Man
Professional
- Messages
- 3,046
- Reaction score
- 572
- Points
- 113
Note: AlphaBay is one of the largest drug marketplaces, was active since 2014, and in 2017 it was liquidated together with Hansa Market.
Then the closure of AlphaBay and Hansa Market was the result of a large international operation, in which the following took part: the USA, Canada, Thailand, Holland, Great Britain, France, Lithuania, as well as representatives of Europol, the FBI and the Drug Enforcement Administration.
- AlphaBay, according to the FBI, has eclipsed even the infamous Silk Road, becoming a shadow market giant ten times larger than its predecessor. Over 200,000 users and 40,000 sellers transact on the platform, turning it into a veritable "supermarket of crime".
AlphaBay had over 250,000 listings for drugs, over 100,000 listings for stolen or counterfeit documents, counterfeit goods, malware and hacking tools.
Chapter 1: Fight for the Podium
It's the early 2010s and anonymous payment methods, along with the darknet, are gaining momentum. Thanks to Bitcoin, a new payment method has emerged that is not controlled by the authorities, making it much easier for criminals to sell their products en masse on the Internet.
The emergence of the dark web began a global game of cat and mouse that continues to this day. Billions and billions of dollars...
Today, Silk Road is probably the most legendary platform, many are familiar with it. The platform started working in February 2011 and became incredibly popular, more than 100 thousand clients bought drugs on it. The platform did not last long, two years later the owner of the platform was caught and Silk Road went offline.
The authorities staged a "show execution" and the owner of the Silk Road website (Ross Ulbricht) received a lifetime pass to places not so remote.
But the business was too profitable to make others give up, after Silk Road the number of similar Internet sites increased sharply, such as: Valhalla; Budster; Project Black Flag; Pandora; Evolution; Agora. They all fought for the championship, but fell without lasting even a couple of years. (exit scam, voluntary withdrawal offline or seizure by the authorities - each has its own story)
— Silk Road 2.0 was launched 35 days after its predecessor was closed, but the platform failed to repeat its success or even survive for more than a year.
All this was to the benefit of the still nascent AlphaBay platform; in July 2014, a man calling himself Alpha02 began developing the platform.
In a short period of time, or rather after only 5 months, the platform was ready and began its work. At first, AlphaBay offered only stolen card data, but soon more profitable goods appeared on the platform, in addition to CC/CVV data, etc., drugs, weapons and malware began to be traded on it.
On AlphaBay, however, there were practically no restrictions, but items or data related to child abuse and theft of bank information from Russian accounts are strictly prohibited. (a trivial distraction or a real connection with the "Russian mafia" - decide for yourself)
Time goes by and AlphaBay steadily grows and operates, while other platforms appear and disappear - AlphaBay remains unshakable. After only a year of existence, more than 200 thousand users and 40 thousand sellers have registered on the platform.
In 2017, the site had more than 300 thousand products and the daily turnover on the site reached more than $500 thousand.
And what was the benefit for Alpha02?
Alpha02 made money by taking a share (2-4%) from each deal and from that moment his financial situation went uphill, he became a multi-millionaire.
— At this moment, a whole team is working on AlphaBay, consisting of a representative (DESNAKE), a bunch of moderators and a PR manager. And Alpha02 himself went into the shadows, renaming himself Admin and ceasing to communicate, since then, all communication was only through DESNAKE.
A hunt begins that will span the entire world and last for several years...
Chapter 2: Who's Hiding Behind the Mask of Alpha02
American information security specialists want to find out where the AlphaBay servers are located, because having access to the servers will make it possible to close the platform or secretly penetrate it and, as a result, discover Alpha02.
In this case, TOR's onion routing does not allow this to be done, since website requests are sent through many random servers around the world, making it intentionally difficult to determine the location. Therefore, until December 2016, investigators are in despair...
Haven't forgotten about Robert yet? - he is the one working on the investigation of the AlphaBay platform and up to this point the results have been dismal, suddenly a letter appears in his mailbox (sender anonymous)
It seems that Alpha02 made a fatal mistake at the beginning of its journey - each user who registered on the site received a welcome letter and the email address of the real sender was visible in the metadata of this letter. Although the error was immediately corrected, someone still managed to save it. While AlphaBay was growing in the Internet space, this anonymous person silently watched its progress and only at the time of the investigation handed over the data to the DEA.
