Darknet Diaries - Ep 24: Operation Bayonet
Episode Date: October 15, 2018Darknet markets are online black markets. They are highly illegal, and dangerous to run. Hear exactly how dangerous it was for Alphabay and Hansa dark markets. ...
Transcript
Discussion (0)
This episode is dark and contains references to illegal drugs, so listener discretion is advised.
Federal law in the U.S. says marijuana is illegal for any purpose in all states.
Yet 20% of the states have flat-out legalized marijuana.
This means the U.S. government finds it offensive, but state government finds it okay, which makes it weird.
Some states have determined it's better
to legalize marijuana for numerous reasons. It's used to treat some medical conditions and help
some people relax after a hard day, and it reduces some crime rates when it's legalized.
In these states where it's legal, there are nice clean shops where you can walk into,
get greeted by a nice clerk, browse what you want, buy your weed, and go. Much like buying
candy in a quick mart. But what if you're buy your weed, and go. Much like buying candy in a
quick mart. But what if you're in a state where it's not legal for any reason, and you need it to
help with some medical condition? But acquiring weed in these states is illegal, which makes it
very frustrating to get. You might have to go to some shady corners in some shady parts of town
to find a guy selling not just weed, but tons of other hard drugs. It's sometimes high pressure,
where you feel guilty by checking the weight or scared to go into certain houses.
These situations are stressful and sometimes scary. But there's a better alternative. Buy
your weed online. Here's how you do it. Fire up a VPN, connect to Tor, get some Bitcoin,
and buy your drugs on a dark market. These are websites that sort of resemble eBay,
but for illegal goods.
You can search for weed by looking for good prices, fast shipping speeds, and sellers with high ratings. There's no high pressure situation, no violence, and it seems safe. It's the perfect
solution, right? This story is about Alphabay, the most popular dark market to ever exist.
And I would love to interview the guy who created Alph AlphaBay, but I can't, because he's dead.
These are true stories from the dark side of the internet.
I'm Jack Recider. This is Darknet Diaries. Delete Me. I know a bit too much about how scam callers work. They'll use anything they can find
about you online to try to get at your money. And our personal information is all over the place
online. Phone numbers, addresses, family members, where you work, what kind of car you drive. It's
endless and it's not a fair fight. But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete Me. Delete Me is a subscription service that finds and removes
personal information from hundreds of data brokers websites and
Continuously works to keep it off data brokers hate them because delete me make sure your personal profile is no longer theirs to sell
I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found and then they
Got busy deleting things. It was great to have someone on my team when it comes to my privacy
Take control of your data
and keep your private life private
by signing up for Delete Me.
Now at a special discount
for Darknet Diaries listeners.
Today, get 20% off your Delete Me plan
when you go to joindeleteme.com
slash darknetdiaries
and use promo code darknet at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash darknetdiaries and enter code darknet at checkout. The only way to get 20% off is to go to join delete me.com slash darknet diaries and
enter code darknet at checkout. That's join delete me.com slash darknet diaries. Use code darknet.
Support for this show comes from Black Hills Information Security. This is a company that
does penetration testing,
incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call.
I'm sure they can help.
But the founder of the company, John Strand, is a teacher,
and he's made it a mission to make Black Hills Information Security
world-class in security training. You can learn things like penetration testing,
securing the cloud, breaching the cloud, digital forensics, and so much more. But get this,
the whole thing is pay what you can. Black Hills believes that great intro security classes do not
need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer and find
links to their webcasts to get some world-class training. That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
It's about time I do an episode on the actual Darknet, isn't it?
I choose the name Darknet Diaries because I really like the word Darknet.
I just imagine it to be all the shady parts of the internet where rogue stuff is going on.
Not necessarily any part of the internet in particular, but anything that someone doesn't want a light shining on it. But actually there is a thing called the darknet. It's kind of debatable,
but the way I understand it is that it's a hidden, anonymized network on the internet.
Picture going into a club, and upon entering, everyone has to wear a mask and the same exact
suit, so you can't tell anyone apart. When you connect onto the darknet, you become anonymous.
At least that's the theory. There are a few darknets out there. Freenet, I2P, but the most
popular one out there is Tor, T-O-R, which stands for the onion router. By using a special kind of
software, you connect your computer to the Tor network, and you become anonymous.
Normally when you visit a website, it knows your IP address, which can be associated with where you are in the world.
But when you connect to Tor, you get an IP of that computer that you're connected to,
which might be hundreds or thousands of miles away.
This masks where you actually are.
And if you want to be extra safe, it's wise to use a VPN also before connecting to Tor so that if Tor or the VPN servers were to be compromised, neither one of them would know exactly where you came from and where you went. They'd only be able to see one or the other.
