Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alleged Dark Web Kingpin Doxed Himself With His Personal Hotmail Address (vice.com)

Posted by msmash on from the tracking-the-kingpin dept.

Joseph Cox, reporting for Motherboard: On Thursday, US authorities announced the seizure of the largest dark web marketplace AlphaBay. Europol and Dutch police also claimed seizure of Hansa, another popular market. In their dark web investigations, law enforcement have increasingly turned to hacking tools, including the deployment of browser exploits on a mass scale. But tracking down the alleged AlphaBay administrator was much more mundane, officials said. Alexandre Cazes, who US authorities say used the handle alpha02 as administrator of the site, allegedly left his personal email in a welcome message to new AlphaBay members, according to the forfeiture complaint published on Thursday. The news echoes the arrest of Ross Ulbricht, the convicted creator of the original Silk Road, who made a similar security mistake. "In December 2016, law enforcement learned that CAZES' personal email was included in the header of AlphaBay's 'welcome email' to new users in December 2014," the complaint reads. Users received this message once they signed up to AlphaBay's forum and entered an email address. Cazes' email address -- Pimp_Alex_91@hotmail.com -- was also included in the header of the AlphaBay forum password recovery process, the complaint adds. From there, investigators found the address was linked to an Alexandre Cazes, and discovered his alleged front company, EBX Technologies.

9 of 62 comments (clear)

  1. It didn't take much detective work. by BarbaraHudson · · Score: 2

    He used the same email address in his LinkdIn profile.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    1. Re:It didn't take much detective work. by Anonymous Coward · · Score: 4, Funny

      He Dohxed himself.

    2. Re:It didn't take much detective work. by xevioso · · Score: 2

      It's funny because it's true.

      He also apparently hung himself.

    3. Re:It didn't take much detective work. by wbr1 · · Score: 2, Interesting

      It's funny because it's true.

      He also apparently hung himself.

      Like this guy fell off a curb? http://i.imgur.com/VAm6wxO.jpg

      --
      Silence is a state of mime.
    4. Re:It didn't take much detective work. by infolation · · Score: 4, Insightful

      Cazes provided his own encryption backdoor, because the police literally walked into his house through the back door and found his computer running unencrypted and connected to alphabay.

      Although the linked article doesn't mention the link between his email and his 'front' company, the Wired article says that police identified him because his Hotmail address was linked to a PayPal account which was linked to his company.

      My head reels at the inept OpSec of this clown. He runs the largest illegal marketplace in the world, yet posts links to his real PayPal account. With no visible source of income, he lives a high profile lifestyle in Bangkok with 3 houses and the most expensive Lamborghini they make, while running the marketplace with an unattended decrypted laptop. Another demonstration that intelligence and common sense rarely go hand-in-hand.

    5. Re:It didn't take much detective work. by AmiMoJo · · Score: 2

      It amazes me that someone has the knowledge and skill and desire to run a dark web illegal market, something which many others have already been caught and sent to prison for decades for, and yet they don't bother to learn the most basic elements of security.

      Somehow they read through all the documentation about setting up a dark web site, full of warnings about how seemingly minor mis-configuration can compromise the whole thing. They got systems in place to handle payments between users, with some sliced off the top for them... And yet didn't think to use a dedicated, secure email account or encrypt his own computer.

      This must be one of those cases where something is /too/ easy to use.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re:Or is it really the right person? by BarbaraHudson · · Score: 4, Informative

    His laptop wasn't encrypted, he had a file listing all his accounts (including bank accounts) and passwords, and he bought real estate and fancy cars under his name, as well as spending 2 million Euros to try to buy a property in Cypress to get citizenship there. And that's only the beginning.

    He had been using that same email address for personal stuff for years, including as the email address for his business

    And just in case you had any doubt that this was not a criminal mastermind at work, Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business – EBX Technologies – to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile.

    This is a guy who sold fake identities; he should have eaten his own dog food.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  3. Re:Or is it really the right person? by ColdWetDog · · Score: 2

    Opsec is hard.
    It's harder if your stupid.

    -- John Wayne

    --
    Faster! Faster! Faster would be better!
  4. Re:Parellel Construction by infolation · · Score: 2
    Given that most people have no idea what Parallel (sic) Construction actually means, here's a definition:

    Parallel construction is a law enforcement process of building a parallel - or separate - evidentiary basis for a criminal investigation in order to conceal how an investigation actually began.

    In August 2013, a report by Reuters revealed that the Special Operations Division of the U.S. Drug Enforcement Administration advises DEA agents to practice parallel construction when creating criminal cases against Americans that are based on NSA warrantless surveillance. The use of illegally obtained evidence is generally inadmissible under the fruit of the poisonous tree doctrine.

    Source