包含暗网top的词条

有哪些类似于《看不见的客人》好看的推理悬疑影视作品？

悬疑剧向来是荧屏上的热门题材，尤其是随着互联网和移动互联网的迅猛发展，视频网站迅速崛起，自制的悬疑作品更是层出不穷，也涌现了不少高口碑高网播量的品质作品，从《余罪》到《白夜追凶》，再到《镇魂》等等，在网上引起了广泛的热议和讨论，张一山、潘粤明、朱一龙等演员也凭借剧中的角色俘获众多的粉丝。

不过我今天要说的这部悬疑剧，是一部相当经典的作品，它便是《大宋提刑官》，其口碑与收视率都收获了很好的成绩，当时该剧播出第二周的平均收视率为高达7.85%，超过了《新闻联播》的6.18%。至今过去了十四年，依然还有很多人都对这部剧很是喜欢，该剧目前在豆瓣上的评分更是高达9.2。

在众多悬疑剧当中，为何它就能赢得无数观众的喜欢和追捧，它的魅力在哪里？我觉得主要是以下几个方面发挥了作用：

其一，剧中演员表现抢眼，演技都十分扎实。其中最为亮眼的便是男主宋慈，他是由实力派何冰扮演，剧中的宋慈刚正不阿，不畏强权，一身正气，在破案方面的能力相当了得，通过专业的破解以及严谨的分析，破获了一桩又一桩的疑难案件。其次是他的得力助手竹英姑（罗海琼饰），聪明又善解人意，在破案过程中起到了很重要的作用。当然，主角们的精彩表现，也需要对手们的衬托，剧中的两大反派刁光斗、吴淼水贡献了不少看点，一个是“嚣张到死”；一个“死打不倒”，让观众恨得牙痒痒。

其二整部剧故事情节紧凑，逻辑严谨、节奏很快。相信看过该剧的观众应该知道，每一个案件的发生，其实在发生之前都有一定的提示，或明或暗，而当案件真正发生后，宋慈等人一起为案件抽丝剥茧，在追查证据及嫌疑人过程中，逐渐把观众带进故事里，当他们分析案情时，通过逐步揭露凶手的作案 *** 及步骤时，你会发现，宋慈的分析案情更是精彩万分，而且节奏明快简单。

其三是剧中故事情节虽然有矛盾冲突但依然充满情感和感悟。《大宋提刑官》这部剧虽然是一部古装悬疑剧，但它实质上是在用一件又一件的事件讲述官场。在剧中的每一个案子里，其背后离不开各色官吏的不同面，他们代表了为官为己又为利的一方，而宋慈则代表着为官清廉又刚正不阿的另一方，虽然他们同样为官，但两者的冲突正是为官所展现出不同价值观的冲突，这一点同样是这部剧持续受到观众追捧的重要原因。

最后是该剧做到了够专业。无论是剧中的侦破 *** ，还是整部剧的后期 *** ，都称得上的专业有水准。该剧作为法医鼻祖宋慈破案的传奇故事，自然剧中的破案 *** 要做到专业，剧中的宋慈，从案件本身和医学角度切入，分析的是有理有据。而从整部剧而言，虽然是一个又一个案件汇聚在一起，但如果你仔细看这部剧你会发现，其实每一个案件之间会有一定的联系的，而且首尾有一定呼应，

总之，《大宋提刑官》这部剧，无论是演员还是故事情节，抑或是破案的专业水准以及后期 *** ，都称得上亮点和看点。在悬疑剧层出不穷的当下，这部剧已经播出了十四年之久，依然还有不少观众继续回看这部剧，可见该剧在观众心目中的地位。

7.9分《火星情报局5》能给银河酷娱多少想象力？

缺席两年，《火星情报局5》踩着2020年的尾巴在优酷上线。以汪涵、薛之谦代表的元老特工完整集结，表现形式上剔除了第四季被诟病的科幻感，并提出了“生存季”主题、融入了“选拔概念”。

2017年，在银河酷娱完成B轮超2亿元融资后，公司创始人兼CEO李炜曾在一次采访中充满信心的表示，“我们现在把‘火星’拉到一个更大的范围内，背后世界观都是通的，它会指导我们去做更多产品的一个呈现。”

但不久后，《火星情报局3》突遭下架，银河酷娱蓄力15个月做出的《火星情报局4》口碑、热度双双遭遇滑铁卢。截止发稿前，《火星情报局4》的豆瓣评分仍在4.0，评分人数不足5000。

▼

“火星”迟归，“银河”不复

在综艺市场逐渐走向被动，这正是银河酷娱被阿里影业收购时缺乏议价能力的主要原因。

2017年完成B轮融资后，银河酷娱再次加快了“火星”的IP化，与优酷进一步布局“火星节目带”，包括 *** 新节目《火星实验室》《火星研究院》、成立火星学院，以及推出网剧、电影等火星衍生IP的 *** ，并将IP衍生品开发提上日程，且产生了不错的收益。