People use Tor for lots of great things. I use Tor whenever I research episodes for this show because I stick my nose in a lot of places that I don't really want my connections to be tracked back to me. As you can imagine, I researched some dark and shady stuff. Countries with government oppression end up with a lot of people using Tor to get around censorship and to get their voices heard. Whistleblowers will
often use Tor to hide their identity, and people who are concerned with mass surveillance may use
Tor to escape being tracked. It's an invaluable tool for people who want to share a message but
are concerned with facing punishment for speaking up. When you get on Tor, you can visit any website, both the darknet and the regular internet,
and your location is masked. But there's something else Tor has too, and that's the deep web, which
are all the websites that are only available to those people who are on Tor. So if you're not on
Tor, you can't reach these deep websites. These sites that are only
on tour network always end in.onion instead of.com or.net. And since this is theoretically
an anonymous network, it's often used for illegal activity. If you browse around to see what websites
are available on tour, you'll find sites offering illegal services, sites wanting to trade software
or music illegally, blogs about how to create counterfeit money, or do criminal hacking.
But the most popular type of site on the Tor network are drug marketplaces.
These are sites just like eBay where you can buy and sell items and see sellers' rankings to help you decide if you should trust them or not.
This peer review method works pretty well.
Buyers will find someone with a high rating
and buy a little to see if it's legit. And if it works out, they've just found their new favorite
dealer to buy drugs from. Once all set up, the process is rather quite simple and convenient.
But setting yourself up to properly be safe takes a long time to do it right. You need to buy some
Bitcoin, get a VPN service, connect to Tor, set up PGP, create separate email addresses
and aliases and a different persona just so nothing could ever be linked back to you. You never want
to use your work email address or something stupid. And yes, there are many people who register on
these dark market sites with their actual work email address. It's insane. Probably the most
notable of all these dark markets is Silk Road. The story of Silk Road is incredibly interesting,
but that story has
been covered in detail multiple times. If you're interested in it, check out the book American
Kingpin by Nick Bilton for the podcast Case File, episode 76. I don't think it ruins the story for
you, but the reason why it's so famous is because the feds tracked and captured the guy who ran it,
Ross Ulbricht. And when he was captured, he got life in prison
without the possibility of parole.
The guy is never getting out of prison,
all because he created a website
that lets people buy and sell illegal items.
He got life in prison
because he was running the biggest illegal marketplace
on the planet.
No street gang could ever come close
to moving the amount of stuff
that was being bought and sold on Silk Road.
And because of this, the U.S. government came down hard on him, putting him in prison for life and shutting down Silk Road in October 2013. But Silk Road had a few programmers and moderators
that didn't get caught. And they got together and created a new dark market called Silk Road 2.
And within a year, the feds caught up with them too,
and shut that site down as well.
See, the U.S. federal authorities have declared a war on drugs,
and these dark markets really attract their attention.
The feds spend a lot of time and energy going after anyone who makes these sites.
But that doesn't stop people from making dark markets.
The same month Silk Road 2 was shut down,
a new site sprang up on tour called Alpha Bay.
In November 2014, Alpha Bay opened its doors and people started using it to buy and sell drugs.
The biggest drug market at that time was called Evolution.
When Silk Road went down, a lot of buyers and sellers needed a new place to go
and they switched over to Evolution to do their trading.
This made Evolution super popular as users began migrating over to it.
Evolution was a place where you could buy all kinds of illegal items,
but people primarily went there to buy drugs.
And it used an escrow service to do these transactions.
The Bitcoin was sent to the Evolution server until the transaction was complete,
and then it was released.
It was a dominant player in the space, and it was growing in size.
People really liked it, and the site was highly rated.
The site was looking strong and holding steady as a leader. But in March 2015,
Evolution went offline. This time, it wasn't because of feds. It was because that whoever was running Evolution shut the doors and took everyone's Bitcoin that was held on the site.
This was around 12 million dollars. This is equivalent to you giving money to a drug dealer
and them not giving you the drugs in return, just taking off. People were furious that the site
owner would do something like this and were claiming they lost over $20,000 that was being
held on the Evolution servers. So when Evolution went down, Alphabay's numbers soared. In the next
three days, Alphabay saw 18,000 new users and 7,000 new forum posts and was seeing
$300,000 in trading value a day. And once people started using Alphabay, they loved it. The site's
popularity rose quickly. Within a year, they had 200,000 registered members. But they weren't the
only dark market around. The biggest dark market at that time was Agora. But then Agora announced
they would be pausing operations and asked everyone to withdraw their Bitcoin and stop using the site. This again
gave Alphabay another serious bump and new users, more listings and more trades. Because of all this,
within two years, Alphabay had over 400,000 users and was the biggest dark market in the world.
