The FBI has long been known for infiltrating criminal gangs in order to bring them down. However, the bureau has increasingly sought to infiltrate the murky world of cybercrime, using its agents to embed with—and even fully operate—digital criminal organizations.
Case in point: 404 Media reports that the FBI spent nearly a year operating a dark web money laundering operation that was called “ElonmuskWHM.” That criminal business, which was often advertised on the dark web forum White House Market or WHM, allowed cybercriminals to “cash out” cryptocurrency that had been elicited via criminal schemes. “Elonmusk”‘s customers, who were drug traffickers and hackers, would send the business their crypto, and then the operator would send them cash in the mail. “Elonmusk” would take a 20 percent fee for its services. 404’s reporter, Joseph Cox, writes:
A 404 Media review of hundreds of pages of court documents, ElonmuskWHM’s online posts, and other research reveals the contours of that FBI operation for the first time. It solidifies the idea that the FBI is willing to provide criminals with the infrastructure needed for their schemes, sometimes for extended periods of time, if it provides an avenue to investigate them.
By perusing those court documents, Cox was able to understand the indispensable service the business provided to the digital criminal underground. He explains:
This service’s utility in the criminal underworld cannot be overstated. Companies who allow the trading of cryptocurrency for fiat in the United States have to be registered with the government as a money transmitting business. Those companies, in turn, are legally required to collect identifying information about their users, much in the same way as an ordinary bank. This is an issue for criminals because if they sign up to more legitimate exchanges such as Binance or Coinbase, they will need to provide their ID. And those exchanges will hand over that information to the authorities if presented with a court order. ElonmuskWHM offered an anonymous alternative, no ID needed.
The government began to investigate the service in 2021, recruiting the Postal Service to help it probe the cash shipments being made between cybercriminals and the operator. Investigation showed that “nearly $90 million worth of cryptocurrency” traveled through ElonmuskWHM’s network, and, at one point, the operator boasted of making as much as $30 million from his business. Eventually, police found and arrested that conspirator, a 30-year-old Indian national named Anurag Pramod Murarka. They then took over the site.
The feds operated ElonmuskWHM for approximately 11 months, according to Gabrielle Dudgeon, a public affairs specialist at the U.S. Attorney’s Office for the Eastern District of Kentucky, who spoke to Cox about the operation. The site’s co-option apparently allowed the feds to understand ties between the service and “drug trafficking prosecutions including one in Miami, Florida, a robbery at knife point investigation in San Francisco, California, and numerous computer hacking investigations, including some that derived multiple millions of dollars in criminal proceeds,” according to court documents viewed by Cox.
Cox adds that the FBI also went to “extreme, and likely unconstitutional, steps to unmask the operator of ElonmuskWHM, including demanding Google turn over identifying information about everyone who watched a certain YouTube video over an eight day period.” Murarka was sentenced in January to 121 months in prison, a press release from the DOJ reads.
Gizmodo reached out to the Justice Department for more information.
This is only the latest example of the government clandestinely infiltrating cybercriminal operations in order to understand their structure and probe their customers. Cox previously wrote a book about the FBI’s outlandish “Trojan Shield” operation, which saw the agency co-opt and run an encrypted phone company, ANOM, which is said to have sold devices exclusively to career criminals. ANOM allowed the bureau to monitor some 11,800 devices in 90 countries, providing a window into high-level criminal activity by as many as 300 transnational crime organizations.
The FBI also previously hacked and infiltrated a ransomware gang known as “Hive,” which was involved in numerous destructive malware attacks. That operation, announced in January of 2023, allowed the agency to monitor the gang’s activities, gather information about its business model, and ultimately identify its victims.