24.7.17 Dark Web and Cybercrime Roundup
A Globally Coordinated Operation Just Took Down Alphabay and Hansa
The events over the past three weeks were not unrelated to Alphabay’s downtime, law enforcement agencies revealed on July 20. Although even before the announcement, the world learned that Alexandre Cazes’s death was directly linked to an investigation into Alphabay and even alpha02. Law enforcement agencies spoke with Martin Cazes, Alexandre’s father, and told him that Alexandre created Alphabay. Additionally, according to Martin, the police had connected Alexandre to alpha02—contradictory to our former understanding that Alexandre was DeSnake. His qualifications matched those of DeSnake’s.
On July 20, global law enforcement agencies boasted of their ability to take down darknet drug markets. The United States law enforcement agencies reiterated that nothing would stop them from bringing down darknet drug markets. If the FBI and DEA gave an accurate figure for the number of arrests made, their Alphabay takedown technically netted one suspect. The late Alexandre Cazes was the FBI’s only arrest—at the time of the press release. Unsurprisingly, they neglected to mention his suicide as they spoke to the press about his arrest. The actual takedown of Alphabay, or at least identification of the Alphabay owner, was also far from spectacular. Cazes, if one is to believe the court documents, followed the path of Ulbricht with respect to compartmentalization.
According to the Indictment and Complaint for Forfeiture, federal investigators found an old email of Cazes. The email connected to various websites where he used his real name. With his name and email, they found one of his companies in Canada, EBX Technologies. Pursuing that route takes more time than the intrinsic value of the data at the end, but the EBX Technologies website is still enough, by itself, to identify alpha02 and Alexander Cazes. The connection between Thailand and Canada was not described to any great length, but the FBI and RCMP found the Canadian citizen in Thailand. Certain members of a social media group posted pictures of trips to Thailand and alluded to Alexandre. Many were connected to him online. Additionally, his LinkedIn profile revealed that he spoke Thai.
His RooshV posts were revealing as well.
FBI Atlanta claimed that they had identified another member of Alphabay’s staff who lived in the United States.
The Dutch police, though, announced an unexpected ending to the Alphabay saga. Nearly a month prior to the Cazes arrest, German police arrested the owners of Hansa market in Germany. Dutch authorities found the Hansa servers and silently took control of Alphabay. They collected information on users as late as the announcement on July 20. On July 4, Alphabay went down and the police’s new drug market exploded with new user registrations.
By the announcement, the market’s new owners had collected identifying information on more than 10,000 users. Domestic suspects will be dealt with internally and international suspects will be handled by Europol. The Hansa Market’s new landing page depicts a sinking version of the Hansa Market ship. DeepDotWeb
Hansa Owners Operated a Clearnet eBook Sharing Site
The Saxon LKA and Bamberg General Prosecutor’s Office published a press release detailing the takedown of LuL.to, an illegal filesharing service. The portal allowed visitors to buy copyrighted media—mainly ebooks, according to angry publishers—for a fraction of the price. The CyberCrimeCompetenceCenter (SN4C) of the Saxon LKA took the site down on June 21 and opened an investigation into three suspects.
During a search of a location associated with one of the site’s owners, the LKA seized 24 Bitcoins, 100,000 Euro bank deposits, roughly 10,000 Euros in cash, and 11 terabytes of digital information. “The extensive investigations continue,” the press release on June 21 concluded. Remember that the Hansa seizure logo claims that the site has been under law enforcement control since June 20. In the July 20 press release from the Netherlands Police, officials revealed that German law enforcement arrested Hansa admins in June. A 30-year-old and a 31-year-old. The Netherlands press release linked to a page on the General Prosecutor’s Office of Bamberg’s website. Specifically to the arrest record of the LuL.to owners.
“The general public prosecutor’s office in Frankfurt am Main said in the evening that, in early July, an arrest warrant against a 31-year-old from Cologne and a 30-year-old from the district of Siegen-Wittgenstein had been issued in connection with Hansa-Market,” the Epoch Times wrote. “Both accused have been investigated since 21 June 2016.”
