Episode Show Notes



JACK: This episode is dark and contains references to illegal drugs so listener discretion is advised. Federal law in the US says marijuana is illegal for any purpose in all states yet twenty percent of the states have flat-out legalized marijuana. This means the US government finds it offensive but state government finds it okay which makes it weird. Some states have determined it’s better to legalize marijuana for numerous reasons. It’s used to treat some medical conditions and helps some people relax after a hard day and it reduces some crime rates when it’s legalized. In these states where it’s legal there are nice clean shops where you can walk into, get greeted by a nice clerk, and browse what you want, buy your weed and go; much like buying candy in a Quick Mart.

But what if you’re in a state where it’s not legal for any reason and you need it to help with some medical condition but acquiring weed in these states is illegal which makes it very frustrating to get. You might have to go to some shady corners and some shady parts of town to find the guy selling not just weed but tons of other hard drugs. It’s sometimes high-pressure where you feel guilty by checking the weight or scared to go into certain houses. These situations are stressful and sometimes scary but there’s a better alternative; buy your weed online. Here’s how you do it. Fire up a VPN, connect to Tor, get some Bitcoin and buy your drugs on the dark market. These are websites that sort of resemble eBay but for illegal goods.

You can search for weed by looking for good prices, fast shipping speeds, and sellers with high ratings. There’s no high-pressure situation, no violence, and it seems safe. It’s the perfect solution right? This story is about AlphaBay, the most popular dark market to ever exist and I would love to interview the guy who created AlphaBay but I can’t because he’s dead.

JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

JACK: It’s about time I do an episode on the actual darknet, isn’t it? I choose the name Darknet Diaries because I really like the word darknet. I just imagine it to be all the shady parts of the internet where rogue stuff is going on. Not necessarily any part of the internet in particular, but anything that someone doesn’t want a light shining on it. But actually there is a thing called the darknet. It’s kind of debatable but the way I understand it, is that it’s a hidden anonymized network on the internet. [MUSIC] Picture going into a club and upon entering everyone has to wear a mask and the same exact suit so you can’t tell anyone apart. When you connect onto the darknet you become anonymous. At least that’s the theory.

There are a few darknets out there; Freenet, I2P, but the most popular one out there is Tor, T-O-R, which stands for The Onion Router. By using a special kind of software you connect your computer to the Tor network and you become anonymous. Normally when you visit a website it knows your IP address which can be associated with where you are in the world. But when you connect to Tor you get an IP of that computer that you’re connected to which might be hundreds or thousands of miles away. This masks where you actually are. If you want to be extra-safe it’s wise to use a VPN also before connecting to Tor so that if Tor or the VPN servers were to be compromised neither one of them would know exactly where you came from and where you went. They’d only be able to see one or the other. People use Tor for lots of great things.

I use Tor whenever I research episodes for this show because I stick my nose in a lot of places that I don’t really want my connections to be tracked back to me. As you can imagine, I research some dark and shady stuff. Countries with government oppression end up with a lot of people using Tor to get around censorship and to get their voices heard. Whistleblowers will often use Tor to [00:05:00] hide their identity and people who are concerned with mass surveillance may use Tor to escape being tracked. It’s an invaluable tool for people who want to share a message but are concerned with facing punishment for speaking up. When you get on Tor you can visit any website, both the darknet and the regular internet, and your location is masked. But there’s something else Tor has too, and that’s the deep web which are all the websites that are only available to those people who are on Tor.

So if you’re not on Tor you can’t reach these deep websites. These sites that are only on Tor network always end in .onion instead of .com or .net. Since this is theoretically an anonymous network it’s often used for illegal activity. If you browse around to see what websites are available on Tor you’ll find sites offering you illegal services, sites wanting to trade software or music illegally, blogs about how to create counterfeit money or do criminal hacking. The most popular type of site on the Tor network are drug marketplaces. [MUSIC] These are sites just like eBay where you can buy and sell items and see sellers rankings to help you decide if you should trust them or not. This peer review method works pretty well. Buyers will find someone with a high rating and buy a little to see if it’s legit.

