Since it's first appearance in 2009, the term "Deep Web" has designated the non-indexed parts of the World Wide Web, that is by standard search engine. Using the development of a FOSS anonymity network software called TOR, a whole digital world was born
and has been growing ever since. Making the best out of the anonymity provided to them, TOR users have, over the time, developed complex infrastructure in this deep web to make the discussion, the advertisement and the
traffic of any service or item that would be deemed illegal by local authorities, accessible to all.
With this new kind of distribution network, law enforcement had to adapt their working approach in order to try and regulate these new illicit markets. On 5 and 6 November 2014 an international law enforcement operation targeting darknet markets and other hidden
services operating on the Tor network was launch, Operation Onymous, the operation involved the combined efforts of police forces from 17 countries, more than 400 sites were closed and 17 arrests were made.
If the anonymity factor remains intact, tools have been developed to scrape and archive most services available on the TOR network. From forums to marketplaces, including search engines, messaging services, etc. This Project
will try to get an overview of the impact of huge raids such as Operation Onymous on the darknet uses, focusing on one marketplace that survived the operation, Agora market.
We will first examine the impact of Onymous on the products listed on Agora Market. A first intuition would be that a large-scale police operation on an illegal market can frighten its actors and thus impact its activity. We will focus here on the evolution of the number of products available in the market, the different types of products, their prices and finally, we will try to understand if this operation had an impact on the import/export shipping of the products, and finally if the sellers were more cautious with the countries they shipped their products to.
Here we propose to study the amount of products available over time. We can see a sharp drop in the number of listings just at the time the Operation Onymous took place. However, it goes back to its previous value very quickly, in less than a week. If we look at the graph over a longer period, we see that this drop is relatively small and is only one event among several market fluctuations. THus, despite an initial decrease in the number of products available right after the fact, Operation Onymous does not seem to make a significant impact on this matter on a global scale.
We then decided to break down the products into categories and see if all were all affected by the Operation Onymous in the same way on their availability. Again, we find that the operation led to a decrease in the listing population, but all categories seem to follow the same evolution and grow back rather quickly after the small drop in value following Onymous. The only category that significantly changed in population in comparison to before the operation is "Other", which regroups miscellaneous products, but no general observation can easily be made as the product's type in it are many and unrelated to one another.
The evolution of the price of the product is an interesting aspect to examine after these first observations. Since the trade is in Bitcoin, a crypto currency with a very fluctuating value, we convert the price into USD, based on the exchange rate of the corresponding day. Counter-intuitively, the price seems to decrease after the Operation Onymous. The overall trend after the operation is clearly a decrease, where it was a clear increase before the Operation Onymous.
We then turned our attention to the origin of the products and export flows. Intuitively, we could expect that this kind of policing operation would have an impact on the number of products exported abroad or from/to some countries in particular.
In the chord-diagram below we can observe the flows of products available on Agora Market before and after Onymous. The diagram is composed of 5 circular arcs, each one representing a geographical area, the length of every arc represents the proportion of products sent from this area. Between every two arcs are represented flows and the width of the projection of each flow on an arc represents the proportion of product sent from this arc's region to the other's. Finally, the fluxes take the colour of the arc that sends the most product. You can click on one of the continents to view the details of its exports.
| Sent to | Number of products | Proportion |
|---|---|---|
| America | 10000 | 100000 |
| Asia | 10000 | 100000 |
| Europe | 10000 | 100000 |
| Oceania | 10000 | 100000 |
| Others | 10000 | 100000 |
| Total | 100000 |
↓
Operation Onymous
↓
We can see here that the two main global players are Europe and the United States of America, they share more than 65% of the market. If we look at the proportion of products with only national shipping options, it appears that some areas are more focused on those domestic transactions than others, namely Oceania which sends approximately 70% of its products to Oceania and Europe which exports approximately 70% of its products to other areas, this could be explained by the strict control policy of the country's customs in this region. Unfortunately these proportions seems to be unaffected by Operation Onymous, Europe has lost part of its market share to the United States but overall the figures remain the same. This analysis is however to be taken with caution as only a small part of the products have a country of origin and destination values in the dataset.
