Source: US State Government of Utah
WASHINGTON — Today, the Attorney General and the Department of Justice’s Joint Criminal Opioid and Darknet Enforcement (JCODE) team, and international law enforcement partners announced the results of Operation RapTor, including the arrests of 270 dark web vendors, buyers, and administrators in Austria, Brazil, France, Germany, the Netherlands, South Korea, Spain, Switzerland, the United Kingdom, and the United States. Operation RapTor resulted in the highest number of seizures of any JCODE operation, including more than $200 million in currency and digital assets, over two metric tons of drugs, 144 kilograms of fentanyl or fentanyl-laced narcotics, and over 180 firearms.
Operation RapTor was a global, coordinated effort by law enforcement in the United States, Europe, South America, and Asia to disrupt fentanyl and opioid trafficking, as well as the sales of other illicit goods and services, on the darknet, or dark web. Operation RapTor builds on the successes of prior years’ operations and takedowns of marketplaces, which resulted in the seizure of darknet infrastructure from Nemesis, Tor2Door, Bohemia, and Kingdom Markets, providing investigators across the world with investigative leads and evidence. JCODE and Europol’s European Cybercrime Centre (EC3) continue to compile intelligence packages to identify entities of interest. These leads allow U.S. and international law enforcement agencies to identify darknet drug vendors and buyers, resulting in a series of coordinated, but separate, law enforcement investigations, reflected in the statistics announced today. In furtherance of Operation RapTor and in its first action as a JCODE member agency, the Office of Foreign Assets Control (OFAC) additionally sanctioned Iranian national Behrouz Parsarad for his role as the founder and operator of Nemesis Market following seizure of the market. Parsarad was also indicted by a federal grand jury on drug trafficking charges related to the illegal business he ran on the dark web.
“This historic international seizure of firearms, deadly drugs, and illegal funds will save lives,” said Attorney General Pam Bondi. “Criminals cannot hide behind computer screens or seek refuge on the dark web – this Justice Department will identify and eliminate threats to the American people regardless of where they originate.”
“By cowardly hiding online, these traffickers have wreaked havoc across our country and directly fueled the fentanyl crisis and gun violence impacting our American communities and neighborhoods. But the ease and accessibility of their crimes ends today,” said FBI Director Kash Patel. “The FBI could not do this work without our partners both at home and abroad, and the staggering success of this year’s record-breaking amount of fentanyl, guns, and drugs seized prove that our efforts are working. Anyone looking to anonymously harm our citizens through illicit darknet trafficking: your days of recklessness are numbered.”
“These predators who peddled poison on the dark web might have thought they are untouchable — hiding behind screens, pushing fentanyl, fueling overdoses, and cashing in on misery. However, Operation RapTor just proved them wrong,” said DEA Acting Administrator Robert Murphy. “DEA and our global partners reached across borders, across platforms, and across currencies to rip their networks apart. Let this stand as a warning: no mask, no marketplace, and no digital wallet can hide you from facing justice.”
“Operation RapTor shows that the dark web is not beyond the reach of law enforcement,” said Head of Europol’s European Cybercrime Centre, Edvardas Šileris. “Through close cooperation and intelligence sharing, officers across three continents identified and arrested suspects, sending a clear message to those who think they can hide in the shadows. Europol will continue working with our partners to make the internet safer for everyone.”
“This unprecedented operation is a testament to the power of global partnership and the unwavering dedication of our team,” said Chief Guy Ficco of IRS Criminal Investigation (IRS-CI). “Working through the JCODE initiative, IRS Criminal Investigation and our international partners led the largest and most impactful takedown to date—seizing over $200 million in assets, removing deadly drugs and weapons from circulation, and holding more than 270 individuals accountable. This critical strike against dark web networks fueling the fentanyl crisis marks a proud moment in our ongoing effort to protect communities worldwide.”
“This record-breaking operation sends a clear message to every trafficker hiding behind a screen—your anonymity ends where our global reach begins,” said Acting Director Todd Lyons of U.S. Immigration and Customs Enforcement (ICE). “Thanks to the unwavering efforts by ICE’s Homeland Security Investigations (HSI), Europol and our international partners, we’re cracking the code of the so-called ‘safe spaces’ for cybercriminals—they are in our sights and we’re not backing down.”