在同年中秋节，《火星情报局》与陈小鹿品牌联合推出的火星月饼卖了1800万销售额。

可从15个月连推三季，到15个月做出一季，再到两年一季，透过不断拉长的 *** 时间跨度，我们能清楚看到，这个曾经说一声“开播了”观众就会欢呼雀跃的老IP已疲态尽露。

或也正是意识到了这点，《火星情报局5》首期才选择让伊能静、黄圣依两位风头正盛的“姐姐”，与同样具备高话题性的张馨予和在今年因《青春有你2》走红的秦牛正威组队开局。

只可惜，这番苦心收效甚微。截止发稿前，《火星情报局5》虽拿到了7.9的豆瓣高口碑，但评分人数寥寥，且仍未登上猫眼综艺全 *** 热度榜TOP30，优酷单平台上的热度也排在十名开外。

观众对“火星”IP的爱不再浓烈，新支撑又迟迟未现。依据阿里影业今年3月发布的收购公告，银河酷娱在2018年和2019年已经连续两年亏损，亏损额分别为31.6万元和72.4万元。

不过，虽然没有获得亮眼的收购价格，但“卖身”阿里影业对银河酷娱来说依旧是一个好选择。

一方面，银河酷娱一直将打通内容产业链视为自己的目标，成为大文娱产业链一环后，银河酷娱可以更好的拓宽“火星”以及其他综艺IP的商业边界，并在节目推广和整合资源上拥有更多便利；另一方面，”招商难“已经成为综艺 *** 公司正面对的普遍难题，这种情况下，银河酷娱“卖身”阿里影业，显然就拥有了稳定产出内容的支撑。

▼

5档综艺节目对赌

4年5次付清1.6亿

“卖身”阿里影业是银河酷娱的一个好归宿，但把公司卖给阿里从来不是件易事。

公告显示，阿里影业收购60%股权的价格上限是4亿元，首期先付2.4亿，剩下的1.6亿将根据银河酷娱相关项s目的盈利能力，最晚在2024年年底之前，分5次付清。

不仅如此，每次支付对应一档综艺节目，每次的支付总额最多不超过3200万元，如果项目盈利能力不好，支付价格可能会下调，且公告中并未明确给出现金支付的下限。而在交易完成时银河酷娱的净资产如果跌至1.8亿以下，收购价格也可根据完成时的业绩向下调整。

从时间来看，《火星情报局5》是银河酷娱被阿里影业收购后为优酷 *** 的第二档节目，之一档为5月在优酷上线的独居生活观察类真人秀《看我的生活》。

该节目与爱奇艺《我要这样生活》、腾讯视频《让生活好看》同样聚焦“独居”这一现代年轻人的潮流生活方式，采取的也都是“演播室+真人秀”的观察形式，且同在今年5月播出。

同档同主题对垒，《看我的生活》口碑不及《让生活好看》，话题热度不及《我要这样生活》，没有制造出惊喜。

接下来，如果《火星情报局5》无法翻盘，无论这两档节目谁成为支付对应综艺，银河酷娱能获得的实际支付金额很可能都不会太理想。

庆幸的是，银河酷娱已经开拓了自己的剧集版图，为优酷 *** 的两档新综艺《现身吧！嫌疑人》《宇宙打歌中心》也有望在今年上线播出。

▼

剧综双行，破局可期？

银河酷娱靠综艺发家，但主体业务涵盖综艺、影视、短视频、艺人经纪、IP衍生五大版块，而且，这些都将被一并纳入阿里体系。

2019年，银河酷娱和华晨美创承制的小成本古装甜宠剧《一夜新娘》在《鹤唳华亭》《庆余年》《大明风华》三部古装大IP的“合围”下仍脱颖而出，播出第二天在猫眼 *** 剧全网热度榜上的热度就超越了《鹤唳华亭》直追《庆余年》。

今年，公司与芒果TV共同出品的都市爱情偶像剧《奈何BOSS又如何》虽未能延续前作的话题热度，但在同期网剧中依旧称得上亮眼。

目前，其为优酷新 *** 的古装甜宠网剧《清落》、新年轻美学都市偶像剧《一不小心捡到爱》都已杀青，另一部古装爱情剧《妙偶天成》进入筹备阶段，预计今年12月开机。

此外，依据公司高级副总裁朱琰早前的采访，银河酷娱后续还将筹备 *** 《侠客行不通》《隐擎》《暗网迷踪》等剧，布局和深耕年轻女性向、创新喜剧向、独有类型向这三条生产赛道。

在艺人经纪板块上，旗下艺人赵露思在今年凭借《三千鸦杀》《传闻中的陈芊芊》《我，喜欢你》赢得了不俗的曝光度，并拿到了华策大IP古装剧《长歌行》的女二号。不仅如此，《一不小心捡到爱》的女主、综艺《现身吧！嫌疑人》官宣的首个常驻嘉宾也为赵露思。

