General security

AlphaBay Market: What is the Impact of the Cyber-criminal Underground?

The AlphaBay Market was shut down by the law enforcement

AlphaBay Market was the largest black marketplace on the Dark Web, it was an excellent aggregator for buyers and sellers of any kind of illegal goods, including drugs, stolen data, malware.

The AlphaBay Market went down last week on Tuesday, July 4th apparently without any explanation. The event caused the panic among the community of its users, many of that have purchased products on the marketplace was fearing the Exit-Scam.

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

Two years ago, in similar circumstances, the Evolution marketplace, and the entire Evo community, including the user discussion forum, went offline, volunteer moderators from its communities confirmed that the administrators have "exit scammed." The operators disappeared with a huge amount money that resulted in the escrow service implemented by the Evolution black market to protect both buyers and sellers.

A few days after the disconcerting disappearance, an article published in the  Wall Street Journal confirmed the AlphaBay Market shut down after authorities in the United States, Canada and Thailand conducted several raids and arrested Alexandre Cazes, who is suspected to be one of the operators behind the AlphaBay Market.

"An online marketplace that sold illegal goods on the so-called Dark Web was shut last week following action by international authorities, according to people familiar with the matter." states the WSJ.

Cazes was resident in Canada, but he was arrested by law enforcement in Thailand, he was living a life of luxury in Thailand, he owned three houses in the country and four cars.

The police seized "four Lamborghini cars and three houses worth about 400 million baht ($11.7 million) in total."

Figure 2 - Cazes's Lamborghini seized by the Thai Police

According to the Thai police, Cazes was living in the in the past eight years.

"He was a computer expert involved with international transactions of Bitcoins," said Major General Soontorn Chalermkiat, a spokesman for Thailand's Narcotics Suppression Bureau.

"He didn't have any business in Thailand, but he had many houses," the officer said, adding that Cazes' Thai wife has since been charged with money laundering.

Local authorities have taken him into custody in Bangkok on July 5th, on the same day the police executed two raids on residences in Quebec, Canada.

"Investigators with the RCMP executed search warrants in Montreal and Trois-Rivières Wednesday morning, reportedly in connection with the sale of merchandise on the "Dark Web" of the internet." reported the Montreal Gazette.

The story has a sad ending, Cazes was awaiting extradition to the United States when a prison police officer found him dead in the jail cell on Wednesday.

According to the Chiang Rai Times, Cazes has hanged himself using a towel. AlphaBay was considered the "the new Silk Road," it emerged in 2014 and became of the most prominent dark web marketplaces.

"Narcotics Suppression Bureau (NSB), Pol Maj Gen Sunthon Chalermkiat, told Thai media yesterday that an initial examination of the body of Canadian Alexander Cazes, points to suicide." reports the Chiangraitimes.

"A duty officer noticed a towel hanging from the toilet door in his cell about 7 am, but could not see him, police said. The officer unlocked and entered the cell and found Cazes dead in the toilet."

What will happen in the future?

The case anyway has not been yet resolved, law enforcement has to discover if there were other operators behind the AlphaBay Market and which were their roles.

We cannot exclude that Cazes's accomplices will launch another version of the popular black market. Another aspect to consider is the huge amount of money that is still stored inside the wallet used by the operators behind AlphaBay, probably someone could access them in the next week.

"It is also unclear as to what Cazes may have told the authorities in regards to AlphaBay, its users, or other people working on the platform." continues the Chiangrai Times.

"On Reddit, there is some wild speculation as to whether or not these claims are true. It is hard to determine if Cazes is the real AlphaBay admin, but all of the information seems to hint at that outcome. His arrest coincides with the platform going down, and it would also explain why AlphaBay has not resurfaced. On the platform, the admin is known as "deSnakes," which very well could indeed by Cazes."

We can consider the case closed, the AlphaBay Market was shut down by the law enforcement, exactly like its predecessor Silk Road.

Forecasts on the future of the black marketplaces

The AlphaBay shutdown will have a significant impact on the cyber-criminal underground, it is interesting to analyze the evolution of the others black marketplaces to understand which will be the biggest one in the next months.

