20
Jul 17

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, police in The Netherlands saw a massive influx of AlphaBay refugees who were unwittingly fleeing directly into the arms of investigators. What follows are snippets from an exclusive interview with Petra Haandrikman, team leader of the Dutch police unit that infiltrated Hansa.

Vendors on both AlphaBay and Hansa sold a range of black market items — most especially controlled substances like heroin. According to the U.S. Justice Department, AlphaBay alone had some 40,000 vendors who marketed a quarter-million sales listings for illegal drugs to more than 200,000 customers. The DOJ said that as of earlier this year, AlphaBay had 238 vendors selling heroin. Another 122 vendors advertised Fentanyl, an extremely potent synthetic opioid that has been linked to countless overdoses and deaths.

In our interview, Haandrikman detailed the dual challenges of simultaneously dealing with the exodus of AlphaBay users to Hansa and keeping tabs on the giant increase in new illicit drug orders that were coming in daily as a result.

The profile and feedback of a top AlphaBay vendor.

The profile and feedback of a top AlphaBay vendor. Image: ShadowDragon.io

KrebsOnSecurity (K): Talk a bit about how your team was able to seize control over Hansa.

Haandrikman (H): When we knew the FBI was working on AlphaBay, we thought ‘What’s better than if they come to us?’ The FBI wanted [the AlphaBay takedown] to look like an exit scam [where the proprietors of a dark web marketplace suddenly abscond with everyone’s money]. And we knew a lot of vendors on AlphaBay would probably come over to Hansa when AlphaBay was closed.

K: Where was Hansa physically based?

H: We knew the Hansa servers were in Lithuania, so we sent an MLAT (mutual legal assistance treaty) request to Lithuania and requested if we could proceed with our planned actions in their country. They were very willing to help us in our investigations.

K: So you made a copy of the Hansa servers?

H: We gained physical access to the machines in Lithuania, and were able to set up some clustering between the [Hansa] database servers in Lithuania and servers we were running in our country. With that, we were able to get a real time copy of the Hansa database, and then copy over the Web site code itself.

K: Did you have to take Hansa offline for a while during this process?

H: No, it didn’t really go offline. We were able to create our own copy of the site that was running on servers in the Netherlands. So there were two copies of the site running simultaneously.

The now-defunct Hansa Market.

The now-defunct Hansa Market.

K: At a press conference on this effort at the U.S. Justice Department in Washington, D.C. today, Rob Wainwright, director of the European law enforcement organization Europol, detailed how the closure of AlphaBay caused a virtual stampede of former AlphaBay buyers and sellers taking their business to Hansa Market. Tell us more about what that influx was like, and how you handled it.

H: Yes, we called them “AlphaBay refugees.” It wasn’t the technical challenge that caused problems. Because this was a police operation, we wanted to keep up with the orders to see if there were any large amounts [of drugs] being ordered to one place, [so that] we could share information with our law enforcement partners internationally.

K: How exactly did you deal with that? Were you able to somehow slow down the orders coming in?

H: We just closed registration on Hansa for new users for a few days. So there was a temporary restriction for being able to register on the site, which slowed down the orders each day to make sure that we could cope with the orders that were coming in.

K: Did anything unexpected happen as a result?

H: Some people started selling their Hansa accounts on Reddit. I read somewhere that one Hansa user sold his account for $40. The funny part about that was that sale happened about five minutes before we re-opened registration. There was a lot of frustration from ex-AlphaBay users that weren’t allowed to register on the site. But we also got defended by the Hansa community on social media, who said it was a great decision by us to educate certain AlphaBay users on Hansa etiquette, which doesn’t allow the sale of things permitted on AlphaBay and other dark markets, such as child pornography and firearms.

A message from Dutch authorities listing the top dark market vendors by nickname.

A message from Dutch authorities listing the top dark market vendors by nickname.

K: You mentioned earlier that the FBI wanted AlphaBay users to think that the reason for the closure of that marketplace was that its operators and administrators had conducted an ‘exit scam’ where they ran off with all of the Bitcoin and virtual currency that vendors and buyers had stored in their marketplace wallets temporarily. Why do you think they wanted this to look like an exit scam?