“Operation RapTor shows what’s possible when the U.S. Postal Inspection Service and our partners around the world stand united,” said Chief Postal Inspector Gary Barksdale of the United States Postal Inspection Service. “No matter where criminals hide, we will find them, dismantle their operations, and bring them to justice. This operation was about protecting innocent people from predatory criminals who profit from violence, addiction, and fear. Our commitment is unwavering.”
“The FDA is committed to continuing its work to disrupt and dismantle the illegal sales of drugs on the dark web, where such sales far too often have tragic consequences,” said Deputy Director Chad Menster of the Food and Drug Administration’s Office of Criminal Investigations (FDA OCI). “We will continue to monitor, investigate and bring to justice those who misuse the internet in a quest for profits with reckless disregard for the risk to public health and safety.”
The impact of Operation RapTor can be attributed to the tireless work of U.S. and international law enforcement partners. For example:
On Dec. 16, 2024, Rui-Siang Lin pleaded guilty to charges brought by the U.S. Attorney’s Office for the Southern District of New York of narcotics conspiracy, money laundering, and conspiracy to sell adulterated and misbranded medication for owning and operating Incognito Market, one of the largest narcotics marketplaces on the internet.
According to court documents and statements made in court, Incognito Market was an online narcotics bazaar that started on the dark web in October 2020. Until it shut down in March 2024, Incognito Market sold more than $100 million of narcotics—including hundreds of kilograms of cocaine and methamphetamine. Incognito Market was available globally to anyone with internet access using the Tor web browser on the “dark web” or “darknet.” Incognito Market was designed to facilitate seamless narcotics transactions, incorporating many features of legitimate e-commerce sites such as branding, advertising, and customer service. Upon visiting the site, users were met by a splash page and graphic interface, which is pictured below:
Figure 1: Incognito Market homepage
While concealing their identities with a unique username or “moniker,” users were able to search thousands of listings for narcotics of their choice. Incognito Market sold illegal narcotics including heroin, cocaine, LSD, MDMA, oxycodone, methamphetamine, ketamine, and alprazolam, as well as misbranded prescription medication. An example of listings on Incognito market is below:
Figure 2: Listings for various drugs on the Incognito Market.
Listings included offerings of prescription medication that was falsely advertised as being authentic. For example, in November 2023, while operating in an undercover capacity on Incognito Market, a law enforcement agent purchased and received several tablets purported to be oxycodone. Testing revealed that these tablets were not oxycodone and were, in fact, fentanyl pills.
The FBI, HSI, DEA, FDA OCI, and the New York Police Department investigated the case.
In a second example, in January 2025, the U.S. Attorney’s Office for the Central District of California secured a 17-year sentence for Adan Ruiz, of Orange County, and a 15-year sentence for Omar Navia, of Los Angeles, for supplying fentanyl-laced pills to a drug trafficking ring that sold these drugs to more than 1,000 customers nationwide via the darknet. In imposing the sentences, U.S. District Judge David O. Carter called this case “the most sophisticated fentanyl distribution ring that this court has seen.”
Navia and Ruiz admitted in their plea agreements that, from at least August 2021 to December 2022, they supplied fentanyl-laced pills to Michael Ta, 26, of Westminster, and Rajiv Srinivasan, 38, of Houston, who used the darknet and encrypted messaging applications to sell more than 120,000 fentanyl-laced pills, 20 pounds of methamphetamine, and other drugs directly to more than 1,000 customers in all 50 states, causing several fatal overdoses.
According to court documents and statements made in court, Srinivasan and Ta used the “redlightlabs” darknet account to advertise and sell counterfeit M30 oxycodone pills containing fentanyl and other illicit drugs. Srinivasan also used the encrypted messaging application Wickr to communicate with and sell drugs to customers. Srinivasan received virtual currency as payment for the drugs and then routed that virtual currency through cryptocurrency exchanges.
The court record also shows that Ta communicated with Srinivasan about drug orders, obtained fentanyl-laced pills and methamphetamine from sources of supply, stored those drugs in his residence, and mailed out packages with drugs to customers who had ordered them from Srinivasan on the “redlightlabs” account.
