Darknet Marketplace AlphaBay Offline Following Raids

Alleged Operator Found Dead in Bangkok Jail Cell, Faced US Extradition
Darknet Marketplace AlphaBay Offline Following Raids

A joint law enforcement investigation involving the United States, Canada and Thailand appears to have resulted in the takedown of the world's largest darknet marketplace, called AlphaBay. Meanwhile, one of its alleged operators has been found dead in a Bangkok jail cell.

See Also: A Strategic Roadmap for Zero Trust Security Implementation

Launched in December 2014, AlphaBay offered for sale everything from weapons and drugs to healthcare data and counterfeit payment cards, and it boasted 240,000 members.

But the darknet site - referring to an Onion website that can only be reached by using the anonymizing Tor browser - went dark July 5, leading many users to suspect either a law enforcement raid, that site administrators had absconded with their cryptocurrency - or potentially both.

In connection with the AlphaBay investigation, on July 5, police in Thailand arrested Canadian citizen Alexandre Cazes, 26, operating on an arrest warrant issued June 30 at the request of U.S. authorities, the Bangkok Post reported. Police said that when they arrested Cazes, they also impounded four Lamborghini cars registered in his name and seized three houses, which were collectively worth about $12 million.

One of the seized Lamborghini impounded in connection with the arrest of Alexandre Cazes. (Source: Thai police.)

Cazes was arrested "with a view toward extradition to face federal criminal charges in the United States," Melissa Sweeney, a spokeswoman with the U.S. Embassy in Bangkok, tells the Wall Street Journal.

The same day, the Royal Canadian Mounted Police executed search warrants at addresses in Quebec tied to the suspect, including at a mini-warehouse in Montreal and residence in Trois-Rivières, searching for computer equipment, the Montreal Gazette reported. Police said the raids did not result in any arrests; they were intended to gather evidence, as part of a joint investigation with the FBI.

The FBI could not be reached for immediate comment about whether it executed related raids in the United States and if its investigation remains ongoing.

On Wednesday, Cazes was found dead in his cell at the headquarters of Thailand's Narcotics Suppression Bureau; he is believed to have hung himself, the Bangkok Post reported. Police said Cazes relocated to Thailand about eight years ago, worked as a computer programmer and had a Thai wife.

The NSB cell in which Alexandre Cazes was found dead. (Source: Police)

On Reddit, some posters claimed that Cazes was an administrator of the AlphaBay darknet marketplace known as DeSnake, but that has not been verified.

The whereabouts of another high-profile AlphaBay moderator, called Alpha02, are unknown.

Life After Silk Road

AlphaBay was a successor to the notorious Silk Road, a darknet marketplace that specialized in narcotics. Silk Road was shuttered in 2013 after the FBI busted 29-year-old Ross Ulbricht, aka "Dread Pirate Roberts," in the science fiction section of the Glen Park Branch Library in San Francisco. The Silk Road mastermind is now serving a life sentence in U.S. prison (see The Myth of Cybercrime Deterrence).

AlphaBay, however, was more diverse than Silk Road, experts say, specializing not just in drugs but also guns, counterfeit ID and payment cards, and other illegal goods. The marketplace also accepted a variety of cryptocurrencies, including bitcoin, Monero and Zcash.

AlphaBay included listings for weapons. (Source: Motherboard)

The darknet marketplace was reportedly run by a staff of at least 12 and prohibited the buying or selling of personal information relating to Russian citizens, suggesting that it may have been based in Russia (see Russian Cybercrime Rule No. 1: Don't Hack Russians).

AlphaBay appeared to be an extremely profitable operation, generating $600,000 to $800,000 in sales per day and earning its administrators millions of dollars a year in commissions, Nicolas Christin, a Carnegie Mellon University researcher who tracks darknet marketplaces, tells the Wall Street Journal.

After Shutdown, Users Feared Exit Scam

After AlphaBay disappeared from the darknet on July 5, users took to online message boards in a panic, wondering if administrators had absconded with their cryptocurrency as part of some type of "exit scam."

Some AlphaBay elders urged patience. "I have been in touch with our devs and admins and they are working to restore AlphaBay as soon as possible," admin trappy_AB posted to Reddit on July 6. Also the same day, AlphaBay moderator Big_Muscles posted to Reddit: "Will be back online soon. Servers under update."

By Saturday, however, Big_Muscles sounded less sure: "2 scenarios here 1st - Server under maintence (sic) and we will see a big update, including Zcash and fixing withdraws [or] 2nd - LE [law enforcement], raids ... If its (sic) LE, better to delete all accounts here."

Suspicions Persist

Some, however, suspect the site's disappearance may relate to multiple factors. On Thursday, Reddit user HugBunter claimed to have discovered "a huge vulnerability ... which exposed a lot of data," including vendor messages and order details, and he reported the flaw to AlphaBay administrators on July 2.

HugBunter said that despite the raids, the marketplace administrators might well have "exit scammed on July 4th due to the amount of sales for the holiday weekend and the sheer volume of coin that would have been on the market at that current time."

If so, that would not be unusual.

"Dark web exit scams are nothing new and are quite common," according to Rick Holland, head of strategy at Digital Shadows, which tracks open, deep and dark web threats.

"The Evolution market famously ended with the loss of 40,000 bitcoins," he adds. "These exit scams are one of the risks when conducting business in criminal marketplaces," especially given the soaring value of a bitcoin, which is currently more than $2,330.

As with Silk Road, the demise of AlphaBay likely wouldn't create any long-term darknet marketplace disruption. "Multiple vendors of compromised data, payment card details, malware and other services" will look elsewhere, Holland says (see Cybercrime-as-a-Service Economy: Stronger Than Ever).

The biggest players now appear to be Russian-language site RAMP, followed by Dream Market, Hansa Market and Silk Road 3.1, according to DeepDotWeb, a site that tracks the dark web.

Lighting Up the Darknet

While darknet sites offer users a veneer of anonymity, suspected users and administrators are not immune to being unmasked and arrested.

In March, for example, U.S. postal inspectors arrested Chukwuemeka "Emeka" Okparaeke, 28, in New Jersey, after a U.S. Postal Service employee tipped them off to a man who regularly deposited a large number of envelopes using latex-dipped gloves.

Okparaeke has been charged with distributing a substance akin to fentanyl, a powerful synthetic opioid that's 50 to 100 times more potent than morphine. Authorities accused him of obtaining "fentanyl analogue" from Hong Kong via the mail, repackaging it in smaller quantities, then mailing it to customers who bought his products via underground online markets. Those allegedly included an undercover police officer who purchased fentanyl analogue from an AlphaBay seller, which authorities say was by Okparaeke.

In a potential operational security failure, the suspect allegedly also chronicled the adventures of a "darknet drug trafficker" on Reddit.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.