An information security researcher has released a report revealing that more than half of the sites seized in Operation Onymous were fake.
Nik Cubrilovic, an Australian hacker who has worked at a number of start-ups since 2000, has determined that of the 276 onion websites taken down, 153 of them are clone or scam sites.
It was originally reported that over 400 “Dark Web” websites, which included Silk Road 2.0, were seized in Operation Onymous. However, Cubrilovic’s crawl reveals that fewer than 300 were actually affected.
For a large number of these sites, only the fake versions were seized, whereas the real websites remain live.
This is true for various online drug and contraband marketplaces, including a jihadi terrorist funding website entitled “Fund the Islamic Struggle Anonymously.”
The suspected culprit of this ploy is the Onion Cloner bot, a tool which dark-website operators first began using in May to copy other “.onion” websites in an attempt to steal passwords and Bitcoin transactions.
Cubrilovic concludes that all of the clone websites collected by the bot have since been seized in Operation Onymous.
The report also asserts that over 200 real websites were seized in the international takedown but were not mentioned in any public statements or press releases. These sites, according to Cubrilovic, have no outward appearance of cybercrime and were likely personal websites or forums.
That so many non-illicit onion sites were compromised seems to suggest that Europol, the FBI, the Department of Homeland Security, and all other parties involved in the global sting did not target specific sites but instead targeted specific hosting companies and vacuumed up whatever websites were involved.
The identities of the affected hosting companies remain to be revealed.
Operation Onymous has thus far arrested 17 individuals located in a number of countries and seized $1 million in Bitcoin, $250,000 in cash, as well as an assortment of other goods, including computers, drugs, gold, silver and weapons.
To read more about Operation Onymous, click here.