Two weeks after the takedown of the Dark Web marketplace AlphaBay, its successor Hansa Market was also closed as part of a coordinated operation by the Dutch National Police, Europol, the Federal Bureau of Investigation (FBI) and the US Drug Enforcement Agency (DEA). In the process, the authorities seized personal data for all users.
AlphaBay and Hansa are not typical marketplaces. These Tor-based sites allow users to buy and sell drugs, credit cards, weapons and hacking services. They are a feature of the Dark Web, with new sites regularly springing up to replace others closed after public crackdowns. AlphaBay gained in popularity following the FBI’s takedown of Silk Road in 2013: when Silk Road closed, users migrated en masse to other marketplaces, even causing the collapse of AlphaBay’s servers.
A two-pronged attack
In the recent shutdown, the authorities simultaneously seized both AlphaBay and Hansa – but only AlphaBay was taken offline. The authorities hatched a plan to catch users off guard by anticipating the exodus towards other platforms.
AlphaBay was shut down on 5 July 2017. The authorities cut off access to users, but did not publicly acknowledge the closure. Users put forward a number of theories to explain the mysterious takedown, which ranged from technical issues to a public crackdown or even an exit scam (where administrators shut down the site and take off with the money, a common Dark Web occurrence).
In Dark Web communities, vendors encouraged clients to switch to Hansa Market, which experienced an eight-fold increase in user numbers. But on 20 July 2017, the Hansa homepage was taken down to display the following message:
In addition to posting the usual seizure message, the police announced that they had controlled the site for the past four weeks. During this period, the site’s code had been modified to allow the authorities to collect data from buyers and sellers: e-mail addresses, passwords, PGP keys, history, messages, and more.
The investigation into vendors and buyers is currently underway. Progress can be monitored on a dedicated website on the Tor network created by the Dutch National Police (politiepcvh42eav.onion). The site lists vendors who have been arrested and buyers who have been identified:
The success of this operation, called Bayonet, was hailed by the authorities involved. Julian King, European Commissioner for the Security Union, said, “This latest success demonstrates not just the growing threat posed by increasingly sophisticated criminal enterprises exploiting the largely unregulated space occupied by the internet but also the vital role of international cooperation (…) in making all of us safer from global, borderless menaces.”
Prior to the takedown, AlphaBay hosted 40,000 vendors selling 250,000 illegal products to 200,000 registered users. The site’s daily turnover was estimated at approximately €600,000, with total turnover since the site’s expansion in 2014 standing at more than €1 billion, according to Nicolas Christin, a Dark Web specialist at Carnegie Mellon University in the United States.
An AlphaBay administrator arrested
On the same day AlphaBay was shut down, Alexandre Cazes, a Bangkok-based Canadian suspected of being one of the site’s administrators, was arrested. Also known as Alpha02, Cazes was identified by his email address and password – which he started using in 2008 on a French IT help forum (his message has since been moderated).
Cazes’s cars, houses and digital currency accounts were seized. He committed suicide in custody an hour before a meeting with a lawyer to discuss his extradition to Canada. His wife was charged with money laundering.
A many-headed monster
Although the takedown of the two biggest cybercriminal marketplaces (not including Silk Road) will affect Dark Web operations in the near future, new and more popular platforms will undoubtedly emerge.
In a press conference, FBI Director Andrew McCabe said, “We know that removing top criminals from the infrastructure is not a long-term fix. There’s always a new player waiting in the wings, ready to fill those shoes. (…) But using federal statutes to prosecute these individuals is akin to blowing up the foundation with dynamite… With the weight of this kind of operation, the organization crumbles.”
Today, all eyes are turning to the Dream Market. This marketplace is likely to replace both AlphaBay and Hansa – unless it has already been infiltrated, as claimed by some users on Reddit…