WEBVTT

00:00:00.547 --> 00:00:05.920
JACK: This episode is dark and contains references to illegal drugs so listener discretion is

00:00:05.920 --> 00:00:15.040
advised. Federal law in the US says marijuana is illegal for any purpose in all states yet twenty

00:00:15.040 --> 00:00:19.760
percent of the states have flat-out legalized marijuana. This means the US government finds it

00:00:19.760 --> 00:00:25.600
offensive but state government finds it okay which makes it weird. Some states have determined it’s

00:00:25.600 --> 00:00:30.560
better to legalize marijuana for numerous reasons. It’s used to treat some medical conditions and

00:00:30.560 --> 00:00:35.600
helps some people relax after a hard day and it reduces some crime rates when it’s legalized.

00:00:35.600 --> 00:00:39.680
In these states where it’s legal there are nice clean shops where you can walk into,

00:00:39.680 --> 00:00:43.920
get greeted by a nice clerk, and browse what you want, buy your weed and go;

00:00:43.920 --> 00:00:47.680
much like buying candy in a Quick Mart. But what if you’re in a state where it’s not

00:00:47.680 --> 00:00:52.720
legal for any reason and you need it to help with some medical condition but acquiring weed in these

00:00:52.720 --> 00:00:57.920
states is illegal which makes it very frustrating to get. You might have to go to some shady corners

00:00:57.920 --> 00:01:02.160
and some shady parts of town to find the guy selling not just weed but tons of other hard

00:01:02.160 --> 00:01:07.520
drugs. It’s sometimes high-pressure where you feel guilty by checking the weight or scared to go into

00:01:07.520 --> 00:01:13.920
certain houses. These situations are stressful and sometimes scary but there’s a better alternative;

00:01:13.920 --> 00:01:18.080
buy your weed online. Here’s how you do it. Fire up a VPN, connect to Tor,

00:01:18.080 --> 00:01:22.640
get some Bitcoin and buy your drugs on the dark market. These are websites that sort of

00:01:22.640 --> 00:01:26.720
resemble eBay but for illegal goods. You can search for weed by looking for good

00:01:26.720 --> 00:01:32.000
prices, fast shipping speeds, and sellers with high ratings. There’s no high-pressure situation,

00:01:32.000 --> 00:01:38.320
no violence, and it seems safe. It’s the perfect solution right? This story is about AlphaBay, the

00:01:38.320 --> 00:01:44.160
most popular dark market to ever exist and I would love to interview the guy who created AlphaBay

00:01:44.160 --> 00:01:51.280
but I can’t because he’s dead. JACK (INTRO): [INTRO MUSIC]

00:01:51.280 --> 00:02:00.640
These are true stories from the dark side of the internet. I’m Jack Rhysider.

00:02:00.640 --> 00:02:16.800
This is Darknet Diaries. [INTRO MUSIC ENDS] JACK:

00:02:16.800 --> 00:02:20.720
It’s about time I do an episode on the actual darknet, isn’t it? I choose the name Darknet

00:02:20.720 --> 00:02:24.880
Diaries because I really like the word darknet. I just imagine it to be all the shady parts of

00:02:24.880 --> 00:02:28.800
the internet where rogue stuff is going on. Not necessarily any part of the internet in

00:02:28.800 --> 00:02:33.280
particular, but anything that someone doesn’t want a light shining on it. But actually there

00:02:33.280 --> 00:02:37.280
is a thing called the darknet. It’s kind of debatable but the way I understand it,

00:02:37.280 --> 00:02:43.200
is that it’s a hidden anonymized network on the internet. [MUSIC] Picture going into a club and

00:02:43.200 --> 00:02:48.800
upon entering everyone has to wear a mask and the same exact suit so you can’t tell anyone apart.

00:02:48.800 --> 00:02:53.920
When you connect onto the darknet you become anonymous. At least that’s the theory.

00:02:53.920 --> 00:02:59.280
There are a few darknets out there; Freenet, I2P, but the most popular one out there is Tor,

00:02:59.280 --> 00:03:03.760
T-O-R, which stands for The Onion Router. By using a special kind of software you connect

00:03:03.760 --> 00:03:07.680
your computer to the Tor network and you become anonymous. Normally when you visit

00:03:07.680 --> 00:03:12.320
a website it knows your IP address which can be associated with where you are in the world.

00:03:12.320 --> 00:03:16.320
But when you connect to Tor you get an IP of that computer that you’re connected to

00:03:16.320 --> 00:03:22.640
which might be hundreds or thousands of miles away. This masks where you actually are.