This address turned out to be pimp_alex_91@hotmail.com
Using the email address, investigators found photographs of our Sanya (we Russify it, it’s more familiar that way) dating back to the shaggy years of 2008-2009 on the website of the French social network Skyrock.com (now closed)
And here is our Sasha, Sanyok
In addition, investigators found him on one of the dating sites, which indicated the city - Trois-Rivieres. According to the data obtained, it turns out that Sanya is from the Canadian province of Quebec, was born in 1991 and at the time of the founding of Alphabay he should have been 23 years old.
In the process of searching for the username Alpha02 (how to do this - you will be prompted by the cheat sheet from Cipher387) he appeared on a French-language technology forum, or to be more precise, in 2008 he explained how to remove malware from an image. Now investigators have his appearance, first name, last name - but how to determine his location?
— The valiant employees find Cazes's PayPal account, and all because his main email was listed there ( pimp_alex_91@hotmail.com ) oh, Sanka - Opsec cried for you.
In addition to the PayPal account, investigators also found his LinkedIn profile, which revealed that he works as a freelance designer and runs his own company, EBX Technologies.
They also found a Facebook profile used by his fiancée, a Thai woman named Sunisa. This led investigators to the idea that Sanya was warming up his buns in Thailand, which is where they headed...
With the help of Thai authorities, the investigation team identifies three properties in Bangkok, the capital of Thailand. He also has a holiday home in Phuket and a villa in Cyprus (in the process of being purchased)
From that moment on, Sanya was put under surveillance, and investigators found out that he had several luxury cars. AAAvtomobil, come into the studio!)
Cazes happily drives around Bangkok in his Lamborghini, with agents watching him, tracking his routes and monitoring his mobile phone. Now remember that he owns 3 properties in Bangkok, and while he lives in one house with his Thai girlfriend Sunisa, he often visits the second house with other birds, which investigators have dubbed the "Bachelor Pad."
Sanya is also an active member of the pick-up artist forum, under the nickname Rawmeo he publishes conservative family values and blogs about his successful sex life.
Investigators have carefully calculated his routine (the figures are approximate, he is not a robot, the error is ≈30 minutes): from 06:00 to 07:00 he wakes up; from 07:00 to 08:00 Sanya looks at his social networks; from 09:00 to 16:00 he works; on some days he attends language courses from 17:00 to 18:00; from 20:00 to 21:00 he has dinner in a restaurant with his Sunisa. Thus, the authorities are planning his arrest.
Funny moment: meeting agents and Sani at the hotel
In June 2017, a few weeks before the arrest, several American agents were sitting in the lounge area of a 5-star hotel in Bangkok and, unexpectedly for the agents, Sanya parks his second Porsche Panamera right at the central entrance, heading towards the operatives. What was in these guys' heads at that moment, unfortunately, will remain a secret.
— As it turned out, he came there for a business meeting, an incredible coincidence, but at that moment none of them suspected that in just a month Cazes would be dead...
Chapter 3: Operation Bayonet
Before I begin the story, I would like to share with you a phenomenal episode of Darknet Diaries, you can read it directly from the article, you will only need to hover your mouse over the window area and scroll as you read - enjoy reading, @username
It's 2017. AlphaBay is currently the largest darknet market in the world, but there is competition - the Hansa platform is growing rapidly in Europe, which is giving European authorities no peace.
Dutch security researchers find the Hansa Market servers thanks to a tip from another, undisclosed person. The servers were located in a data center in the Netherlands. A unique opportunity arises, they begin monitoring the servers, making backups and digging through the countless records of the site operators.
It turns out that the owners of Hansa are Germans, who are probably still in Germany. Together with the German Federal Police, the Dutch want to take control of Hansa Market, but no such luck! Suddenly they disappear from the Dutch servers, most likely the operators noticed a data leak.
But, Opsec has not been cancelled, when investigators dug into the operators' dialogues, several Bitcoin addresses were found. They begin to track transactions and wait until they appear on the Dutch crypto exchange, then making a request to the exchange, it turns out that the bitcoins lead to Lithuania.
Together with the authorities of this country, the Germans and the Dutch are trying to find new servers, this time the authorities want to strike at Hansa Market. But, something unexpected happens.
The FBI informs European authorities of their plans to arrest Alpha02 and shut down AlphaBay, and Operation Bayonet is born.
The operation is being led by the FBI and the DEA, with the participation of law enforcement agencies from seven countries, and Europol is also participating in the operation.
The FBI was instructed to wait to destroy AlphaBay until the Dutch and Germans had taken control of the Hansa market. If AlphaBay were to be shut down, Hansa would be flooded with new customers and dealers, which is often what happens. When a platform is shut down or an exit scam occurs, customers and dealers from these platforms migrate to other platforms, in this case, most would have migrated to the giant Hansa platform, but already hacked by law enforcement.
