Operation Alice Takes Down 370,000+ Dark Web Sites

A Europol-backed law enforcement operation has led to the dismantling of over 373,000 dark web sites advertising child sexual abuse material (CSAM) and cybercrime as a service (CaaS). The German-led Operation Alice ran from March 9-19 and initially targeted “Alice with Violence CP” – a fraudulent platform run by a Chinese national which swindled would-be CSAM and CaaS customers into paying for non-existent services. Over the nearly five years of the investigation, the site and hundreds of thousands of others like it became a useful honeypot for police, enabling them – through international cooperation – to unmask the identities of 440 customers. Additional investigations are ongoing into over 100 of these individuals, Europol said. However, whenever children were thought to be in danger, police swooped on suspects. In August 2023, for example, officers from the Bavarian State Criminal Police Office searched the home of a 31-year-old father who had attempted to purchase €20 ($23) of CSAM. He was subsequently convicted. Read more on cybercrime policing operations: Europol Operation Seizes LeakBase Data Breach Site. Police identified the likely administrator of Alice with Violence CP, a 35-year-old man living in China. They estimate he made over €345,000 ($396,000) in profits from around 10,000 customers worldwide who were tricked into buying the content and services he advertised. Europol said an international arrest warrant had been issued for the man, who has apparently been running the fraud scheme since 2019. The Fraud Scheme in Detail The Chinese suspect is said to have run over 373,000 .onion sites, via a network of up to 287 servers, 105 of which were located in Germany and have now been seized. From February 2020 to July 2025, he advertised CSAM on various platforms accessible through over 90,000 of these onion domains. The CSAM could be purchased as “packages” after buyers provided an email address and made a payment in Bitcoin. Each package cost between €17 and €215, with data volumes ranging from a few gigabytes to several terabytes. The individual apparently also advertised CaaS offerings including stolen card data and access to compromised systems. It’s not thought that any of these services actually existed: the goal was always to trick customers into paying without providing anything in return. Twenty-two countries took part in the operation, including the US, UK, Ukraine, Switzerland, Sweden, Spain, Slovenia, Italy, Germany, France, Canada, Australia and Belgium. The announcement follows another major law enforcement success last year after the Kidflix CSAM platform was taken offline. Operation Stream resulted in the identification of 1393 suspects worldwide and was also led by the Bavarian authorities with support from Europol. The platform had been operating since 2021 and, unlike Alice with Violence CP, offered genuine CSAM to over 1.8 million registered users.