Translation of the article:
Dutch national police had already imaged Silk Road 2.0 server in May
Background - Dutch cybercops have copied the Silk Road 2.0 at an early stage, which sped up the investigation tremendously.
The notorious 'dark market' Silk Road 2 and various other hidden illegal markets were taken down in the beginning of November as part of operation Onymous. These sites were only accessible through Tor with a .onion address, their status as a hidden service didn't not help them, however. The FBI and Europol managed to take down the servers, and in some cases arrest the owners. Among them was Blake Benthall, the alleged administrator of Silk Road 2.
Silk Road 2 could continue operations
The justice department already made public that the Silk Road 2 server resided in the Netherlands for some time, research from Computerworld concluded that Team High Tech Crime (-dutch cybercrime division) imaged the server and let the market continue it's operations.
The copy was a huge asset for the police, FBI documents show they also seized the private key necessary to control the .onion domain.
Forensic copy
The 'Team High Tech Crime' police team started their own investigation end May 2014, after they had received information as part of a request for help by American authorities regarding the Silk Road 2.0 darknet market. At that time the server was hosted at a Dutch hosting provider. At that moment a forensic copy of the server was made by order of the public prosecutor. This is confirmed by the National Police unit.
This action was important for the Americn investigation as the THTC found that the server was rented by the suspect that was arrested by the American authorities. The exact timing of the downtime has been used by the FBI as additional evidence that they had indeed found the Tor darknet market. The Dutch police also connected the server's owner details acquired from the provider with the suspect in question.
Second offensive
The police won't say which provider hosted the server. The provider not only received a gag order, they were also forced to lie about the reason of the downtime.
The host sent 24 notifications that the server went offline to Benthall
Begin November Operation Onymous ended with other busts. On 5 and 6 november THTC did raids on 5 different places in the Dutch provinces North-Holland and Utrecht and seized servers related with 9 darknet markets. Among others, the Alpaca and Cannabis Road darknet markets were taken offline, Dutch police says.
Research found clear that the authorities took down many fake and clone websites while leaving up the originals, THTC didn't want to address this critique.
Exit nodes also taken offline
At the same time ten exit nodes of the German non-profit TorServers were taken offline. Four of those were running on one Dutch server.
The police doesn't want to confirm this takedown, but Dutch hostingprovider NForce, where the TorServers machine was located, confirmed to Computerworld that the police took down hardware at 6 november, they weren't allowed to give any more details.
THTC emphasizes that Operation Onymous wasn't meant to target the Tor network in general, ut was targeting criminal activities that took place on anonymous markets on the Tor network.
Tor compromised?
Confiscating these neutral Tor nodes(nothing was hosted on them) led to a lot of speculation on the methods used by law enforcement agencies to de-anonymize hidden services.
The police doesn't want to comment on how they de-anonymized these hidden services. The FBI alludes in another document that it can catch private keys through Tor network 'traffic servers', after which the IP address, host and location can be determined.
We know for a fact that these private keys cannot be extracted from the exit nodes, Moritz Bartl from TorServers ascertains. This suggests that a guard discovery attack has been used to de-anonymize hidden services. The physical server of a hidden service resides behind the a guard node.
Original article in dutch: http://computerworld.nl/beveiliging/84556-klpd-had-silk-road-2-0-server-in-mei-al-in-handen