The third LuL.to suspect in Germany seemingly vanished. Meanwhile, the 30-year-old’s house, car, address, and personal information were uploaded in a Youtube video. Reddit Discussion Thread.
BKA Seized a Darknet Child Abuse Forum
Several weeks ago, the German Federal Criminal Police Office ended a darknet forum by raiding the owner of the hidden service’s host. Roughly a week prior to the raid, one user logged on and commented that everyone was soon to be arrested. The forum then vanished and the BKA announced that they raided the forum in connection with the Munich shootings. As if they have an eternal flame pushing them to hunt down darknet forums, Germany’s feds wiped out another forum.
The forum was known as “Elysium.” And unlike the last forum, DiDW, Elysium hosted—and existed—solely for child “pornography.” DiDW, at the site’s peak, served as an establishment. The forums promoted political discourse, financial chatter, some decent off-topic, and an “anything but CP goes” marketplace subforum. As time went on, the overall atmosphere of the forum changed dramatically. New users were very likely to be trolls. And an impending sense of doom surrounded users, ever since the Munich gunman purchased his Glock from a vendor on the forum.
It goes without saying that the BKA did not speak highly of the forum:
“[Elysium] had over 87,000 members and served as the worldwide exchange of child pornography by platform members […] Among the child pornographic images and video files exchanged by the members of the platform were recordings of the most serious sexual abuse of children, including small-children and depictions of sexual violence in children.”
After several months of investigation, the BKA identified a 39-year-old from the Limburg-Weilburg district that fit the profile of the forum’s administrator. In a fashion similar to the DiDW raid, the police executed a warrant and searched his home for the incriminating server. They found it and it had hosted Elysium. Several arrests have been made in connection to the forum seizure. DeepDotWeb
North Carolina Passes a Bill Banning All Research Chemicals, Redefining “Isomer”
Numerous states, within the past ten years, tried to pass research chemical banning laws. Emergency schedulings happen in dire circumstances. But never has a bill as widely-scoped as North Carolina’s House Bill 464 come close to passing—even in North Carolina. This time, the winds changed just enough that the current governer signed the bill.
The newly banned drugs include, but are not limited to isomers or analogs of the following substances: MDMA; N-ethyl MDA; MDA; MDE; MDEA; N-hydroxy MDA; trimethoxyamphetamines; alpha-ET; AET; Bufotenine; DMT; DET; DPT; Ibogaine; LSD; Mescaline; Peyote, meaning all parts of the plant; Psilocybin; Psilocin; DMA; DOM; MPA; MXE; 4-hydroxy-MET; 4-OH-MiPT; 5-MeO-MiPT; Etizolam; Flubromazepam; Phenazepam; Every unscheduled benzodiazepene; every cannabinoid; every NBOMe, and at least 100 more substances—listed by name. NCGA
Australian Vendor Busted by New Darknet Taskforce
Throughout 2017, Australia’s State Crime Command’s Drug Squad and Australian Federal Police created a taskforce to identify darknet drug dealers. And after one of the first major investigations, the new taskforce, “Strike Force Colette,” yielded a fairly uncommon result—in Australia, that is. The majority of the darknet arrests in Australia, within the past three years, involved only drug buyers. Various constraints limit the number of vendors who can sell from within Australia. So when Strike Force Colette netted a major vendor, news spread quickly. Camera crews and live reporting allowed the whole world to watch parts of the raid.
Officers actually executed two raids. During the execution of the search (and arrest) warrants, law enforcement found cocaine, MDMA, and psilocybin. They found drug related items, packagingm and several computers “with hardware and software encryption.” The suspect also had roughly $12,000 in cash. The 43-year-old Tempe man received eight counts of drug supply, along with the usual array of non-drug, drug dealer charges. Officers said the man had sold online for “at least” two years. DeepDotWeb