This way they will have the opportunity to convict unsuspecting criminals.
Meanwhile, our Sanya doesn't suspect anything and continues to drive around Bangkok in his Lamborghini, write funny thoughts on the pick-up forum and pick up mistresses...
On June 20, 2017, the first part of the law enforcement mission succeeds, the data center in Lithuania is stormed by Dutch security forces, at the same time in Germany, two Hansa Market operators are arrested in Siegen and Cologne. The operators do not have time to warn anyone about their arrest and the Hansa market is now under Dutch control and no one knows about it.
* On July 5, 2017, a warrant was issued for Alexander Cazes, today the Royal Thai Police, DEA and FBI will arrest him.
- After more than two years of hunting for Alpha02, he can finally be put in jail, but even here a whole performance was played out.
A grey Toyota Camry pulls out and drives straight to Sani's main house, with a Royal Thai Police agent at the wheel, stopping next to his house, she tells the guard "I've entered the wrong place, I'm going to turn around now" and, as per the script, drives into the gates of his property.
This maneuver plays on surprise, noise and chaos should lure our Sanya out of the house, he should leave spontaneously, without thinking. This part of the plan is incredibly important, since his devices should remain unlocked at the time of detention. Otherwise, his devices may be locked and encrypted, and the authorities are unlikely to have access to AlphaBay.
As expected, Sanya took the bait, like a bird in a cage, as they say.
When the investigators went up to his office, they saw that the laptop was still on. They found the necessary data for the AlphaBay server and platform - EVERYTHING!
Alexander Cazes' fortune was $23 million, authorities also seized his luxury cars, homes and other assets, and his wife Sunisa was charged with money laundering.
On July 12, 2017, a week after his arrest, Alexander Kazes committed suicide while in custody, and thus he went down in history...
And the closure of AlphaBay is deliberately kept secret, the platform suddenly just stopped working and no one really knows what the problem is. As expected, a huge base of customers and sellers began to migrate to other platforms, including Hansa Market. Over the course of a month, the Dutch authorities collect valuable evidence and on July 20, 2017, Hansa Market also closes.
Those who are especially attentive noticed that when I arrested Alpha02, I did not mention DESNAKE and this is due to the fact that in 2021 he resumed the work of AlphaBay and still manages this platform, that's how it is, I say goodbye.
Source
Then the closure of AlphaBay and Hansa Market was the result of a large international operation, in which the following took part: the USA, Canada, Thailand, Holland, Great Britain, France, Lithuania, as well as representatives of Europol, the FBI and the Drug Enforcement Administration.
- AlphaBay, according to the FBI, has eclipsed even the infamous Silk Road, becoming a shadow market giant ten times larger than its predecessor. Over 200,000 users and 40,000 sellers transact on the platform, turning it into a veritable "supermarket of crime".
AlphaBay had over 250,000 listings for drugs, over 100,000 listings for stolen or counterfeit documents, counterfeit goods, malware and hacking tools.
Chapter 1: Fight for the Podium
It's the early 2010s and anonymous payment methods, along with the darknet, are gaining momentum. Thanks to Bitcoin, a new payment method has emerged that is not controlled by the authorities, making it much easier for criminals to sell their products en masse on the Internet.
The emergence of the dark web began a global game of cat and mouse that continues to this day. Billions and billions of dollars...
Today, Silk Road is probably the most legendary platform, many are familiar with it. The platform started working in February 2011 and became incredibly popular, more than 100 thousand clients bought drugs on it. The platform did not last long, two years later the owner of the platform was caught and Silk Road went offline.
The authorities staged a "show execution" and the owner of the Silk Road website (Ross Ulbricht) received a lifetime pass to places not so remote.
But the business was too profitable to make others give up, after Silk Road the number of similar Internet sites increased sharply, such as: Valhalla; Budster; Project Black Flag; Pandora; Evolution; Agora. They all fought for the championship, but fell without lasting even a couple of years. (exit scam, voluntary withdrawal offline or seizure by the authorities - each has its own story)
— Silk Road 2.0 was launched 35 days after its predecessor was closed, but the platform failed to repeat its success or even survive for more than a year.
All this was to the benefit of the still nascent AlphaBay platform; in July 2014, a man calling himself Alpha02 began developing the platform.
In a short period of time, or rather after only 5 months, the platform was ready and began its work. At first, AlphaBay offered only stolen card data, but soon more profitable goods appeared on the platform, in addition to CC/CVV data, etc., drugs, weapons and malware began to be traded on it.
