Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown

An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.

Or

[sexconker]

Or you could let people have drugs and sex.

Re: Or

And other people's credit cards, bank info, personal info, hacking tools, murder for hire, risky "research chemicals" sold as other drugs, etc.

I'm fairly libertarian, and have no problem legalizing weed and hookers. But those are a small portion of what gets dealt on these services.

Re:Or

You still can have drugs and sex, but you fat antisocial fucks will have to leave your mom's basement and interact with other human beings face to face to buy them.

Re: Or

Sorry- no- if there is a problem (which there is) I'd argue for developing and rolling out new systems that are more secure. Police can't do shit to solve the problem and are only providing an illusion while partaking in a system of theft of my hard earned money. NEVER have they helped me recover funds and it literally does no good to go after a few big fish (which is the argument they'll make). I get hit personally every year by at least a number of self-entitled pricks and crooks/fraudsters alike in my business and if I can be against taking down these dark markets (and I also don't smoke, drink, do drugs, nor am I involved in any kind of fraud that gives me an interest in them existing) then certainly anybody whose arguing for it is just another piece of the problem. You want security? Go secure your own place with your own funds.. and stop stealing from me.

I take credit cards online. We've put up stronger defences and largely go unscathed, but it does piss off some customers (some could just be fraudsters although doubtful of that sometimes). If you can't understand why we demand additional verification should you not be able to provide a verified address f' off.

Well, we do give customers other payment options that entirely resolve the theft/fraud issues and that is the solution you should be pushing for rather than arguing against anonymous free markets.

We take Bitcoin for instance that has none of the problems of accepting credit cards and we're seeing significant growth of orders paid with crypto currencies (at the moment its only Bitcoin that we accept, but we'll expand as time permits to other crypto currencies).

And if banks can't figure out how to secure their sites I can't sympathize with stolen 'bank info' and the same applies to 'identity theft'. Sorry- but that is a crime against the issuer of the credit- not you. Your not liable for any of that. The fix involves developing or implementing non-sucky authentications systems that don't involve government. More than 60% of our income is stolen by government (this thing called taxes) and that number increases in many other countries (Europe). Taxes are really just a form of wealth redistribution under the guise of providing you with something. The vast majority of it is just wasted. I'd rather pay for 'essentials' out of my own pocket on a voluntary basis.

Re: Or

[rtb61]

The problem with legalising hookers is dicks, both males and females. Prostitution is legal, you employer demands it or you are fired, what do you do? You use a prostitute and she claims you did not pay them and call it rape, what do you do? Someone rapes someone and throws some money at them, prostitution is legal, what do you do? Some things idiots can not have because greed driven stupidity. Keep in mind https://en.wikipedia.org/wiki/.... There was a story however about a pimp who wanted to hire an unemployed woman and claimed she refused legal employment and they cut her benefits and many other societies are much worse behaved (in American you can guarantee your daughters would be bending over to get a job and you know it).

As for the dark web, why would any one with more than half a brain trust other criminals with their freedom, perfect extortion racket. Sure in the short term but the long term, with unknowns, you know how much that information is worth, how many man years in prison.

Re: Or

[rtb61]

PS they apparently didn't trust them, "The alleged founder Alexandre Cazes was found dead in a cell in Thailand, suspected of taking his own life." https://en.wikipedia.org/wiki/.... that was quick.

Re: Or

Plenty of places have legal prostitution and it works just fine. It provides a secure and safe place of employment that benefits those visiting and those working. Your examples are just ridiculous.

Re: Or

[Opportunist]

Odd. Prostitution is legal where I live and none of the problems you describe exists.

Wait. Not true. Just recently a John wanted his money back after it didn't last long enough to his tastes. He's now in jail for attacking her.

Re: Or

[rtb61]

Just as ridiculous as women never falsely claim rape, people don't burn their own properties down, people don't crash cars on purpose, parents never harm their own children for profit and the list goes on, create laws that can be abused and they will be abused. http://www.dailymail.co.uk/new... , well, just a main stream media fantasy I suppose.