《现身吧！嫌疑人》模式上与《明星大侦探》相似，节目嘉宾参与两天一夜的剧本杀，根据自己得到的剧本和场景中的线索进行推理，凶手需要隐藏自己的真实身份，其他嘉宾相互配合找到凶手。

同样有望在今年上线的新综艺《宇宙打歌中心》定位为阵营对抗竞演音乐秀，节目会邀请两位新歌宇航员，分别担任队长，每期带领6位歌手组队battle。

或许这些新项目能给银河酷娱带来更多想象力，但在复杂多变的网生市场里，银河酷娱想走出困局并走向新高峰，恐怕不会那么容易。

2018年iOS十大赚钱APP，真的有看起来那么赚钱吗？

近日，一份由外媒报道的2018年iOS收入更高的十款APP榜单在全网范围内传播，中国APP占半数。

排名首位的Netflix通过iOS平台获得的订阅收入高达7.9亿美元，一路领跑TOP 10榜单。随后是腾讯视频（4.90亿美元）和美国版探探Tinder（4.62亿美元）。根据这份榜单的数据来看，仅仅iOS订阅这一项收入就如此可观，自然是令业内各大应用程序厂商羡慕不已。

但高收入并不一定意味着高盈利，高额收入背后的巨额开支更值得关注。同时，在此份TOP 10榜单中，订阅类APP（支付包月会员费）占据主导地位， 游戏 类APP这位氪金大佬却并未出现在此份榜单中，即使连火爆全年的吃鸡手游也不见踪影，而其他看似吸金能力稍逊一筹的APP却意外上榜。

以上反差的现象也引起互联网视的思考，这份2018年iOS十大赚钱APP榜单，真的有看起来那么赚钱吗？

接下来本文将结合榜单上的三大类APP（视频、社交、音乐）在2018以及近几年中的具体财务营收状况，分析目前发展趋势，从中得出一个更加准确的判断。

在这份TOP 10榜单中，视频类APP牢牢占据了半壁江山，而国内用户熟知的优爱腾三兄弟也都跻身榜单之中。诚然，包月订阅的会员制度已经成为了互联网视频网站营收的一大主要来源。但即使称霸高收入榜单，互联网视频网站背后的收支现状却并没有那么好看。

从2017年10月开始，互联网视频巨头Netflix陆续发行3次融资债券，总计金额高达55亿美元，主要用处就是为了应对不断高涨的内容成本。无独有偶，11月29日爱奇艺发布公告，计划发行5亿美元可转换优先债券，随后，融资金额从5亿美元提升至7.5亿美元。“销金窟”成为了互联网视频行业的代名词，高昂的内容成本成为了难以翻越的大山。

通过优爱腾Q3季度披露的财报，互联网视阈发现：在爱奇艺2018年Q3季度中，内容成本同比增长66%，达到60亿元，占总营业成本的78%，但与之并行的就是高达31亿元的净亏损，比上一季度继续扩大了10亿元，是去年同期亏损的三倍。而优酷与腾讯的情况亦不乐观：优酷所属的阿里巴巴“数字媒体和 娱乐 业务”在Q3季度中亏损48.05亿元，相比去年同期，多了将近15亿元；腾讯视频虽未公开具体财务状况，但在Q3季度中也并没有凸显出盈利优势。

以今夏热门宫斗剧《延禧攻略》与《如懿传》为例，网传《延禧攻略》海外版权费一集2万美金，而备受关注度《如懿传》则以900万一集的价格卖给腾讯视频，总销售价格达到8亿，海外版权费单集10万美金。但由于《延禧攻略》凭借抢占市场先机的播出时间与话题宣传，最终从收视率与关注度方面都领先于《如懿传》。而在《如懿传》押下重宝的腾讯视频，此番预测失误也或多或少导致在Q3季度难以拿出亮眼的剧集作品。

高昂的内容成本在一定程度上限制了优爱腾的发展，但一定程度上说，这种对于内容精耕带来的阵痛也会促使国内互联网视频网站向着良性的方向发展。以爱奇艺来说，虽然Q3季度由于内容 *** 带来的亏损达到去年同期的三倍，但收入方面也突破69亿元人民币，同比增长48%。同期，内容分发业务和体现生态业务货币化能力的其他收入同比分别增长220%和157%。

而在这一赛道的资深选手Netflix，却早已在“完全付费会员制”的商业模式下走上了盈利之路。虽然Netflix也会通过发行融资债券的方式来筹集资金用于内容 *** ，但凭借成熟的付费会员制度，Netflix在Q3达到39.99亿美元总营收，净利润4.03亿美元、较去年同期增长210%。而这也得益于Netflix在全球范围内精耕的1.3亿会员用户，以及持续精品内容的产出。

除去视频类APP的高占有率，以Tinder和 *** 为代表的社交类APP在此份榜单中亦占据两席。其中被称作“美国陌陌”的Tinder表现更是尤为亮眼，仅次于两大视频类APP。

