Europol yesterday announced the shutdown of the Hansa and AlphaBay Dark Web markets in a pair of law enforcement actions led by the FBI, the DEA and the Dutch National Police.
According to Europol, AlphaBay served more than 200,000 users and 40,000 vendors with more than 250,000 listings for illegal drugs and chemicals, and more than 100,000 listings for stolen and fake ID documents and access devices, counterfeit goods, malware, hacking tools, firearms, and fraudulent services.
According to Europol, AlphaBay saw at least $1 billion in transactions since its founding three years ago.
"The takedown of the two largest Dark Web markets in the world by European and American law enforcement authorities shows the important and necessary result of international cooperation to fight this criminality," Dimitris Avramopoulos, European Commssioner for Migration, Home Affairs and Citizenship, said in a statement.
With help from Bitdefender, Dutch police arrested the two administrators of the Hansa marketplace and seized its servers in the Netherlands, Germany and Lithuania, then covertly took it over on June 20 to monitor criminal activities until its shutdown on July 20.
During that month, the police collected information on high value targets, along with approximately 10,000 addresses of Hansa market buyers.
At the same time, an operation led by the FBI and DEA identified the creator and administrator of AlphaBay as Alexandre Cazes, a Canadian citizen living in Thailand. Cazes was arrested in Thailand on July 5, the site was taken down, and servers were seized in Canada and the Netherlands.
"On July 12, Cazes apparently took his own life while in custody in Thailand," the U.S. Justice Department said in a statement.
Shutting down AlphaBay while Hansa was being monitored allowed the Dutch police to watch for users who came to Hansa looking for an AlphaBay replacement -- they saw an eight-fold increase in the number of new members of Hansa immediately following the AlphaBay shutdown on July 5.
No Safe Harbor
High-Tech Bridge CEO Ilia Kolochenko told eSecurity Planet by email that the shutdown is a good reminder that there's no safe harbor for large-scale criminal marketplaces. "Users erroneously believe that bitcoin or Tor can assure their undetectability, but this assumption is wrong," he said. "There are many other ways to trace and unmask them via weaknesses in tangential technologies, or just by using social engineering or even their own garrulity against them."
Still, Cylance senior threat researcher Marta Janus said any slowdown in criminal activity as a result of this action is likely to be temporary. "As history reveals, sooner or later another market will appear and take over as the favorite place to exchange drugs, weapons and harmful code -- just like AlphaBay took over the legacy of Silk Road, which was closed in 2013, and grew to even greater proportions," she said.
"Where one market closes, many smaller ones are sure to open, diluting the market share and causing further headaches for law enforcement," Janus added.
And those markets continue to increase in both size and sophistication. "A good example here is the Ransomware-as-a-Service model, which was adopted by many malware developers who would offer their ready-to-go ransomware solutions to the public in exchange for a share of the money paid by the victims," Janus said. "This strategy allows people with little to no technical knowledge to launch their own ransomware business and gain illegal profits."