How Authorities Took Down a German Darknet Forum

The Germany in the Deep Web connection to the Munich shooter

The Munich gun (David Sonboly) purchased his gun(s) from a darknet vendor on the German forum “Deutschland im Deep Web” aka “Germany in the Deep Web.” Prior to the weapon purchase, the forum attracted almost no media attention and certainly not any major law enforcement investigation. That changed after authorities discovered a vendor in the forum had sold a Glock to Sonboly.

The darknet forum owner’s anonymity

Investigators discovered that the forum was being run by a computer science student named Alexander. Alexander went by “Lucky” on the forum and, for the longest time, managed to run a tight ship. The forum became a safe haven for political conversation, general shit talking, and gun sales.

Investigators could not find the location of the servers (or Lucky’s identity) through conventional means. Instead, they monitored the forum for months and eventually gained an ear with Lucky. Lucky began to trust the investigators.

Encryption

Investigators soon learned they could not simply raid Lucky’s apartment without ensuring they had full access to the to server that hosted the forum. They knew that he, like many other darknet market owners, kept his data in an encrypted state while not physically accessing it.

So they devised a plan. The investigators on the forum began pointing out security flaws—both real and fabricated. They timed the conversations so that when police on the ground had prepared for a raid, Lucky would be physically in front of his computer.

The battering ram crashed through Lucky’s door and German authorities seized the unencrypted laptop and arrested Lucky.