11月初，Tinder的母公司Match Group发布Q3财报，结果显示，公司第三季度营收达到4.44亿美元，同比增长29%，超出分析师预计的4.37亿美元营收。

随着陌生人社交越来越火爆，Tinder在国外的地位亦受到威胁。今年5月，社交老大哥Facebook新增的陌生人社交功能Facebook Dating，它在为你匹配新的好友的同时，鼓励用户更多参加线下活动，交互功能直接对标Tinder。此功能一经推出，Tinder的母公司Match Group股价便大跌22.09%。但在Match Group公布Q3财报后，美国 科技 媒体TechCrunch称Facebook Dating并未对Tinder构成任何威胁。由于双方并未发布具体的对比数据，是否构成威胁本文暂且不表，但可以看得出来在陌生人社交仍然是当下的社交新贵。

2013年初，Tinder上线，凭借“不喜欢的向左滑，喜欢的向右滑”创新型的社交模式，彻底改变了年轻人网上交友的逻辑，具备相似交互模式的社交APP陌陌也是一度成为了国内年轻人的社交新宠。

但与Tinder在国外混的风生水起似乎有些不同，国内的陌陌却站在了命运的十字路口。

12月6日，陌陌Q3财报公布，其中净收入达到5.36亿美元，同比增长51%。但在收入增长的背后，隐藏着陌陌成本高速支出的危机。财报中还显示：Q3陌陌的成本和费用达4.421亿美元，较去年同期增长了66%。而在此轮财报公布之前，陌陌却深陷负面新闻之中。

12月4日，仅在Q3公布两天前，有媒体报道，通过“暗网”出售陌陌账号信息，3000万条仅50美元。消息一出，舆论哗然，连续两天霸占微博热搜榜。屋漏偏逢连夜雨，随后美国投资咨询公司J Capital通报陌陌存在“循环营收”，即通过给用户打赏返现为直播营收“注水”。而此消息直接影响陌陌股价暴跌，截止发稿日陌陌股价已经跌到三个月以来的更低水平。

而最让陌陌头疼的，还是其成本支出增速远高于营收增速的本质问题。

通过梳理Q3财报，互联网视阈发现直播业务已经成为陌陌现阶段占比更高的收入来源，直播服务营收27.69亿元（约4.069亿美元），与去年同期的20.18亿元（约3.026亿美元）相比增长了34%。但从行业大环境来看，直播领域的风口已经接近天花板，未来再有突破性增长已是难事。

而随着抖音、快手等短视频APP的崛起，陌陌已经不再具备新宠的吸引力。再加上屡屡爆出的负面消息，以及国家 *** 监督的持续收紧，陌陌已经站在了做出抉择的十字路口。

反观国外的Tinder，没有如陌陌一样跟风引入直播等互动功能，而是专注做一款满足快餐化 情感 需求的应用。2017年下半年，Tinder近日率先在iOS端推出了黄金会员功能，为付费用户提供更高级别的用户体验。在Tinder Plus会员的基础之上，用户需要每月再支付5美元成为Tinder Gold黄金会员，其中包括国内陌陌没有的无限制点赞、每月置顶功能等。

截至2018年Q3季度，Tinder的总付费用户人数已经达到410万人，相比第二季度的380万人有所增长，订阅的会员费制度让Tinder的财务状况保持 健康 发展的状态。

值得一提的，Tinder的会员收费模式是根据用户的年龄来判断的，年龄越大的需要支付更高的费用。官方的解释是年轻用户的收入较低，但真正的意图恐怕是尽可能剔除“低吸引力用户”。而这也映射出社交APP若想真正发挥用户的商业价值，必须针对其本质属性下手，这一点值得国内其他社交APP学习。

Pandora作为TOP 10榜单中唯一出现的音乐类APP，虽已经没有刚出道时的风光无限，但在2018年Q3财报中还是挣回了一些当初的荣光。

11月6日，据美国 娱乐 媒体Variety报道，流媒体音乐提供商Pandora发布的Q3财报中显示：Pandora当季营收约为4.176亿美元，未调整净亏损1550万美元，对比该公司去年同期营收为3.7864亿美元，营收情况有所好转。在Pandora此份Q3财报中的重点在于订阅业务的大幅增长：虽然Pandora的付费产品规模仍然远小于Spotify和Apple Music，付费订户仅为680万。但订阅收入却同比大幅增长49%，当季总金额为1.2577亿美元，财报中也显示当季营收中的30%来自付费订阅服务。

曾几何时，在2000年Pandora正式上线之时，凭借其精准的个性化推荐和简洁易用的用户体验迅速吸引了大批用户，被认为“重塑了传统电台”，并最终在2012年11月成功上市。但好景不长，上市后的Pandora却频频遭遇水逆，股价一路狂跌。