00:03:22.640 --> 00:03:27.440
If you want to be extra-safe it’s wise to use a VPN also before connecting to Tor so that if

00:03:27.440 --> 00:03:31.760
Tor or the VPN servers were to be compromised neither one of them would know exactly where

00:03:31.760 --> 00:03:35.920
you came from and where you went. They’d only be able to see one or the other. People

00:03:35.920 --> 00:03:39.920
use Tor for lots of great things. I use Tor whenever I research episodes for

00:03:39.920 --> 00:03:44.080
this show because I stick my nose in a lot of places that I don’t really want my connections

00:03:44.080 --> 00:03:49.040
to be tracked back to me. As you can imagine, I research some dark and shady stuff. Countries with

00:03:49.040 --> 00:03:53.040
government oppression end up with a lot of people using Tor to get around censorship and to get

00:03:53.040 --> 00:03:57.520
their voices heard. Whistleblowers will often use Tor to [00:05:00] hide their identity and people

00:03:57.520 --> 00:04:02.080
who are concerned with mass surveillance may use Tor to escape being tracked. It’s an invaluable

00:04:02.080 --> 00:04:06.240
tool for people who want to share a message but are concerned with facing punishment for speaking

00:04:06.240 --> 00:04:11.360
up. When you get on Tor you can visit any website, both the darknet and the regular internet,

00:04:11.360 --> 00:04:17.120
and your location is masked. But there’s something else Tor has too, and that’s the

00:04:17.120 --> 00:04:22.320
deep web which are all the websites that are only available to those people who are on Tor.

00:04:22.320 --> 00:04:26.800
So if you’re not on Tor you can’t reach these deep websites.

00:04:26.800 --> 00:04:34.400
These sites that are only on Tor network always end in .onion instead of .com or .net. Since this

00:04:34.400 --> 00:04:40.080
is theoretically an anonymous network it’s often used for illegal activity. If you browse around to

00:04:40.080 --> 00:04:44.960
see what websites are available on Tor you’ll find sites offering you illegal services, sites wanting

00:04:44.960 --> 00:04:49.840
to trade software or music illegally, blogs about how to create counterfeit money or do criminal

00:04:49.840 --> 00:04:56.480
hacking. The most popular type of site on the Tor network are drug marketplaces. [MUSIC] These are

00:04:56.480 --> 00:05:00.640
sites just like eBay where you can buy and sell items and see sellers rankings to help

00:05:00.640 --> 00:05:05.280
you decide if you should trust them or not. This peer review method works pretty well.

00:05:05.280 --> 00:05:09.520
Buyers will find someone with a high rating and buy a little to see if it’s legit.

00:05:09.520 --> 00:05:13.840
If it works out they’ve just found their new favorite dealer to buy drugs from.

00:05:13.840 --> 00:05:18.640
Once all set up, the process is rather quite simple and convenient but setting yourself up to

00:05:18.640 --> 00:05:23.760
properly be safe takes a long time to do it right. You need to buy some Bitcoin, get a VPN service,

00:05:23.760 --> 00:05:29.200
connect to Tor, set up PGP, create separate e-mail addresses and aliases and a different persona

00:05:29.200 --> 00:05:33.120
just so nothing could ever be linked back to you. You never want to use your work e-mail address or

00:05:33.120 --> 00:05:37.600
something stupid and yes, there are many people who register on these dark market sites with their

00:05:37.600 --> 00:05:42.960
actual work e-mail address. It’s insane. Probably the most notable of all these dark markets is

00:05:42.960 --> 00:05:47.840
Silk Road. The story of Silk Road is incredibly interesting but that story has been covered in

00:05:47.840 --> 00:05:52.960
detail multiple times. If you’re interested in it, check out the book American Kingpin by Nick Bilton

00:05:52.960 --> 00:05:57.280
or the podcast Case File Episode 76. I don’t think it ruins this story for you but

00:05:57.280 --> 00:06:02.080
the reason why it’s so famous is because the feds tracked and captured the guy who ran it,

00:06:02.080 --> 00:06:09.920
Ross Ulbricht. When he was captured he got life in prison without the possibility of parole.

00:06:09.920 --> 00:06:14.640
The guy is never getting out of prison all because he created a website that lets people buy

00:06:14.640 --> 00:06:19.120
and sell illegal items. He got life in prison because he was running the biggest illegal

00:06:19.120 --> 00:06:24.240
marketplace on the planet. No street gang could ever come close to moving the amount of stuff that

00:06:24.240 --> 00:06:29.920
was being bought and sold on Silk Road. Because of this, US government came down hard on him,

00:06:29.920 --> 00:06:37.120
putting him in prison for life and shutting down Silk Road in October 2013.

00:06:37.120 --> 00:06:40.800
But Silk Road had a few programmers and moderators that didn’t get caught

00:06:40.800 --> 00:06:44.800
and they got together and created a new dark market called Silk Road 2.0.

00:06:44.800 --> 00:06:49.360
Within a year the feds caught up with them too and shut that site down as well.

