AlphaBay takedown: There is a flaw!
And it’s all about the human
The fun part about human history is that it’s repeating itself, and AlphaBay takedown is, based on today’s elements, looking like the demise of Silk Road in 2013.
We now know much more about how the cloaked identity of “Dread Pirate Roberts” was connected to Ross Ulbricht.
For those who don’t, the story in its main lines is the following:
- When looking for technical information prior to launching his lucrative business, Ross went to couple of forums to find answers to his questions. While doing so, he used an email address that gave the first hints that led the agents chasing him to his real life identity.
- However, this hint was not enough. At best, a strong suspicion but not a fact permitting his indictment.
- But fortunately for them, Ross made a string of mistakes that uncovered his digital trails making it easier for them to link him to SilkRoad and later to DPR.
More details can be found in “How the Feds took down the silk road drug wonderland” (Wired, Nov. 2013) and “The Rise & Fall of Silk Road” (Wired, Apr. 2015)
People tend to be negligent when it comes to their online activities. They think that this one false step will never be enough to create a digital trail leading to them.
Silk Road story taught us couple of things about how to cover our human flaws:
Internet virginity is important
The Grugq, an anonymous information security researcher, would have recommended to Cazes to first create an anonymous John Doe persona, complete with a fake email address, phone number, home address, and life history. “That way, when he [the owner or operator of a dark website]makes mistakes, which he will do, he exposes John Doe, this nonexistent nobody.” says The Grugq (The Verge, Jul 2017).
In many cases the owner is asking questions, developing, paying or receiving money using an email he previouly operated under his or her real life identity… Given the Internet memory and agents’s obstinancy this remains the number one flaw by far.
Dread Pirate Roberts, aka Ross Ulbricht, was uncovered many years after he launched his famous marketplace: Silk Road, because of a single post on a technical forum linking his nickname to his personnal email.
In the case of AlphaBay, things seem to be even worse as, in addition to using his own email in the past without covering his track, Alexandre Cazes was also using his email as part of the password recovery mechanism of his marketplace… and as contact information to a PayPal account he owned.
One can say that this is really dumb and if just sends flares to all agencies (and hackers) pointing at you.
What is really astonishing if this story is true, is that Alexandre Cazes did not learn from Ross Ulbricht’s mistakes. Not only he repeated them, but also acted carelessly by reusing personal items / information to operate his darknet marketplace.
Devil is in the details
When building a cover, make sure it is trustworthy, or at least that the first level of cover is believable.
In that matter, Alexander Cazes also acted carelessly as he was describing himself on his LinkedIn profile as a highly skilled in web hosting and cryptography.
However, his cover company website was… “barely functional”! (source: court documents) and not his cover company was not making money.
In that case we can notice that this cover was clearly not the right one for 2 main reasons:
- When you claim having skills in a particular domain, you’d better show them.
- Try to have skills which are not too close to the ones needed for your activities. This will just increase your prominence as a suspect.
Let’s assume that you successfully managed to maintain your Internet virginity and that you have a clean working cover not directly related to your darknet business.
Don’t let your ego fool you
You nailed it: your digital twin is not connected to the real you. You covered your tracks and start feeling invincible.
At this moment you will start having to manage your ego. If you let it take control over you, you’re doomed.
AlphaBay and the Silk Road owners are perfect examples for this.
The first one thought that no hacker could penetrate his marketplace, while actually it was hacked couple of times, exposing users’ private chats and possibly other sensitive information such as admin names, etc.
While Dread Pirate Roberts was so overconfident that he hired an undercover agent to be his hit man and kill one of his admin… This admin was never killed and became an informant offering valueable details to law enforcement agencies.
Stay cool, act cool. You’re not God and never will be.
Be smart with all that money
You’re going to make a lot of money. AlphaBay was 10 times bigger than Silk Road and making between $600,000 and $800,000 per day (conservative estimate).
As for eBay, darknet marketplaces are picking up a percentage on the sales performed on their platform. But, unlike eBay the percentage they are taking is way higher as we are dealing with black market, contraband and all other illicit items (drugs, guns, etc.)
Thought most of this money is not traceable, as long as it remains in the form of a crypto currency, there is a moment where you want to buy real stuff, which you cannot buy with Bitcoins or Ethereum.
So you need to convert into US dollars, Euros or any other currency of interest. But you need to explain how you’re making this money… or used money laundering officines.
So far, the only real flaw that has been observed is human. The right combination of VPN, Tor and crypto currency has still proven to be very difficult to breakup.
However, keeping Dr Jekill and Mr Hyde sides of one person isolated has proven to be very hard. And, as it was the case for fortresses: if you cannot take it, just put it under siege and wait. Time and human basic instincts will do their work.