截止2017年年底，Pandora累计亏损将逼近10亿美元。对比营收方面，Pandora增速尤为缓慢，在2017年Q4季度，Pandora的广告营收在该季度只有2.977亿美元，同比去年的3.133亿美元有所下降。花的比赚的多，成为了困扰Pandora的一大魔咒。

当然，Pandora不会放任如此亏损而坐视不管，为了扩大付费用户、增加营收，Pandora也做了很多努力。在2015年11月中旬，Pandora宣布以7500万美元收购了申请破产的音乐流媒体服务品牌Rdio的核心资产，并在2016年9月推出了针对原有Pandora One服务的升级版Pandora Plus，定价仍为4.99美元/月，但增加了更多的跳过次数和重新播放等功能。

随后在2017年4月，推出9.99美元/月的付费订阅服务Pandora Premium，同样走起了会员付费制度，直接对标自己的老对头——流媒体音乐平台Spotify。但在早期的会员付费制度并没有收到用户们的正面反响，2017年之一季度Pandora只转化出了471万的付费用户，而对比去年同期393万付费用户，一年的付费会员推广制度下只争取到78万的付费用户。

这一窘境在今年终于有所缓解，在2018年Q2财报中显示，Pandora Plus和Pandora Premium的订阅用户增加了35.1万，截止6月底Pandora付费会员约为600万，同比增长了23%。

虽然已经出现希望的曙光，但由于不断高涨的版权成本以及相对有限的付费体量，Pandora选择不再单打独斗，今年9月末宣布以35亿美元被Sirius XM收购。

收购Pandora将使SiriusXM成为全球更大的音频 娱乐 公司，预计2018年的总收入将超过70亿美元。该交易将汇集SiriusXM在北美的3600万用户和Pandora每月7000多万活跃用户。

反观国内市场，各大在线音乐平台也是厮杀火热。自音乐版权意识在国内逐渐普及，国内音乐平台的格局就进入了一种“白热化”的竞合状态。各家在音乐版权、音乐人IP上的你争我夺，其中一个最重要的目标，就是为融资以及未来上市做准备。

而这在这其中率先杀出重围的腾讯音乐，作为国内首家成功 探索 音乐付费模式的公司，营收来源较为多元化，主要分为在线音乐服务（付费订阅、数字专辑）和社交 娱乐 付费（虚拟礼物、增值会员）两大板块。2018年Q2在线音乐服务的付费用户从2017年Q2的1660万增长至2330万，社交 娱乐 付费用户从710万增长至950万。

基于背后强大的腾讯文娱生态帝国，腾讯音乐与Pandora、Spotify等流媒体音乐网站有着较大的区别：后者是靠着强大的版权曲库以及成熟的会员付费模式，以Spotify为例，其提供的服务分为免费和付费两种，免费用户在使用Spotify服务时将 *** 播一定数量的广告。付费用户则没有广告，且可以拥有更好的音质，在移动设备上使用时也可以拥有所有功能。

截至2018年Q2季度，Spotify的订阅收入13.71亿美元，占比高达91%，另外广告收入占比9%。而腾讯音乐身上强大的社交基因使得其自一开始出道就存在感极强，这点在腾讯系社交与 游戏 APP中皆可体现。而在未来，这种新型音乐社交生态能否成为音乐APP新的盈利方向，就只有拭目以待了。

通过分析此份TOP 10榜单中出现的三大类APP后，互联网视阈发现榜单中有几款APP并没有想象中的那么“赚钱”，部分甚至是刚刚从营收亏损的局面中扭转过来，勉强刚刚及格，因此带着存疑，我们对于榜单的来源进行了更深入的求证。

通过求证发现，此份TOP 10榜单是由Business Insider网站整理Sensor Tower研究所从2018年1月——11月底发布的原始数据，编辑汇总完成。

在Sensor Tower网站公告中，互联网视阈发现每月例行发布的榜单往往有三个排名维度：总榜、APP Store榜以及Google Play（对接国外安卓商店）榜。

Sensor Tower网站公告中APP榜单只更新到2018年11月

值得一提的是，由于中国地区没有接入Google Play，所以Google Play不会出现中国APP。而考虑到Google Play会分流一部分国外用户，留存在APP Store上的大多数可能是中国用户？

那是否可以说明，为何此份2018年iOS收入更高的十款APP榜单里中国系APP横扫5席之多？

与此同时，在Sensor Tower惯例发布的APP榜单中， 游戏 类与非 游戏 类APP向来是独立的两个榜单。因此也可以解释在TOP 10榜单中为何 游戏 类APP如人间蒸发，不见踪影。而在11月发布的 游戏 营收榜单中，我们也看到了熟悉的吃鸡与王者荣耀等爆款手游。

综上，互联网视阈认为此份TOP 10榜单，在某种程度上确实反映出的是2018年十大APP类型的一种趋势，但走过对于互联网产业来说格外跌宕起伏的2018后，究竟谁赚到盆满钵满、谁赔得血本无亏，还待正式榜单的揭晓。（本文首发钛媒体）

更多精彩内容，关注钛媒体微信号（ID：taimeiti），或者下载钛媒体App

读英语～暗网HowDutchPoliceTookOverHansa,aTopDarkWebMarketWIRED

For anyone who has watched the last few years of cat-and-mouse games on the dark web's black markets, the pattern is familiar: A contraband bazaar like the Silk Road attracts thousands of drug dealers and their customers, along with intense scrutiny from police and three-letter agencies. Authorities hunt down its administrators, and tear the site offline in a dramatic takedown—only to find that its buyers and sellers have simply migrated to the next dark-web market on their list.