If it works out they’ve just found their new favorite dealer to buy drugs from. Once all set up, the process is rather quite simple and convenient but setting yourself up to properly be safe takes a long time to do it right. You need to buy some Bitcoin, get a VPN service, connect to Tor, set up PGP, create separate e-mail addresses and aliases and a different persona just so nothing could ever be linked back to you. You never want to use your work e-mail address or something stupid and yes, there are many people who register on these dark market sites with their actual work e-mail address. It’s insane. Probably the most notable of all these dark markets is Silk Road. The story of Silk Road is incredibly interesting but that story has been covered in detail multiple times. If you’re interested in it, check out the book American Kingpin by Nick Bilton or the podcast Case File Episode 76.

I don’t think it ruins this story for you but the reason why it’s so famous is because the feds tracked and captured the guy who ran it, Ross Ulbricht. When he was captured he got life in prison without the possibility of parole. The guy is never getting out of prison all because he created a website that lets people buy and sell illegal items. He got life in prison because he was running the biggest illegal marketplace on the planet. No street gang could ever come close to moving the amount of stuff that was being bought and sold on Silk Road. Because of this, US government came down hard on him, putting him in prison for life and shutting down Silk Road in October 2013. But Silk Road had a few programmers and moderators that didn’t get caught and they got together and created a new dark market called Silk Road 2.0. Within a year the feds caught up with them too and shut that site down as well.

See, the US federal authorities have declared a war on drugs and these dark markets really attract their attention. The feds spend a lot of time and energy going after anyone who makes these sites but that doesn’t stop people from making dark markets. The same month Silk Road 2.0 was shut down, a new site sprang up on Tor called AlphaBay. [MUSIC] In November 2014 AlphaBay opened its doors and people started using it to buy and sell drugs. But the biggest dark market at that time was called Evolution. When Silk Road went down a lot of buyers and sellers needed a new place to go and they switched over to Evolution to do their trading. This made Evolution super popular as users began migrating over to it. Evolution was a place where you could buy all kinds of illegal items but people primarily went there to buy drugs.

It used an escrow service to do these transactions. The Bitcoin was sent to the Evolution server until the transaction was complete and then it was released. It was a dominant player in this space and it was growing in size. People really liked it and the site was highly rated. The site was looking strong and holding steady as the leader but in March 2015 Evolution went offline. [POWER DOWN] This time it wasn’t because of feds. It was because that whoever was running Evolution shut the doors and took everyone’s Bitcoin that was held on the site. This was around $12,000,000. This is equivalent to you giving money to a drug dealer and them not giving you the drugs in return, just taking off. People were furious that the site owner would do something like this and were claiming they lost over $20,000 that was being held on the Evolution servers.

When Evolution went down AlphaBay’s numbers soared. [MUSIC] In the next three days AlphaBay saw 18,000 new users and 7,000 new forum posts. It was seeing $300,000 in trading value a day. Once people started using AlphaBay they loved it. The site’s popularity rose quickly. Within a year they had 200,000 registered members. But they weren’t they only dark market around; the biggest dark market at that time was Agora but then Agora announced they would be pausing operations and asked everyone to withdraw their Bitcoin and stop using the site. This again gave AlphaBay another serious bump in new users, more listings, [00:10:00] and more trades. Because of all this, within two years AlphaBay had over 400,000 users and was the biggest dark market in the world.

In fact it was the biggest dark market the world has ever seen, having more listings than anyone before that. AlphaBay became the go-to place to buy or sell drugs online. The site’s moderators were friendly and helpful to users who wanted to learn how to use Bitcoin or PGP to encrypt their chats and the user interface was easy to navigate and friendly. The quality of stuff for sale was great. On any day of the week you could buy marijuana, LSD, mushrooms, meth, cocaine, Fentanyl, or heroin. But besides drugs people sold other illegal things; counterfeit driver’s licenses, passports, weapons, stolen credit card numbers, tools used for skimming credit cards, and counterfeit money-making machines.

