Until a few weeks ago, sinmed was one of the largest drug vendors at Dream Market, the foremost dark web bazaar. It took in millions of dollars shipping fentanyl-laced heroin, methamphetamines, and hundreds of thousands of counterfeit Xanax tablets across the US—until the New York district attorney's office shut it down, and arrested the three men who allegedly ran it.
Dark web takedowns happen all the time. But sinmed was a power player, among Dream Market's top 3 percent of vendors in terms of sheer transactions. And its rise and fall, as detailed by Manhattan DA Cyrus Vance and a recently unsealed indictment, shows not only how dark web storefronts operate, but also how law enforcement at every level has become increasingly savvy at tracking them down.
When you read about dark web takedowns, they typically involve sweeping actions by federal agencies. The Joint Criminal Opioid and Darknet Enforcement team—made up of agents from the FBI, DEA, CBP, and more—announced in March that it had made 61 arrests and shuttered 50 accounts related to dark web activity as part of Operation SaboTor, a crackdown months in the making.
But while the sinmed case involved cooperation from the Secret Service, US Postal Inspection Service, and Homeland Security Investigations, it originated—unusually—with the Manhattan DA. More precisely, with a tip the DA's office received in 2017 about good old-fashioned suspicious ATM withdrawals.
“For time immemorial we have been saying that in cases of economic crime, it’s really all about following the money,” Manhattan district attorney Cy Vance said at a press conference Tuesday announcing the charges. “Pulling the thread and following the money in 2019 today is about knowing where to look on the internet and in cyberspace.”
In late March 2016, the unsealed indictment alleges, 51-year-old Ronald MacCarty ordered 10 kilograms of microcrystalline cellulose from an unspecified vendor. It was the first of at least nine such orders he and Chester Arthur would place over the following two years; by May 2018, the size had grown to 500 kilograms.
On its own, MCC is harmless, mostly used as a binding agent. You can buy it on Amazon. But you can also use it to make pills. According to court documents, Anderson and MacCarty methodically worked their way up to doing just that. In July 2016, the two incorporated a company called Next Level Research and Development. From there, they attempted to buy a kilogram of alprazolam—sold commercially as Xanax—as well as a vial filling and capping machine, a powder mixer, a tablet press machine, and Xanax punch dies. Everything you need, as the indictment says, “to manufacture and sell tablets containing controlled substances.”
Over the course of their operation, according to the Manhattan district attorney’s office, Anderson and MacCarty—along with Jarrette Codd—shipped more than 1,000 packages to buyers in 43 states, laundering $2.3 million in cryptocurrency along the way. At the time of the trio’s arrest on April 4, investigators seized 420,000 to 620,000 alprazolam tablets, 500 glassines of fentanyl-laced heroin, and assorted other drugs. All three men have pleaded not guilty.
"They were a significant vendor," said Nicolas Christin, a computer scientist at Carnegie Mellon University who tracks the dark web. For comparison, the dozens of accounts targeted by Operation SaboTor together yielded $2.48 million in cash, as well as an additional $4.5 million in cryptocurrency. Christin places sinmed in the top 3 percent of all Dream Market vendors by transaction. "It is definitely a significant arrest," he said.
That law enforcement found its way to sinmed through ATM withdrawals also seems to be remarkable. Previous major dark web takedowns have typically relied either on tech savvy, as when Dutch police commandeered dark web market Hansa for months on end, or on reverse-engineering from real-world drug incidents through the postal service. The trail to sinmed would involve both eventually, but started with neither. If anything, it was the limitations of cryptocurrency that led investigators to sinmed’s door.
Dark web customers typically pay in cryptocurrency, and it's a lot harder to buy a powder mixer with bitcoin than it is with cash. To make their revenue more fluid, the three men allegedly worked out a simple system: Fund prepaid debit card accounts with bitcoin, and withdraw it as cash. The indictment details dozens of these ATM transactions; the trio collectively withdrew more than $1 million, in $700 increments, over the course of just over two years, according to Vance.
From there, investigators used traditional methods like physical surveillance and GPS tracking to build their case. Vance noted that investigators tracked home deliveries of MCC, found Next Level Research and Development, and caught MacCarty using his cell-phone repair store to buy the machinery needed to produce pills. Authorities intercepted packages, intended for sinmed customers, that contained 8,000 pills.
“It wasn’t long before the investigators were able to find the operation that they could see in the physical world online as well,” said Vance. Connecting those dots has become increasingly important.
"Even with access to an online account, the police may not necessarily be able to do much," said Christin. "Focusing on postal inspections, however, seems to be a recurring technique, which appears to work."
Accessing Dream Market, after all, isn’t especially complicated; you just need a Tor browser and the right .onion URL. As part of an undercover operation, DA investigators purchased around 10,000 alprazolam tablets from sinmed, along with ketamine and GHB. They even recorded themselves doing it.
Tuesday’s indictment charges all three men with conspiracy and money laundering; Anderson, who allegedly operated the Dream Market storefront, also faces charges of criminal sale of a controlled substance and identity theft.
“To those of you who are actually making these kinds of pills and engaging in this kind of drug transaction online, I think this case is a warning to you: that we are competent in this space, that we know how to find you,” Vance said Tuesday.
FBI Director Christopher Wray made a similar warning in the wake of Operation SaboTor, as did former attorney general Jeff Sessions last year after sweeping actions. But this kind of tough talk, and even the shutdown of sinmed, may have a limited impact on the dark web drug trade. Dream Market already had announced its intention to close up shop in the wake of previous arrests. And there are countless other dark web vendors still out there.
"Because they were shipping such a large quantity of physical products, it may take a bit of time for their competition to completely make up for their disappearance," said CMU's Christin. "But ultimately chilling effects due to vendor arrests or marketplace takedowns are usually very limited in time."
Still, the sinmed indictment shows that more law enforcement offices are developing better capabilities to join the crackdown efforts. “Much of the work that you see in this case is learning how to interrogate computer devices, learning how to purchase online undercover through the dark web,” said Vance, who marveled at how similar Dream Market was in look and feel to Amazon. “This is a rapidly changing environment in which we have to work.”
- 15 months of fresh hell inside Facebook
- The time Tim Cook stood his ground against the FBI
- What to expect from Sony's next-gen PlayStation
- How to make your smart speaker as private as possible
- A new strategy for treating cancer, thanks to Darwin
- 🏃🏽♀️ Looking for the best tools to get healthy? Check out our Gear team's picks for the best fitness trackers, running gear (including shoes and socks), and best headphones.
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
