Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown (bleepingcomputer.com)

Posted by BeauHD on from the cease-and-desist dept.

An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.

26 of 41 comments (clear)

  1. Or by sexconker · · Score: 5, Insightful

    Or you could let people have drugs and sex.

    1. Re: Or by Anonymous Coward · · Score: 3, Insightful

      And other people's credit cards, bank info, personal info, hacking tools, murder for hire, risky "research chemicals" sold as other drugs, etc.

      I'm fairly libertarian, and have no problem legalizing weed and hookers. But those are a small portion of what gets dealt on these services.

    2. Re: Or by Anonymous Coward · · Score: 3, Insightful

      Sorry- no- if there is a problem (which there is) I'd argue for developing and rolling out new systems that are more secure. Police can't do shit to solve the problem and are only providing an illusion while partaking in a system of theft of my hard earned money. NEVER have they helped me recover funds and it literally does no good to go after a few big fish (which is the argument they'll make). I get hit personally every year by at least a number of self-entitled pricks and crooks/fraudsters alike in my business and if I can be against taking down these dark markets (and I also don't smoke, drink, do drugs, nor am I involved in any kind of fraud that gives me an interest in them existing) then certainly anybody whose arguing for it is just another piece of the problem. You want security? Go secure your own place with your own funds.. and stop stealing from me.

      I take credit cards online. We've put up stronger defences and largely go unscathed, but it does piss off some customers (some could just be fraudsters although doubtful of that sometimes). If you can't understand why we demand additional verification should you not be able to provide a verified address f' off.

      Well, we do give customers other payment options that entirely resolve the theft/fraud issues and that is the solution you should be pushing for rather than arguing against anonymous free markets.

      We take Bitcoin for instance that has none of the problems of accepting credit cards and we're seeing significant growth of orders paid with crypto currencies (at the moment its only Bitcoin that we accept, but we'll expand as time permits to other crypto currencies).

      And if banks can't figure out how to secure their sites I can't sympathize with stolen 'bank info' and the same applies to 'identity theft'. Sorry- but that is a crime against the issuer of the credit- not you. Your not liable for any of that. The fix involves developing or implementing non-sucky authentications systems that don't involve government. More than 60% of our income is stolen by government (this thing called taxes) and that number increases in many other countries (Europe). Taxes are really just a form of wealth redistribution under the guise of providing you with something. The vast majority of it is just wasted. I'd rather pay for 'essentials' out of my own pocket on a voluntary basis.

    3. Re: Or by rtb61 · · Score: 1, Interesting

      The problem with legalising hookers is dicks, both males and females. Prostitution is legal, you employer demands it or you are fired, what do you do? You use a prostitute and she claims you did not pay them and call it rape, what do you do? Someone rapes someone and throws some money at them, prostitution is legal, what do you do? Some things idiots can not have because greed driven stupidity. Keep in mind https://en.wikipedia.org/wiki/.... There was a story however about a pimp who wanted to hire an unemployed woman and claimed she refused legal employment and they cut her benefits and many other societies are much worse behaved (in American you can guarantee your daughters would be bending over to get a job and you know it).

      As for the dark web, why would any one with more than half a brain trust other criminals with their freedom, perfect extortion racket. Sure in the short term but the long term, with unknowns, you know how much that information is worth, how many man years in prison.

      --
      Chaos - everything, everywhere, everywhen
    4. Re: Or by rtb61 · · Score: 1

      PS they apparently didn't trust them, "The alleged founder Alexandre Cazes was found dead in a cell in Thailand, suspected of taking his own life." https://en.wikipedia.org/wiki/.... that was quick.

      --
      Chaos - everything, everywhere, everywhen
    5. Re: Or by Anonymous Coward · · Score: 3, Informative

      Plenty of places have legal prostitution and it works just fine. It provides a secure and safe place of employment that benefits those visiting and those working. Your examples are just ridiculous.

    6. Re: Or by Opportunist · · Score: 1

      Odd. Prostitution is legal where I live and none of the problems you describe exists.

      Wait. Not true. Just recently a John wanted his money back after it didn't last long enough to his tastes. He's now in jail for attacking her.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Damn by Anonymous Coward · · Score: 2, Funny

    NOW where am I going to trade my stolen low-number Slashdot logins?

    1. Re:Damn by mrbester · · Score: 1

      How low can you go?

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  3. feds dont like the competition by mSparks43 · · Score: 1

    if this is supposed to scare us off darknet markets should probably point out all it really does is encourage devs to make new darknet markets, and new darknets.

  4. More bad drug war policy by j-turkey · · Score: 1

    Take one down and another will certainly pop up in its place. Maybe one of these days, admins will use local crypto to make honeypotting difficult (or impossible) for law enforcement.

    --

    -Turkey

  5. 'Dark Web' isn't dark enough by Anonymous Coward · · Score: 1

    What is going to be done about it? Can it be decentralized? How do we liberate the internet from the tyrant's stranglehold?

    1. Re: 'Dark Web' isn't dark enough by dnaumov · · Score: 3, Insightful

      Important thing to note is that these guys weren't caught because of some TOR weakness, but because of essentially non-existent opsec.