In fact, it was the biggest dark market the world has ever seen,
having more listings than anyone before that.
AlphaBay became the go-to place to buy or sell drugs online.
The site's moderators were friendly and helpful
to users who wanted to learn how to use Bitcoin
or PGP to encrypt their chats,
and the user interface was easy to navigate and friendly,
and the quality of stuff for sale was great.
On any day of the week, you could buy marijuana,
LSD, mushrooms, meth, cocaine, fentanyl, or heroin. But besides drugs, people sold other illegal things, counterfeit driver's license and passports, weapons, stolen credit card numbers,
tools used for skimming credit cards, and counterfeit money-making machines. But despite
all these options, the drugs are what sold the most on the site. To buy on this site, you couldn't
use your credit card or PayPal. Only Bitcoin, Monero, and Ethereum were accepted. These are
cryptocurrencies that are also theoretically anonymous where you don't know who you're
sending the money to. You simply need a wallet ID to send money to and a key to access your own
wallet. Alphabay would charge 2-4% commission for every transaction that went on there.
And with hundreds of thousands of transactions happening, AlphaBay was making some serious Bitcoin. The site
owner was able to hire some staff to keep the place operational and continue to add new features
and fix bugs. But a site like this is going to attract a lot of enemies. Law enforcement agencies
around the world have notoriously gone after sites like Alphabay to try to shut them down.
So by being the top dark marketplace in the world, it attracts a lot of eyes and ears from many government agencies.
Investigations and cases started opening up in the US, Canada, UK, Netherlands, and Germany.
And they tried looking to see if any clues could be found as to who's running the site.
But everywhere they looked, they found nothing.
Whoever was administering the site
was very good at keeping the server's location secret
and the owner's identity hidden.
All chats were encrypted,
and the site's owner used an alias, Alpha02,
which wasn't used anywhere else,
and they encrypted and anonymized
all connections to the servers.
For years, federal law enforcements
couldn't find any clues which would lead them to
shutting down the site. The U.S. has a war on drugs and dedicates a lot of time and money
towards stopping drug dealers. And they like to go after big operations, which will make the most
impact on the drug scene. And AlphaBay was by far the biggest. Whoever was running AlphaBay knew
this was highly illegal and had to hide. They had to be extremely careful because not only would the police be looking for them,
but other drug dealers would be too.
AlphaBay had many competing drug marketplaces.
Marketplaces that also had services available like Hitman and Hackers.
It may be entirely possible that an owner from another dark market wanted AlphaBay gone
and had all the resources to track them down and put an end to Alphabay. But besides the dark markets, regular street gangs were sometimes hit
economically because of the rise of the online drug markets. So some of them were also angry
with the popularity of Alphabay, which meant they were having a harder time finding buyers
and weren't able to figure out how to sell their stash online. So the admins to Alphabay had
to make sure their identity, location, and the server's identity were kept very secret from all
these enemies. And to top it all off, the Dark Knight is where some black hat hackers like to
dwell. And they know this is a very lucrative business. A lot of bitcoins are coming in and out.
So Alphabay probably got a fair share of hacking attempts waged against it at all times.
There was always someone digging around the site
looking for anything that may give away any information to figure out who was running it.
At one point, someone interviewed the administrator for Alphabay
asking if they were afraid of getting caught
and their response,
I am not.
I am absolutely certain that my OPSEC is secure
and I live in an offshore country where I'm safe.
The United States
FBI really wanted to catch them though and put an end to this market so they began digging deeper.
And the FBI was having trouble finding any clues at all so they went on to Alphabay and started
buying drugs. An undercover agent with the FBI created a user account and used some bitcoins to
buy marijuana. A few days later they got the weed in the mail.
No clues found.
Not even information on who was selling it to them,
just that it was shipped from California.
Then the FBI bought another drug, this time heroin,
and again offered no clues as to who was running the site.
The FBI continued buying item after item on AlphaBay
in hopes to eventually spot something
and get more evidence as to what this place was doing.
The FBI bought more heroin and fentanyl
and more marijuana and some meth,
actually 50 grams of it.
Then the FBI went on to purchase other things.
They bought four fake driver's licenses
and they bought a credit card skimmer
that fits onto an ATM and more.
And the FBI was gathering more and more evidence
for this case and also working with other law enforcements around the world to share information that they found. And eventually,
the FBI spotted something. When an undercover agent created a new account at AlphaBay,
he received a welcome email and examined it closely. He looked at the headers of the email,
and there was a reply to email address that was unusual. The reply to email in the header was pimpalex91 at hotmail.com.
The FBI took this email address and went to Microsoft,
the owners of Hotmail, to request information on who owns that address.