But despite all these options the drugs are what sold the most on this site. To buy on this site you couldn’t use your credit card or PayPal. Only Bitcoin, Monero, and Ethereum were accepted. These are crypto-currencies that are also theoretically anonymous where you don’t know who you’re sending the money to. You simply need a wallet ID to send money to and a key to access your own wallet. AlphaBay would charge 2 - 4% commission for every transaction that went on there. With hundreds of thousands of transactions happening, AlphaBay was making some serious Bitcoin. The site owner was able to hire some staff to keep the place operational and continued to add new features and fix bugs. But a site like this is going to attract a lot of enemies. [MUSIC] Law enforcement agencies around the world have notoriously gone after sites like AlphaBay to try to shut them down so by being the top dark marketplace in the world, it attracts a lot of eyes and ears from many government agencies.

Investigations and cases started opening up in the US, Canada, UK, Netherlands, and Germany. They tried looking to see if any clues could be found as to who’s running the site. But everywhere they looked they found nothing. Whoever was administering the site was very good at keeping the server’s location secret and the owner’s identity hidden. All chats were encrypted and the site’s owner used an alias, Alpha02, which wasn’t used anywhere else and they encrypted and anonymized all connections to the servers. For years federal law enforcements couldn’t find any clues which would lead them to shutting down the site. The US has a war on drugs and dedicates a lot of time and money towards stopping drug dealers. They like to go after big operations which will make the most impact on the drug scene and AlphaBay was by far the biggest. Whoever was running AlphaBay knew this was highly illegal and had to hide.

They had to be extremely careful because not only would the police be looking for them but other drug dealers would be, too. AlphaBay had many competing drug marketplaces, marketplaces that also had services available like hit men and hackers. It may be entirely possible that an owner from another dark market wanted AlphaBay gone and had all the resources to track them down and put an end to AlphaBay. But besides the dark markets, regular street gangs were sometimes hit economically because of the rise of online drug markets. Some of them were also angry with the popularity of AlphaBay which meant they were having a harder time finding buyers and weren’t able to figure out how to sell their stash online. The admins to AlphaBay had to make sure their identity, location, and the server’s identity were kept very secret from all these enemies. To top it all off, the darknet is where some black hat hackers like to dwell, and they know this is a very lucrative business.

A lot of Bitcoins are coming in and out. AlphaBay probably got a fair share of hacking attempts waged against it at all times. There’s always someone digging around the site, looking for anything that may give away any information to figure out who was running it. At one point someone interviewed the administrator for AlphaBay asking if they were afraid of getting caught. Their response, I am not. I am absolutely certain that my OPSEC is secure and I live in an off-shore country where I’m safe. The United States FBI really wanted to catch him though, and put an end to this market so they began digging deeper. [MUSIC] The FBI was having trouble finding any clues at all so they went onto AlphaBay and started buying drugs. An undercover agent with the FBI created a user account and used some Bitcoins to buy marijuana.

A few days later they got the weed in the mail, no clues found. Not even information on who was selling it to them, just that it was shipped from California. Then the FBI bought another drug, this time heroin, and again offered no clues as to who was running the site. The FBI continued buying item after item on AlphaBay in hopes to eventually spot something and get more evidence as to what this place was doing. The FBI bought more heroin and Fentanyl and more marijuana and some meth, actually fifty grams of it. Then the FBI went on to purchase other things; they bought four fake driver’s licenses and they bought a credit card skimmer that fits onto an ATM, and more. The FBI was gathering more and more evidence for this case and also working with other law enforcements around the world to share information that they found. Eventually the FBI spotted something. When an undercover agent created a [00:15:00] new account at AlphaBay they received a welcome e-mail and examined it closely.

They looked at the headers of the e-mail and there was a Reply To e-mail address that was unusual. The Reply To e-mail in the header was pimpalex91@hotmail.com. The FBI took this e-mail address and went to Microsoft, the owners of Hotmail, to request information on who owns that address. That e-mail address was found to be associated to a LinkedIn account for a guy named Alexandre Cazès who was born in 1991. This matched the 91 in the e-mail address. His LinkedIn profile explained that he’s from Montreal, Canada and runs a computer tech support company called EBX Technologies. Now that the FBI had a name they began digging deeper into Alexandre Cazès, uncovering everything they possibly could about him. AlphaBay wasn’t the only dark market going around. There were many others but one that was gaining in popularity was called Hansa and it had a great user interface and great admins with great customer support and was actually very popular in Europe.