H: The idea was to hit the dark markets even harder when they think they’re just moving to another market and it turns to be law enforcement. Breaking the trust, so that [users] would not feel safe on a dark market.

K: It has been reported that just a few days ago the Hansa market administrators decided to ban the sale of Fentanyl. Were Dutch police involved in that at all?

H: It was a combination of things. One of the site’s employees or moderators started a discussion about this drug. We obviously also had our own opinion about it. It was a pretty good dialogue between us and the Hansa moderators to ban this from the site, and [that decision received] a lot of support from the community. But we didn’t instigate that discussion.

K: Have the Dutch police arrested anyone in connection with this investigation so far?

H: Yes, we identified several people in the Netherlands using the site, and there have already been several arrests made [tied to] Fentanyl.

K: Can you talk about whether your control over Hansa helped you identify users?

H: We did use some technical tricks to find out who people are, but we can’t go into that a lot because the investigation is still going on. But we did try to change the behavior [of some Hansa users] by asking for things that helped us to identify a lot of people and money.

K: What is your overall strategy in all of this?

H: Our strategy is that we want people to know that the Dark Web is not an anonymous place for criminals. Don’t think you can just buy or sell your drugs there without eventually getting caught by law enforcement. We want people to know you’re not safe on the Dark Web. Sooner or later we will come to get you.

Further reading: After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police

Tags: , , , , ,

76 comments

  1. Thanks for this and the takedown articles Brian, its good to hear these miscreants going getting picked off.

    • Oh yeah great! Now all the buyers will just turn to the street and either overdose because they have no way of knowing the quality or purity of their drugs anymore or fill the pockets of some street slinging operation that actually is the cause of violence and disruption in communitys! Sounds like you sir have been drinking the kool aid for a long time

      • Great idea! You shouldn’t be bragging. The only people who are interested in drug users having higher quality drugs are drug users and their enablers. Hmmm…..

      • i know one one or 2 suburb drug dealers, they sell pot and psychedlics. a functioning dope head is just a few life changing events from bottom, this dealer has a few friends who have od’d on narcotic pills and their injectable forms but he just sold them pot so its no big deal, eh?

  2. IRS iTunes Card

    good read

  3. big thread on Reddit r/DarkNetMatters about this…

  4. No word yet whether the actual drug producers will be charged, likely they will only be rewarded with more contracts and FDA approvals for producing Fentanyl. GMAFB.

    • Brian Fiori (AKA The Dean)

      Fentanyl is a legitimate and useful pain medication. I’ve been using a fentanyl transdermal patch for many years. It is a far better and more reliable pain manager (and with fewer side effects) than most pills–at least for me.

      The problem isn’t with the fentanyl itself. The issue is with the abuse of it. Of course, most anything can be abused, in the right dosage. Fentanyl is an issue because it is so potent and cheap.

  5. Continuing with the theme of “not an anonymous place for criminals”…

    Once they tie a bitcoin wallet to an identified individual, every transaction of that wallet, going back potentially many years, is tied to that individual.

    With bitcoin, you’re anonymous – until you’re not – then you never were.

    • @vb Nope, not quite. First of all, it’s virtually impossible to tie a Bitcoin address to an individual, unless the individual makes some really stupid mistakes.
      Second, ever heard of HD wallets? Addresses are used only once nowadays. “Every transaction” in practice boils down to one incoming transaction (from random unrelated addresses) and one outgoing transaction (to random other unrelated addresses). Ever. Well good luck tracing that!

      • Stupid mistakes like having drugs shipped to you and paying for it with bitcoin? Thus identifying the bitcoin wallet owner.

        HD wallets are a small percentage of bitcoin wallets.

        • How does that allow you to identify the wallet owner? Anyone who is cashing out illegal funds uses a tumbler which makes it impossible to trace.

          • The police can take over a tumbler as easily as they took over AlphaBay. Which would make it ” “not an anonymous place for criminals”

            • Can they though? Are tumblers actually illegal?

              I could see how they could be considered tools for money laundering, but I also see how they could be considered a legitimate attempt at maintaining privacy; it doesn’t seem nearly as clear-cut to me as a marketplace selling stolen data and illegal drugs.

