AlphaBay

AlphaBay Market
Type of site
 Darknet market
Available in English
Owner alpha02 & DeSnake
Created by Alexandre Cazes
Revenue Over USD$23M (total over operation)[1]
Website pwoah7foa6au2pul.onion(defunct)[2][3]
Commercial Yes
Registration Required
Users 400,000+[4]
Launched September 2014[1]
Current status Offline

AlphaBay Market was an online darknet market which operated on an onion service of the Tor network. It was shut down after a law enforcement action as a part of Operation Bayonet against it (and also the Hansa market) in the United States, Canada, and Thailand, reported 13 July 2017.[5] The alleged founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991,[1][6] was found dead in his cell in Thailand several days after his arrest; suicide is suspected.[7][8][9][10][11][12]

History

AlphaBay was reportedly launched in September 2014,[1] pre-launched in November 2014 and officially launched on December 22, 2014, it saw a steady growth, with 14,000 new users in the first 90 days of operation. The darknet informer website Gwern.net placed AlphaBay Market in the top tier of markets regarding the 6-month survival probability and it had proven to be successful.[13] In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director at Digital Citizens Alliance.[14]

Non-standard services included customisable digital contracts around building reputations.[15]

In May 2015, the site announced an integrated digital contracts and escrow system.[16] The contract system allows users to make engagements and agree to provide services in the future, according to the terms of the contract.

By October 2015, AlphaBay had over 200,000 users.[4]

At the time of its demise in July 2017, AlphaBay had over 400,000 users.[4]

AlphaBay was noteworthy in the world of darknet markets for accepting another cryptocurrency in addition to bitcoin; support for Monero, supposedly more anonymous, was implemented at the end of August 2016.[17]

Site breaches

In April 2016, AlphaBay's API was compromised leading to 13,000 messages being stolen.[18] In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of user names to be leaked. The attack was from a single hacker who was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously.[19]

News coverage

On March 28, 2015, AlphaBay Market made the news for selling stolen Uber accounts.[20][21] Uber sent a statement regarding a potential data breach:

"We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."

In October 2015, the London-based telecommunications company TalkTalk sustained a major hack.[22] The stolen data was put for sale on AlphaBay Market, which led to the arrest of a 15-year-old boy.[23] TalkTalk CEO Dido Harding issued the following statement:

"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here."

In December 2015, the website CodeBreaker released a podcast describing shopping experience on the marketplace.[24] This podcast talks about purchasing legal items on the marketplace, such as pharmaceutical drugs.

The UK-based media outlet Daily Mail pointed that the marketplace might be linked to the Russian mafia.[25] According to the UK-based media outlet Daily Mirror, "It is administered in Russia and has a Russian computer server. Experts claim it has links to the country’s mafia and has proved impossible to shut."[26]

Seizure and shutdown

This notice was left on the Tor hidden service after AlphaBay raid.

By July 2017, AlphaBay was ten times the size of its predecessor Silk Road[27] (which was busted in October 2013), had over 369,000 listings,[1] 400,000 users,[4] was facilitating USD$600,000-$800,000 of transactions per day,[28] and had reportedly built a strong reputation.[1][29] However, a series of elementary operational security errors lead to its downfall:

  • About the time the service first began in December 2014, Cazes used his Hotmail address pimp_alex_91@hotmail.com as the 'From' address in system generated welcome and password reset emails, which he also used for his LinkedIn profile and his legitimate computer repair business in Canada.[1]
  • Cazes used a pseudonym to run the site which he had previously used (e.g., in carding and tech forums) since at least 2008, and variously advertised this identity as the "designer", "administrator" and "owner" of the site[1]
  • When Cazes was arrested, he was logged into his laptop performing an administrative reboot on an AlphaBay server in direct response to a law-enforcement created artificial system failure; furthermore, encryption was wholly absent on said laptop.[30][1]
  • Cazes' laptop reportedly contained an unencrypted personal net worth statement mapping all global assets across multiple jurisdictions, conveniently leading police to complete asset seizure.[1]
  • The servers were hosted at a company in Canada directly linked to his person.[1]
  • The servers contained multiple constantly open (unencrypted) hot cryptocurrency wallets.[1]
  • Cazes' flashy use of proceeds to purchase property, passports and luxury cars and frequent on-line boasting about his financial successes, including posting videos of himself driving luxury cars acquired through illegal proceeds, not only revealed his geographical location, it perforce made denying connection to the service impossible.[1]
  • Assets acquired through proceeds were held in a variety of accounts directly linked to Cazes, his wife and companies they owned in Thailand (the same jurisdiction they lived), as well as directly held personal accounts in Liechtenstein, Cyprus, Switzerland and Antigua.[1]
  • Cazes' statements about the goal of the site "launched in September 2014 and its goal is to become the largest eBay-style underworld marketplace" helped to legally establish intent.[1]

Timeline

Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand:[1]

