Cybercrime Roundup: International Takedown of Two Online Illicit Marketplaces

On July 5, AlphaBay, an online marketplace specializing in the sale of illegal goods and services, went offline. Users and vendors wondered what had happened. A little over two weeks later, the Department of Justice announced the coordination of an international takedown of AlphaBay that coincided with the Dutch government’s takedown of Hansa, a similar website.

AlphaBay

Launched in September 2014, AlphaBay was an eBay-like marketplace where users could purchase myriad illicit goods and services, including illegal drugs, malware, computer hacking tools, firearms, and money-laundering services. These transactions were cloaked in anonymity because AlphaBay could be accessed only via special browsers, such as Tor, that can route to .onion websites. Tor obscures a user’s IP address by routing the inquiry through various computers, concealing the originator’s digital identity from all computers but the destination.

AlphaBay recognized limits to its anonymity. On its Frequently Asked Questions page the website said:

Some people have really asked [whether AlphaBay is legal] . Of course not. We are an anonymous marketplace selling drugs, weapons and credit cards. Make sure you access the website through Tor or through a VPN to ensure anonymity. We take no responsibility if you get caught, so protecting yourself is your responsibility.

Whatever the limitations of AlphaBay’s ability to provide anonymity to its users, its size surpassed all other online illicit marketplaces. During the Justice Department press conference announcing AlphaBay's takedown, FBI Acting Director Andrew McCabe said that AlphaBay was roughly 10 times larger than Silk Road, an online illicit marketplace that the federal government took down in 2013. At the time of its closure, the site had 40,000 vendors, 200,000 users, and more than 350,000 listings for illicit goods and services.

Daily Operations

For a site with so much traffic, AlphaBay was a rather small operation. It had eight to 10 staff members, including a “security administrator,” several “moderators,” a “public relations manager,” and several “ScamWatchers” (who “watched out for phishing attempts and other scams against other AlphaBay users”).

Cryptocurrency was the only form of payment allowed on AlphaBay. Much like the Silk Road, users transferred cryptocurrency from their AlphaBay account to the site’s address, where the funds were held in escrow until the user notified AlphaBay that she or he had received the item or service. Before the funds were transferred out of escrow, AlphaBay took its cut—between 2 to 4 percent depending on the seller’s “history, volume, and trust level on the site.” This turned a lucrative profit. According to the forfeiture complaint:

Between May 2015 and February 2017, Bitcoin addresses associated with AlphaBay conducted approximately 4,023,480 transactions, receiving approximately 839,087 Bitcoin and sending approximately 838,976 Bitcoin. This equals approximately US$450 million in deposits to AlphaBay. CAZES’s 2-4% commission on Bitcoin transactions likely conducted with those funds would equal between $9-18 million[ . . .].

These transactions could be traced because Bitcoins are recorded on the “blockchain”—a distributed ledger that keeps a record of the exchanges of funds between different addresses. It does not, however, identify the person to whom each address belongs. So, without additional information, the transactions could not be traced to particular individuals.

Since Bitcoins can be traced via address through the ledger, AlphaBay offered “tumblers” and “mixers,” which “obscure transaction histories by combining, splitting[,] and re-combining Bitcoins through a series of wallets controlled by the tumbler or mixer” to help conceal the identity of vendors and users.

Undercover Buys

While AlphaBay attempted to maximize users’ anonymity, it could not guarantee anonymity. The indictment demonstrated the limits of user anonymity: the location of several vendors was disclosed when law enforcement made undercover purchases from the site. From May 2016 to June 2017, law enforcement purchased and received from vendors on AlphaBay: marijuana, heroin, fentanyl, methamphetamine, several state driver’s licenses, and an ATM skimming device. Those transactions provided the bulk of the material for the indictment against the alleged owner and operator of AlphaBay, but the government had to identify and locate the owner before it could attempt to take down the site.

The Takedown

Purportedly a guide to accessing and safely using AlphaBay, Alphabaymarket.com provides tips to help AlphaBay users protect their anonymity. Those tips included:

If Alexandre Cazes, the alleged owner and operator of AlphaBay, had taken those steps seriously, he might still be anonymous.

Cazes’s mistakes involved his use of several different online identifiers on both AlphaBay and elsewhere on the web: the monikers “Alpha02” and “Admin,” the email “[email protected],” and a company called EBX Technologies (EBX Tech). By using several of these identifiers on other sites outside AlphaBay, he left a trail of breadcrumbs to his true identity.