On AlphaBay, however, there were practically no restrictions, but items or data related to child abuse and theft of bank information from Russian accounts are strictly prohibited. (a trivial distraction or a real connection with the "Russian mafia" - decide for yourself)
Time goes by and AlphaBay steadily grows and operates, while other platforms appear and disappear - AlphaBay remains unshakable. After only a year of existence, more than 200 thousand users and 40 thousand sellers have registered on the platform.
In 2017, the site had more than 300 thousand products and the daily turnover on the site reached more than $500 thousand.
And what was the benefit for Alpha02?
Alpha02 made money by taking a share (2-4%) from each deal and from that moment his financial situation went uphill, he became a multi-millionaire.
— At this moment, a whole team is working on AlphaBay, consisting of a representative (DESNAKE), a bunch of moderators and a PR manager. And Alpha02 himself went into the shadows, renaming himself Admin and ceasing to communicate, since then, all communication was only through DESNAKE.
Alpha02 goes to sleep, DEA wakes up
Around this time, DEA agents led by Robert Miller became interested in the platform and began investigating who was behind this powerful platform hiding on the darknet...A hunt begins that will span the entire world and last for several years...
Chapter 2: Who's Hiding Behind the Mask of Alpha02
American information security specialists want to find out where the AlphaBay servers are located, because having access to the servers will make it possible to close the platform or secretly penetrate it and, as a result, discover Alpha02.
In this case, TOR's onion routing does not allow this to be done, since website requests are sent through many random servers around the world, making it intentionally difficult to determine the location. Therefore, until December 2016, investigators are in despair...
Haven't forgotten about Robert yet? - he is the one working on the investigation of the AlphaBay platform and up to this point the results have been dismal, suddenly a letter appears in his mailbox (sender anonymous)
It seems that Alpha02 made a fatal mistake at the beginning of its journey - each user who registered on the site received a welcome letter and the email address of the real sender was visible in the metadata of this letter. Although the error was immediately corrected, someone still managed to save it. While AlphaBay was growing in the Internet space, this anonymous person silently watched its progress and only at the time of the investigation handed over the data to the DEA.
This address turned out to be pimp_alex_91@hotmail.com
Using the email address, investigators found photographs of our Sanya (we Russify it, it’s more familiar that way) dating back to the shaggy years of 2008-2009 on the website of the French social network Skyrock.com (now closed)
And here is our Sasha, Sanyok
In addition, investigators found him on one of the dating sites, which indicated the city - Trois-Rivieres. According to the data obtained, it turns out that Sanya is from the Canadian province of Quebec, was born in 1991 and at the time of the founding of Alphabay he should have been 23 years old.
In the process of searching for the username Alpha02 (how to do this - you will be prompted by the cheat sheet from Cipher387) he appeared on a French-language technology forum, or to be more precise, in 2008 he explained how to remove malware from an image. Now investigators have his appearance, first name, last name - but how to determine his location?
— The valiant employees find Cazes's PayPal account, and all because his main email was listed there ( pimp_alex_91@hotmail.com ) oh, Sanka - Opsec cried for you.
In addition to the PayPal account, investigators also found his LinkedIn profile, which revealed that he works as a freelance designer and runs his own company, EBX Technologies.
They also found a Facebook profile used by his fiancée, a Thai woman named Sunisa. This led investigators to the idea that Sanya was warming up his buns in Thailand, which is where they headed...
With the help of Thai authorities, the investigation team identifies three properties in Bangkok, the capital of Thailand. He also has a holiday home in Phuket and a villa in Cyprus (in the process of being purchased)
From that moment on, Sanya was put under surveillance, and investigators found out that he had several luxury cars. AAAvtomobil, come into the studio!)
Cazes happily drives around Bangkok in his Lamborghini, with agents watching him, tracking his routes and monitoring his mobile phone. Now remember that he owns 3 properties in Bangkok, and while he lives in one house with his Thai girlfriend Sunisa, he often visits the second house with other birds, which investigators have dubbed the "Bachelor Pad."
Sanya is also an active member of the pick-up artist forum, under the nickname Rawmeo he publishes conservative family values and blogs about his successful sex life.
Investigators have carefully calculated his routine (the figures are approximate, he is not a robot, the error is ≈30 minutes): from 06:00 to 07:00 he wakes up; from 07:00 to 08:00 Sanya looks at his social networks; from 09:00 to 16:00 he works; on some days he attends language courses from 17:00 to 18:00; from 20:00 to 21:00 he has dinner in a restaurant with his Sunisa. Thus, the authorities are planning his arrest.
