Cyber Security: Dark Markets Takedown

Dark Markets Takedown – OSINT in Practice

This week saw the takedown of two of the dark web's largest marketplaces for illegal goods. But it was basic Open Source Intelligence techniques that led to the takedown.


Mark Martin | 2 August 2017

This week, the police in the USA announced the takedown of two of the dark web’s largest marketplaces for illegal goods Alphabay and its substitute Hansa. These have sprung up following the demise of the Silk Road (1 & 2) and Agora.
The AlphaBay and Hansa sites had been associated with the trade in illicit items such as drugs, weapons, malware and stolen data.

According to Europol, there were more than 250,000 listings for illegal drugs and toxic chemicals on AlphaBay worth approximately £350 million between May 2015 and February 2017. Hansa was seized and covertly monitored for a month before being deactivated. These kind of websites spring up as fast as they are taken down, because they are very lucrative and thrive on anonymous transactions.

On this occasion despite the sophistication of anonymity tools like Tor and Cryptocurrency Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude. Which happens quite often.

In December 2016, police discovered Alexandre Cazes, AlphaBay’s apparent creator, through his hotmail email address Pimp_Alex_91@hotmail.com  which was used to send out password recovery emails for AlphaBay. Basic Open Source Intelligence (OSINT) techniques revealed his user name and which revealed Cazes’ full name. It also showed he had a LinkedIn account, where he listed his skills as website hosting and cryptography, making his prominence as a suspect in the case only continue to grow. Despite all the skills Cazes claimed to have on LinkedIn, his drug front company website, EBXtech.com, was “barely functional,” according to court documents; and EBX company bank records showed little to no income.
Authorities acquired Cazes’ PayPal records, which listed as contact information, directly tying Cazes’ payment information back to the incriminated address. This put a swift end to Cazes’ almost three-year-old eBay-style illegal goods site.

AlphaBay gave people a way to peer review drugs and discredit sellers that didn’t deliver on time, didn’t deliver the products that they promised, and otherwise left customers dissatisfied. Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed CV listing cryptography and server admin skills.
“It is never really the technology — for example, Tor — that lets these operators down,” says dark web researcher Sarah Jamie Lewis. “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.

Ever since AlphaBay went offline earlier in July, users of the site had discussed potential alternative dark web marketplaces on online forums.

Related blogs

To catch a phish

10 practical cyber security tips

How secure is your password?

Protecting your online footprint

Who is responsible for Information Security?

 


Mark Martin

Cyber Security Trainer

Mark used to be a Senior Investigating Officer working in law enforcement, with over 15 years' experience of working in the National Crime Agency, National Crime Squad, HM Customs & Excise, UK Border Agency, Home Office and HM Revenue & Customs. He handled numerous cases involving drug trafficking, money laundering, endangered species, fraud, tackling child abuse online, extortion, hacking, and various other computer crimes. Mark is also a Mobile and Digital Forensics Practitioner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.