Same thing was being sold on Hansa; guns, IDs, counterfeit devices, and of course drugs. Even though Hansa was much smaller than AlphaBay it too attracted the attention of law enforcement. Countries around the world wanted to stop Hansa from being a trading place for illegal items. All of the Hansa servers were on the anonymized Tor network. This made it impossible to track where it was located in the world but there was one development server that was located on the regular internet. A security researcher found this one Hansa server that wasn’t on Tor. It was just on the regular internet and it turned out to be a development server that the admins could test new features on. They reported this information to the Netherlands National High Tech Crime Unit. This is the department that investigates high profile cyber-crime cases such as this.

They took this tip and tracked down the IP and it was in a data center that was actually located in the Netherlands. They contacted the data center that was hosting the server and the Dutch government was able to put a sort of wire-tap on the server to watch all packets that were coming in and out of it. From there they found the server was talking a lot with the live Hansa server which was on Tor. This production server was in the same data center as the development one so from there the Dutch government was able to make hard drive copies of a few of those Hansa servers, both the development and production one. They did this without causing any outage on the site, working directly with the data center. The Dutch High Tech Crimes Unit combed through the contents of those hard drives. The goal was to find who the admins were to the site.

They saw the admins were connected to the site but the connections were anonymized through Tor so they weren’t able to determine where these people were from and all the logins for the admins were aliases. Of course the site owners wouldn’t use their real names to log in with, but at some point the authorities found chat logs on the server and as they looked into it they found these logs dated back years and years. Inside the logs were conversations between the admins of the site but the Dutch couldn’t read the conversations; not because it was encrypted but because the conversations were in German. The Dutch authorities had to get a German translator to come help them decipher the chats and read through the logs. A lot of it was talking about the site such as resolving disputes doing maintenance and adding new features but as they read deeper into the chat logs they found the real names of both the admins of the site.

Further in the logs they found the home address of one of the admins. The Dutch government had the names and possible location of the two men that were running the Hansa dark market but a new problem was encountered. The home address of the admin was in Germany. When the Dutch government contacted Germany to request their arrest and extradition, the German government explained they are already tracking those two guys. The same two guys who were running the Hansa dark market had previously created an online site to buy and sell pirated e-books and audiobooks. The German police were trying to find the location of these two guys to arrest them. The Dutch and German authorities began hatching a new plan. They joined forces to capture these two guys under the existing German case but the Dutch government would take over Hansa.

This way Germany gets their suspects and the Netherlands gets control of Hansa to potentially catch more drug dealers. The plan was to gather enough evidence to arrest the two men at the same time they were logged in as admins to the site so they could take it over. But just as they were collecting more evidence against the two German admins, the Dutch server went offline. The Hansa admin saw a copy was made of the hard drives and it freaked them out so they moved the server to another location. Once again the location of the server became anonymized over Tor and the authorities had no idea where it went and therefore couldn’t take it over. They went back to looking over what they had, trying to figure out where they moved the server to. [MUSIC] Months and months go by without any clues as to where the servers had gone. Hansa continued to operate, becoming the go-to place in Europe to buy and sell drugs online.

In the chat logs on those old hard drives were a few Bitcoin addresses and the Dutch authorities were watching these addresses to see if anything was being sent in or out of those wallets. While Bitcoin is in fact anonymous, at some point you may want to exchange your Bitcoin for cash [00:20:00] and you need to do that at a Bitcoin exchange which is usually audited and licensed. The authorities saw one of the Bitcoin addresses sent money to an exchange in an attempt to move some money. This was a lucky break because the exchange they sent the money to was in Netherlands. The Dutch High Tech Crime Unit went down to the exchange to request the digital information on where the money was sent to. The Bitcoin exchange released the information and the Dutch authorities discovered the Bitcoin was sent to a server in Lithuania.

With the help of the Lithuanian government they were able to track down the exact location of where the new Hansa server was located. The Dutch, German, and Lithuanian government agencies had everything they needed to arrest the admins and take over Hansa. But at this point the FBI notified the Dutch authorities that they had discovered who was behind AlphaBay and the location of the server. The FBI was informing the Dutch that they’d be conducting a raid on the data center and arresting the owner. But the Dutch government said whoa, hold on. [MUSIC] The authorities for Germany, Dutch, and the FBI collaborated on a plan. Because the Dutch and German authorities were ready to take over Hansa they wanted to get control of Hansa before AlphaBay was to be taken down. The theory was that as soon as AlphaBay went down the users would flock to Hansa to continue to buy and sell illegal items.

