reassuringly expensive. They are courteous and efficient. The competition is stiff, so they strive to ensure that your customer experience exceeds anything their rivals can offer.
This focus on customer satisfaction is a direct consequence of the rise of the dark web markets, the fourth major distribution network. The internet has dramatically improved the experience of drug buyers. The market share of a dark web outlet depends almost entirely on its online reputation. Just as on Amazon or eBay, customer reviews will describe the quality of purchased products as well as reporting on shipping time and the responsiveness of vendors to queries or complaints. If drugs that a buyer has paid for don’t turn up – as once happened to Liam, the Manchester student – a savvy vendor will reship the items without asking for further payment, in the hope of securing the five-star customer reviews they depend on.
As a consequence, the drugs available to the informed buyer are of a higher quality than ever before. They are also safer. The administrators of DNStars.vip – a site on the open web which you don’t need Tor to visit – pose as ordinary users in order to buy samples of popular drugs from major vendors. They then have the drugs chemically tested to see whether they match the seller’s description. This valuable service can save lives. Take the example of a supplier called Monoko, who until recently was one of the largest distributors of benzodiazepines in the UK. He claimed to be selling alprazolam, the generic name for Xanax, but earlier this year DNStars tested his product and reported that what he was actually shipping was doxepin – a far more potent drug that is lethal in large doses. These days, if you dupe your customers you don’t stay in business for long.
Up against the entrepreneurial drive and technological innovations of the retail drug markets, the police are at a disadvantage. It doesn’t help that since the onset of austerity measures in 2010 the UK’s police forces have lost 20,000 officers, 15,000 administrative staff and 600 police stations. As part of his campaign for the Conservative Party leadership, Boris Johnson promised (implausibly) that he would restore the number of officers, if not the admin personnel. But even if they were at full strength the police would struggle to penetrate the dark web markets, whose encryption and anonymity are almost impossible to crack unless the people who run the markets make mistakes. And even when such mistakes do occur – a reused IP address here, a familiar username there – joining the dots and fingering the culprits requires highly skilled computer operatives who are up to date in security and cryptographic techniques and have an advanced understanding of the blockchain technology that underpins the trading. There is a dearth of such operatives in Britain and indeed around the world. We estimate that the median annual salary for a cyber security engineer in the private sector is £56,000. To earn that much in the Metropolitan Police you would need to reach the rank of chief inspector. The incentives for computer experts to work in the public sector are few.
A few UK forces have built up specialist cyber units: notably, the City of London Police, the Met and the National Crime Agency (NCA). Given the constraints, the NCA – which assumes most of the responsibility for the investigation of dark web markets – has had to prioritise its targets. Top of the list – understandably – is fentanyl, the synthetic opioid of choice for those who can no longer get hold of OxyContin after becoming addicted. Fentanyl is one hundred times more powerful than morphine and can be lethal even in low doses; it is often sold mixed with heroin to increase the intensity of the high. The fentanyl crisis began in the US, where it is still raging, but it has had a knock-on effect in Britain (there have been a number of deaths in North-East England in particular). It seems that UK dealers have been buying fentanyl from China, where most of it is manufactured, in order to sell it on to the US – profiting from the fact that drugs coming from the UK are less likely to be intercepted by US law enforcement than those coming directly from China. And, according to a well-established pattern, a country that becomes a transit zone for drugs soon develops its own habit. But, interestingly, the dark web itself seems to have helped keep Britain’s fentanyl habit in check. Before it was taken down by the DDOS attack, Dream Market ‘almost did the work of the police themselves’, according to Lawrence Gibbons, the NCA’s head of Drug Threat, by prohibiting the sale of fentanyl through its site. Coke, heroin and cannabis were one thing, but ‘fentanyl and firearms … attract law enforcement attention to a much higher degree’ – the sort of attention a well-run business avoids.
By their own admission, UK police can’t contain the drugs trade on the dark web. They can occasionally disrupt and deter. Every time one site is taken down a new market, with improved security techniques, is ready to take the number one spot. But this leaves unanswered the question of what happened to Dream Market. When a site like this stops working, one of two things is probably happening. First, a law enforcement agency may have taken control of it, in which case buyers and sellers alike can say goodbye to any cryptocurrency they may have locked in the site’s escrow system. What’s more, police may be harvesting the data – IP addresses, even home addresses – of users who haven’t taken the necessary care to obscure their details: a dreadful thought for everyday drug buyers. The second possibility is known as the exit scam. Here the site’s own administrators decide to appropriate, at a stroke, all the money sitting in the escrow accounts – and then, essentially, do a runner. On dark web forums, the exit scam generates far more fury than a police takedown, since scammers have failed to uphold the honour among thieves on which commercial criminal activity relies.
But what happened to Dream Market didn’t look like an exit scam. The DDOS attack lasted almost three months. And then, at the beginning of April, without warning, users suddenly found they could log in again – only to see a message stating that the market would soon be ceasing activities altogether and that after 30 April people would no longer be able to withdraw funds from Bitcoin wallets on the site. The threat of seized funds had an air of the exit scam, but when users requested their money back before the deadline, it was returned as promised. It only became clear that something more complicated might be going on when, following Dream Market’s announcement of its imminent closure, another site, Wall Street Market, took over as the biggest dark web market in the world – in the space of about a week.
In early May, Europol and German police made their move. Three German nationals – WSM’s administrators – were arrested, and the site’s server was seized by Finnish customs. The FBI, which was also involved in the operation, issued an indictment that bigged up the scale of the achievement: ‘WSM was one of the largest and most voluminous dark net marketplaces of all time, made up of approximately 5400 vendors and 1,150,000 customers around the world.’ In fact, for most of its existence WSM had been no more than a peripheral competitor to Dream Market, with just a few thousand users; many dark web customers avoided it because it was poorly designed, unreliable and not necessarily to be trusted with regard to security. The sceptics turned out to be right: as large numbers of Dream Market’s ex-customers flooded in, WSM’s administrators perpetrated a real exit scam, removing millions of dollars in Bitcoin from users’ escrow wallets.
If it hadn’t been for this brazen theft the police might have waited longer before making their arrests. But the rapidity of events made it clear that they already knew the identities of WSM’s administrators, and that – unlike Dream Market, with its high-level security – it was a site that could easily be brought down by low-tech means. Could it be that the DDOS directed against Dream Market – the only way law enforcement could interfere with its activities – was arranged in order to herd its users elsewhere, to a poorly defended site that the police already effectively controlled? No official spokesman from the police forces involved would confirm this but a senior German law enforcement official who had previously worked at Europol admitted to us that this was what happened. So law enforcement knows a few tricks too. But any impact on the drugs market of an operation like this is only ever temporary. New sites with new rules are popping up all the time. The party continues.