00:06:49.360 --> 00:06:54.000
See, the US federal authorities have declared a war on drugs and these dark markets really attract

00:06:54.000 --> 00:06:59.040
their attention. The feds spend a lot of time and energy going after anyone who makes these sites

00:06:59.040 --> 00:07:02.960
but that doesn’t stop people from making dark markets. The same month Silk Road

00:07:02.960 --> 00:07:09.120
2.0 was shut down, a new site sprang up on Tor called AlphaBay. [MUSIC]

00:07:09.120 --> 00:07:14.080
In November 2014 AlphaBay opened its doors and people started using it to buy

00:07:14.080 --> 00:07:18.640
and sell drugs. But the biggest dark market at that time was called Evolution. When Silk Road

00:07:18.640 --> 00:07:22.720
went down a lot of buyers and sellers needed a new place to go and they switched over to

00:07:22.720 --> 00:07:28.240
Evolution to do their trading. This made Evolution super popular as users began migrating over to it.

00:07:28.240 --> 00:07:32.160
Evolution was a place where you could buy all kinds of illegal items but people primarily

00:07:32.160 --> 00:07:35.280
went there to buy drugs. It used an escrow service to do

00:07:35.280 --> 00:07:39.520
these transactions. The Bitcoin was sent to the Evolution server until the transaction

00:07:39.520 --> 00:07:43.200
was complete and then it was released. It was a dominant player in this space and it

00:07:43.200 --> 00:07:47.600
was growing in size. People really liked it and the site was highly rated. The site was looking

00:07:47.600 --> 00:07:54.720
strong and holding steady as the leader but in March 2015 Evolution went offline. [POWER DOWN]

00:07:54.720 --> 00:07:59.280
This time it wasn’t because of feds. It was because that whoever was running Evolution

00:07:59.280 --> 00:08:05.200
shut the doors and took everyone’s Bitcoin that was held on the site. This was around $12,000,000.

00:08:05.200 --> 00:08:08.800
This is equivalent to you giving money to a drug dealer and them not giving you the drugs

00:08:08.800 --> 00:08:13.840
in return, just taking off. People were furious that the site owner would do something like this

00:08:13.840 --> 00:08:18.720
and were claiming they lost over $20,000 that was being held on the Evolution servers.

00:08:18.720 --> 00:08:24.960
When Evolution went down AlphaBay’s numbers soared. [MUSIC] In the next three days AlphaBay

00:08:24.960 --> 00:08:33.280
saw 18,000 new users and 7,000 new forum posts. It was seeing $300,000 in trading value a day.

00:08:33.280 --> 00:08:37.920
Once people started using AlphaBay they loved it. The site’s popularity rose quickly. Within

00:08:37.920 --> 00:08:42.560
a year they had 200,000 registered members. But they weren’t they only dark market around;

00:08:42.560 --> 00:08:47.440
the biggest dark market at that time was Agora but then Agora announced they would be pausing

00:08:47.440 --> 00:08:52.000
operations and asked everyone to withdraw their Bitcoin and stop using the site.

00:08:52.000 --> 00:08:56.160
This again gave AlphaBay another serious bump in new users, more listings, [00:10:00] and

00:08:56.160 --> 00:09:01.760
more trades. Because of all this, within two years AlphaBay had over 400,000 users and

00:09:01.760 --> 00:09:06.160
was the biggest dark market in the world. In fact it was the biggest dark market the world

00:09:06.160 --> 00:09:12.000
has ever seen, having more listings than anyone before that. AlphaBay became the go-to place to

00:09:12.000 --> 00:09:16.640
buy or sell drugs online. The site’s moderators were friendly and helpful to users who wanted

00:09:16.640 --> 00:09:21.440
to learn how to use Bitcoin or PGP to encrypt their chats and the user interface was easy to

00:09:21.440 --> 00:09:26.000
navigate and friendly. The quality of stuff for sale was great. On any day of the week you could

00:09:26.000 --> 00:09:32.080
buy marijuana, LSD, mushrooms, meth, cocaine, Fentanyl, or heroin. But besides drugs people

00:09:32.080 --> 00:09:37.040
sold other illegal things; counterfeit driver’s licenses, passports, weapons, stolen credit card

00:09:37.040 --> 00:09:41.280
numbers, tools used for skimming credit cards, and counterfeit money-making machines.

00:09:41.280 --> 00:09:45.760
But despite all these options the drugs are what sold the most on this site.