If the Dutch government was already controlling Hansa they could collect a lot of information of the users of the site and potentially arrest a lot of dealers in the process. The FBI agreed to this plan and decided to call it Operation Bayonet. Bayonet was a play on a few words; Bay comes from AlphaBay, net comes from darknet, or internet, and it would also signify piercing the dark marketplace. Authorities believe that with the takedown of AlphaBay and the government controlling Hansa, after all this was over it would destroy trust in the dark marketplace for a long time, potentially crippling the whole online trade of illegal items. Operation Bayonet was a go. The next steps were for the takeover of Hansa. The Dutch authorities worked with Lithuania and Germany to conduct the raid on the data center and arrest the two men simultaneously. Lithuania agreed to the plan and two Dutch authorities went to the data center to prepare for the takeover. On June 20th, 2017, the plan sprang into action.

[MUSIC] The Dutch police raided the data center in Lithuania and the German police, with a very precise and careful method, raided the homes of both of the admins of the Hansa dark market. It’s not clear how this was done but the German police probably watched what the admins were doing and verified they were on their computers and then created a disturbance to get the men away from their computers while it was on. This had to be a very careful operation to successfully take over Hansa but the German police succeeded on both raids. They arrested both admins to the site while their laptops were open and unlocked. The German police gave the signal to the Dutch authorities who then quickly migrated the entire Hansa server to the Netherlands and under their control. The German police simply filed the reports as two guys being caught pirating e-books and audiobooks which meant all the users on the Hansa site were oblivious to the takedown and the moving of the servers.

While in jail the two men gave up all the passwords and credentials needed to access all parts of the site. The site had four moderators on it and even they didn’t know a takeover had occurred. This was a huge success for the Dutch and German authorities. Now that Europe’s most popular dark market was under Dutch government control they began turning the site into a mass surveillance station. [MUSIC] See, these dark markets have a lot of dealers, dealers who are selling massive amounts of meth, cocaine, heroin, weapons, and other illegal items. The authorities wanted to collect as much evidence as they could on those dealers so they could potentially stop them from selling any more. They first rewrote the code to log all user passwords in clear text. This way they could attempt to reuse those logins on other dark markets and websites. They found a way to read and log all communication between buyers and sellers while keeping it encrypted. This would reveal the home address of many of the buyers.

The site had previously stripped out all metadata from every picture uploaded. These would be pictures of illegal items for sale but the authorities were able to strip the metadata off these photos and save it before it was posted. This would reveal the date, time, camera that was used to take the photo, and sometimes geo-location of where the photo was taken. Once this was in place the Dutch police staged a fake server glitch which accidentally removed all photos on the site, forcing sellers to re-upload their photos which provided authorities with numerous seller locations. By this time Hansa had over 70,000 listings on its site at any given time so this was a lot of information for the authorities to process. Amazingly enough, the police also tricked users on the site to download a homing beacon. They claimed this file was a backup encryption key to access their Bitcoins if the site were to ever go down.

People downloaded it and opened it which would run a script that would try to connect to a URL and reveal that person’s real IP address. This gave authorities many more locations on where dealers were located and during this whole time the Dutch police continued to impersonate the two admins that were previously running the site, responding to other moderators, handling any site complaints from users, and actually doing a really good job with customer support. The users seemed very [00:25:00] happy with the level of customer support they were getting from the site, completely unaware it was being ran by the Dutch government and the Dutch authorities continued to let all items be bought and sold except for one; they banned the sale of Fentanyl on the site. This is similar to heroin but is more dangerous and contributed to numerous overdoses according to authorities.

At this point the trap was set. The Dutch police had set up a honeypot by using a very popular drug marketplace to attract criminals to conduct crimes under their watchful eye. Now that they were collecting tons of information they were ready for the FBI to conduct the next step in Operation Bayonet. The FBI was ready for action. They tracked down the owner of AlphaBay to Alexandre Cazès who was living in Thailand. They tracked down the location of the server to be in Montreal, Canada. The FBI coordinated with Canada and Thailand to do a simultaneous raid on the data center and Alexandre’s house. Again the goal was to arrest Alexandre while he was logged into his computer so the authorities could have proof as to who the admin was for the site. On July 5th, 2017 the authorities of Canada, Thailand, and the FBI sprang into action.

