News & Press: ACFCS News

U.S. leads global online, undercover effort to crush largest underground ‘Dark Market'

Monday, July 24, 2017   (0 Comments)
Posted by: Brian Monroe
Share |

By Brian Monroe
bmonroe@acfcs.org
July 24, 2017

U.S. authorities, leading an international consortium of law enforcement partners, have shut down the largest ever online “Dark Market” site, a destination for scum and villainy bartering in the currency of crime, including opioids, hacking tools, counterfeit goods and stolen identities.

The U.S. Department of Justice, working in concert with law enforcement agencies in the United Kingdom, the Netherlands, Thailand, Europol and others, brought down AlphaBay, a site that allowed hundreds of thousands of people to buy and sell an array of illegal goods and services over the Internet for the last two years – users believed with impunity.

“AlphaBay operated as a hidden service on the ‘Tor’ network, and utilized cryptocurrencies including Bitcoin, Monero and Ethereum in order to hide the locations of its underlying servers and the identities of its administrators, moderators, and users,” according to prosecutors, laundering hundreds of millions of dollars in the process.  

Working with U.S. federal investigators, Thai authorities arrested Alexandre Cazes aka Alpha02 and Admin, 25, a Canadian citizen residing in Thailand, for his role as the creator and administrator of AlphaBay. But Cazes was not in custody long, taking his own life a week after being arrested. The site was also tied to several deaths from fentanyl and heroin overdoses.

The case is also notable for the creativity of the investigative agencies involved.

A month before the raid to cripple AlphaBay, Dutch authorities took over a competing dark market site, Hansa, which saw a massive influx of vendors and users when the larger competitor fell, yielding vital insight into the entities and individuals behind the avatar tags and miscreant monikers.

AlphaBay and Hansa were two of the top three criminal marketplaces on the dark web, officials said.

“This is likely one of the most important criminal investigations of the year – taking down the largest dark net marketplace in history,” Attorney General Jeff Sessions said. “Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organizations who think they can commit their crimes with impunity using the dark net.  The dark net is not a place to hide.”

To read any of the related documents, please check below.

·         Download alphabay-cazes_forfeiture_complaint.pdf

·         Download alphabay-cazes_indictment_redacted.pdf

·         Download alphabay_seizure_page.pdf

AlphaBay closure much bigger than Silk Road

The users and vendors who frequented the site, which also sold firearms, malware and fraudulent services, were many times larger than the prior world’s worst virtual bazaar: Silk Road.

That dark web marketplace, which was seized by law enforcement in November 2013, had in the area of 14,000 listings for illicit goods and services when it fell, at the time holding the record as the largest drug, hacker and stolen stash marketplace.

To compare, at the time it was taken down, AlphaBay serviced more than 200,000 users and 40,000 vendors plying some 250,000 listings for illegal drugs and toxic chemicals and roughly 100,000 listings for “stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms and fraudulent services.”

The heft of the individuals involved required an equally expansive coordinated, international response.

The civil forfeiture complaint against alleged AlphaBay ringleader Alexandre Cazes and his wife included assets located in Thailand, Cyprus, Lichtenstein, and Antigua & Barbuda. Not surprisingly, the pair amassed a bevy of “high value assets,” including luxury vehicles, residences and a hotel in Thailand.

The virtual haul also included millions of dollars in cryptocurrency, which has been seized by the FBI and the Drug Enforcement Administration (DEA).

Undercover in an underground market

The operation to seize AlphaBay roughly coincided with a subterfuge initiative by Dutch law enforcement to investigate, take over and eventually take down the Hansa Market, also one of the largest criminal marketplaces on the dark web.

Both sites offered similar services and also used the Tor network and digital currencies to muddy ties back to actual individuals and larger criminal networks.  

“What made this operation really special was the strategy we used to magnify the disruptive impact of the joint actions,” Europol Executive Director Rob Wainwright said. “The team play was to take covert control of the Hansa market a month ago which allowed us to monitor the criminal activities of users without their knowledge.”

Then investigators could spring their trap, shutting down AlphaBay, and watch criminals scurry to a different underground marketplace – all-the-while not realizing it had been infiltrated by the feds.

“What this meant is that we could identify and disrupt the regular criminal activity happening on Hansa market and then also sweep up all those new users that were displaced from AlphaBay and looking for a new trading platform,” he said. “And in fact, they flocked to Hansa in Droves.”

Investigators noted an increase of more than eight times the normal traffic flow, with the ability to then collect all of the related new user names, passwords and other identifying information to hand off to law enforcement partners for follow up cases.  

“This ranks as one of the most successful coordinated takedowns against cybercrime in recent years,” Wainwright said. The takedown of the site has “delivered a massive blow to the underground criminal economy and sends a clear message that the dark web is not a safe area for criminals.”


©2016 Association of Certified Financial Crime Specialists
All Rights Reserved