    2. Re: 'Dark Web' isn't dark enough by gravewax · · Score: 1

      The reality is the weakest point in the majority of systems is those with knowledge and access. eventually someone will do something dumb through laziness, over-confidence, greed or just plain stupidity. The only thing guaranteed is that each of these sites will eventually be compromised and a new one by some other group will take its place thinking it won't happen to them.

  6. Monumental OpSec mistakes by Anonymous Coward · · Score: 2, Informative

    The site also has a different, more interesting article detailing the AlphaBay admin's OpSec mistakes. In short, they were many. https://www.bleepingcomputer.c...

    1. Re:Monumental OpSec mistakes by toonces33 · · Score: 2

      The problem for these guys is that they have no margin for error.

    2. Re: Monumental OpSec mistakes by denis.goddard · · Score: 1

      So AlphaBay got taken down same way as Silk Road: admin used clearnet email address on darnet site. Fine. But how did they locate the Hansa servers? Article linked in TFA said the authorities determined Hansa servers were in Lithuania. How?!?!

  7. And what did we learn? by WolfgangVL · · Score: 2

    Sneakernet your drugs and pick up your whores at the tittie bar like everybody else. Buy your firearms privately, and your stolen creds directly from the supplier.

    Sometimes, the old ways are best.

    Maybe some entrepreneur should just setup a matchmaking site, complete with user reviews and ratings. Community vetting is perfectly legal, and you can charge a small fee per connection. Like a dating site for hustlers, pushers and pimps.....

    hustlerspushersandpimps.com is available.......

    User: 420man
    Interests: Cannibus
    Price:$$
    Location: Las Vegas, NV.
    Contact: *Click here to create an account*
    User rating: *****

    Reviews:

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
  8. Re:Cazes tried by GameboyRMH · · Score: 1

    Are you kidding? Those things use BMW parts and require extensive disassembly for most repair jobs. I don't know how non-drug-dealers afford them! :-P He did also have an Aventador...

    But more seriously, I'm wondering how Alexandre Cazes wasn't locked up immediately. All the information needed to tie ownership of AlphaBay to his real name was publicly available from day 1. I would've expected law enforcement to lock him up before lunch on the same day AlphaBay was launched. Law enforcement either dropped the ball badly here or was playing the long game to a degree that is clearly unethical.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  9. Re:Cazes tried by Anonymous Coward · · Score: 1

    I would've expected law enforcement to lock him up before lunch on the same day AlphaBay was launched. Law enforcement either dropped the ball badly here or was playing the long game to a degree that is clearly unethical.

    I'll bet you've committed a crime or two for which you've not been caught... even if the action was rather easy to connect to you.

    Thankfully law enforcement isn't all seeing and able to know just when you do something wrong... but they are pretty good at figuring out what else you did once you become a target.

  10. Re:The real reason by BillKaos · · Score: 2

    I am surprised they've gathered real client data. Standard OPSEC in those sites is to encrypt your delivery address with the public key of the vendor, so unless the vendor is hacked, your personal data should be safe from the market going down.

  11. Re:The real reason by sound+vision · · Score: 4, Insightful

    The average buyer on one of these sites has only a cursory understanding of opsec. Even the sellers and the site admins often get it wrong, as we see in the story. With probably hundreds of thousands of transactions, and a decent chance of a fuckup from at least one of the parties in each transaction, there's a whole lot of information law enforcement can get from this.

    I used to think there was basically no way to fight the emergence of these online markets, but my ideas on that are shifting now. With honeypot operations like this, they can essentially get a huge list of drug users' addresses. Never before has this type of data been amassed on that scale. The worst part of it is that the data set is skewed toward casual users; the dealers typically have better opsec. Additionally, the fact that these packages usually travel over state or national borders significantly ups the legal ante. With assholes like Jeff Sessions in power, I can see large numbers of people getting 30-year sentences for things that many local police departments wouldn't even make an arrest for. Simply because it happened on the internet.

  12. Re:The real reason by Anonymous Coward · · Score: 1

    So the Dutch National Police operated a network for an extended period of time that expressly enabled boatloads of criminal activities. I wonder what the courts will say about this. It may have been a very fruitful enterprise in terms of collecting evidence, but that does not mean it was legal. Police and the Public Prosecution Service have been bitten by stretching this kind of operation too far before.

  13. Re:The real reason by gravewax · · Score: 1

    The courts would have absolutely nothing to say about it. Just about every country has laws that permits the police to perform such operations in order to capture criminals, I would imagine similar laws exist for Dutch Police.

  14. Re:The real reason by __aaclcg7560 · · Score: 1

    Casey Neistat did a video review of "American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road" by Nick Bilton. I haven't read it yet but looks like a good read.

  15. FTA: Cops created honeypot 'Phone Home XLS Files' by MarcusOutrageous · · Score: 1

    Transaction txt logfiles were replaced with an I.P. fishing image embedded in an xls. Vendors not on VPN, for example, highly vulnerable upon such XLS...which could also be opened any-time, any-where...so quite a Trojan. Question: Would LibreOffice and OpenOffice leak just as quickly?