Damn

NOW where am I going to trade my stolen low-number Slashdot logins?

Re:Damn

The Putinbots have been buying them up lately to post their MAGA crap here, along with these for reddit, haha! You might make a few dollars yet!

Re:Damn

[mrbester]

How low can you go?

feds dont like the competition

[mSparks43]

if this is supposed to scare us off darknet markets should probably point out all it really does is encourage devs to make new darknet markets, and new darknets.

Re:feds dont like the competition

if this is supposed to scare us off darknet markets...

I ordered 100 hits of LSD from the Netherlands two weeks ago through Dream Market. These busts would have scared me off. AlphaBay was already down when I ordered, but it hadn't been announced. Otherwise I'd have used them. I mentioned Dream on here and somebody countered and recommended Hansa. If I hadn't already ordered, I probably would have listened. Right not I'm just shitting myself and waiting to hear that the authorities were running Dream Market when I ordered. I'll feel a hell of a lot better when a sheet of acid shows up in the mail. I don't even care if it's bunk at this point.

More bad drug war policy

[j-turkey]

Take one down and another will certainly pop up in its place. Maybe one of these days, admins will use local crypto to make honeypotting difficult (or impossible) for law enforcement.

'Dark Web' isn't dark enough

What is going to be done about it? Can it be decentralized? How do we liberate the internet from the tyrant's stranglehold?

Re: 'Dark Web' isn't dark enough

[dnaumov]

Important thing to note is that these guys weren't caught because of some TOR weakness, but because of essentially non-existent opsec.

Re: 'Dark Web' isn't dark enough

[gravewax]

The reality is the weakest point in the majority of systems is those with knowledge and access. eventually someone will do something dumb through laziness, over-confidence, greed or just plain stupidity. The only thing guaranteed is that each of these sites will eventually be compromised and a new one by some other group will take its place thinking it won't happen to them.

Monumental OpSec mistakes

The site also has a different, more interesting article detailing the AlphaBay admin's OpSec mistakes. In short, they were many. https://www.bleepingcomputer.c...

Re:Monumental OpSec mistakes

[toonces33]

The problem for these guys is that they have no margin for error.

Re: Monumental OpSec mistakes

[denis.goddard]

So AlphaBay got taken down same way as Silk Road: admin used clearnet email address on darnet site. Fine. But how did they locate the Hansa servers? Article linked in TFA said the authorities determined Hansa servers were in Lithuania. How?!?!

Cazes tried

The guy bought a mini cooper. I have to say smart move. Last car I would expect a drug kingpin to drive around in.

Re:Cazes tried

[GameboyRMH]

Are you kidding? Those things use BMW parts and require extensive disassembly for most repair jobs. I don't know how non-drug-dealers afford them! :-P He did also have an Aventador...

But more seriously, I'm wondering how Alexandre Cazes wasn't locked up immediately. All the information needed to tie ownership of AlphaBay to his real name was publicly available from day 1. I would've expected law enforcement to lock him up before lunch on the same day AlphaBay was launched. Law enforcement either dropped the ball badly here or was playing the long game to a degree that is clearly unethical.

Re:Cazes tried

I would've expected law enforcement to lock him up before lunch on the same day AlphaBay was launched. Law enforcement either dropped the ball badly here or was playing the long game to a degree that is clearly unethical.

I'll bet you've committed a crime or two for which you've not been caught... even if the action was rather easy to connect to you.

Thankfully law enforcement isn't all seeing and able to know just when you do something wrong... but they are pretty good at figuring out what else you did once you become a target.

Don't get it

OK. I get the idea of local drug dealers and immediate goods transfer, but how do places like this function internationally since they require delivery methods? Wouldn't this make UPS, Fedex, DHL or other carriers the dealers? I just don't understand the draw

And what did we learn?

[WolfgangVL]

Sneakernet your drugs and pick up your whores at the tittie bar like everybody else. Buy your firearms privately, and your stolen creds directly from the supplier.

Sometimes, the old ways are best.