    • Peter Venkman

      Bitcoin CAN be anonymous… by default it isn’t very anonymous but there are other ways to send BTC to an address, and then anonymize it so it can’t be traced back to the original owner – see torwallet . com

  6. HA! HA! The thought of all those users stampeding to another network makes me laugh out loud! Law enforcement can be fun sometimes, until you think about all the victims of this drug. Oh well! 🙁

    Thanks Brian for another exciting article!

  7. Too bad to hear about this. I think darknet markets help a great deal in *avoiding* trouble instead of causing it. Why not legalise all drugs, people who want drugs are going to get it anyway. And everyone (both the users as well as the rest of societey) is much better off if they can just buy it online, safely, without street dealers or violence or many other problems.

    An overwhelmingly vast majority of all drugs is a victimless crime. As a Dutch citizen I’d rather see my tax money being spent on REAL problems instead of this useless withhunt.

    • There you go, thinking again.

      I too, agree, that we just need to make everything legal for about 20 years. By that time all of the weak will be dead from OD and the rest of you can do whatever you like.

    • Peter Venkman

      this is a very valid point – without dark markets, the black market is rife with violence, robbery at gunpoint, and other dangers. For those who believe in freedom and the pursuit of happiness, there is no reason we should tell others how to live their view of freedom and pursuit of happiness, so long as it doesn’t step on others in the process. When my neighbor buys some weed on a dark market, my freedom and pursuit of happiness was not affected or stepped on in anyway… and I can’t see anyone make the case that it could step on theirs either. Either you believe in freedom and the right for a human to pursue happiness how they wish, or you believe in restricting how people should live their life, even if it has no effect on you in any way. What if I don’t want people to play rugby / football anymore because it causes concussions and brain damage over many years, should I be able to ban that too? Perspective is important

      • > When my neighbor buys some weed

        That’s never the issue. The problemis when your neighbour makes and sells amphetamines or opioid derivates.

        • That’s isn’t the problem for the most part either, Zd, it’s the client coming over that is the problem, at least in my neck of the woods. I’m sure you’ve heard that joke about comparing a Hoover and a Harley…

    • I think an argument can be made either way on legalising drugs, but leaving that aside for a moment, this/these marketplaces also sell lots of other things, such as stolen credentials (bank/credit cards/amazon/various services), as well as illegal firearms and practically every other form of illegal service/good you can think of.

      Not to mention that violence and other ills you talk of *do* exist in these places. Many times it spills over to the real world.

    • I disagree because the vile users of such drugs don’t just go and crawl back under the rocks from which they came they mingle amongst society causing fear and destruction just as much as drug dealing on the streets causes problems. These people can still get behind the wheel of a car, get hold of weapons and rob, steal and murder amongst other crimes all in a drug fuelled haze. And the people selling such vile substances are still making millions and funding larger scale crime such as terrorism, so how is making drugs legal making things better, how much weed have you been smoking?

      • I love how you call them vile drug users. You should see most medicine cabinets in American homes… Its possible you could have too much to drink one night and get in a car, kill someone, etc. There are plenty of people around you on a daily basis ingesting some sort of psychoactive chemical legal or illegal. I get the point you are trying to make but the media glorifies every crime related to drugs and clearly it made an impact on you. If you think the problem is so bad, don’t go outside.

    • so online markets prevent dealer turf wars…but they dont prevent theft, violence, and deception of the buyers to obtain the money to buy those drugs, the dealer just doesnt see the state of the buyer through the sterile online transaction. find a real job.

  8. So basically the admins of the website were in prison already and for a month the website was run by Petra Haandrikman and her team mates from Dutch police continuing to allow drug transactions.
    The website even continued to offer deadly Fentanyl and it was only because the community asked for it to be removed that it was done!
    This is really scandalous Dutch is not better than drug dealers I even believe this isn’t legal in most EU countries and police officers involved in this should also be sued.

    • Actually, the arrest and takedown of Alphabay reportedly didn’t happen until July 4 or 5th, which is about two weeks after they cloned Hansa, and roughly two weeks before Hansa was closed.