Funny moment: meeting agents and Sani at the hotel
In June 2017, a few weeks before the arrest, several American agents were sitting in the lounge area of a 5-star hotel in Bangkok and, unexpectedly for the agents, Sanya parks his second Porsche Panamera right at the central entrance, heading towards the operatives. What was in these guys' heads at that moment, unfortunately, will remain a secret.
— As it turned out, he came there for a business meeting, an incredible coincidence, but at that moment none of them suspected that in just a month Cazes would be dead...
Chapter 3: Operation Bayonet
Before I begin the story, I would like to share with you a phenomenal episode of Darknet Diaries, you can read it directly from the article, you will only need to hover your mouse over the window area and scroll as you read - enjoy reading, @username
It's 2017. AlphaBay is currently the largest darknet market in the world, but there is competition - the Hansa platform is growing rapidly in Europe, which is giving European authorities no peace.
Dutch security researchers find the Hansa Market servers thanks to a tip from another, undisclosed person. The servers were located in a data center in the Netherlands. A unique opportunity arises, they begin monitoring the servers, making backups and digging through the countless records of the site operators.
It turns out that the owners of Hansa are Germans, who are probably still in Germany. Together with the German Federal Police, the Dutch want to take control of Hansa Market, but no such luck! Suddenly they disappear from the Dutch servers, most likely the operators noticed a data leak.
But, Opsec has not been cancelled, when investigators dug into the operators' dialogues, several Bitcoin addresses were found. They begin to track transactions and wait until they appear on the Dutch crypto exchange, then making a request to the exchange, it turns out that the bitcoins lead to Lithuania.
Together with the authorities of this country, the Germans and the Dutch are trying to find new servers, this time the authorities want to strike at Hansa Market. But, something unexpected happens.
The FBI informs European authorities of their plans to arrest Alpha02 and shut down AlphaBay, and Operation Bayonet is born.
The operation is being led by the FBI and the DEA, with the participation of law enforcement agencies from seven countries, and Europol is also participating in the operation.
The FBI was instructed to wait to destroy AlphaBay until the Dutch and Germans had taken control of the Hansa market. If AlphaBay were to be shut down, Hansa would be flooded with new customers and dealers, which is often what happens. When a platform is shut down or an exit scam occurs, customers and dealers from these platforms migrate to other platforms, in this case, most would have migrated to the giant Hansa platform, but already hacked by law enforcement.
This way they will have the opportunity to convict unsuspecting criminals.
Meanwhile, our Sanya doesn't suspect anything and continues to drive around Bangkok in his Lamborghini, write funny thoughts on the pick-up forum and pick up mistresses...
On June 20, 2017, the first part of the law enforcement mission succeeds, the data center in Lithuania is stormed by Dutch security forces, at the same time in Germany, two Hansa Market operators are arrested in Siegen and Cologne. The operators do not have time to warn anyone about their arrest and the Hansa market is now under Dutch control and no one knows about it.
* On July 5, 2017, a warrant was issued for Alexander Cazes, today the Royal Thai Police, DEA and FBI will arrest him.
- After more than two years of hunting for Alpha02, he can finally be put in jail, but even here a whole performance was played out.
A grey Toyota Camry pulls out and drives straight to Sani's main house, with a Royal Thai Police agent at the wheel, stopping next to his house, she tells the guard "I've entered the wrong place, I'm going to turn around now" and, as per the script, drives into the gates of his property.
This maneuver plays on surprise, noise and chaos should lure our Sanya out of the house, he should leave spontaneously, without thinking. This part of the plan is incredibly important, since his devices should remain unlocked at the time of detention. Otherwise, his devices may be locked and encrypted, and the authorities are unlikely to have access to AlphaBay.
As expected, Sanya took the bait, like a bird in a cage, as they say.
When the investigators went up to his office, they saw that the laptop was still on. They found the necessary data for the AlphaBay server and platform - EVERYTHING!
Alexander Cazes' fortune was $23 million, authorities also seized his luxury cars, homes and other assets, and his wife Sunisa was charged with money laundering.
On July 12, 2017, a week after his arrest, Alexander Kazes committed suicide while in custody, and thus he went down in history...
And the closure of AlphaBay is deliberately kept secret, the platform suddenly just stopped working and no one really knows what the problem is. As expected, a huge base of customers and sellers began to migrate to other platforms, including Hansa Market. Over the course of a month, the Dutch authorities collect valuable evidence and on July 20, 2017, Hansa Market also closes.
Those who are especially attentive noticed that when I arrested Alpha02, I did not mention DESNAKE and this is due to the fact that in 2021 he resumed the work of AlphaBay and still manages this platform, that's how it is, I say goodbye.
Source
