An international operation has taken down one of the largest networks of fraudulent platforms on the dark web, shutting down hundreds of thousands of websites.
Operation Alice, which kicked off in mid-2021, was led by German authorities and supported by Europol.
It initially focused on the dark web platform "Alice with Violence CP", which was found to be running more than 373,000 fraudulent websites advertising child sexual abuse material (CSAM) and cybercrime-as-a-service (CaaS) offerings.
The operation expanded after the identities of 440 customers who had used the operator's services were uncovered, leading to further examination; more than a hundred are still under investigation.
The team identified patterns among thousands of small and previously unnoticed dark web marketplaces that, individually, looked insignificant and which would normally evade detection. However, by correlating these sites with cryptocurrency transactions, analysts were able to join the dots to reveal a much larger, coordinated network that Europol said covered almost half of the dark web.
The person running the network has been identified as a 35-year-old man based in the People's Republic of China, who is now subject to an international arrest warrant. He's believed to have been running the sites since 2017 and to have made more than €345,000 in profits from around 10,000 customers worldwide.
Meanwhile, the websites have been shut down and 105 servers seized, along with electronic devices including computers, mobile phones and electronic data carriers.
"We are pleased to have disrupted this extensive dark web network," said Thomas Goger, representing the Bavarian authorities involved in the investigation.
"The perpetrator played a central role in a major criminal infrastructure. Dismantling this network marks a significant step forward in several respects: applying cutting-edge law enforcement technologies, prosecuting about 600 offenders and users, and, most importantly, protecting potential future victims."
Between February 2020 and July 2025, said Europol, the suspect advertised CSAM on different platforms, which were accessible through more than 90,000 onion domains. The "packages" on offer cost between €17 and €215, and promised data volumes ranging from a few gigabytes to several terabytes – but were never delivered.
Meanwhile, the sites promoted several cybercrime-as-a-service (CaaS) offerings, including credit card data and access to foreign systems - but again took payments without offering any service in return.
"Operation Alice sends a clear message: there is nowhere to hide for criminals when the international law enforcement community works hand in glove," said Europol executive director Catherine De Bolle.
"We will find them and hold them accountable. Europol will continue to protect children, support victims, and track down the perpetrators."
How Cancer Research UK built a reliable, scalable user experience with AWS
Lenovo ThinkPad T14s 2-in-1 review