Ta and Srinivasan admitted in their plea agreements to causing the fentanyl overdose deaths of three victims. Both defendants further admitted to distributing fentanyl-laced pills to two additional victims, both of whom suffered fatal drug overdoses shortly after they received the pills from Ta and Srinivasan. Prosecutors wrote in a sentencing memorandum, “The five victims of defendants’ crimes ranged in age from 19 to 51. They lived across the country, from California to Florida, Colorado to Arkansas. Each of the five victims leaves behind a family that has been forever and fundamentally changed by defendants’ actions. [Ta and Srinivasan] also victimized countless others as part of an epidemic of addiction and despair plaguing our district and our country.”
The FBI investigated this case, with substantial assistance from the U.S. Postal Inspection Service (USPIS), the DEA’s Fayetteville Resident Office, and the Northern Colorado Drug Task Force.
In a third example, in February 2024, the U.S. Attorney’s Office for the Eastern District of Virginia charged Joshua Vasquez, Joseph Vasquez, and Rafael Roman by criminal complaint with conspiracy to distribute 500 grams or more of methamphetamine. Joshua Vasquez, Joseph Vasquez, and Roman conspired to sell counterfeit Adderall containing methamphetamine on darknet markets such as Bohemia and Tor2Door. The defendants allegedly sold drugs on darknet marketplaces in exchange for cryptocurrency under the monikers “NuveoDelux,” “Mrjohnson,” and “AllStateRx.”
According to court documents and statements made in court, these three prolific darknet vendors were collectively responsible for fulfilling over 13,000 drug orders shipped throughout the United States, ranging in size from user quantities, e.g., 5 pills, to “reseller” quantities, e.g., 10,000 pills. Joshua and Joseph Vasquez collectively ran the NuveoDeluxe and AllStateRx accounts. A fourth co-conspirator, Gregory Castillo-Rosario, who was arrested in October 2024, ran the Mrjohnson account. Roman assisted his co-conspirators by pressing counterfeit Adderall pills, packaging them, and distributing drug orders into the mail using the U.S. Postal Service. The conspiracy also laundered funds associated with darknet drug proceeds.
While executing search warrants in New Jersey and New York, federal law enforcement officers seized more than $330,000, close to 80,000 counterfeit Adderall pills, one firearm, and two industrial pill press machines. Additionally, two vehicles and several pieces of property were seized during the search warrants. An additional 30 kilograms of suspected counterfeit Adderall pills were seized on May 2, 2024, in New York. Photographs of some of the seized items are below:
Figure 3: Counterfeit Adderall pills laced with methamphetamine stored in 5-gallon buckets
Figure 4: Bags ready to be shipped to customers nationwide.
Figure 5: Illegal pill press machines used by drug traffickers to make counterfeit pharmaceutical pills.
Figure 6: Trash bags full of counterfeit Adderall pills laced with methamphetamine.
Joshua Vasquez pleaded guilty on April 24, 2024, and was sentenced on July 25, 2024, to 12 years in prison. Joseph Vasquez pleaded guilty on April 15, 2024, and was sentenced on Aug. 8, 2024, to 10 years in prison. Roman pleaded guilty on May 30, 2024, and was sentenced on Nov. 14, 2024, to 10 years in prison. They all pleaded guilty to conspiracy to create a counterfeit substance and distribute 500 grams or more of a mixture and substance containing methamphetamine.
The FBI, FDA, and USPIS investigated this matter with significant contributions from DEA, HSI, the Ocean County Sheriff’s Office, the Howell Township Police Department, the Lakewood Township Police Department, the Orlando Police Department, the Orange County Sheriff’s Office, the Arlington County Police Department, and the New York Police Department.
In a fourth example, a San Fernando Valley man, Brian McDonald, 23, was sentenced to more than 20 years in federal prison in the Central District of California for using darknet marketplaces to sell hundreds of thousands of dollars’ worth of fentanyl-laced pills and cocaine to buyers nationwide. He admitted in court documents to causing one fatal fentanyl overdose.