[MUSIC] The Canadian police raided the data center and started taking the servers offline. The Thai police went to Alexandre’s fancy and expensive villa and they used an unmarked police car to stage a fake accident in front of the house. While a plain-clothes cop was attempting to turn his car around he smashed into the front gate of Alexandre’s house on purpose but made it look like an accident. [SHOUTING] This created a disturbance. Other plain-clothes cops acting like neighbors started yelling but no sign of Alexandre. They knew he was home. He just wasn’t coming outside so they continued yelling and trying to turn the car around and making more of a ruckus in his driveway. After what seemed like an eternity for the police he came outside to see what was going on. He came out with his cell phone in his hand, wearing a pair of blue shorts and sneakers. He had no shirt on. He came out to the front of his driveway to inspect the smashed gate while the plain-clothes cops posing as neighbors surrounded him.

He was confused and mad about the gate but the signal was given and the cops came after him. Alexandre ran but not far. Cops immediately grabbed him and wrestled him into a pair of handcuffs. [SIRENS] Alexandre’s phone was quickly taken from him and kept open so it wouldn’t become locked. The Thai police ran inside and found his computer open and logged into the AlphaBay server as admin. He had been trying to figure out why the servers in Montreal were going down. When the Royal Thai Police and the FBI examined his computer they found a text file with all the passwords for the AlphaBay site. This would be enough evidence to convict him of being the owner of the largest dark market in the world. The raid on the Montreal data center was also a success and the FBI was able to seize his servers and take them offline immediately.

The capture of Alexandre Cazès remained quiet. The FBI did not announce they have taken AlphaBay offline. This caused a flurry of angry AlphaBay users who immediately thought there was an exit strategy, just like how the admins to Evolution had simply closed up and took everyone’s Bitcoins. After days of AlphaBay being offline people suspected the site owner had stolen all their Bitcoins too. Alexandre Cazès was taken to a Thai jail where he would wait to be extradited to the US. They found that Alexandre was married to a Thai woman in her early twenties and he had been living in Thailand for the last eight years. AlphaBay was only two years old. Before that he was a software developer. Alexandre, in my opinion, looks like an average computer techie. He’s 26 years old, white guy, grew up in Montreal, Canada. He looks like a young Elon Musk. His hair is always a little out of place and he seems to slightly underdress. Not muscular, not extra-fit, not overweight either.

He had a traditional Thai wedding and all his groomsmen all look Thai, too. I’m not sure if that means he only had Thai friends or if he simply lived a very private life. His wife looks kind and generous and happy in the photos. From just her appearances she looks like someone who’s simple and a good caretaker. She doesn’t dress flashy or extra-sexy or seem to be high maintenance. She just looks like a caring and sweet girl. When the police questioned her she said her job was a researcher at an academic institution which kind of fits her appearance. She’s likely very close to her parents and down to earth. Neither Alexandre or his wife look like kingpins to the world’s biggest drug marketplace. The US filed a civil forfeiture complaint against Alexandre and his wife which allowed the FBI to seize everything they owned.

[MUSIC] While conducting their seizures they found Alexandre had kept a meticulous journal of all his assets. This made it easy for the FBI to go and collect it all. Here’s what the FBI seized; ten vehicles including a Lamborghini purchased at $900,000, a Mini Cooper that his wife drove, a BMW motorcycle, and a Porsche Panamera. Numerous pieces of real estate including his primary luxurious villa in Thailand, and he owned the house next door which was for his wife’s parents to live in. He also was building a new luxury villa in Bangkok and he had vacation homes in Phuket, Antigua, and Cyprus. [00:30:00] His home in Cyprus cost 2.3 million dollars because you can become a resident of Cyprus if you own two million dollars in real estate which is what he was trying to become a resident of. He also paid Antigua $400,000 to become a resident there. He had three Thai bank accounts, one Swiss bank account, and one bank account in St. Vincent in The Grenadines.