Maybe some entrepreneur should just setup a matchmaking site, complete with user reviews and ratings. Community vetting is perfectly legal, and you can charge a small fee per connection. Like a dating site for hustlers, pushers and pimps.....

hustlerspushersandpimps.com is available.......

User: 420man
Interests: Cannibus
Price:$$
Location: Las Vegas, NV.
Contact: *Click here to create an account*
User rating: *****

Reviews:

The real reason

... one more month as officers gathered more evidence about its clientele.

This is the real reason 'Silk Road' and their ilk are a losing proposition. Servers in a high-tech country can be accessed by local police or the FBI: So all information about buyers, sellers and wallets will become known to people who want to punish your actions.

Re:The real reason

[BillKaos]

I am surprised they've gathered real client data. Standard OPSEC in those sites is to encrypt your delivery address with the public key of the vendor, so unless the vendor is hacked, your personal data should be safe from the market going down.

Re:The real reason

[sound+vision]

The average buyer on one of these sites has only a cursory understanding of opsec. Even the sellers and the site admins often get it wrong, as we see in the story. With probably hundreds of thousands of transactions, and a decent chance of a fuckup from at least one of the parties in each transaction, there's a whole lot of information law enforcement can get from this.

I used to think there was basically no way to fight the emergence of these online markets, but my ideas on that are shifting now. With honeypot operations like this, they can essentially get a huge list of drug users' addresses. Never before has this type of data been amassed on that scale. The worst part of it is that the data set is skewed toward casual users; the dealers typically have better opsec. Additionally, the fact that these packages usually travel over state or national borders significantly ups the legal ante. With assholes like Jeff Sessions in power, I can see large numbers of people getting 30-year sentences for things that many local police departments wouldn't even make an arrest for. Simply because it happened on the internet.

Re:The real reason

Dutch National Police took over control of Hansa and modified the source code to capture cleartext passwords, encrypted order info and Bitcoin adresses. Team High Tech Crime

Re:The real reason

So the Dutch National Police operated a network for an extended period of time that expressly enabled boatloads of criminal activities. I wonder what the courts will say about this. It may have been a very fruitful enterprise in terms of collecting evidence, but that does not mean it was legal. Police and the Public Prosecution Service have been bitten by stretching this kind of operation too far before.

Re:The real reason

[gravewax]

The courts would have absolutely nothing to say about it. Just about every country has laws that permits the police to perform such operations in order to capture criminals, I would imagine similar laws exist for Dutch Police.

Re:The real reason

IIRC, PGP was too much of a burden for users who already at their limit from figuring out Tor and Bitcoin, so since the site didn't enforce it many vendors made it optional. I could be misremembering since I never actually ordered from AlphaBay, just browsed, but it was definitely different from the original Silk Road where everybody had to use PGP for every transaction.

Re:The real reason

[__aaclcg7560]

Casey Neistat did a video review of "American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road" by Nick Bilton. I haven't read it yet but looks like a good read.

Re:The real reason

That is stretching the law quite a bit. Continuing to operate the network for an extended period of time while actively encouraging the users of another similar network to join could very easily be seen as incitement, which is of course highly illegal. Again, it wouldn't be the first time the Dutch police got in trouble for overstepping the law.

Re:The real reason

You keep posting the exact same messages over and over and over and over ....

What is wrong with that malfunctioning piece of blubber in your thick skull?

Re:The real reason

you sound bitter, bro

Re:The real reason

you sound autistic, pal

Re:The real reason

I got a Black Amazon Dot, which matches my vintage 2006 Black Macbook.

Re:The real reason

no it is not remotely illegal or incitement. for incitement to occur you have to be persuading people to commit a crime where they normally wouldn't, everyone there was already trying to commit the crimes.

FTA: Cops created honeypot 'Phone Home XLS Files'

[MarcusOutrageous]

Transaction txt logfiles were replaced with an I.P. fishing image embedded in an xls. Vendors not on VPN, for example, highly vulnerable upon such XLS...which could also be opened any-time, any-where...so quite a Trojan. Question: Would LibreOffice and OpenOffice leak just as quickly?