00:09:45.760 --> 00:09:50.800
To buy on this site you couldn’t use your credit card or PayPal. Only Bitcoin, Monero, and Ethereum

00:09:50.800 --> 00:09:55.360
were accepted. These are crypto-currencies that are also theoretically anonymous where you don’t

00:09:55.360 --> 00:10:00.000
know who you’re sending the money to. You simply need a wallet ID to send money to and a key to

00:10:00.000 --> 00:10:05.600
access your own wallet. AlphaBay would charge 2 - 4% commission for every transaction that went on

00:10:05.600 --> 00:10:10.240
there. With hundreds of thousands of transactions happening, AlphaBay was making some serious

00:10:10.240 --> 00:10:14.880
Bitcoin. The site owner was able to hire some staff to keep the place operational and continued

00:10:14.880 --> 00:10:22.320
to add new features and fix bugs. But a site like this is going to attract a lot of enemies. [MUSIC]

00:10:22.320 --> 00:10:26.080
Law enforcement agencies around the world have notoriously gone after sites

00:10:26.080 --> 00:10:30.480
like AlphaBay to try to shut them down so by being the top dark marketplace in the world,

00:10:30.480 --> 00:10:34.400
it attracts a lot of eyes and ears from many government agencies.

00:10:34.400 --> 00:10:40.800
Investigations and cases started opening up in the US, Canada, UK, Netherlands, and Germany.

00:10:40.800 --> 00:10:44.880
They tried looking to see if any clues could be found as to who’s running the site.

00:10:44.880 --> 00:10:49.760
But everywhere they looked they found nothing. Whoever was administering the site was very good

00:10:49.760 --> 00:10:55.120
at keeping the server’s location secret and the owner’s identity hidden. All chats were encrypted

00:10:55.120 --> 00:10:59.600
and the site’s owner used an alias, Alpha02, which wasn’t used anywhere else

00:10:59.600 --> 00:11:03.600
and they encrypted and anonymized all connections to the servers. For years

00:11:03.600 --> 00:11:09.520
federal law enforcements couldn’t find any clues which would lead them to shutting down the site.

00:11:09.520 --> 00:11:14.640
The US has a war on drugs and dedicates a lot of time and money towards stopping drug dealers.

00:11:14.640 --> 00:11:18.720
They like to go after big operations which will make the most impact on the drug scene

00:11:18.720 --> 00:11:22.640
and AlphaBay was by far the biggest. Whoever was running AlphaBay knew this

00:11:22.640 --> 00:11:28.080
was highly illegal and had to hide. They had to be extremely careful because

00:11:28.080 --> 00:11:32.560
not only would the police be looking for them but other drug dealers would be, too.

00:11:32.560 --> 00:11:37.680
AlphaBay had many competing drug marketplaces, marketplaces that also had services available like

00:11:37.680 --> 00:11:43.200
hit men and hackers. It may be entirely possible that an owner from another dark market wanted

00:11:43.200 --> 00:11:49.840
AlphaBay gone and had all the resources to track them down and put an end to AlphaBay.

00:11:49.840 --> 00:11:54.400
But besides the dark markets, regular street gangs were sometimes hit economically because

00:11:54.400 --> 00:12:00.000
of the rise of online drug markets. Some of them were also angry with the popularity of AlphaBay

00:12:00.000 --> 00:12:03.520
which meant they were having a harder time finding buyers and weren’t able to figure

00:12:03.520 --> 00:12:08.320
out how to sell their stash online. The admins to AlphaBay had to make sure their identity,

00:12:08.320 --> 00:12:13.360
location, and the server’s identity were kept very secret from all these enemies.

00:12:13.360 --> 00:12:18.080
To top it all off, the darknet is where some black hat hackers like to dwell, and they know

00:12:18.080 --> 00:12:22.560
this is a very lucrative business. A lot of Bitcoins are coming in and out.

00:12:22.560 --> 00:12:27.840
AlphaBay probably got a fair share of hacking attempts waged against it at all times. There’s

00:12:27.840 --> 00:12:32.320
always someone digging around the site, looking for anything that may give away any information

00:12:32.320 --> 00:12:37.200
to figure out who was running it. At one point someone interviewed the administrator for AlphaBay

00:12:37.200 --> 00:12:42.320
asking if they were afraid of getting caught. Their response, I am not. I am absolutely certain

00:12:42.320 --> 00:12:48.080
that my OPSEC is secure and I live in an off-shore country where I’m safe. The United States FBI

00:12:48.080 --> 00:12:54.480
really wanted to catch him though, and put an end to this market so they began digging deeper.