That email address was found to be associated to a LinkedIn account
for a guy named Alexander Kazes, who was born in 1991.
And this matched the 91 in the email address. His LinkedIn profile explained
that he's from Montreal, Canada and runs a computer tech support company called EBX Technologies.
Now that the FBI had a name, they began digging deeper into Alexander Cazes,
uncovering everything they possibly could about him.
This episode is sponsored by SpyCloud.
With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important than ever.
I recently visited SpyCloud.com to check my darknet exposure
and was surprised by just how much stolen identity data criminals have at their disposal.
From credentials to cookies to PII.
Knowing what's putting you and your organization at risk
and what to remediate is critical for protecting you
and your users from account takeover,
session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime
with a mission to end criminals' ability
to profit from stolen data.
With SpyCloud, a leader in identity threat protection,
you're never in the dark about your company's exposure from third-party breaches, successful phishes, or infostealer
infections. Get your free Darknet exposure report at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries.
AlphaBay wasn't the only dark market going around.
There were many others, but one that was gaining in popularity was called Hansa.
And it had a great user interface and great admins with great customer support
and was actually very popular in Europe.
Same thing was being sold on Hansa.
Guns, IDs, counterfeit devices, and of course drugs.
Even though Hansa was much smaller than
AlphaBay, it too attracted the attention of law enforcement. Countries around the world wanted
to stop Hansa from being a trading place for illegal items. All of the Hansa servers were
on the anonymized Tor network. This made it impossible to track where it was located in the
world. But there was one development server that was located on the regular internet.
A security researcher found this one Hansa server that wasn't on Tor. It was located on the regular internet. A security researcher found this
one Hansa server that wasn't on Tor. It was just on the regular internet. And it turned out to be
a development server that the admins could test new features on. They reported this information
to the Netherlands National High Tech Crime Unit. This is the department that investigates high
profile cybercrime cases such as this. They took this tip and tracked down the IP. And it was in a
data center that was actually located in the Netherlands. They took this tip and tracked down the IP, and it was in a data center that was
actually located in the Netherlands. They contacted the data center that was hosting the server,
and the Dutch government was able to put a sort of wiretap on the server to watch all packets that
were coming in and out of it. And from there, they found the server was talking a lot with the live
Hansa server, which was on Tor. And this production server was in the same data center as the
development one. So from there, the Dutch government was able to make hard drive copies of a few of those Hansa servers, both the development and production one.
And they did this without causing any outage on the site, working directly with the data center.
The Dutch high-tech crimes unit combed through the contents of those hard drives.
The goal was to find who the admins were to the site. They saw the admins were connecting to the site, but the connections were anonymized through Tor, so they weren't able
to determine where these people were from. And all the logins for the admins were aliases. Of course,
the site owners wouldn't use their real names to log in with. But at some point, the authorities
found chat logs on the server. And as they looked into it, they found these logs dated back years
and years. Inside the logs were conversations
between the admins of the site,
but the Dutch couldn't read the conversations,
not because it was encrypted,
but because the conversations were in German.
So the Dutch authorities had to get a German translator
to come help them decipher the chats
and read through the logs.
A lot of it was talking about the site,
such as resolving disputes, doing maintenance,
and adding new features.
But as they read deeper into the chat logs,
they found the real names of both the admins of the site.
And further in the logs, they found the home address of one of the admins.
The Dutch government had the names and possible location
of the two men that were running the Hansa dark market.
But a new problem was encountered.
The home address of the admin was in Germany.
When the Dutch government contacted Germany to request their arrest and extradition, the German government explained they are already
tracking those two guys. The same two guys who were running the Hansa dark market had previously
created an online site to buy and sell pirated ebooks and audiobooks. The German police were
trying to find the location of these two guys to arrest them. The Dutch and German authorities
began hatching a new plan. They joined forces to capture these two guys to arrest them. The Dutch and German authorities began hatching a new plan.
They joined forces to capture these two guys under the existing German case,
but the Dutch government would take over Hansa.
This way, Germany gets their suspects,
and the Netherlands gets control of Hansa to potentially catch more drug dealers.
The plan was to gather enough evidence to arrest the two men.
At the same time, they were logged in as admins to the site so they could take it over.
But just as they were collecting more evidence against the two German admins, the Dutch server
went offline. The Hansa admin saw a copy was made of the hard drives and it freaked them out.
So they moved the server to another location. And once again, the location of the server became
anonymized over Tor and the authorities had no idea where it went and therefore couldn't take
it over. So they went back to looking over what they had, trying to figure out where they moved the server
to. Months and months go by without any clues as to where the servers had gone.
Enhanza continued to operate, becoming the go-to place in Europe to buy and sell drugs online.