      • This is like LE was selling drugs on the street for 1 month and then on day 30 bust all buyers. If someone made an overdosis from their stuff. Ooops not our fault, too bad for him.
        This is unprecedented…

        • There are things called “sting operations.” I have no idea if they are allowed in the Netherlands law enforcement environment.

          • I have no idea what Dutch law says about “sting operations” but I would be interested to read about it.
            From other online sources it would seem that police ran the site for about 50 days. On average, 1000 orders were made per day in response to some 40,000 ads. And even more interestingly the payments made were directly sent to a government controlled wallet in the tune of $2mn (read bitcoin equivalent). This was no small operation and definitely illegal under many jurisdictions (but, again, I don’t know of Dutch laws).

        • In this case, LE didn’t sell anything. These sites are marketplaces, like ebay, where buyers and sellers can meet and exchange products. The Dutch authorities didn’t sell anything, they just allowed the marketplace to continue for longer.

          It’s a small difference, but an important one.

          • My understanding is that they also cashed in the proceeds of all trades (in the tune of 2mn$)…

        • For better or worse, the vast majority of criminal investigations where the offenders go to jail involve either informants — i.e. working with criminals in exchange for their help — or pretending to be an active member of the community you wish to infiltrate. This action is probably a bit of both.

    • You will find that in every undercover police operation like this (whether online or not), the “process” is allowed to go forward for a while, until enough evidence is collected, needed information is obtained. etc.

      Allowing the process to go forward for a while enables law enforcement to do a substantial takedown.

  9. Interesting, but many more questions:

    “We knew the Hansa servers were in Lithuania” – how? (must have known exact provider)

    “We gained physical access to the machines in Lithuania, and were able to set up some clustering between the [Hansa] database servers in Lithuania and servers we were running in our country” – is this a risk for any cloud server? Or just those you cannot risk visiting!

    “We obviously also had our own opinion about it. It was a pretty good dialogue between us and the Hansa moderators to ban this from the site, and [that decision received] a lot of support from the community. But we didn’t instigate that discussion.” – Who did the Hansa moderators think they were talking to? Other moderators?

  10. Hansa Market has been run by 2 German guys from Siegen .
    They did worst thing ever .
    Real life meeting / connection to their cybercrime business
    Got busted . Worked together with BKA Germany .
    Info went to EC3 est voila they got all info about server location

  11. “We want people to know you’re not safe on the Dark Web. Sooner or later we will come to get you.”

    These goons are fighting a losing battle.

    • I don’t know. It seems like they’ve been pretty successful at taking down the most popular markets, at least given time to do so…. and if they’re doing what they did with Hansa, surely with time a lot of sellers will start to worry that maybe they’re being tracked in some way they don’t understand. After all, it’s not as though they really described how they found these servers. What if there’s a flaw in Tor that nobody else knows?!

      (I’m not saying there is a flaw, just that the fear of one could stop some people from selling on the markets)

    • Brian Fiori (AKA The Dean)

      No matter how much law enforcement works to fight crime, there will always be more crime. Ergo law enforcement shouldn’t bother to fight crime. So no need for law enforcement.

      Brilliant argument!

  12. IF you don’t use proper opsec you get busted
    FE not using GPG when buying
    If this kind of things are to complex for you DON’T USE IT!

    • What is opsec when it’s at home? I thought that was military jargon. GPG is an encryption tool if I’m correct?

      • In this case, “opsec” is an overly-serious term appropriated from the military to describe steps / precautions taken to prevent your interaction with illegal sites from being tracked. Stuff like using Tor, turning off JavaScript, etc. I suppose you could also use this with legal sites to prevent advertisement tracking and such, but Tor can be kinda slow and no JavaScript can be a real pain.

        And yes – GPG is more commonly called “PGP”. meaning Pretty Good Privacy, and it is an encryption tool. It’s widely used to secure email, but can be used for much more… including messages sent on an illegal market. PGP generates two keys – a “public key” that’s used to encrypt a message, but can’t decrypt it, and a “secret key” that can decrypt anything encrypted with the public key.

        • GPG is the GNU implementation of PGP (Pretty Good Privacy). In the GNU tradition of recursive acronyms, GPG stands for “GNU Privacy Guard”.

      • Thanks Krebs, I learnt a lot from this post. You’re really doing a great job.