He was also holding large amounts of crypto-currencies including Bitcoin, Ethereum, Monero, and Zcash. Between his bank accounts and crypto-currencies the FBI seized 8.8 million dollars. On top of all that the FBI seized all the Bitcoin, Monero, and Ethereum that were on the AlphaBay servers that were seized in Montreal. When AlphaBay was seized it had 250,000 active listings. To put this into perspective, Silk Road had only 13,000 listings when it was shut down. You can see AlphaBay was almost twenty times bigger than Silk Road in terms of active listings. Alexandre was charging 2 - 4% commission on every transaction and the logs showed that about 840,000 Bitcoins were transferred through AlphaBay totaling around $450,000,000 in transactions. The feds estimated his commissions for all this was somewhere between 9 and 18 million dollars. According to Alexandre’s notes, he claimed he had a self net-worth of $23,000,000.

[MUSIC] This kind of cash is what I expect a kingpin like this to have because he knew full well what he was getting himself into when he started this. It’s a risky, extremely risky business. He knew his life would be in danger and he had to be absolutely perfect at not being caught every step of the way. To take this ride with the devil, it better be worth it. Millions of dollars seemed to make it worth it for Alexandre. Again, looking at his photos of his wife he simply doesn’t seem like your stereotypical millionaire drug lord. She looks like the girl next door. He looks a little dorky and even when he wears a suit and poses in front of his Lamborghini he seems to be out of place in the suit. I don’t know, maybe I should start changing how I perceive big-time drug dealers.

A Montreal-Canadian news outlet would later interview Alexandre’s father who said Alexandre was so kind and caring. He wouldn’t hurt a fly. He never had a criminal record, never smoked, never did any drugs. He was very smart and even skipped a whole year in school because he did so well. According to his father, his wife was eight months pregnant. While in jail, Alexandre knew everything was being seized and taken away from him and his wife was being questioned and he was concerned about her parent’s house being seized away from them and he also knew full well that Ross Ulbricht, the guy who got caught running Silk Road, received life in prison without the possibility of parole. Alexandre was scared, really scared and felt like he had no options. The world was closing in on him all around and he didn’t want to face any of it.

On July 12th after sitting in a Thai jail for seven days Alexandre wrapped a towel around his neck, twisted it tight, tied it into a knot, and committed suicide. The next morning the Thai police found him dead in his jail cell and this hit the news in Thailand. At that point the Wall Street Journal broke the story for the rest of the world that AlphaBay was seized by the feds and the owner of the site was dead. This sent the users of the dark markets into a panic. [MUSIC] People were freaked out that the feds had taken over AlphaBay. Numerous conspiracy theories started springing up about his death; was he murdered by another dark market owner? Was he murdered by the real AlphaBay owner? Was he murdered by the feds? Why did he commit suicide? Darknet forums were abuzz with the chatter about this event.

Once AlphaBay shut down, just like according to plan, a ton of new users started registering at the Dutch government-controlled Hansa dark market. Over 5,000 new users a day were registering at the site which is a massive jump from the normal 600 new users a day. In fact the number of new users were so high it broke the registration system and the Dutch police had to spend a few days getting it back online. Under Dutch law they were required to track and report every sale on the site, about 1,000 transactions a day were being conducted on Hansa and this was becoming too much paperwork for the Dutch authorities to handle. After the Dutch government had ran Hansa for 27 days and collected information on about 27,000 transactions they pulled the plug on the server, shutting the whole operation down.

Immediately the Dutch authorities placed a banner on the site. It said the Hansa hidden site had been seized by the Dutch National Police. At the same time AlphaBay’s site started displaying it had been seized by the FBI. News of both sites being controlled by government agencies shattered trust in many dark market buyers and sellers and it sent the whole community into chaos. Two days after Hansa was shut down, US Attorney General Jeff Sessions made a press statement.

JEFF: Today the Department of Justice announced the takedown of the dark web market AlphaBay. This is the largest dark market web place takedown [00:35:00] in world history. This is likely one of the most important criminal investigations of this entire year. I have no doubt of that. Make no mistake, the forces of law and justice face a challenge from criminals and transnational criminal organizations who think they can commit their crimes with impunity by going dark. This case, pursued by dedicated agents and prosecutors says you are not safe. You cannot hide. We will find you, dismantle your organization and network, and we will prosecute you. The darknet is not a place to hide.

