Dark days for ‘dark web’: after AlphaBay, global cops kill Hansa

22 Jul 2017

A globally coordinated crackdown on 'dark web' marketplaces AlphaBay and Hansa has rattled merchants and consumers of illegal products, and left them looking for a new home.

Authorities shuttered AlphaBay, the largest online marketplace for illegal goods, on 4 July, and took down Hansa, the third largest, on Thursday. The sites, where people could buy drugs, guns and child pornography, had flourished since 2014, when a predecessor, Silk Road, was shut down (See: FBI shuts down illegal drug site Silk Road).

Two major law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of Europol, have shut down the infrastructure of an underground criminal economy responsible for the trading of over 350 000 illicit commodities, including drugs, firearms and cybercrime malware.

The coordinated law enforcement action in Europe and the US ranks as one of the most sophisticated takedown operations ever seen in the fight against criminal activities online, according to a Europol press release.

"This is an outstanding success by authorities in Europe and the US," Rob Wainwright, the executive director of Europol, said on Thursday, while appearing alongside the US Attorney General, Acting FBI director and deputy director of the US Drug Enforcement Administration (DEA) at a press conference in Washington DC.

"The capability of drug traffickers and other serious criminals around the world has taken a serious hit today after a highly sophisticated joint action in multiple countries. By acting together on a global basis the law enforcement community has sent a clear message that we have the means to identify criminality and strike back, even in areas of the dark web. There are more of these operations to come," he added.

Fuelled by Tor browsers and cryptocurrencies that offer anonymity, AlphaBay, Hansa and other sites avoided much government detection, allowing online drug sales to triple in the wake of their predecessor Silk Road's demise. AlphaBay replaced Silk Road as the biggest, growing to be 10 times larger.

And the war shows no signs of ending, as when one dark market falls, buyers and sellers just move on to the next one.

The migration of buyers and sellers comes as authorities around the world crack down on digital marketplaces that cater to growing numbers of shadowy sales. AlphaBay listed more than 100,000 items at the time it was taken offline. By comparison, Silk Road had just 14,000 when the Federal Bureau of Investigation closed it four years ago.

After the latest crackdown, Dimitris Avramopoulos, European Commissioner for Migration, Home Affairs and Citizenship, said, "The dark web is growing into a haven of rampant criminality. This is a threat to our societies and our economies that we can only face together, on a global scale. The take-down of the two largest criminal dark web markets in the world by European and American law enforcement authorities shows the important and necessary result of international cooperation to fight this criminality ... our fight against criminal activities online and offline will continue and intensify."

Julian King, EU Commissioner for the Security Union, said, "This latest success demonstrates not just the growing threat posed by increasingly sophisticated criminal enterprises exploiting the largely unregulated space occupied by the internet but also the vital role of international cooperation among law enforcers, the private sector, national authorities and international organisations in making all of us safer from global, borderless menaces."

AlphaBay was the largest criminal marketplace on the Dark Web, utilising a hidden service on the Tor network to effectively mask user identities and server locations. Prior to its takedown, AlphaBay reached over 200,000 users and 40,000 vendors. There were over 250,000 listings for illegal drugs and toxic chemicals on AlphaBay, and over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and fraudulent services.

At a conservative estimate, of $1 billion was transacted in the market since its creation in 2014, according to the Europol release. Transactions were paid in Bitcoin and other cryptocurrencies.

Hansa was the third largest criminal marketplace on the dark web, trading similarly high volumes in illicit drugs and other commodities. The two markets were created to facilitate the expansion of a major underground criminal economy.

The investigations
With the help of Bitdefender, an internet security company advising Europol's European Cybercrime Centre (EC3), Europol provided Dutch authorities with an investigation lead into Hansa in 2016. Subsequent enquiries located the Hansa market infrastructure in the Netherlands, with follow-up investigations by the Dutch police leading to the arrest of its two administrators in Germany and the seizure of servers in the Netherlands, Germany and Lithuania. Europol and partner agencies in those countries supported the Dutch National Police to take over the Hansa marketplace on 20 June 2017 under Dutch judicial authorisation, facilitating the covert monitoring of criminal activities on the platform until it was shut down this week.

In the meantime, an FBI and DEA-led operation, called Bayonet, was able to identify the creator and administrator of AlphaBay, a Canadian citizen living a luxurious life in Thailand. On 5 July 2017, the main suspect was arrested in Thailand and the site taken down. Millions of dollars worth of cryptocurrencies was frozen and seized. Servers were also seized in Canada and the Netherlands.

In shutting down two of the three largest criminal marketplaces on the dark web, a major element of the infrastructure of the underground criminal economy has been taken offline. It has severely disrupted criminal enterprises around the world, has led to the arrest of key figures involved in online criminal activity, and yielded huge amounts of intelligence that will lead to further investigations, Europol says.

Elaborate operation
But what made this operation really special was the strategy developed by the FBI, DEA, the Dutch Police and Europol to magnify the disruptive impact of the joint action to take out AlphaBay and Hansa. This involved taking covert control of Hansa under Dutch judicial authority a month ago, which allowed Dutch police to monitor the activity of users without their knowledge, and then shutting down AlphaBay during the same period.

It meant the Dutch police could identify and disrupt the regular criminal activity on Hansa but then also sweep up all those new users displaced from AlphaBay who were looking for a new trading platform. In fact they flocked to Hansa in their droves, with an eight-fold increase in the number of new members of Hansa recorded immediately following the shutdown of AlphaBay. As a law enforcement strategy, leveraging the combined operational and technical strengths of multiple agencies in the US and Europe, it has been an extraordinary success and an illustration of the collective power the global law enforcement community can bring to disrupt major criminal activity.

But FBI deputy director Andrew McCabe acknowledged shutting down such markets was like playing whack-a-mole. His agency would likely have to take on more massive dark web marketplaces in the future, he said.

"Critics will say as we shutter one site, another will emerge," McCabe said at a press conference. "But that is the nature of criminal work. It never goes away, you have to constantly keep at it, and you have to use every tool in your toolbox."