Police Take Down 373,000 Fake CSAM Sites in Operation Alice

What happened

An international law enforcement operation known as Operation Alice, led by German authorities and supported by Europol, shut down over 373,000 dark web sites that falsely advertised child sexual abuse material (CSAM) and other cybercrime services. The investigation, which began in 2021, uncovered a massive network of fraudulent sites operated by a single individual, designed to trick users into paying in cryptocurrency for illegal content that was never delivered. Authorities said the platform generated roughly $400,000 from around 10,000 users, with infrastructure spanning hundreds of servers globally before being dismantled. 

Who is affected

Users who attempted to access the fraudulent platforms, as well as individuals identified during the investigation across multiple countries, are affected, with law enforcement continuing to investigate those involved. 

Why CISOs should care

The operation highlights how cybercriminal networks use large-scale infrastructure and cryptocurrency payments to run illicit marketplaces, even when the underlying content is fraudulent, demonstrating the scale and persistence of underground cybercrime ecosystems. 

3 practical actions

1. Monitor for large-scale scam infrastructure. Identify patterns of mass domain creation and coordinated hosting used in cybercrime platforms. 
2. Track cryptocurrency-based fraud schemes. Investigate payment flows tied to illicit marketplaces and scam operations. 
3. Support threat intelligence sharing. Collaborate with law enforcement and industry partners to disrupt large cybercrime networks. 

For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.