In the chat logs on those old hard drives were a few
Bitcoin addresses, and the Dutch authorities were watching these addresses to see if anything was
being sent in or out of those wallets. And while Bitcoin is in fact anonymous, at some point you
may want to exchange your Bitcoin for cash. And you need to do that at a Bitcoin exchange, which
is usually audited and licensed. And the authorities saw one of the Bitcoin addresses sent money to an
exchange in an attempt to move some money. And this was a lucky break because the exchange they sent the
money to was in Netherlands. So the Dutch high-tech crime unit went down to the exchange to request
additional information on where the money was sent to. The Bitcoin exchange released the information
and the Dutch authorities discovered the Bitcoin was sent to a server in Lithuania. With the help
of the Lithuanian government,
they were able to track down the exact location of where the new Hansa server was located.
The Dutch, German, and Lithuanian government agencies
had everything they needed to arrest the admins and take over Hansa.
But at this point, the FBI notified the Dutch authorities
that they had discovered who was behind Alphabet and the location of the server.
And the FBI was informing the Dutch that they'd be conducting a raid on the data center
and arresting the owner. But the Dutch government said, whoa, hold on. The authorities for Germany,
Dutch, and the FBI collaborated on a plan. Because the Dutch and German authorities were ready to
take over Hansa, they wanted to get control of Hansa before Alphabay was to be taken down. The theory was that as soon as Alphabay went down, the users would flock to
Hansa to continue to buy and sell illegal items. And if the Dutch government was already controlling
Hansa, they could collect a lot of information of the users of the site and potentially arrest
a lot of dealers in the process. The FBI agreed to this plan and decided to call it Operation
Bayonet. Bayonet was a play on a few
words. Bay comes from Alpha Bay, net comes from Darknet or internet, and it would also signify
piercing the dark marketplace. Authorities believe that with the takedown of Alpha Bay and the
government controlling Hansa, after all this was over, it would destroy trust in the dark marketplace
for a long time, potentially crippling the whole online trade of illegal items. Operation Bayonet was a go.
The next steps were for the takeover of Hansa. The Dutch authorities worked with Lithuania and
Germany to conduct the raid on the data center and arrest the two men simultaneously. Lithuania
agreed to the plan, and two Dutch authorities went to the data center to prepare for the takeover.
On June 20th, 2017, the plan sprang into action. The Dutch police raided the
data center in Lithuania and the German police, with a very precise and careful method, raided
the homes of both of the admins of the Hansa dark market. It's not clear how this was done,
but the German police probably watched what the admins were doing and verified they were on their
computers and then created a disturbance to get the men away from their computers while it was on. This had to be a very careful operation to successfully take over Hansa.
But the German police succeeded on both raids. They arrested both admins to the site while their
laptops were open and unlocked. And the German police gave the signal to the Dutch authorities
who then quickly migrated the entire Hansa server to the Netherlands and under their control. And
the German police simply filed the reports as two guys being caught pirating ebooks and audiobooks, which meant all the users
on the Hansa site were oblivious to the takedown and the moving of the servers. While in jail,
the two men gave up all the passwords and credentials needed to access all parts of the
site. The site had four moderators on it, and even they didn't know a takeover had occurred.
This was a huge success for the Dutch
and German authorities. Now that Europe's most popular dark market was under Dutch government
control, they began turning the site into a mass surveillance station. See, these dark markets have
a lot of dealers. Dealers who are selling massive amounts of meth, cocaine, heroin, weapons, and
other illegal items. And the authorities wanted to collect as much evidence as they could on those dealers
so they could potentially stop them from selling anymore.
They first rewrote the code to log all user passwords in clear text.
This way they could attempt to reuse those logins on other dark markets or websites.
And they found a way to read and log all communication between buyers and sellers
while keeping it encrypted.
This would reveal the home address of many of the buyers. The site had previously stripped out all metadata from every picture uploaded.
And these would be pictures of illegal items for sale. But the authorities were able to strip the
metadata off these photos and save it before it was posted. This would reveal the date, time,
camera that was used to take the photo, and sometimes geolocation of where the photo was
taken. And once this was in place, the Dutch police staged a fake server glitch
which accidentally removed all photos on the site,
forcing sellers to re-upload their photos.
This provided authorities with numerous seller locations.
By this time, Hansa had over 70,000 listings
on its site at any given time,
so this was a lot of information
for the authorities to process.
And amazingly enough,
the police also tricked users on the site to download a homing beacon they claimed this file was a backup encryption key to access
their bitcoins if the site were to ever go down so people downloaded it and opened it which would
run a script that would try to connect to a url and reveal that person's real ip address this gave
authorities many more locations on where dealers were located and during this whole time the d Dutch police continued to impersonate the two admins that were previously running the site,
responding to other moderators, handling any site complaints from users,
and actually doing a really good job with customer support.