  13. Thanks Krebs, I learnt a lot from this post. You’re really doing a great job.

  14. Hello all, I’m a reader of this blog and I’m in need of some help.

    My company was victim of a wire transfer scam. We deal with some international transfer, and we’ve got an email changing the destination account of a payment. The email was from an almost identical domain, we did not see it until the payment was made.

    My main questions:
    – Is there a way to prove that the email hacking occurred here or in my partner’s server?
    – The account to which the money was sent is from USA, Wells Fargo. I presume it is an account opened with fake ID’s. Wells Fargo cannot be legally responsible for that?

    Is there any other way to try to clarify this matter?

    Tks in advance, kindest regards, Raul Silva.

    • Hi Raul,

      Hopefully you’ve already initiated your response steps and you’re just here looking for information! If not, immediately contact your bank. They need to stop the transfer at their side, or request Wells Fargo to do the same. Until then, it is considered to have been approved by you and legitimate for everyone to proceed moving it.

      1) Proof about email hacking?
      – Based on what you supplied, it doesn’t sound like any email account was hacked. If they used a very similar domain name to your own (or your partner’s) then nobody was hacked. They simply registered a new domain and hoped that you wouldn’t notice the difference.

      You could go looking for when the domain was registered and by whom.
      http://dawhois.com/
      But that will not likely get you anything actionable. The domains will have been registered with a fake id. At best, you’ll have a not-later-than point for when they first targeted you.

      2) Wells Fargo liability?
      – That is an interesting question about Wells Fargo. If the account was opened with fake IDs, they could be on the line for not following their own protocols. But it is almost certainly a real account with a real person. Search Krebs’ site for “Money Mule” and read some of the articles. They’ll have probably hired someone to process payroll and wired your money to them with instructions to turn around and wire it on. Maybe the mule will have kept a commission, maybe they’ll expect to get paid later (never happens). https://krebsonsecurity.com/2011/08/experienced-money-mule-will-travel/

      If you’ve already identified how the email came in (close domain name), and what actions followed from it, then there isn’t a lot more that needs to be clarified. This isn’t a compromised email or computer, so fortunately the clean-up is easy. For your end, after pursuing all lines for recovering the money, it will be about trying to improve procedures to make sure that it won’t happen again.

      Best method would be setting up an email filter that white lists your expected contacts. That will make sure that these similar domains don’t make it through in the future. If your email account is used for a lot of things and not just setting up money transfers, then consider setting up a new account explicitly for that. The problem with white-listing is exactly the same as the benefit. If something isn’t on the list, it isn’t getting through. Good when you’re talking about bad things, bad when you’re talking about other business partners or opportunities who can’t get through.

      • Silemess, thanks A LOT for taking the time to reply me. I am a little lost with this problem and any help is deeply appreciated.

        I will read the recommended article about mules. That seems to change my belief in Wells Fargo liability.

        About the procedures, we’re already changing them. We’ll work with a fixed database of bank accounts (they rarely change), and safety procedures for when anything goes out of its usual path.

        Finally about the allegedly email hack: I still believe that it happened, or at least an email interception, because the email subject, signature and timing were flawless. Kind of impossible for a totally outsider to simulate.
        We’re running an IT audit in our emails and servers, but I don’t believe something will be found (we are a medium sized company and our IT is not that good with security procedures).

        Ps.: we’re alerting the banks involved but I think it’s too late. The transfer was made 15 days ago, only now they’ve noticed that the money never went where it should. It’s a 11k USD loss for us (we’re a brazilian company)! Really awful situation.

        Tks once again.

        • yea.many companies loose Coz of this scams.

        • Bro – the money is long gone forget about it along with any culpability of Wells Fargo etc.

          You need better controls around your payments and you need to review all the critical components for each transfer.

          You should also limit the amount of intelligence you post on public websites like this as you are lining yourself up for more pain…

  15. Illicit drug use is not a victimless crime. Ask the perpetrator’s family, friends, employer, neighborhood, and law enforcement jurisdiction what kinds of trouble lays in the user’s wake. Abused children. Enormous debt. Property crimes. Violent crimes. Even if the war seems unwinnable, keep fighting the battles. To ignore destruction is to condone it.