JACK: For the FBI they were able to gather more evidence and go after moderators of AlphaBay and capture and arrest them. For the Dutch police, they collected information on over 420,000 users and collected 10,000 home addresses. They turned this information over to Europol to further take action. They seized about $12,000,000 worth of Bitcoin that was on the Hansa server at the time of shutdown and they arrested over a dozen dealers that were located in the Netherlands. They also claimed to have conducted over fifty knock and talks where the police would come visit someone and talk to them if they were a known big buyer or seller. The FBI and Dutch police continue to this day to go through the data they collected to track down anyone they got information on.

When both AlphaBay and Hansa went down and the people discovered it was taken over by the feds, this really rattled the dark market communities. After Hansa there wasn’t a mass migration to another site. Users scattered. They went back to the streets or simply gave up on it altogether. The feds not only infiltrated the darknet but they infiltrated the minds of the people on the darknet. Immediately after these takedowns, people were much more cautious. Some were panicking. They weren’t using good operation security and they reused passwords and put in their home address and they were sloppy with privacy. It certainly made a dramatic short-term impact on the dark market trading scene. After all, this was the most elaborate and coordinated sting ever conducted on the darknet.

But the long-term impact is yet to be seen. Today new dark markets are gaining in size such as Dream Market and Wall Street. But users of those sites should be aware of the history of dark markets. You never know if the feds are selling or buying drugs on there or controlling the site outright. You can never guess as to when the owner just might decide to shut down the site and steal everyone’s Bitcoins. But here’s what I take away from this story; the only way the feds were able to catch anyone was because of that person’s poor personal security. Alexandre was only discovered because he accidentally put his personal e-mail address in the Reply To of the welcome e-mail which directly connected him to his LinkedIn profile.

The German Hansa guys were only caught because they put their real names and addresses in the chat logs on their server. The big-time sellers that the Dutch government caught were only discovered because they didn’t scrub out the metadata from the photos and didn’t cover their tracks properly. The feds caught all these people because these people slacked off just a tiny bit on their own security. Not because there’s some super-secret way to track who owns a Bitcoin wallet or who is on Tor. Jeff Sessions says the darknet is not a place to hide but clearly it is if the right precautions are made. With all the time and money and effort they put into taking down AlphaBay, the feds would have used a more scary method to track down these guys if they had scary ways to do it. But they had to wait and watch for years to spot a mess up in operational security.

It’s probably true that you’ll never shake the feds from trying to track you if you run the largest dark market in the world. They’ll probably catch you eventually but maybe you make enough money and give the site to someone else and then disappear completely. Alexandre had $20,000,000 in assets and I wonder how much more he thought he needed for him to just disconnect from it all and change his name and live a nice happy life with his wife in Antigua. If you do want to be anonymous and conduct massive illegal activities online, you still can but it takes a lot of time and effort for it to become that safe. You need to exercise all the options you can to stay anonymous.

Here’s a starter pack; use Tor, use a VPN, take advantage of Bitcoin tumblers, use PGP in encrypted chats, use fake personas. Don’t ship anything to your actual house. Strip out all metadata from photos and use a separate computer to do all this on. Because if you take all these steps to be anonymous then you just log into Facebook, if someone was tracking your anonymous persona they now know you own that Facebook account and can link it back to you. When you set all this up keep it separate from everything that’s connected to your real persona and don’t tell anyone about it. Another thing this story proves to me is that there’s a massive world-wide demand for illegal items. When there’s a demand this large there will always be someone willing to risk their life and take that forbidden ride Fand build a dark market and cash in on that demand.

JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. Please consider donating to help support this show [00:40:00] by visiting darknetdiaries.com/donate. It really helps a lot. This show is created by me, Alpha03, Jack Rhysider. Mixing is done by Sono Sanctus and the theme music is created by the hooded Breakmaster Cylinder.



Transcription performed by Leah Hervoly www.leahtranscribes.com

Transcription performed by Leah Hervoly www.leahtranscribes.com