The users seemed very happy with the level of customer support they were getting from the site,
completely unaware it was being ran by the Dutch government.
And the Dutch authorities continued to let all items be bought and sold except for one.
They banned the sale of fentanyl on the site.
This is similar to heroin, but is more dangerous
and contributed to numerous overdoses, according to authorities.
At this point, the trap was set.
The Dutch police had set up a honeypot
by using a very popular drug marketplace
to attract criminals to conduct crimes under their watchful eye.
Now that they were collecting tons of information, they were ready for the FBI to conduct the next step in Operation
Bayonet. The FBI was ready for action. They tracked down the owner of AlphaBay to Alexander
Cazas, who was living in Thailand, and they tracked down the location of the server to be in Montreal,
Canada. So the FBI coordinated with Canada and Thailand to do a simultaneous raid on the data center in Alexander's house. Again, the goal was to arrest Alexander while
he was logged into his computer so the authorities could have proof as to who the admin was for the
site. So on July 5th, 2017, the authorities of Canada, Thailand, and the FBI sprang into action.
The Canadian police raided the data center and started taking the servers offline.
And the Thai police went to Alexander's fancy and expensive villa, and they used an unmarked
police car to stage a fake accident in front of the house. While a plainclothes cop was attempting
to turn his car around, he smashed into the front gate of Alexander's house on purpose,
but made it look like an accident. This created a disturbance. Other plainclothes cops,
acting like neighbors, started yelling, but no sign of Alexander. They knew he was home,
he just wasn't coming outside. So they continued yelling and trying to turn the car around and
making more of a ruckus in his driveway. And after what seemed like an eternity for the police,
he came outside to see what was going on. And he came out with a cell phone in his hand,
wearing a pair of blue shorts and sneakers. He had no shirt on. He came outside to see what was going on, and he came out with a cell phone in his hand, wearing a pair of blue shorts and sneakers. He had no shirt on. He came out to the front of his
driveway to inspect the smashed gate, while the plainclothes cops, posing as neighbors, surrounded
him. He was confused and mad about the gate, but the signal was given, and the cops came after him.
Alexander ran, but not far. The cops immediately grabbed him and wrestled him into a pair of
handcuffs. Alexander's phone was quickly taken from him and wrestled him into a pair of handcuffs.
Alexander's phone was quickly taken from him and kept open so it wouldn't become locked.
And the Thai police ran inside and found his computer open
and logged in to the AlphaBay server as admin.
He had been trying to figure out why the servers in Montreal were going down.
When the Royal Thai police and the FBI examined his computer,
they found a text file with all the passwords for the AlphaBay site. This would be enough
evidence to convict him of being the owner of the largest dark market in the world.
The raid on the Montreal data center was also a success, and the FBI was able to seize his
servers and take them offline immediately. The capture of Alexander Cazes remained quiet.
The FBI did not announce they have taken Alphabay offline.
This caused a flurry of angry Alphabay users
who immediately thought there was an exit strategy,
just like how the admins to Evolution had simply closed up
and took everyone's Bitcoins.
After days of Alphabay being offline,
people suspected the site owner had stolen all their Bitcoins too.
Alexander Kazes was taken to a Thai jail where he would wait to be extradited to the US.
They found that Alexander was married to a Thai woman in her early 20s, and he had been living
in Thailand for the last eight years. And AlphaBay was only two years old. And before that, he was a
software developer. Alexander, in my opinion, looks like an average computer techie. He's 26 years old,
white guy, grew up in Montreal, Canada. He looks like a young Elon Musk. His hair is always a
little out of place, and he seems to slightly underdress. Not muscular, not extra fit, not
overweight either. He had a traditional Thai wedding, and all his groomsmen all look Thai too.
And I'm not sure if that means he only had Thai friends or if he simply lived a very private life.
His wife looks kind and generous and happy in the photos.
From just her appearances, she looks like someone who's simple and a good caretaker.
She doesn't dress flashy or extra sexy or seem to be high maintenance.
She just looks like a caring and sweet girl.
When the police questioned her, she said her job was a researcher at an academic institution,
which kind of fits her appearance.
She's likely very close to her parents and down to earth.
Neither Alexander or his wife look like kingpins to the world's biggest drug marketplace.
The U.S. filed a civil forfeiture complaint against Alexander and his wife,
which allowed the FBI to seize everything they owned.
