Alpha Bay Takedown Shows Government Collaboration Capability

Described as “roughly ten times the size” of Silk Road, the dark web market Alpha Bay has been taken down in a joint effort between international law enforcement, US government departments and Europol.

In the takedown headed by the US Department of Justice, it has been reported that Alpha Bay had more than 200,000 users and around the time of the takedown, there were more than 250,000 listings for illegal drugs and toxic chemicals and the market was responsible for approximately $1 billion in illicit sales.

The takedown follows the shutdown of the original Silk Road marketplace in 2013, and its 2015 successor.

“This is one of the most important criminal investigations of this entire year,” said Attorney General Jeff Sessions in a press briefing. “Make no mistake, the forces of law and justice face a challenge from criminals and transnational criminal organizations who think they can commit their crimes with impunity by going dark. This case, pursued by dedicated agents and prosecutors, says 'you are not safe. You cannot hide. We will find you'”.

Deputy Attorney General Rod Rosenstein confirmed that Alpha Bay was part of a larger international effort targeted at dark web market bases. He confirmed that the site’s administrators were arrested as part of the takedown, who attempted to use “anonymizing techniques” to try and conceal their identities and locations, and revealing that required additional assistance from other law enforcement agencies.

“Dark websites like Alpha Bay and others run on what is called the Tor network; hidden services designed to conceal information that could reveal the location of a website and its customers,” he said. “People using these websites believe they will be anonymous, but this case demonstrates that is not always true.”

As for the dark web market itself, Rosenstein confirmed that as some sites like Alpha Bay ‘have membership of hundreds of thousands of users across the globe’, this requires collaboration to aid agents, prosecutors, analysts and support staff who located the infrastructure hosting the sites, and identified those responsible.

“Hundreds of sites on the network still enable a vast amount of criminal activity. We are proud of what we announced today, but recognize that our work is not done. We face many challenges and require international assistance to overcome those challenges.”

Andrew McCabe, acting director of the FBI, called this a “landmark operation” as “Alpha Bay was roughly ten times the size of the Silk Road, so we are talking about multiple servers, different countries, hundreds of millions of dollars in crypto currency, in a dark net drug trade that spans the globe”.

McCabe also praised the ‘coordination and a shared purpose’ required to carry out an operation like this, and he acknowledged that taking down major dark sites at once is considerable, and issued a warning to those involved in such websites as while “there are some criminals that think of cybercrime as a freebie”, blending traditional investigative techniques and new tools will bring these individuals to light.

McCabe acknowledged that there is a risk with any shutdown effect that when you shut down one site another may appear. He said that whilst this may be the case, that is the nature of criminal work - it never goes away, you have to constantly keep at it, and you have to use every tool in your toolbox, and “that is exactly what we will do”.

He said: “We have learned a lot over the years about taking down international criminal syndicates, and that same experience applies to organizations that are facilitated on the dark net. We know that removing top criminals from the infrastructure is not a long-term fix. There is always a new player waiting in the wings ready to fill those shoes.”

In agreement was Robert Pattinson, acting deputy administrator of the Drug Enforcement Agency, who said that those who operate such dark web markets ‘all share one additional common characteristic, they operate on borrowed time’.

He said: “We are keenly aware there will be another Alpha Bay, but with each investigation we learn more. We will continue to pursue these - those attempting to hide behind the anonymity of the dark web.” He was followed by Europol Executive Director Rob Wainwright, who claimed that this takedown was “a taste of what is to come in the future”.

He called this ‘joint hit’ on both of these dark markets "one of the most sophisticated law enforcement operations against cybercrime that we have ever seen".

The takedown of Alpha Bay was enabled by the collaborative takeover of the Hansa market under Dutch judicial authority a month ago, which allowed activities to be monitored and the main Alpha Bay operators to be identified.

Wainwright said: “What this meant, in particular, was that we could identify and disrupt the regular criminal activity that was happening on Hansa market, but also sweep up all of those new users that were displaced from Alpha Bay and looking for a new trading plot for their criminal activities.

“In fact, they flocked to Hansa in droves. We recorded an eight times increase in the number of human users on Hansa immediately following the takedown of Alpha Bay. Since the undercover operation to take over Hansa market by the Dutch police, usernames and passwords of thousands of buyers and sellers of illicit commodities have been identified and are the subject of follow-up investigations by Europol and our partner agencies.”

He also confirmed that the intelligence collected through the monitoring of Hansa has given law enforcement new insight into the criminal activity of the dark net, including many of its many leading figures.

Aside from the success of the takedown, the major success of this operation has been the collaborative effort of global law enforcement and governments. Andrew Clarke, EMEA Director at One Identity, said: “With the intensity of the cyber threat ramping up and causing chaos around the world – it is reassuring to hear about the collaboration between national and international law enforcement agencies.

“As well as providing a platform for illicit money-making activities, the dark web has facilitated trading of cyber-attack tools such as ransomware tool-kits that can be used be a novice cyber-criminal to extract money from a victim. The take-down of part of this infrastructure will play a significant role in slowing down and ultimately mitigating completely this type of threat to our digital way of life.”

It will be interesting to see how much intelligence has been gathered from the Hansa monitoring to allow for further takedowns, as the Alpha Bay action will likely leave many users looking for a new home but the feds seem to be one step ahead.

What’s Hot on Infosecurity Magazine?