From at least April 2021 until May 2023, McDonald and others conspired to sell fentanyl and cocaine via multiple darknet marketplaces. McDonald operated under the monikers “Malachai Johnson,” “SouthSideOxy,” and “JefeDeMichoacan.” McDonald created, monitored, and maintained the darknet vendor profiles, including by updating drug listings and shipment options, tracking drug orders, and offloading Monero cryptocurrency received as drug deal payments into cryptocurrency wallets that McDonald controlled.
McDonald recruited and hired accomplices to help package and ship the narcotics they sold on the darknet. McDonald directed and helped these accomplices package and ship the narcotics. McDonald purchased bulk quantities of fentanyl and cocaine and then directed others to complete hundreds of drug sales involving large quantities of both fentanyl and cocaine.
The FBI and DEA investigated this matter.
Operation RapTor involves law enforcement actions taken by JCODE member agencies, including the DEA, FBI, FDA OCI, HSI, IRS-CI, and USPIS. Credible reporting from the referenced agencies, in addition to contributions from ATF, Army Criminal Investigation Division, Customs and Border Protection, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and OFAC, and Naval Criminal Investigative Service, enabled domestic law enforcement actions in support of Operation RapTor. State, local, and other federal agencies also contributed to Operation RapTor investigations through task force participation and regional partnerships, as well as the multi-agency Special Operations Division.
The investigations leading to Operation RapTor were significantly aided by support and coordination from the Criminal Division’s Narcotic and Dangerous Drug Section and Computer Crime and Intellectual Property Section, with valuable assistance from the Criminal Division’s Money Laundering and Asset Recovery Section, Fraud Section, and Office of International Affairs.
Key international partners include Europol; Eurojust; Austria’s Criminal Intelligence Service with various Provincial Criminal Police Departments (Bundeskriminalamt und Landeskriminalämter); Brazil’s Civil Police of the State of Pará (Polícia Civil do Estado do Pará) and Civil Police of the State of São Paulo (Polícia Civil do Estado do São Paulo); France’s French Customs (Douane), National Gendarmerie (Gendarmerie Nationale); Germany’s Federal Criminal Police Office (Bundeskriminalamt), Prosecutor’s Office in Cologne – Central Cybercrime Contact Point (Staatsanwaltschaft Köln, Zentral- und Ansprechstelle Cybercrime), Central Criminal Investigation in Oldenburg (Zentrale Kriminalinspektion Oldenburg) various police departments (Dienststellen der Länderpolizeien), and German Customs Investigation (Zollfahndungsämter); the Netherlands’ Team High Tech Crime (National Investigations and Special Operations (NIS) and Post Interventie Team (PIT), National Intelligence, Expertise and Operational Support (NIEO); Spain’s National Police (Policía Nacional); South Korea’s Seoul Central District Prosecutors’ Office – Darknet Investigations Unit; Switzerland’s Zurich Cantonal Police (Kantonspolizei Zürich) and Public Prosecutor’s Office II of the Canton of Zurich (Staatsanwaltschaft II); and the United Kingdom’s National Crime Agency (NCA), National Police Chiefs’ Council (NPCC).
Federal investigations spanned the United States, and 26 United States Attorneys’ Offices are prosecuting cases, including the Central District of California, the Northern District of California, the Southern District of California, the District of Colorado, the District of Connecticut, the District of Columbia, the Middle District of Florida, the Southern District of Florida, the Middle District of Georgia, the District of Hawaii, the Northern District of Illinois, the Southern District of Indiana, the Eastern District of Kentucky, the District of Massachusetts, the Eastern District of Michigan, the Western District of Michigan, the Eastern District of Missouri, the District of New Jersey, the Southern District of New York, the District of North Dakota, the Northern District of Ohio, the Southern District of Ohio, the Northern District of Oklahoma, the Eastern District of Pennsylvania, the Eastern District of Virginia, and the Western District of Washington.
The Justice Department established the FBI-led JCODE team to lead and coordinate government efforts to detect, disrupt, and dismantle major criminal enterprises reliant on the darknet for trafficking opioids and other illicit narcotics, along with identifying and dismantling their supply chains.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
MIL OSI USA News –