While conducting their seizures, they found Alexander had kept a meticulous journal of all his assets. And this made it easy for the FBI to go and
collect it all. Here's what the FBI seized. 10 vehicles, including a Lamborghini purchased at
$900,000, a Mini Cooper that his wife drove, a BMW motorcycle, and a Porsche Panamera. Numerous
pieces of real estate, including his primary luxurious villa in Thailand, and he owned the house next door, which was for his wife's parents
to live in. He also was building a new luxury villa in Bangkok, and he had vacation homes in
Phuket, Antigua, and Cyprus. His home in Cyprus cost $2.3 million because you can become a resident
of Cyprus if you own $2 million in real estate, which is what he was trying to become a resident of.
And he also paid Antigua $400,000 to become a resident there.
He had three Thai bank accounts, one Swiss bank account,
and one bank account in St. Vincent in the Grenadines.
And he was also holding large amounts of cryptocurrencies,
including Bitcoin, Ethereum, Monero, and Zcash.
And between his bank accounts and cryptocurrencies, the FBI seized $8.8 million.
On top of all that, the FBI seized all the Bitcoin, Monero, and Ethereum that were on the AlphaBay servers that were seized in Montreal.
When AlphaBay was seized, it had 250,000 active listings.
To put this into perspective, Silk Road had only 13,000 listings when it was shut down.
So you can see AlphaBay was almost 20 times bigger than Silk Road in terms of
active listings. Alexander was charging 2 to 4% commission on every transaction, and the logs
showed that about 840,000 bitcoins were transferred to Alphabay, totaling around $450 million in
transactions. So the Feds estimated his commissions for all this was somewhere between $9 and $18
million. And according to Alexander's notes, he claimed he had a self-net worth of $23 million.
This kind of cash is what I expect a kingpin like this to have,
because he knew full well what he was getting himself into when he started this.
It's a risky, extremely risky business.
He knew his life would be in danger,
and he had to be absolutely perfect at not being caught
every step of the way. So to take this ride with the devil, it better be worth it. And millions of
dollars seem to make it worth it for Alexander. And again, looking at his photos of his wife,
he simply doesn't seem like your stereotypical millionaire drug lord. She looks like the girl
next door. He looks a little dorky. And even when he wears a suit and poses in front of his Lamborghini,
he seems to be out of place in the suit.
I don't know.
Maybe I should start changing how I perceive big-time drug dealers.
A Montreal Canadian news outlet would later interview Alexander's father,
who said Alexander was so kind and caring he wouldn't hurt a fly.
He never had a criminal record, never smoked, and never did any drugs. He was very smart, and even skipped a whole year in school because he did so well.
And according to his father, his wife was eight months pregnant.
While in jail, Alexander knew everything was being seized and taken away from him,
and his wife was being questioned. And he was concerned about her parents' house being seized
away from them. And he also knew full well that Ross Ulbrecht,
the guy who got caught running Silk Road,
received life in prison without the possibility of parole.
Alexander was scared.
Really scared.
It felt like he had no options.
The world was closing in on him all around,
and he didn't want to face any of it.
So on July 12th, after sitting in a Thai jail for seven days,
Alexander wrapped a towel around his neck, twisted it tight,
tied it into a knot, and committed suicide.
The next morning, the Thai police found him dead in his jail cell.
And this hit the news in Thailand.
And at that point, the Wall Street Journal broke the story for the rest of the world
that Alphabay was seized by the feds and the owner of the site was dead.
This sent the users of the dark markets into a panic.
People were freaked out that the feds had taken over Alphabay.
Numerous conspiracy theories started springing up about his death.
Was he murdered by another dark market owner?
Was he murdered by the real Alphabet owner?
Was he murdered by the feds?
Why did he commit suicide?
Darknet forums were abuzz with the chatter about this event.
Once Alphabet shut down, just like according to plan,
a ton of new users started registering at the Dutch government-controlled Hansa dark market.
Over 5,000 new users a day started registering at the Dutch government-controlled Hansa dark market.
Over 5,000 new users a day were registering at the site,
which is a massive jump from the normal 600 new users a day.
In fact, the number of new users were so high it broke the registration system,
and the Dutch police had to spend a few days getting it back online.
Under Dutch law, they were required to track and report every sale on the site. About 1,000 transactions a day were being conducted on Hansa,
and this was becoming too much paperwork for the Dutch authorities to handle.
After the Dutch government had ran Hansa for 27 days
and collected information on about 27,000 transactions,
they pulled the plug on the server, shutting the whole operation down.
And immediately, the Dutch authorities placed a banner on the site.
It said the Hansa hidden site had been seized by
the Dutch National Police. At the same time, Alpha Bay's site started displaying it had been seized
by the FBI. News of both sites being controlled by government agencies shattered trust in many
dark market buyers and sellers, and it sent the whole community into chaos. Two days after Hansa
was shut down, U.S. Attorney General Jeff Sessions made a press statement. Today, the Department of Justice announces the takedown of the dark web market Alpha Bay.