    Great report Brian. Keep it up!

    • ConcernedCitizen

      Abused children? No idea how that ties to the drug laws.

      Property theft and enormous debts are only an issue BECAUSE of the current drug prohibition. Ever saw an Alcoholic having to steal or prostitute him/herself to be able to afford his drug of choice? Ever saw a smoker getting an overdose because he didn’t know what kind of cutting agents are in his cigarettes?

      Those are all issues that only exist because the stuff is illegal and the market is in the hands of criminals who earn fortunes thanks to the current War On Drugs.

      Just look at the US during Alcohol Prohibition – Illegalizing those substances is a godsend for criminals and destroys the lifes of the users even more than necessary by them having to get overpriced cut crap on black markets. And the “best” part, this cost the tax payers billions and billions over the last decades and the drug problem didn’t grow smaller in any way.

      Basically your comment alone shows that it’s the prohibition that causes most of the issues with illicit drugs, not the substances themselves.

    • I’m sorry but I don’t agree.

      Firstly plenty of people are capable of not being idiots when partaking. Just ask all the responsible alcohol drinkers?

      The family is affected when someone has a problem, yes, but most of the time there is no problem. Again with friends. If there is a problem, the person needs medical intervention, not a criminal record.

      The other problems you mention come down to the person, are they a complete moron or not, it is not the drug. Sorry, it’s not.

      Child abusers abuse children, debt problems are caused by the nonsensical laws pushing prices up (just look at alcohol prohibition in the states in the past), crimes to fund the purchase all stems from this.

      There is no point treating these people in any other way than as ordinary citizens, it is sick to treat them as outcasts and future generations will look back and see how sick we were to treat drug users this way and punish already troubled people and outcast them from society, in turn making our society worse and creating a vicious circle as a result which feeds back into the problem.

      This is a human condition that has existed since humans have existed, to deny it is futile and a big change needs to happen so we treat this issue in a logical and common sense way.

  16. Fraud Dawg for Life

    Score one for the good guys! Illicit drug use is by far not victimless, I am raising a 12 year old boy who was abandoned by a heroin addict, I suspect he would argue that he was very much a victim of her stupidity and selfishness.

    That aside, I’ve spent 30 years fighting financial card crime on the banking side in partnership with law enforcement, and this one was well played. GREAT JOB.

    Thanks Krebs for the work you’re doing. Many of us in the “industry” use this site first for your great and timely information. Stay safe.

  17. Only thing missing from the story is how they’ve located the Hansa servers in the first place. AlphaBay’s founder messed up by using his Hotmail address in e-mails to AlphaBay users, Ross Ulbricht of Silk Road promoted his dark market on BitcoinTalk using an account registered with his Gmail address… Will Hansa’s administrator(s) turn out to have made a similar mistake?

  18. I’m not at all a fan of these kinds of crooked operations on the Internet, but it occurs to me that if LE spent half the time and effort they spend on investigating and prosecuting the illegal purchases of drugs, guns, and fake IDs instead on the investigation of the illegal purchase of -politicians-, it would be a rather better planet we live on. But they don’t. Not since AbScam in the 1970’s. (The notable exception being Preet Bharara, who got fired by our Cheeto in Chief, probably because he was too good at his job.)

    So, as usual, the small crooks get busted, and the big crooks get stock options and golden parachutes.

  19. Has anybody noticed a drop in spam since AlphaBay’s demise? The amount of pharmacy-related spam I’m getting has fallen off a cliff recently. Related or coincidence?

  20. Thats an awesome article. Thanks for sharing it

  21. It’s a dutch website, they have a different view on the hansa website issue: hxxp://niburu.co/index.php?option=com_content&view=article&id=12058:nederlandse-pedotop-vult-zakken-en-wist-sporen-op-het-dark-deep-web&catid=9:binnenland&Itemid=22

    There is more going on here…

  22. This is painful that people succeed to sell child porn and drugs like heroine over the dark market. They’re actually helping child abduction, trafficking, and deaths in the process. Such people does not deserve security neither in the form of PGP/GPG or opsec etc. Programmer’s didn’t built systems like Tor for such people

    On the other hand, governments should not be allowed to monitor everyone for no reason, like they do. By invading an individual’s privacy in the name of national security or whatever, governments commit a crime too.

