International Sting Hits Dark
Web's Promise of Anonymity
August 2, 2017
They are known as the "dark Web" — encrypted corners of the
internet that promise anonymity to customers who want to buy or
sell illegal drugs, weapons and other contraband.
But these futuristic marketplaces recently became much less
anonymous after an international sting captured the addresses of
thousands of users and shut down two of the biggest sites: first
AlphaBay in early July, and then Hansa Market at the end of the
Now, many users are wary of joining the next secretive
marketplace, and that's exactly the point.
"Don't be stupid and hop on the next big market," one user wrote
on the Reddit discussion forum where users openly trade tips on
dark Web markets. "It will most likely be completely run by [law
U.S. and European law enforcement authorities say the closures
of AlphaBay and Hansa Market were the largest dark Web criminal
marketplace takedown in history.
To dark Web users, the message is clear, said Europol Director
Robert Wainwright: "You're not as safe, as anonymous, as you
think you are."
AlphaBay and Hansa were two of the top three criminal markets on
the dark Web, sites that sprang up in the wake of drug market
Silk Road's takedown in 2013.
Hansa's users numbered in the five digits; AlphaBay had more
than 200,000 customers and 40,000 vendors, making it 10 times as
large as Silk Road. It generated nearly $1 billion in sales.
The operation to shutter AlphaBay and Hansa grew out of several
independent investigations, according to U.S. Deputy Attorney
General Rod Rosenstein.
The investigation into AlphaBay appears to have started as early
as 2015 when undercover agents posing as customers started
making small purchases on the site. In one case, an agent bought
an ATM skimming device; in another, an undercover officer
purchased a small quantity of drugs.
In December 2016, investigators got a break when they came
across a priceless clue: the site operator's personal email
address. In the days after AlphaBay's launch in December 2014,
investigators learned, the administrator included his personal
email address — Pimp_Alex__91@hotmail.com — in AlphaBay's
"welcome email" to new users singing up for the site's
It was the kind of gaffe that had exposed Silk Road's founder
and would lead to the downfall of AlphaBay's creator.
Traced to website designer
The email address was traced to Alexandre Cazes, a
French-speaking Canadian website designer from Quebec. Born in
1991, Cazes had posted the email address on a tech forum as far
back as 2008 and later used it to create PayPal and LinkedIn
Meanwhile, Europol provided Dutch law enforcement authorities
with a lead on Hansa Market that would allow them to identify
the site's administrators and locate its servers in Lithuania,
Germany and the Netherlands.
"When we knew the FBI was working on AlphaBay, we thought,
'What's better than if they come to us?' " Petra Haandrikman,
leader of the Dutch investigative team that brought down Hansa,
told cybersecurity blogger Brian Krebs.
Investigators then coordinated the timing of the two sites'
takedown. A plan was hatched: The Dutch would move in first,
followed by the Americans.
On June 20, as German police arrested Hansa's two German
administrators in Germany, Dutch law enforcement authorities
moved to seize control of the site. The takeover was seamless.
On July 4, the FBI took AlphaBay offline but made it look like
an outage. Unaware that the FBI was on his tail, Cazes swung
into action to bring the site back online.
When Thai police, assisted by FBI and U.S. Drug Enforcement
Administration agents, raided Cazes' house in Bangkok the next
day, they found he'd contacted AlphaBay's server host to request
a reboot and was logged into its forum to answer comments by
On his unlocked, unencrypted laptop, agents found passwords for
AlphaBay, its servers and other online identities associated
with the site.
As rumors swirled that AlphaBay operators had absconded in what
is known as an "exit scam," authorities sought to quell the
talk: AlphaBay was down for maintenance and would be up again
soon, they posted on Reddit on July 6.
In the days that followed, the number of users on Hansa jumped
800 percent as AlphaBay users streamed in, according to
Wainwright of Europol. To cope with the flood of orders,
authorities temporarily closed registration to new users.
"There was a lot of frustration from ex-AlphaBay users that
weren't allowed to register on the site," Haandrikman said.
Then on July 20, authorities pulled the plug. The Dutch shut
down Hansa, putting up a banner saying the site had been "seized
and controlled" since June 20. A nearly identical FBI banner
went up on AlphaBay.
U.S. and European authorities went public with the news.
Attorney General Jeff Sessions called AlphaBay's seizure "the
largest dark Web criminal market takedown in history."
Wainwright of Europol said the criminal dark Web had taken "a
serious hit" and that there were "more of these operations to
The intelligence yielded by the Hansa operation "has given us a
new insight into the criminal activity of the darknet, including
many of its leading figures," Wainwright said.
Dutch authorities said that 10,000 foreign addresses of Hansa
Market buyers had been identified and shared with Europol. Over
500 deliveries were stopped in the Netherlands alone. Europol
sent "intelligence packages" on drug shipments to law
enforcement agencies in 37 countries. Wainwright said the
identified users would be subject to follow-up investigation by
Europol and partner agencies.
Joseph Campbell, a former assistant FBI director, said the
intelligence — users' names and phone numbers, email and IP
addresses, banking and wire transfer information — is invaluable
to law enforcement authorities looking to dismantle criminal
networks on the internet.
"They can utilize that to identify criminals, identify victims,
identify sources of the contraband, sources of the funding,
transiting of the currency, look for money laundering
activities, where the funds coming from, are they going to
offshore banks," said Campbell, who is now a director at
The next AlphaBay
Meanwhile, business is down on the dark web as shellshocked "AlphaBay
refugees" lie low, waiting for the dust to settle. But sooner or
later, they'll find a new home.
"Just like a massive gang takedown in a city, some other group
is going to come in, unless preventive activities take place,
and fill that void even more," Campbell said.
he added, the operation is going to be "deterrent to some
Law enforcement has long been criticized for playing catch up
with criminals. Acting FBI Director Andy McCabe acknowledged the
criticism but said that was "the nature of criminal work."
"It never goes away," McCabe said at a July 20 news conference.
"You have to constantly keep at it. And you've got to use every
tool in your toolbox. And that's exactly what we'll do."
For the FBI, cybercrime represents "a high-priority threat,"
"So they're going to continue to target their resources against
this threat and work to identify where activities are taking
place that are that are victimizing people," he said.