️️️️️️️️️️️️️️️️️️️So when Dutch police got onto the trail of the popular dark-web marketplace Hansa in the fall of 2016, they decided on a different approach: Not a mere takedown, but a takeover.

In interviews with WIRED, ahead of a talk they plan to give at Kaspersky Security Analyst Summit Thursday, two Netherlands National High Tech Crime Unit officers detailed their 10-month investigation into Hansa, once the largest dark-web market in Europe. At its height, Hansa's 3,600 dealers offered more than 24,000 drug product listings, from *** e to MDMA *** to *** , as well as a *** aller trade in fraud tools and counterfeit伪造 documents. In their probe into that free-trade zone, which would come to be known as Operation Bayonet, the Dutch investigators not only identified the two alleged所谓的 administrators of Hansa's black market operation in Germany, but went so far as to hijack the two arrested men's accounts to take full control of the site itself.

'We thought maybe we could really damage the trust in this whole system.'

Marinus Boekelo, NHTCU

The NHTCU officers explained how, in the undercover work that followed, they surveilled监控 Hansa's buyers and sellers, discreetly altered the site's code to grab more identifying information of those users, and even tricked dozens of Hansa's anonymous sellers into opening a beacon file信标文件on their computers that revealed their locations. The fallout of that law enforcement coup, the officers claim, has been one of the most successful blows against the dark web in its short history: millions of dollars worth of confiscated bitcoins没收的比特币, more than a dozen arrests and counting of the site's top drug dealers, and a vast database of Hansa user information that authorities say should haunt anyone who bought or sold on the site during its last month online.

"When a dark market is taken down, everyone goes to the next one. It's a whack-a-mole effect," says Marinus Boekelo, one of the NHTCU investigators who worked on the Hansa operation. By secretly seizing control of Hansa rather than merely unplugging it from the internet, Boekelo says he and his Dutch police colleagues aimed not only to uncover more about Hansa's unsuspecting users, but to deal a psychological blow to the broader dark-web drug trade. "We thought maybe we could really damage the trust in this whole system," he says.

While the Hansa takeover at times involved the close cooperation of American and German law enforcement, neither the US Department of Justice nor the German Federal Criminal Police Office responded to WIRED's requests for comment, leaving some elements of the NHTCU's account without independent confirmation. What follows is the Dutch police's own, candid description of their experience digging into—and ultimately running—one of the world's top online *** s trafficking operations.

Pulling Loose Threads

Despite its dramatic turns, the Hansa investigation started in a traditional fashion: with a tip. Security researchers believed they had found a Hansa server in the Netherlands data center of a web-hosting firm. (Security firm BitDefender has claimed some involvement in the Hansa operation. But the NHTCU declined to reveal the name of the security company or the web-hosting firm, along with several other details they say they're keeping under wraps to protect methods and sources. Even the names of the two German men charged with running Hansa remain secret, since German law protects the names of prosecuted individuals until their trial.)

As Boekelo tells it, the security firm had somehow found Hansa's development server, a version of the site where it tested new features before deploying them in the live version that handled its formidable load of thousands of visits from drug shoppers every day. While the live Hansa site was protected by Tor, the development server had somehow been exposed online, where the security firm discovered it and recorded its IP address.

Gert Ras (left) and Marinus Boekelo (right).

Manuel Velásquez Figueroa

The Dutch police quickly contacted the web host, demanded access to its data center, and installed network-monitoring equipment that allowed them to spy on all traffic to and from the machine. They immediately found that the development server also connected to a Tor-protected server at the same location that ran Hansa's live site, as well as a pair of servers in another data center in Germany. They then made a copy of each server's entire drive, including records of every transaction performed in Hansa's history, and every conversation that took place through its anonymized messaging system.

Even that massive security breach shouldn't have necessarily exposed any of the site's vendors or administrators, since all of Hansa's visitors and admins used pseudonyms, and sites protected by Tor can only be accessed by users running Tor, too, anonymizing their web connections. But after poring through the contents of the servers, the police found a major operational slip-up: One of the German servers contained the two alleged founders' chat logs on the antiquated messaging protocol IRC. The conversations stretched back years, and amazingly, included both admins' full names and, for one man, his home address.