    Crime’s everywhere!

  23. A lot of these HS operators don’t know what they are doing, and there are multiple ways that a site can leak the IP. But there is also another method. The server leaking the .onion which can then be searched using something like Shodan. In the following picture, you will see that I uncovered the IP of a Nemesis Ransomware decryption server. The .onion wasn’t leaking the IP. The server was leaking the .onion https://u.teknik.io/cyhVX.png

  24. Ha! I thought this would make your page. I had to fwd it via a message to see what else could be added.

    Looks like the “dark” net is starting to cast shadows every once in a while.

  25. Way more details in this report:
    https://motherboard.vice.com/de/article/mbawm8/was-das-ende-der-grossten-schwarzmarkte-fur-das-darknet-bedeutet

    The say that the German police arrested the two main suspects in the Hansa Market case but then turned it over to the Dutch because running Hansa Market as a honeypot would have been illegal in Germany. They also say that private IT security firms played a role, Bitdefender is mentioned.

  26. Brian,

    I can’t tell you how excited I am to see your write-up of the upcoming releases on Alexander Vinnik and the BTC-e involvement in both facilitation of laundering and trafficking; but more importantly their involvement with Mt.Gox.

    I’m sure a lot of users assumed BTC-e was down in preparation for Aug 1st, but now it appears that all funds left on the exchange will be seized as part of the case.

    Between the internationally coordinated take-down, and now the tightening the noose around any method of unmonitored or any anonymized Fiat/Crypto exchanges. Maybe it’s in part related to Coinbase and refusal to expose records to the IRS, but it’s starting to feel like their is a global coordinated effort by the major gov’ts to maximally limit the ability of their citizens to attain cryptocurrencies, and to deal with the difficulty in regulating the exchange – do everything you can to dissuade the public from using TOR Hidden Services.

    I honestly feel it’s coming down to –

    1) Crypto popularity has taken off, and market capitalization is going up, up, up.
    2) Acceptance of the difficulty/impossibility to trace various blockchain transactions back to the original exchange while tumbling services are available.
    1) Hidden Services – nearly impossible to prevent/control without a careless admin or massive luck/coordination

    To address the associated issue:
    1) As much publicity about how crypto isn’t a completely safe currency, and how ‘easily’ you can lose money via fluctuation in value as well as exchanges being taken down.
    2) Force Fiat/Crypto and Crypto/Fiat exchanges to all take place via Heavily documented sites. Whether they release the records is likely pointless, as I’m confident the NSA can get it if needed.
    3) Publicize any successful events associated with the takedown/seizure of Hidden Services – thereby decreasing public perception of confidence in the anonymity of the markets.

    Together it all feels like a large response to the Etherium/Alt-Coin bloom that has taken off, along with the prospect of innocent consumers being scammed via these ICOs. I respect the valiant effort to help the uninformed public steer clear of that dark part of the internet/world.

    I am however worried – As much as this is a good thing, it is also surely going to inspire some of the most dangerous levels of black-hat research and R&D into securing and ensuring anonymity. I’m afraid the criminals will redouble their efforts and make it even harder for us to have any idea of what data they might have stolen/sold, or even to be aware of the real-world actions we can be observing.

    Again, very excited to see your research into this most recent event; but also I’d really like to see something from you that starts to put together a meta-analysis of the bigger picture and what your take is on my theory of this ‘coordinated attack on public perception of Cryptocurrency/Anonymous activity in an effort to ‘stick a finger in the dyke’.

    Thanks,
    SH

  27. Ya know,the public opinion kool-aid that says “Yes Sir,Mr Govt,I believe in you!” REALLY needs to take a lesson from Jamestown.

    • About a dozen years before the Jamestown incident, the phrase “drinking the kook-aid” came from the Acid Tests held (thrown?) by Ken Kesey and his Merry Pranksters. The LSD was in the kool-aid.
      After Jamestown, the phrase took a darker connotation.

  28. While there is a lot of shady stuff going down on the Dark Web, it is fascinating to read about … great post, Brian!