00:12:54.480 --> 00:12:58.880
[MUSIC] The FBI was having trouble finding any clues at all so they went onto AlphaBay

00:12:58.880 --> 00:13:03.680
and started buying drugs. An undercover agent with the FBI created a user account

00:13:03.680 --> 00:13:08.320
and used some Bitcoins to buy marijuana. A few days later they got the weed in the mail,

00:13:08.320 --> 00:13:11.920
no clues found. Not even information on who was selling it to them,

00:13:11.920 --> 00:13:17.280
just that it was shipped from California. Then the FBI bought another drug, this time heroin,

00:13:17.280 --> 00:13:22.560
and again offered no clues as to who was running the site. The FBI continued buying item after

00:13:22.560 --> 00:13:26.880
item on AlphaBay in hopes to eventually spot something and get more evidence as to what

00:13:26.880 --> 00:13:33.200
this place was doing. The FBI bought more heroin and Fentanyl and more marijuana and some meth,

00:13:33.200 --> 00:13:37.680
actually fifty grams of it. Then the FBI went on to purchase other things; they bought four

00:13:37.680 --> 00:13:43.040
fake driver’s licenses and they bought a credit card skimmer that fits onto an ATM, and more. The

00:13:43.040 --> 00:13:47.440
FBI was gathering more and more evidence for this case and also working with other law enforcements

00:13:47.440 --> 00:13:54.400
around the world to share information that they found. Eventually the FBI spotted something.

00:13:54.400 --> 00:13:58.400
When an undercover agent created a [00:15:00] new account at AlphaBay they received a welcome

00:13:58.400 --> 00:14:01.920
e-mail and examined it closely. They looked at the headers of the e-mail

00:14:01.920 --> 00:14:06.720
and there was a Reply To e-mail address that was unusual. The Reply To e-mail in the header

00:14:06.720 --> 00:14:12.800
was pimpalex91@hotmail.com. The FBI took this e-mail address and went to Microsoft,

00:14:12.800 --> 00:14:17.520
the owners of Hotmail, to request information on who owns that address. That e-mail address was

00:14:17.520 --> 00:14:25.280
found to be associated to a LinkedIn account for a guy named Alexandre Cazès who was born in 1991.

00:14:25.280 --> 00:14:29.440
This matched the 91 in the e-mail address. His LinkedIn profile explained that he’s

00:14:29.440 --> 00:14:34.480
from Montreal, Canada and runs a computer tech support company called EBX Technologies. Now

00:14:34.480 --> 00:14:40.000
that the FBI had a name they began digging deeper into Alexandre Cazès, uncovering everything they

00:14:40.000 --> 00:14:46.480
possibly could about him. AlphaBay wasn’t the only dark market going around. There were many

00:14:46.480 --> 00:14:52.800
others but one that was gaining in popularity was called Hansa and it had a great user interface and

00:14:52.800 --> 00:14:57.280
great admins with great customer support and was actually very popular in Europe.

00:14:57.280 --> 00:15:02.960
Same thing was being sold on Hansa; guns, IDs, counterfeit devices, and of course drugs.

00:15:02.960 --> 00:15:07.600
Even though Hansa was much smaller than AlphaBay it too attracted the attention of law enforcement.

00:15:07.600 --> 00:15:11.680
Countries around the world wanted to stop Hansa from being a trading place for illegal items.

00:15:11.680 --> 00:15:16.720
All of the Hansa servers were on the anonymized Tor network. This made it impossible to track

00:15:16.720 --> 00:15:21.200
where it was located in the world but there was one development server that was located on the

00:15:21.200 --> 00:15:26.720
regular internet. A security researcher found this one Hansa server that wasn’t on Tor. It was just

00:15:26.720 --> 00:15:30.640
on the regular internet and it turned out to be a development server that the admins could test new

00:15:30.640 --> 00:15:35.840
features on. They reported this information to the Netherlands National High Tech Crime Unit.

00:15:35.840 --> 00:15:40.160
This is the department that investigates high profile cyber-crime cases such as this.

00:15:40.160 --> 00:15:44.960
They took this tip and tracked down the IP and it was in a data center that was actually located

00:15:44.960 --> 00:15:49.040
in the Netherlands. They contacted the data center that was hosting the server and the Dutch

00:15:49.040 --> 00:15:52.960
government was able to put a sort of wire-tap on the server to watch all packets that were

00:15:52.960 --> 00:15:57.680
coming in and out of it. From there they found the server was talking a lot with the live Hansa

00:15:57.680 --> 00:16:03.360
server which was on Tor. This production server was in the same data center as the development one

00:16:03.360 --> 00:16:06.640
so from there the Dutch government was able to make hard drive copies

00:16:06.640 --> 00:16:10.560
of a few of those Hansa servers, both the development and production one.

00:16:10.560 --> 00:16:16.480
They did this without causing any outage on the site, working directly with the data center.

00:16:16.480 --> 00:16:20.800
The Dutch High Tech Crimes Unit combed through the contents of those hard drives. The goal was

00:16:20.800 --> 00:16:24.720
to find who the admins were to the site. They saw the admins were connected to the site

00:16:24.720 --> 00:16:29.120
but the connections were anonymized through Tor so they weren’t able to determine where these people

00:16:29.120 --> 00:16:33.440
were from and all the logins for the admins were aliases. Of course the site owners wouldn’t use

00:16:33.440 --> 00:16:37.680
their real names to log in with, but at some point the authorities found chat logs on the server

00:16:37.680 --> 00:16:42.880
and as they looked into it they found these logs dated back years and years.

