Skip to main content

After AlphaBay and Hansa, there are only more dark web takedowns to come

After AlphaBay and Hansa, there are only more dark web takedowns to come

/

One slip-up is all it takes

Share this story

This week, police announced the takedown of two of the dark web’s largest marketplaces for illegal goods: AlphaBay and its substitute, Hansa. Through a combination of online and conventional detective work, federal agents shut down these two hubs of criminal trade and arrested the major players involved. It’s a substantial blow to the dark web’s community of consumers, who had taken to AlphaBay, and then, Hansa, after Silk Road 2 went under.

Still, this kind of website can be extremely persistent, and authorities often find themselves playing a whack-a-mole game with the various sites. Among dark web experts, there’s a general consensus that there will only be more dark web marketplaces and subsequent takedowns to come.

Despite the sophistication of anonymity tools like Tor and Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude. In December 2016, police discovered Alexandre Cazes, AlphaBay’s apparent creator, through his hotmail email address Pimp_Alex_91@hotmail.com, which was used to send out password recovery emails for AlphaBay. That email address was also found on a French tech troubleshooting website with Cazes’ full name. That led investigators to Cazes’ LinkedIn account, where he listed awfully familiar skills like website hosting and cryptography, making his prominence as a suspect in the case only continue to grow. Despite all the skills Cazes claimed to have on LinkedIn, his drug front company website, EBXtech.com, was “barely functional,” according to court documents; and EBX company bank records showed little to no income.

“A single slip up like this can have domino effects.”

As a final nail in the coffin, authorities acquired Cazes’ PayPal records, which listed Pimp_Alex_91@hotmail.com as contact information, directly tying Cazes’ payment information back to the incriminated address. This put a swift end to Cazes’ almost three-year-old eBay-style illegal goods site.

Criminals and undercover cops alike hide under the anonymity offered by Tor and other safe practices when using bitcoin to buy and sell illegal goods, which makes the dark web a nebulous playing field for digital crime where neither side can catch the other.

Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed resume listing cryptography and server admin skills. “It is never really the technology — for example, Tor — that lets these operators down,” says dark web researcher Sarah Jamie Lewis. “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.”

AlphaBay in 2015
AlphaBay in 2015

“Running such a service is hard,” says Nicolas Christin, an associate research professor at Carnegie Mellon University who specializes in cybersecurity. “A single slip-up like this can have domino effects. And the problem is that, while you get reasonable protection at the network level from Tor, for everything else, you are on your own.”

What Cazes should have done, according to The Grugq, an anonymous information security researcher, is create an anonymous John Doe persona, complete with a fake email address, phone number, home address, and life history. “That way, when he makes mistakes, which he will do, he exposes John Doe, this nonexistent nobody.” says The Grugq, “People tend to make mistakes and then rather than start over from scratch, they think, ‘Eh, what are the odds that that one mistake will be found? It's probably fine.’ And of course, it is never fine.”

“Law enforcement is really playing a game of catch-up.”

If mistakes ran so rampant in the AlphaBay operation, how did Cazes keep it running from September 2014 to early July, enabling as much as $1 billion in transactions? It took two whole years of operation before authorities found his poorly hidden email address, combing through old forums and hidden links.

As hacking and criminal marketplaces abound, officials are still struggling to adjust their methods accordingly. “Law enforcement is really playing a game of catch-up and has been for a long time, which is one of the things I’ve seen when I was a federal prosecutor,” says Marcus Christian, a former prosecutor who is currently a partner in law firm Mayer Brown’s cybersecurity practice.

Some defend dark web markets as a way to make the drug trade less violent. In a 2015 TED Talk, tech blogger Jamie Bartlett made the argument that sites like AlphaBay are at least a peer-reviewed way to buy drugs, malware, and other paraphernalia. That TED Talk pointed to several advanced features of AlphaBay that perhaps will affect the future of the dark web and the internet in positive ways.

AlphaBay gave people a way to peer review drugs and discredit sellers that didn’t deliver on time, didn’t deliver the products that they promised, and otherwise left customers dissatisfied. Cazes had his website lambasted by officials for providing the means for teenagers to overdose on drugs, but his site might have actually offered a safer buying option.

The Grugq wrote on Medium, “Great job ridding the world of a non-violent drug distribution channel that virtually eliminated risk and significantly reduced harm to addicts.”