If we take a closer look at the import/export traffic, we can see one clear trend after the Onymous strike in the exportation plot. Indeed, clear fall in worldwide exportations seems to happen right after the event. As the breakup is clear, one could assume it's the result of sellers getting scared of their vulnerability in the operation's fallout, and changing to a more local and less exposed way of doing business. However this trend seems to be a one-time event as, since, the number of worldwide exportations has been growing back again only 1 month after the Operation Onymous.
We can also notice the minor simultaneous drops in the product origin plot, however these drops are consequences of drops in the total number of product available on Agora and should not be considered in this part of the analysis. Nonetheless, similarly to a previous remark, this fluctuation could be part of the usual fluctuation of the market as well as a noise due to the variable quality of the data available one day from another.
Unfortunately, this analysis is quite limited in the conclusions that can be drawn from it concerning any aspect that would have evolved in reaction to operation Onymous. However, it seems the global and lasting impact on the traffic itself, at least on the Agora platform. One could thus infer, from the quick restoration of the listing population and the absence of significant impact on the items median prices, that this operation merely scratched the surface of this new network of illicit online traffic platforms. Nevertheless, the operation had a short term impact on this community, as seen from the listing's temporary drop in number, probably a firect consequence on the many arrestation that took place in the operation.
We saw that the Onymous operation resulted in a temporary drop in the number of products. To understand why this number decreased, we analyzed the number of active vendors on Agora. A vendor is considered "active" on a given day if he has products to sell at that time. Conversely, the sellers whose products are missing from a given date and forward are considered inactive from that date. It appears that, around the moment Onymous took place, more than 27% (311) of the active vendors before it stopped undefinitely their activity afterward. The total number of vendor on the market then never recovered until july 2015 when the website was seized and permanently closed.
Operation Onymous had an huge impact on the number of vendors on the Agora market and one could then wonder how the number of products listed on agora recovered so quickly. First of all, we notice here that the vendors that left after Onymous are, in majority, small suppliers (~8 products to sell) compare to those who stayed (with ~20 listed products). In addition, we find that the number of products listed by these large suppliers is growing faster than the rest of the suppliers after Onymous.
While the Onymous operation has had a significant negative impact on the total number of suppliers in the Agora market, it has also closed other large markets -such as Silkroad . Thus, we can ask ourselves if the closing of these markets entailed users to move to Agora. We can see here that this is not the case, the number of daily new suppliers, offering at least one product, is relatively stable, about 5 per day. A vendor is considered new the day when he publishes is first product.
We saw that the Onymous operation had a significant impact on the suppliers of Agora Market, a lot of small vendors retired after this operation. However, the operation didn't seem to impact the big suppliers of Agora. We assumed that these conclusion are true for other market such as Silkroad : the small suppliers left after it was close and the big suppliers continue their deals on other platforms. But if this is the case, how can we explain that we don't see any upward trend in the number of new suppliers after the operation on Agora ? We made the assumption that it was because most of the big suppliers had already an account on several market. We compared the username of the suppliers present on Agora and Silkroad before Onymous and found out that 15% of them had an account on both market. In order to compare address the potential issue of vendors having a slightly different username depending on the market, names were cleaned beforehand and a pair was considered to be a match with a comparison tolerating a hamming distance of at most 1.
Here we let you play with our dataset, to dig yourself inside the Agora market data. Every chart is parametrable, you can try different filters, if you click for example on Counterfeits in the top five category, you will see all the data updated accordingly, see that a lot of this products are sent from Asia. You can also select a range of dates by click and drag with the bottom charts.
In conclusion, we can say that this analysis portrayed an operation inducing very small damages to its target, considering the market itself grew back to its initial size in about a month. The same could be said for the seized goods, not large enough to affect their price globally. However it seems to have induced interesting changes into the vendors behavior : the small suppliers seemed to quit the market while the bigger ones grew in importance. One could then wonder if the operation was a success since it reduce the number of vendors but at the same time making room for the bigger ones to strenghten their position.