  • Early May 2017: Law Enforcement verifiably active on the site since at least this period.[1]
  • 1 June 2017: Warrant issued by United States District Court for the Eastern District of California for racketeering, narcotics, identity theft and access device fraud, transfer of false ID, trafficking in illegal device making equipment, and conspiracy to commit money laundering.[1]
  • 30 June 2017: Warrant is issued for Cazes' arrest in Thailand at US request.[31][32]
  • 5 July 2017
    • Canadian police raid EBX Technologies in Montreal, Cazes' Canadian company and the reported location of the physical servers, as well as two residential properties in Trois-Rivières.[33][34]
    • Cazes is arrested in Bangkok at his dwelling at Phutthamonthon Sai 3 Road in Thawi Watthana district which is searched by the Royal Thai Police, with the help of the FBI and DEA.[1][31]
  • 12 July 2017: Cazes' suspected suicide by hanging while in custody at Thailand's Narcotics Suppression Bureau headquarters in Laksi district, Bangkok, is reportedly discovered at 7AM. He was due to face US extradition.[1][31]
  • 16 July 2017: Cazes' wife is reported as having been charged with money laundering.[35]
  • 20 July 2017; U.S. Attorney General Jeff Sessions announces shutdown of the site.[36]
  • 23 July 2017: Narcotics Suppression Bureau chief is interviewed and suggests that more suspects will be arrested soon.[37]

References

  1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 "Forfeiture Complaint". Justice.gov. 20 July 2017. p. 27.
  2. "AlphaBay - Deep Dot Web". DeepDotWeb. Retrieved 2015-02-06.
  3. "AlphaBay". DarkNet Stats. Retrieved 13 March 2016.
  4. 1 2 3 4 "AlphaBay Dark Web Market Taken Down After Law Enforcement Raids". 14 July 2017.
  5. Statt, Nick (2017-07-14). "Dark Web drug marketplace AlphaBay was shut down by law enforcement". The Verge. Retrieved 2017-07-16.
  6. "Canadian allegedly behind shuttered Dark Web market AlphaBay". The Globe and Mail. 20 July 2017.
  7. AlphaBay taken down by law enforcement across 3 countries, WSJ says, Cyrus Farivar - 14 July 2017
  8. Lindsay Murdoch (15 July 2017). "AlphaBay suspected co-founder Alexandre Cazes found dead in Thai jail". Brisbane Times. Police said evidence points to Mr Cazes having taking his own life.
  9. "Dark web: Le Québécois arrêté en Thaïlande s'est suicidé en prison". TVA Nouvelles. 12 July 2017.
  10. "Alleged Alphabay Admin Found Dead in Bangkok Jail". DeepDotWeb. 14 July 2017.
  11. "Massive blow to criminal Dark Web activities after globally coordinated operation". 20 July 2017. Retrieved 20 July 2017.
  12. "AlphaBay, the Largest Online 'Dark Market,' Shut Down". Department of Justice, Office of Public Affairs. 20 July 2017.
  13. "Black-market risks - Gwern.net". Gwern.
  14. "Buying Drugs Online Remains Easy". Southwest Coalition.
  15. Francis, Ryan (13 October 2016). "Darkweb marketplaces can get you more than just spam and phish". Retrieved 16 October 2016.
  16. Cox, Joseph (1 May 2015). "This Dark Web Market Just Started Offering Contracts for Anything". Retrieved 3 August 2015.
  17. Aliens, C. (23 August 2016). "AlphaBay and Oasis Markets to Begin Accepting Monero for Payments".
  18. Cox, Joseph (27 April 2016). "Vulnerability in Huge Dark Web Marketplace Exposes Private Messages". Retrieved 23 January 2017.
  19. Murdock, Jason (24 January 2017). "AlphaBay leak: Over 200,000 private messages from Dark Web drugs marketplace hacked". Retrieved 27 January 2017.
  20. "Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1". Motherboard.
  21. "Stolen Uber accounts on sale for $1 each". DigitalTrends.
  22. "TalkTalk hacked in significant and sustained cyberattack". Engadget.
  23. "TalkTalk breach: CEO dismisses encryption, 15-year-old arrested". NakedSecurity.
  24. "The Dark Web: Is it Evil?". CodeBreaker.
  25. "TalkTalk customers bank details stolen in massive online hack are already up for sale at £1.62 a time". DailyMail.
  26. "Hacked TalkTalk information on sale to organised fraud gangs for £1.60 a time". Daily Mirror.
  27. Leyden, John (2017-07-20). "Cops harpoon two dark net whales in megabust: AlphaBay and Hansa : Tor won't shield you, warn Feds". The Register. Retrieved 2017-07-21.
  28. "AlphaBay, Biggest Online Drug Bazaar, Goes Dark, and Questions Swirl". 6 July 2017.
  29. Leovy, Jill (2017-07-20). "AlphaBay sold drugs, guns and hacking tools online — until a sting operation shut it down". Los Angeles Times. Retrieved 2017-07-27.
  30. McCarthy, Kieren (2017-07-20). "Alphabay shutdown: Bad boys, bad boys, what you gonna do? Not use your Hotmail... ...or the Feds will get you ♪". The Register. Retrieved 2017-07-21.
  31. 1 2 3 "Dead Canadian fugitive lived in Thai luxury". Bangkok Post. 13 July 2017.
  32. Wassayos Ngamkham (12 July 2017). "Canadian drug suspect found hanged in cell". Bangkok Post.
  33. "RCMP's 'Dark Web' investigation leads to searches in Montreal, Trois-Rivières". Montreal Gazette. 5 July 2017.
  34. "When DarkNet 'business' Goes Wrong – Alphabay & DeSnake". Jakub Hanke. 13 July 2017.
  35. AFP (16 July 2017). "Dead Canadian a dark web suspect". The Star Online.
  36. "Sessions on dark web Alphabay and Hansa shut down". BBC News. 20 July 2017. Retrieved 16 August 2017.
  37. "9 nations join probe into 'darknet' site". Bangkok Post. 24 July 2017. NSB poised to pounce on more suspects
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.