The Fall of Alpha and Hansa
In case you haven’t heard about Alphabay and Hansa market; these are two well-known marketplaces that used to exist on the Darknet. They are popular for the reason that most vendors are legitimate in a sense that scams are less likely to happen, due to their secured trade system that allows multiple verification which secures the goods and the payment on both buyers and sellers end, it is also known as the multisig system. The items that they are popular for are related to illegal drugs, firearms and fraudulent bank credentials.
What went wrong?
Let’s start talking about Hansa. Take a minute to check this photo of the disabled Hansa marketplace:
Clearly the website landing page has been defaced and replaced by a modified Hansa market logo which symbolizes the fall of the website, beneath it are the logos of the combined forces of international authorities that was behind the takedown of the website and arrest of the website owner along with the administrators that once managed the website. Same thing happened to Alphabay, however some key personalities are still on the loose, and it seems like authorities got a boost of morale and are likely to continue with the crackdown on similar sites.
On the 20th of June, unaware to much of the world, the Dutch law enforcement took control of the Hansa marketplace, however it was not taken down. The Dutch authorities observed the activities of the buyers and sellers in order to get more information, they were able to capture identifiable addresses of users who forgot or do not use PGP encryption for their transactions which is how the authorities were able to identify such information.
To give you a figure on Hansa market’s daily sales coming from a reliable Darkweb source “On average, 1,000 orders were made per day in response to some 40,000 advertisements. The market last year had 1765 different vendors. Since taking over the management of Hansa Market [investigators] counted more than 50,000 transactions, especially for soft and hard drugs.”
Before the authorities took full control of Hansa market, they were able to arrest the owners, and then the equipment were seized and the website was immediately replaced with an “exact copy” so that authorities could conduct their undercover surveillance.
Personally it was quite expected that this site would fall to the hands of the authorities despite knowing it has been around for 2 years and more in the darkweb, because during 2014 the email header of the personal email address of the owner was visible to those newly registered member of the market in a welcome email. From there, the connection between the operator’s email address and the person himself was easily established with even simple OSINT gathering techniques.
So far there are three known arrests: the two managers of Hansa and the owner of Alphabay, alpha02 named Alexandre Cazes who already committed suicide an hour before meeting an extra tradition lawyer.
Who knows when these prominent markets will be back? Possibly after some time or maybe never. Darknet sites are known for its resiliency in a lot of manners. As mentioned lots of personalities are still on the loose, the remnants of Alphabay and Hansa might make a comeback.
In order to avoid risking your identity on the Darkweb, take some time to learn on how to use a VPN and PGP encryption when sending out crucial information, this way you can perform dark web monitoring easily.