This is the largest dark market web place takedown in world history. And this is likely
one of the most important criminal investigations of this entire year.
I have no doubt of that.
Make no mistake, the forces of law and justice face a challenge
from criminals and transnational criminal organizations
who think they can commit their crimes with impunity by going dark.
This case, pursued by dedicated agents and prosecutors, says you are not safe.
You cannot hide. We will find you. Dismantle your organization and network,
and we will prosecute you. The dark net is not a place to hide.
For the FBI, they were able to gather more evidence and go after moderators of AlphaBay
and capture and arrest them. And for the Dutch police, they were able to gather more evidence and go after moderators of AlphaBay and capture and arrest them.
And for the Dutch police, they collected information on over 420,000 users and collected 10,000 home addresses.
They turned this information over to Europool to further take action.
They seized about $12 million worth of Bitcoin that was on the Hansa server at the time of shutdown.
And they arrested over a dozen dealers that were located in the Netherlands. They also claimed to have conducted over 50 knock-in talks, where the police would come
visit someone and talk to them if they were a known big buyer or seller. The FBI and Dutch
police continue to this day to go through the data they collected to track down anyone they
got information on. When both Alphabay and Hansa went down, the people discovered it was taken over
by the feds. This really rattled the dark market communities. After Hansa, there wasn't a mass migration to another site. Users
scattered. They went back to the streets or simply gave up on it altogether. The feds not only
infiltrated the darknet, but they infiltrated the minds of the people on the darknet. Immediately
after these takedowns, people were much more cautious. Some were panicking. They weren't using
good operation security and they reused passwords and put in their home address and they were sloppy with privacy.
And it certainly made a dramatic short-term impact on the dark market trading scene.
After all, this was the most elaborate and coordinated sting ever conducted on the darknet.
But the long-term impact is yet to be seen. Today, new dark markets are gaining in size,
such as Dream Market and
Wall Street. But users of those sites should be aware of the history of dark markets. You never
know if the feds are selling or buying drugs on there, or controlling the site outright. And you
can never guess as to when the owner just might decide to shut down the site and steal everyone's
bitcoins. But here's what I take away from this story. The only way the feds were able to catch anyone
was because of that person's poor personal security.
Alexander was only discovered because he accidentally put his personal email address
in the reply to of the welcome email,
which directly connected him to his LinkedIn profile.
And the German Hansa guys were only caught
because they put their real names and addresses in the chat logs on their server.
And the big-time sellers that the Dutch government caught were only discovered because they didn't scrub names and addresses in the chat logs on their server. And the big-time sellers that the Dutch government caught
were only discovered because they didn't scrub out the metadata from the photos
and didn't cover their tracks properly.
The feds caught all these people
because these people slacked off just a tiny bit on their own security.
Not because there's some super secret way to track who owns a Bitcoin wallet
or who is on tour.
Jeff Sessions says the darknet is not a place to hide,
but clearly it is if the right precautions are made. With all the time and money and effort they put
into taking down Alphabay, the feds would have used a more scary method to track down these guys
if they had scary ways to do it. But they had to wait and watch for years to spot a mess up in
operational security. Now it's probably true that you'll never shake the feds from trying to track
you if you run the largest dark market in the world. And they'll probably catch you eventually, but maybe you make
enough money and give the site to someone else and then disappear completely. Alexander had 20
million dollars in assets. And I wonder how much more he thought he needed for him to just disconnect
from it all and change his name and live a nice happy life with his wife in Antigua. And if you do want
to be anonymous and conduct massive illegal activities online, you still can. But it takes
a lot of time and effort to become that safe. You need to exercise all the options you can to stay
anonymous. Here's a starter pack. Use Tor. Use a VPN. Take advantage of Bitcoin tumblers. Use PGP
and encrypted chats. fake personas don't ship
anything to your actual house strip out all metadata from photos and use a separate computer
to do all this on because if you take all these steps to be anonymous then you just log into
facebook if someone was tracking your anonymous persona they now know you own that facebook
account and can link it back to you so when when you set all this up, keep it separate from
everything that's connected to your real persona and don't tell anyone about it. Another thing the
story proves to me is that there's a massive worldwide demand for illegal items. And when
there's a demand this large, there will always be someone willing to risk their life and take
that forbidden ride and build a dark market and cash in on that demand.
You've been listening to Darknet Diaries.
Please consider donating to help support this show by visiting darknetdiaries.com slash donate.
It really helps a lot.
This show is created by me, Alpha03, Jack, Recider.
Mixing is done by Sono Sanctus. And the theme music is created by me, Alpha03, Jack, Recider. Mixing is done by
Sono Sanctus, and the theme music is created by the hooded Breakmaster Cylinder.