Cyber Security

Dark Markets Takedown – OSINT in Practice

This week saw the takedown of two of the dark web's largest marketplaces for illegal goods. But it was basic Open Source Intelligence techniques that led to the takedown.

This week, the police in the USA announced the takedown of two of the dark web’s largest marketplaces for illegal goods Alphabay and its substitute Hansa. These have sprung up following the demise of the Silk Road (1 & 2) and Agora. 
The AlphaBay and Hansa sites had been associated with the trade in illicit items such as drugs, weapons, malware and stolen data.

According to Europol, there were more than 250,000 listings for illegal drugs and toxic chemicals on AlphaBay worth approximately £350 million between May 2015 and February 2017. Hansa was seized and covertly monitored for a month before being deactivated. These kind of websites spring up as fast as they are taken down, because they are very lucrative and thrive on anonymous transactions.

On this occasion despite the sophistication of anonymity tools like Tor and Cryptocurrency Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude. Which happens quite often.

In December 2016, police discovered Alexandre Cazes, AlphaBay’s apparent creator, through his hotmail email address Pimp_Alex_91@hotmail.com  <pimp_alex_91@hotmail.com>which was used to send out password recovery emails for AlphaBay. Basic Open Source Intelligence techniques revealed his user name and which revealed Cazes’ full name. It also showed he had a LinkedIn account, where he listed his skills as website hosting and cryptography, making his prominence as a suspect in the case only continue to grow. Despite all the skills Cazes claimed to have on LinkedIn, his drug front company website, EBXtech.com, was “barely functional,” according to court documents; and EBX company bank records showed little to no income. 
Authorities acquired Cazes’ PayPal records, which listed <pimp_alex_91@hotmail.com>as contact information, directly tying Cazes’ payment information back to the incriminated address. This put a swift end to Cazes’ almost three-year-old eBay-style illegal goods site.</pimp_alex_91@hotmail.com></pimp_alex_91@hotmail.com>

AlphaBay gave people a way to peer review drugs and discredit sellers that didn’t deliver on time, didn’t deliver the products that they promised, and otherwise left customers dissatisfied. Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed CV listing cryptography and server admin skills. 
“It is never really the technology — for example, Tor — that lets these operators down,” says dark web researcher Sarah Jamie Lewis. “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.

Ever since AlphaBay went offline earlier in July, users of the site had discussed potential alternative dark web marketplaces on online forums.

Related Articles