00:16:42.880 --> 00:16:47.120
Inside the logs were conversations between the admins of the site but the Dutch couldn’t read

00:16:47.120 --> 00:16:52.400
the conversations; not because it was encrypted but because the conversations were in German.

00:16:52.400 --> 00:16:56.320
The Dutch authorities had to get a German translator to come help them decipher the chats

00:16:56.320 --> 00:17:00.080
and read through the logs. A lot of it was talking about the site such as resolving

00:17:00.080 --> 00:17:04.240
disputes doing maintenance and adding new features but as they read deeper into the

00:17:04.240 --> 00:17:08.160
chat logs they found the real names of both the admins of the site.

00:17:08.160 --> 00:17:13.840
Further in the logs they found the home address of one of the admins. The Dutch government had

00:17:13.840 --> 00:17:18.880
the names and possible location of the two men that were running the Hansa dark market but a new

00:17:18.880 --> 00:17:23.440
problem was encountered. The home address of the admin was in Germany. When the Dutch government

00:17:23.440 --> 00:17:27.680
contacted Germany to request their arrest and extradition, the German government explained

00:17:27.680 --> 00:17:32.240
they are already tracking those two guys. The same two guys who were running the Hansa dark

00:17:32.240 --> 00:17:38.160
market had previously created an online site to buy and sell pirated e-books and audiobooks.

00:17:38.160 --> 00:17:41.840
The German police were trying to find the location of these two guys to arrest them.

00:17:41.840 --> 00:17:46.560
The Dutch and German authorities began hatching a new plan. They joined forces to capture these

00:17:46.560 --> 00:17:51.280
two guys under the existing German case but the Dutch government would take over Hansa.

00:17:51.280 --> 00:17:55.520
This way Germany gets their suspects and the Netherlands gets control of Hansa to potentially

00:17:55.520 --> 00:18:00.400
catch more drug dealers. The plan was to gather enough evidence to arrest the two men at the same

00:18:00.400 --> 00:18:04.640
time they were logged in as admins to the site so they could take it over. But just as they

00:18:04.640 --> 00:18:09.520
were collecting more evidence against the two German admins, the Dutch server went offline.

00:18:09.520 --> 00:18:14.400
The Hansa admin saw a copy was made of the hard drives and it freaked them out so they moved

00:18:14.400 --> 00:18:19.600
the server to another location. Once again the location of the server became anonymized over Tor

00:18:19.600 --> 00:18:24.880
and the authorities had no idea where it went and therefore couldn’t take it over. They went back to

00:18:24.880 --> 00:18:31.280
looking over what they had, trying to figure out where they moved the server to. [MUSIC]

00:18:31.280 --> 00:18:37.120
Months and months go by without any clues as to where the servers had gone. Hansa

00:18:37.120 --> 00:18:42.640
continued to operate, becoming the go-to place in Europe to buy and sell drugs online.

00:18:42.640 --> 00:18:46.960
In the chat logs on those old hard drives were a few Bitcoin addresses and the Dutch authorities

00:18:46.960 --> 00:18:51.600
were watching these addresses to see if anything was being sent in or out of those wallets.

00:18:51.600 --> 00:18:55.440
While Bitcoin is in fact anonymous, at some point you may want to exchange your Bitcoin

00:18:55.440 --> 00:18:59.600
for cash [00:20:00] and you need to do that at a Bitcoin exchange which is usually audited

00:18:59.600 --> 00:19:04.000
and licensed. The authorities saw one of the Bitcoin addresses sent money to an exchange

00:19:04.000 --> 00:19:08.720
in an attempt to move some money. This was a lucky break because the exchange they sent the money to

00:19:08.720 --> 00:19:14.640
was in Netherlands. The Dutch High Tech Crime Unit went down to the exchange to request the digital

00:19:14.640 --> 00:19:18.960
information on where the money was sent to. The Bitcoin exchange released the information and

00:19:18.960 --> 00:19:22.800
the Dutch authorities discovered the Bitcoin was sent to a server in Lithuania.

00:19:22.800 --> 00:19:27.280
With the help of the Lithuanian government they were able to track down the exact location of

00:19:27.280 --> 00:19:31.760
where the new Hansa server was located. The Dutch, German, and Lithuanian government

00:19:31.760 --> 00:19:37.920
agencies had everything they needed to arrest the admins and take over Hansa. But at this point the

00:19:37.920 --> 00:19:42.320
FBI notified the Dutch authorities that they had discovered who was behind AlphaBay and

00:19:42.320 --> 00:19:46.960
the location of the server. The FBI was informing the Dutch that they’d be conducting a raid on the

00:19:46.960 --> 00:19:54.160
data center and arresting the owner. But the Dutch government said whoa, hold on. [MUSIC]

00:19:54.160 --> 00:19:58.000
The authorities for Germany, Dutch, and the FBI collaborated on a plan.

