July 20, 2017
The largest marketplace on the Darknet—where hundreds of thousands of criminals anonymously bought and sold drugs, weapons, hacking tools, stolen identities, and a host of other illegal goods and services—has been shut down as a result of one of the most sophisticated and coordinated efforts to date on the part of law enforcement across the globe.
In early July, multiple computer servers used by the AlphaBay website were seized worldwide, and the site’s creator and administrator—a 25-year-old Canadian citizen living in Thailand—was arrested. AlphaBay operated for more than two years and had transactions exceeding $1 billion in Bitcoin and other digital currencies. The site, which operated on the anonymous Tor network, was a major source of heroin and fentanyl, and sales originating from AlphaBay have been linked to multiple overdose deaths in the United States.
“This was a landmark operation,” said FBI Acting Director Andrew McCabe during a press conference at the Department of Justice to announce the results of the case. “We’re talking about multiple servers in different countries, hundreds of millions in cryptocurrency, and a Darknet drug trade that spanned the globe.”
A dedicated team of FBI agents, intelligence analysts, and support personnel worked alongside domestic and international law enforcement partners to shut down the site and stop the flow of illegal goods. “AlphaBay was truly a global site,” said Special Agent Nicholas Phirippidis, one of the FBI investigators who worked on the case from the FBI’s Sacramento Division. “Vendors were shipping illegal items from places all over the world to places all over the world.”
The website, an outgrowth of earlier dark market sites like Silk Road—but much larger—went online in December 2014. It took about six months for the underground marketplace to pick up momentum, Phirippidis said, “but after that it grew exponentially.”
AlphaBay reported that it serviced more than 200,000 users and 40,000 vendors. Around the time of the takedown, the site had more than 250,000 listings for illegal drugs and toxic chemicals, and more than 100,000 listings for stolen and fraudulent identification documents, counterfeit goods, malware and other computer hacking tools, firearms, and fraudulent services. By comparison, the Silk Road dark market—the largest such enterprise of its kind before it was shut down in 2013—had approximately 14,000 listings.
The operation to seize AlphaBay’s servers was led by the FBI and involved the cooperative efforts of law enforcement agencies in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, along with the European law enforcement agency Europol.
“Conservatively, several hundred investigations across the globe were being conducted at the same time as a result of AlphaBay’s illegal activities,” Phirippidis said. “It really took an all-hands effort among law enforcement worldwide to deconflict and protect those ongoing investigations.”
U.S. law enforcement also worked with numerous foreign partners to freeze and preserve millions of dollars in cryptocurrency representing the proceeds of AlphaBay’s illegal activities. Those funds will be the subject of forfeiture actions.
AlphaBay’s creator and administrator, Alexandre Cazes—who went by the names Alpha02 and Admin online—was arrested by Thai authorities on behalf of the U.S. on July 5, 2017. A week later, Cazes apparently took his own life while in custody in Thailand.
Because AlphaBay operated on the anonymous Tor network, administrators were confident they could hide the locations of the site’s servers and the identities of users. “They understood that law enforcement was monitoring their activity,” said FBI Special Agent Chris Thomas, “but they felt so protected by the dark web technology that they thought they could get away with their crimes.”
The FBI and its partners used a combination of traditional investigative techniques along with sophisticated new tools to break the case and dismantle AlphaBay. “The message to criminals is: Don’t think that you are safe because you’re on the dark web. There are no corners of the dark web where you can hide,” Thomas said.
The operation to seize AlphaBay coincided with efforts by Dutch law enforcement to shut down the Hansa Market, another prominent Darknet marketplace that was used to facilitate the sale of illegal drugs, malware, and other illegal services. After AlphaBay’s shutdown, criminal users and vendors flocked to Hansa Market, where they believed their identities would be masked.
“Taking down two major dark sites at once is considerable, and it took a lot of effort, a lot of expertise and teamwork,” said FBI Acting Director McCabe. “As this level of teamwork and coordination shows, we will go to the ends of the earth to find these people and to stop them.”
The takedown of AlphaBay—and another prominent site on the Darknet known as Hansa Market—required months of planning among law enforcement agencies around the world and was one of the most sophisticated coordinated takedowns to date in the fight against online criminal activity.
The operation to shut down AlphaBay was led by the FBI and involved law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, along with Europol. It is expected that hundreds of new investigations will be generated worldwide as a result of the takedowns.
Europol played a central coordinating role in both cases. In early July, days before AlphaBay servers were seized, Europol hosted a command post staffed with representatives from the FBI, the Drug Enforcement Administration, and the Department of Justice, along with its own members. The command post was the central hub for information exchange during the AlphaBay operation.
In parallel to these operations, Europol hosted an international Cyberpatrol Action Week in June, where more than 40 investigators from 22 European Union member states and representatives from the FBI and other U.S. law enforcement agencies joined in an intelligence-gathering exercise to map out criminality on the Darknet. The focus was on vendors and buyers who were actively involved in the online trade of illegal commodities including drugs, weapons and explosives, forged documents, and cyber crime tools. Analysis of the results and dissemination of the resultant intelligence is ongoing.