Setting the Trap

Hansa's two suspected admins, the Dutch cops had discovered, were across the border in Germany—one 30-year-old man in the city of Siegen, and another 31-year-old in Cologne. But when the NHTCU contacted the German authorities to request their arrest and extradition, they discovered the pair were already on the radar of German authorities, and under investigation for the creation of Lul.to, a site selling pirated ebooks and audiobooks.

That gave the Dutch investigators an idea: Perhaps they could use the existing German investigation as cover for their own operation, letting the German police nab their suspects for e-book piracy and then secretly taking over Hansa without tipping off the market's users. "We came up with this plan to take over. We could use that arrest," says Gert Ras, the head of the NHTCU. "We had to get rid of the real administrators to become the administrators ourselves."

Just as the NHTCU's elaborate trap started to take shape, however, it was also falling apart: The Hansa servers the Dutch cops were watching suddenly went silent. Ras and Boekelo say they suspect that their copying of the servers somehow tipped off the site's admins. As a result, they had moved the market to another Tor-protected location, shuffling it in Tor's vast deck of anonymized machines around the globe. "That was a setback," Ras says.

Even then, remarkably, the Dutch cops didn't simply cut their losses, ask the Germans to arrest Hansa's administrators, and likely used clues from their computers to find the site's servers and shut them down. Instead, they decided to stick with their stealthy takeover plan, and spent the ensuing months poring over evidence—even as the site continued its brisk *** s trade—in an attempt to locate the Hansa servers again and quietly hijack them. Finally in April 2017, they got another lucky break: The alleged administrators had made a bitcoin payment from an address that had been included in those same IRC chatlogs. Using the blockchain *** ysis software Chainalysis, the police could see that payment went to a bitcoin payment provider with an office in the Netherlands. And when the police sent that bitcoin payment firm a legal demand to cough up more information, it identified the recipient of that transaction as another hosting company, this time in Lithuania.

Two For One

Not long after pinpointing those servers for the second time, the NHTCU learned of another surprising windfall: The FBI contacted them to tell them that they'd located one of the servers for AlphaBay, the world's most popular dark-web drug market at the time—far larger than Hansa—in the Netherlands. American investigators were closing in and wanted to pull the plug, just as the Dutch were planning to commandeer Hansa.

The Dutch police quickly realized that after AlphaBay was shut down, its refugees would go searching for a new marketplace. If their scheme worked, AlphaBay's users would flood to Hansa, which would secretly be under police control. "Not only would we get this effect of undermining the trust in dark markets, we'd also get this influx of people," Ras says. They'd be able to surveil a far larger portion of the dark-web economy, he says, and instill a sense in users that there was nowhere to hide. Even fleeing to another marketplace wouldn't let them escape law enforcement's reach.

With the pieces of the takeover plan in place, the Dutch police sent a pair of agents to the Lithuanian data center, taking advantage of the two countries' mutual legal assistance treaty. On June 20, in a carefully timed move designed to catch the two German suspects at the keyboard, the German police raided the two men's homes, arrested them, and seized their computers with their hard drives unencrypted. The Germans then signaled the Dutch police, who immediately began the migration of all of Hansa's data to a new set of servers under full police control in the Netherlands.

"We coordinated with the Germans, so that when they busted in the door we immediately started our action," says Boekelo. "We didn’t want to have any downtime."

Under questioning in a German jail, the two men handed over credentials to their accounts, including the Tox peer-to-peer chat system they had used to communicate with the site's four moderators. After three days, Hansa was fully migrated to the Netherlands and under Dutch police control. No users—or even those moderators—appeared to have noticed the change.

Total Control

For the next month, the Dutch police would use their position at the top of Europe's largest dark-web market to pull off increasingly aggressive surveillance of its users. They rewrote the site's code, they say, to log every user's password, rather than store them as encrypted hashes. They tweaked a feature designed to automatically encrypt messages with users' PGP keys, so that it secretly logged each message's full text before encrypting it, which in many cases allowed them to capture buyers' home addresses as they sent the information to sellers. The site had been set up to automatically removed metadata from photos of products uploaded to the site; they altered that function so that it first recorded a copy of the image with metadata intact. That enabled them to pull geolocation data from many photos that sellers had taken of their illegal wares.

The administrators' internal control panel for Hansa, showing a list of disputed sales that had been escalated from the site's four moderators.

NHTCU

As they tell it, the police eventually became so brazen that they staged a fake server glitch that deleted all the photos from the site, forcing sellers to re-upload photos and giving Dutch authorities another chance to capture the metadata. That ruse alone snagged the geolocated coordinates of more than 50 dealers.

In perhaps its most intrusive move of all, the NHTCU says it essentially tricked users into downloading and running a homing beacon. Hansa offered sellers a file to serve as a backup key, designed to let them recover bitcoin sent to them after 90 days even if the sites were to go down. The cops replaced that harmless text document with a carefully crafted Excel file, says Boekelo. When a seller opened it, their device would connect to a unique url, revealing the seller's IP address to the police. Boekelo says that 64 sellers fell for that trap.

