Special Feature
Part of a ZDNet Special Feature: Cyberwar and the Future of Cybersecurity

Justice Department, Europol tout AlphaBay takedown, but 'keenly aware' challenges remain

The AlphaBay takedown was a huge win for international law enforcement, but there will be more dark websites peddling narcotics and illegal goods.

AlphaBay and Hansa after the takedown. (Image: Europol)

AlphaBay Dark Web marketplace hacked, private messages leaked

Over 200,000 messages were compromised due to a security flaw.

Read More

The US Department of Justice said it has succeeded along with international law enforcement agencies in taking down the AlphaBay dark website and touted the effort as a sign of global cooperation. But there will be more AlphaBays ahead, said officials.

Jeff Sessions, US Attorney General, said the AlphaBay network was among the most prolific drug suppliers. Sessions said the site contributed to the opioid epidemic. "Around the time of the takedown of the site, there were more than 250,000 listings for illegal drugs and toxic chemicals on AlphaBay," said Sessions.

At a press conference, a bevy of agency heads noted the international contributions. Along with AlphaBay, Dutch authorities also shuttered Hansa, another dark website.

Robert Mark Wainwright, head of Europol, said: "These two cases have been developed together and our joint hit on both of these dark markets is one of the most sophisticated law enforcement operations against cybercrime."

Indeed, AlphaBay had 200,000 members and 40,000 vendors. The site consisted of 100,000 listing for stolen and fraudulent identification documents, hacking tools, firearms, and fraudulent services. As of early 2017, there were 122 vendors advertising Fentanyl and 238 touting heroin. Cryptocurrency was the currency of choice.

AlphaBay was run by Alexandre Cazes, 26, who was arrested in Thailand on July 5. Cazes was found dead last week in his cell and apparently took his own life.

Previously: AlphaBay Dark Web marketplace hacked, private messages leaked | Security? What security? Four million data records are stolen or lost every day

According to the Justice Dept.'s asset forfeiture complaint, Cazes "opsec" security practices were sloppy enough to get him caught.

Not only was Cazes' personal Hotmail email address found in the welcome email of all new registered users, Cazes also used that same email to link to his PayPal account, which linked to a Canadian bank account in Cazes' name.

When police in Thailand raided Cazes' Bangkok home, they found his laptop "unlocked and unencrypted" and logged in with his purported administrator's account. That allowed police to access text files on Cazes' desktop that detailed account passwords for the dark web marketplace and its servers.

Cazes had a net worth of over $23 million, according to the complaint.

Overall, the takedown of AlphaBay is a big win, but law enforcement leaders noted that there will be more dark websites.

Read also: Devastating attacks to public infrastructure 'a matter of when' in the US | Understanding the military buildup of offensive cyberweapons | Video: The Internet of Insecure Things, and why we're still in denial | Cybercrime Inc: How hacking gangs are modeling themselves on big business

Deputy Attorney General Rosenstein said administrators and users of dark websites are using anonymizing techniques and large-scale networks create challenges. "Hundreds of the site on the network still enable a vast amount of criminal activity to occur, but we are proud of what we announced today and recognize our work is not done," said Rosenstein.

Drug Enforcement Agency's Robert Pattison, acting deputy administrator, added that "we are keenly aware that there will be another AlphaBay."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All