This week, the police in the USA announced the takedown of two of the dark web’s largest marketplaces for illegal goods Alphabay and its substitute Hansa. These have sprung up following the demise of the Silk Road (1 & 2) and Agora. 
The AlphaBay and Hansa sites had been associated with the trade in illicit items such as drugs, weapons, malware and stolen data.

According to Europol, there were more than 250,000 listings for illegal drugs and toxic chemicals on AlphaBay worth approximately £350 million between May 2015 and February 2017. Hansa was seized and covertly monitored for a month before being deactivated. These kind of websites spring up as fast as they are taken down, because they are very lucrative and thrive on anonymous transactions.

On this occasion despite the sophistication of anonymity tools like Tor and Cryptocurrency Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude. Which happens quite often.

In December 2016, police discovered Alexandre Cazes, AlphaBay’s apparent creator, through his hotmail email address  <>which was used to send out password recovery emails for AlphaBay. Basic Open Source Intelligence (OSINT) techniques revealed his user name and which revealed Cazes’ full name. It also showed he had a LinkedIn account, where he listed his skills as website hosting and cryptography, making his prominence as a suspect in the case only continue to grow. Despite all the skills Cazes claimed to have on LinkedIn, his drug front company website,, was “barely functional,” according to court documents; and EBX company bank records showed little to no income. 
Authorities acquired Cazes’ PayPal records, which listed <>as contact information, directly tying Cazes’ payment information back to the incriminated address. This put a swift end to Cazes’ almost three-year-old eBay-style illegal goods site.</></>

AlphaBay gave people a way to peer review drugs and discredit sellers that didn’t deliver on time, didn’t deliver the products that they promised, and otherwise left customers dissatisfied. Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed CV listing cryptography and server admin skills. 
“It is never really the technology — for example, Tor — that lets these operators down,” says dark web researcher Sarah Jamie Lewis. “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.

Ever since AlphaBay went offline earlier in July, users of the site had discussed potential alternative dark web marketplaces on online forums.

Related blogs

To catch a phish

10 practical cyber security tips

How secure is your password?

Protecting your online footprint

Who is responsible for Information Security?

About the author

Mark was a Senior Investigating Officer working in Law Enforcement with over 31 years’ experience of working in the various government agencies including the National Crime Agency. He has handled numerous cases involving drug trafficking, money laundering, endangered species, fraud, tackling child abuse online, extortion, hacking, and various other computer crimes. Mark is an advanced mobile and digital Forensics practitioner. Mark has utilised his open source intelligence skills to locate and identify individuals and criminal organisations online. Mark was one of the founding members of the elite team called the National Hi-Tech Crime Unit, set up in 2001 to tackle with online threats. He also worked in partnership with Europol and Interpol and was instrumental in dismantling a highly sophisticated international online paedophile organisation. He has also delivered training in Europol on child abuse online Open Source intelligence. Mark is also GCT certified to deliver GCHQ certified courses.

Related Articles