00:19:58.000 --> 00:20:01.600
Because the Dutch and German authorities were ready to take over Hansa they wanted to get

00:20:01.600 --> 00:20:05.920
control of Hansa before AlphaBay was to be taken down. The theory was that as soon as

00:20:05.920 --> 00:20:10.800
AlphaBay went down the users would flock to Hansa to continue to buy and sell illegal items.

00:20:10.800 --> 00:20:14.640
If the Dutch government was already controlling Hansa they could collect a lot of information

00:20:14.640 --> 00:20:18.480
of the users of the site and potentially arrest a lot of dealers in the process.

00:20:18.480 --> 00:20:21.840
The FBI agreed to this plan and decided to call it Operation

00:20:21.840 --> 00:20:26.160
Bayonet. Bayonet was a play on a few words; Bay comes from AlphaBay,

00:20:26.160 --> 00:20:31.200
net comes from darknet, or internet, and it would also signify piercing the dark marketplace.

00:20:31.200 --> 00:20:35.600
Authorities believe that with the takedown of AlphaBay and the government controlling Hansa,

00:20:35.600 --> 00:20:40.320
after all this was over it would destroy trust in the dark marketplace for a long time, potentially

00:20:40.320 --> 00:20:46.800
crippling the whole online trade of illegal items. Operation Bayonet was a go. The next

00:20:46.800 --> 00:20:51.520
steps were for the takeover of Hansa. The Dutch authorities worked with Lithuania and Germany to

00:20:51.520 --> 00:20:56.320
conduct the raid on the data center and arrest the two men simultaneously. Lithuania agreed to the

00:20:56.320 --> 00:21:00.960
plan and two Dutch authorities went to the data center to prepare for the takeover. On June 20th,

00:21:00.960 --> 00:21:06.800
2017, the plan sprang into action. [MUSIC] The Dutch police raided the data

00:21:06.800 --> 00:21:11.040
center in Lithuania and the German police, with a very precise and careful method,

00:21:11.040 --> 00:21:15.600
raided the homes of both of the admins of the Hansa dark market. It’s not clear how this was

00:21:15.600 --> 00:21:19.440
done but the German police probably watched what the admins were doing and verified they were on

00:21:19.440 --> 00:21:23.600
their computers and then created a disturbance to get the men away from their computers while

00:21:23.600 --> 00:21:28.320
it was on. This had to be a very careful operation to successfully take over Hansa

00:21:28.320 --> 00:21:33.280
but the German police succeeded on both raids. They arrested both admins to the site while their

00:21:33.280 --> 00:21:37.920
laptops were open and unlocked. The German police gave the signal to the Dutch authorities who then

00:21:37.920 --> 00:21:42.720
quickly migrated the entire Hansa server to the Netherlands and under their control. The German

00:21:42.720 --> 00:21:48.000
police simply filed the reports as two guys being caught pirating e-books and audiobooks which meant

00:21:48.000 --> 00:21:52.800
all the users on the Hansa site were oblivious to the takedown and the moving of the servers.

00:21:52.800 --> 00:21:56.240
While in jail the two men gave up all the passwords and credentials needed to

00:21:56.240 --> 00:22:00.640
access all parts of the site. The site had four moderators on it and even they didn’t

00:22:00.640 --> 00:22:05.760
know a takeover had occurred. This was a huge success for the Dutch and German authorities.

00:22:05.760 --> 00:22:10.560
Now that Europe’s most popular dark market was under Dutch government control they began turning

00:22:10.560 --> 00:22:16.960
the site into a mass surveillance station. [MUSIC] See, these dark markets have a lot of dealers,

00:22:16.960 --> 00:22:22.480
dealers who are selling massive amounts of meth, cocaine, heroin, weapons, and other illegal items.

00:22:22.480 --> 00:22:26.080
The authorities wanted to collect as much evidence as they could on those dealers so they could

00:22:26.080 --> 00:22:30.880
potentially stop them from selling any more. They first rewrote the code to log all user passwords

00:22:30.880 --> 00:22:35.840
in clear text. This way they could attempt to reuse those logins on other dark markets

00:22:35.840 --> 00:22:39.920
and websites. They found a way to read and log all communication between buyers and sellers

00:22:39.920 --> 00:22:44.400
while keeping it encrypted. This would reveal the home address of many of the buyers.