Let's start from the Dark Net Markets Comparison Chart published by the website DeepDotWeb.com that integrates marketplace data with the hidden Dark Net Markets List ratings, along with uptime status data provided by our monitoring system and creation dates from Gwern.net.

The researchers at DeepDotWeb used the following parameter to evaluate the popularity of each market, data is relayed to the past 28 days until July 12.

Impressions & Clicks – These two features give us an indication of the number of pages from this site will appear on Google for search queries containing the market name.

Searches on the site – is simply how many times people entered the site search terms that relate to the specific market in DeepDotWeb's internal search.

Hits on related pages: How many visits there were on pages inside deepdotweb that their focus is some specific market (filtered using google analytics).

The data collected by the researchers at the DeepDotWeb shows that the Russian black marketplace RAMP (Russian Anonymous Marketplace) and DreamMarker are the biggest markets after the shutdown of the AlphaBay, followed by the Hansa Market.

The RAMP black marketplace (http://ramp5bb7v2abm34a.onion) is a Russian market with a forum-like organization that is frequented by hackers from Eastern Europe.

Due to the forum-like structure, the products are not organized into categories, it is not easy to calculate the exact number of listings or vendors on RAMP.

RAMP is operating since September 2012, it is probably the oldest running darknet market! It has already outlived its rivals Silk Road, Agora, and AlphaBay.

It is not clear how RAMP survived so long, there are some speculations regarding its longevity, someone believes that the main reason is that it is a Russian focused market and that Russian authorities tolerate it if the illegal authorities have not impact on Russia.

There are four main categories of vendors on RAMP:

• Audited Dealers
• Private Points
• Market
• Miscellaneous

The Audited Dealers group includes the more reliable group of vendors.

Like black marketplace, RAMP lists several prohibited posts and discussions about illegal goods and activities, including drugs, pornography and child pornography, weapons, fake documents, and banknotes.

"Based on the statistics presented on the forum at the time we did this review, RAMP had 186,304 users; 13,224 created topics, 931,494 posts (all time), and 88 posts for the week. These numbers show that RAMP is indeed a significant darknet community," states the analysis published on the website Darknetmarkets.co. "The longevity and popularity of Russian Anonymous Marketplace appear surprising to some especially as the site claims to make around a quarter of a million every year, but RAMPs' owners believe that this is because it is in Russian and serves predominantly Russian users. Also, it could be due to its focus on drugs and prohibition of hacking and pornography."

Figure 3 - RAMP black-market

Another black market that will benefit of the shutdown of the AlphaBay black-markets the Dream Market.

The Dream Market (http://lchudifyeqm4ldjj.onion/?ai=1675) has been around since Nov/Dec 2013, it is an excellent aggregator for buyers and sellers of any kind of drugs (i.e. Cannabis, Benzos, Ecstasy, etc.).

The filtering feature makes it easy to search the items offered on the black marketplaces.

The listing for Digital Goods is growing with sellers offering mostly fraud-related goods, such as stolen account data, stolen credit card data (CV, CCV) and fake documents.

Many sellers offer guides and tutorials on hacking and other illegal activities such as carding, it is also possible to find counterfeit banknotes from many countries. Hacking services are skinny, no significant deals are available. Same story for purchasing and customizing malware, it is quite easy to find well-known RATs and Keylogger, but this isn't the right place where to find complex malware.

The remain markets are smaller, and the values of parameters used for the analysis demonstrate it.

Stay Tuned!

References

http://securityaffairs.co/wordpress/60734/deep-web/alphabay-market-scam-maintenance.html

http://securityaffairs.co/wordpress/60996/deep-web/alphabay-market-seized.html

http://securityaffairs.co/wordpress/61030/deep-web/alphabay-market-shutdown-impact.html

https://www.wsj.com/articles/illegal-goods-website-alphabay-shut-following-law-enforcement-action-1499968444

http://www.telegraph.co.uk/news/2017/07/15/canadian-found-dead-thai-cell-wanted-running-dark-web-market/

http://www.chiangraitimes.com/netizens-believe-dead-canadian-fugitive-connected-to-alphabay.html

https://darknetmarkets.co/russian-anonymous-marketplace/

https://www.deepdotweb.com/dark-net-market-comparison-chart/