Throughout the trickery, Hansa thrived under the NCHTU's secret control. The undercover agents had studied the logs of the real admins' conversations with their moderators and the site's users long enough to convincingly impersonate them, Ras and Boekelo say. In fact, a whole team of officers took turns impersonating the two admins, so that when disputes between buyers and sellers escalated beyond the moderators' authority, undercover agents were ready to deal with them even more efficiently than the real admins had. "The quality really went up," says Ras. "Everyone was very satisfied with the level of service they got."

Springing the Trap

That competence also made Hansa the natural destination when AlphaBay suddenly winked out of existence in early July of last year. As drug buyers became impatient, eventually more than 5,000 a day of them flocked to Hansa, eight times the normal registration rate, the NHTCU says—all of whom immediately fell under police surveillance.

One week after Alphabay first went down, the Wall Street Journal reported that the site's servers had been seized in a law enforcement raid and that its founder, Canadian Alexandre Cazès, had apparently committed *** in a Thai prison. The news threw the dark web community into chaos. The resulting flood of Alphabay refugees became so large that the NHTCU shut down new registrations for ten days. The police were bound by Dutch law to track and report every transaction occurring on the site under their control to Europol; with roughly 1,000 illegal transactions occurring every day on their watch, the paperwork was becoming unmanageable.

After AlphaBay's shutdown, users poured into Hansa, which was under the Dutch police's full control.

NCHTU

During their time as black market administrators, the Dutch police only banned one product on Hansa: the highly dangerous opioid Fentanyl. All other drugs on the site continued to flow freely, a circumstance over which Ras and Boekelo seem surprisingly unconflicted. "They would have taken place anyway," says Ras without hesitation, "but on a different market."

After 27 days and about 27,000 transactions, however, the NHTCU decided to hang up its ledger. It unplugged Hansa, replacing the site with a seizure notice and a link to the NHTCU's own Tor site showing a list of identified and arrested dark-web drug buyers and sellers. "We trace people who are active at Dark Markets and offer illicit goods or services," the site read. "Are you one of them? Then you have our attention."

Fallout

The Dutch police came away from their Hansa takeover with concrete rewards: They obtained at least some data on 420,000 users, including at least 10,000 home addresses, which they've turned over to Europol to be distributed to other police agencies around Europe and the world. Since the takedown, Ras says, they've arrested a dozen of Hansa's top vendors, with more arrests planned for coming weeks. They seized 1,200 bitcoins from Hansa, worth about $12 million by today's exchange rates. Since Hansa used bitcoin's multi-signature transaction function to protect funds from police seizure, that confiscation was only possible because the NHTCU had taken over the site and sabotaged its code to disable that feature during Hansa's last month online.

The Dutch police say they've also performed roughly 50 "knock-and-talks," in-person visits to buyers' homes to let them know they've been identified by their dark-web drug purchases, though they say only one high-volume buyer has been arrested so far. "We want people to be aware," says Ras. "We have the data. It's here, and it's not going away."

'Everyone was very satisfied with the level of service they got.'

Gert Ras, NHU

As for the operation's impact on the overall drug trade, the police point to a study by the Netherlands Organization for Applied Scientific Research, which found that the Hansa hijacking did have a significantly different outcome from previous dark-web takedowns. While most drug vendors who fled AlphaBay showed up soon after on other dark web drug sites, those who fled Hansa didn't—or if they did, they recreated their online identities thoroughly enough to escape recognition. "Compared to both the Silk Road takedowns, or even the AlphaBay takedown, the Hansa Market shut down stands out in a positive way," the report reads. "We see the first signs of game-changing police intervention."

Other dark-web trackers aren't so sure. Nicolas Christin, a researcher at Carnegie Mellon, says it's tough to measure the long-term impact of the Hansa operation, as drug buyers and sellers still flock to alternative sites like Dream Market, the new top dark-web drug site after Hansa and AlphaBay's de *** ise, and even to invite-only sites created by individual sellers. "I think in the short term, it created a lot of upheaval," Christin says. "Whether it was sustained, I really don't know."

As for Hansa's users themselves, opinion seems split. "Looks like I'll be sober for a while. Not trusting any markets," one user wrote on Reddit's darknet-focused forum the day the Hansa takedown was announced last summer.

But some insisted that the dark web would bounce back, even from the most elaborate sting operation it had ever seen. "Things will stabilize, they always do," that anonymous user wrote. "The Great Game of whack-a-mole never ends."

Caught in the Dark Web

If you thought the Hansa story was intense, wait until you read about how Silk Road went down

Also, anyone paying for drugs online with bitcoin should know they may not have covered their tracks as well as they thought

When AlphaBay and Hansa both went offline, the dark web descended into chaos

This story has been updated to include BitDefender's claim of involvement.