AlphaBay Market has been taken down in a massive seizure by law enforcement, and Hansa Market, too, has been seized along with it. Responsible for the shutdown is a joint operation between the Bundeskriminalamt (Federal Criminal Police Office) of Germany, Lietuvos Policija of Lithuania, FBI, and Europol. The operation stands as one of the largest and most complex apprehensions of darknet market operators to date.
Rob Wainwright, Executive Director of Europol, said of the operation, “This is an outstanding success by authorities in Europe and the US,” according to a press release by Europol. “The capability of drug traffickers and other serious criminals around the world has taken a serious hit today…[b]y acting together on a global basis the law enforcement community has sent a clear message that we have the means to identify criminality and strike back even in areas of the Dark Web [sic].” Wainwright also hinted that there would be more such operations in the near future, leading to speculation on the part of those participating in the markets.
Dutch law enforcement, behind the scenes, had seized control of Hansa Market on June 20, 2017, and had been operating it covertly since that time, expecting a flood of displaced users from AlphaBay to register in droves. The organization had been keeping a close eye on any transactions and new registrations that took place ever since taking the reins.
Former users of AlphaBay were still in upheaval after its shutdown, and had been seeking the best alternative. It seemed only natural that Hansa, being one of the other top markets at the time, could expect a throng of new registrants. Subsequently, rumors abounded as to what had actually occurred at AlphaBay. Many, including numerous media outlets, speculated that it was an exit scam, while others correctly suspected that law enforcement was involved.
Software designer Alexandre Cazes, 25, also known by his pseudonyms “Alpha02” and “Admin,” had fled to Thailand to escape drug charges, but was later arrested on July 5 by Thai law enforcement on behalf of the U.S. for his central part in the creation and maintenance of AlphaBay. According to the U.S. Department of Justice, Cazes was charged in an indictment with “one count of conspiracy to engage in racketeering, one count of conspiracy to distribute narcotics, six counts of distribution of narcotics, one count of conspiracy to commit identity theft, four counts of unlawful transfer of false identification documents, one count of conspiracy to commit access device fraud, one count of trafficking in device making equipment, and one count of money laundering conspiracy.”
One week later, on July 12, Cazes was found dead in his cell at the Narcotics Bureau in Bangkok, Thailand, of an apparent suicide. Though some may have expected his death, a number of users in the darknet market community who knew him were saddened by the news. Notwithstanding, on July 19, the U.S. Attorney’s Office for the Eastern District of California filed a civil forfeiture complaint against Cazes and his wife’s possessions, which are located across the globe in countries like Thailand, Cyprus, Lichtenstein, and Antigua.
According to openly accessible information about AlphaBay preceding its closure, one former staff member claimed that the market served more than 200,000 users and 40,000 vendors. At the time of its shutdown, the market featured more than 250,000 listings for illicit drugs and deadly chemicals, combined with 100,000 listings for fraudulent documents, counterfeit goods, hacking tools, firearms, and other miscellaneous services.
Analogously, the original Silk Road, which was shut down by law enforcement in 2013, had reported only 14,000 listings for contraband goods and services at the time of its seizure. Due to its size and popularity, some users had taken to calling AlphaBay “the new Silk Road,” which seems all the more eerie now that it has been shut down.
Preceding Cazes’ arrest, German law enforcement arrested the administrators of Hansa Market, a 30-year-old and 31-year-old man from North Rhine-Westphalia. While the two men were in custody, federal officers allowed the market to continue operating as usual, in order to gather sufficient evidence. During their investigation, Dutch law enforcement determined that those in charge of Hansa were hosting it on servers located in Lithuania, according to VICE Motherboard. Officials confiscated the equipment and created a mirror site of the original, which its customers continued to use, unaware that the market had been seized.
While under their surveillance, according to politie.nl (translated by Google), police noted that:
As of the end of June, the High Tech Crime Team and the Darkweb [sic] Team of the Police and OM have been exposed to large numbers of sellers and buyers who appeared to be mainly in hard drugs. Buyers and sellers have intercepted usernames and passwords. On average, 1000 orders were made per day in response to some 40,000 ads. The market place counted in [sic] 1765 different sellers.
Users who attempt to access Hansa at present are greeted with the following image:
A similar image now adorns the former landing page of AlphaBay. This probably evokes an uncomfortable feeling of déjà vu in denizens of Tor, who may have encountered an image like it following Operation Onymous in 2014. Suddenly, the site Active at Dark Markets? You Have Our Attention, which the Dutch police created to intimidate darknet market users, seemed to be more than just an empty threat.
Acting Director Andrew McCabe of the FBI made a statement to the effect that the shutdown of AlphaBay and Hansa would set an example for future darknet markets: “Transnational organized crime poses a serious threat to our national and economic security…[w]hether they operate in broad daylight or on the dark net [sic], we will never stop working to find and stop these criminal syndicates.”
Acting Administrator Chuck Rosenberg of the DEA offered a similar sentiment, saying, “The so-called anonymity of the dark web is illusory…[w]e will find and prosecute drug traffickers who set up shop there, and this case is a great example of our commitment to doing exactly that. More to come.” No one specified what the statement “more to come” referred to, but given that such markets as Dream Market also experienced a sudden incursion of new users, they remain potential targets as well.
Following these two major takedowns, market users on sites such as Reddit have understandably been panicking, wondering what may come next. In fact, one user, who operates a family of exit nodes, warned that “Tor traffic confirmation attacks…are seemingly taking place,” meaning that it appears law enforcement have been trying to monitor the nodes.
To stir the blood, vendor GlazzyEyez of Dream Market announced that he could no longer access his account on the market, and that his PGP key had been changed, partly due to the fact that he had not enabled two-factor authentication (2FA). He hypothesized that his login credentials had been stolen by the Dutch National Police, and advised any of his former customers to cease communications with him.
While this may not be the last word on darknet markets as a whole, it has certainly been a savage blow to the industry, which may have once thought it could operate with impunity.