00:22:44.400 --> 00:22:48.560
The site had previously stripped out all metadata from every picture uploaded.

00:22:48.560 --> 00:22:52.320
These would be pictures of illegal items for sale but the authorities were able to strip the

00:22:52.320 --> 00:22:56.960
metadata off these photos and save it before it was posted. This would reveal the date,

00:22:56.960 --> 00:23:01.280
time, camera that was used to take the photo, and sometimes geo-location of where the photo was

00:23:01.280 --> 00:23:06.720
taken. Once this was in place the Dutch police staged a fake server glitch which accidentally

00:23:06.720 --> 00:23:11.920
removed all photos on the site, forcing sellers to re-upload their photos which provided authorities

00:23:11.920 --> 00:23:17.440
with numerous seller locations. By this time Hansa had over 70,000 listings on its site at

00:23:17.440 --> 00:23:22.320
any given time so this was a lot of information for the authorities to process. Amazingly enough,

00:23:22.320 --> 00:23:26.800
the police also tricked users on the site to download a homing beacon. They claimed this

00:23:26.800 --> 00:23:32.080
file was a backup encryption key to access their Bitcoins if the site were to ever go down.

00:23:32.080 --> 00:23:36.640
People downloaded it and opened it which would run a script that would try to connect to a URL

00:23:36.640 --> 00:23:41.440
and reveal that person’s real IP address. This gave authorities many more locations on where

00:23:41.440 --> 00:23:46.160
dealers were located and during this whole time the Dutch police continued to impersonate the two

00:23:46.160 --> 00:23:50.720
admins that were previously running the site, responding to other moderators, handling any

00:23:50.720 --> 00:23:55.360
site complaints from users, and actually doing a really good job with customer support. The users

00:23:55.360 --> 00:23:58.800
seemed very [00:25:00] happy with the level of customer support they were getting from the site,

00:23:58.800 --> 00:24:02.880
completely unaware it was being ran by the Dutch government and the Dutch authorities continued to

00:24:02.880 --> 00:24:08.240
let all items be bought and sold except for one; they banned the sale of Fentanyl on the site.

00:24:08.240 --> 00:24:11.760
This is similar to heroin but is more dangerous and contributed to numerous

00:24:11.760 --> 00:24:15.280
overdoses according to authorities. At this point the trap was set. The Dutch

00:24:15.280 --> 00:24:20.240
police had set up a honeypot by using a very popular drug marketplace to attract criminals

00:24:20.240 --> 00:24:24.080
to conduct crimes under their watchful eye. Now that they were collecting tons

00:24:24.080 --> 00:24:31.280
of information they were ready for the FBI to conduct the next step in Operation Bayonet.

00:24:31.280 --> 00:24:35.680
The FBI was ready for action. They tracked down the owner of AlphaBay to Alexandre Cazès

00:24:35.680 --> 00:24:40.800
who was living in Thailand. They tracked down the location of the server to be in Montreal, Canada.

00:24:40.800 --> 00:24:45.200
The FBI coordinated with Canada and Thailand to do a simultaneous raid on the data center

00:24:45.200 --> 00:24:49.520
and Alexandre’s house. Again the goal was to arrest Alexandre while he was logged into

00:24:49.520 --> 00:24:53.920
his computer so the authorities could have proof as to who the admin was for the site.

00:24:53.920 --> 00:24:59.840
On July 5th, 2017 the authorities of Canada, Thailand, and the FBI sprang into action.

00:24:59.840 --> 00:25:04.960
[MUSIC] The Canadian police raided the data center and started taking the servers offline.

00:25:04.960 --> 00:25:09.520
The Thai police went to Alexandre’s fancy and expensive villa and they used an unmarked police

00:25:09.520 --> 00:25:14.400
car to stage a fake accident in front of the house. While a plain-clothes cop was attempting

00:25:14.400 --> 00:25:19.440
to turn his car around he smashed into the front gate of Alexandre’s house on purpose

00:25:19.440 --> 00:25:24.480
but made it look like an accident. [SHOUTING] This created a disturbance. Other plain-clothes

00:25:24.480 --> 00:25:30.320
cops acting like neighbors started yelling but no sign of Alexandre. They knew he was home.

00:25:30.320 --> 00:25:34.800
He just wasn’t coming outside so they continued yelling and trying to turn the car around and

00:25:34.800 --> 00:25:39.920
making more of a ruckus in his driveway. After what seemed like an eternity for the police he

00:25:39.920 --> 00:25:44.160
came outside to see what was going on. He came out with his cell phone in his hand, wearing a

00:25:44.160 --> 00:25:49.200
pair of blue shorts and sneakers. He had no shirt on. He came out to the front of his driveway to

00:25:49.200 --> 00:25:54.480
inspect the smashed gate while the plain-clothes cops posing as neighbors surrounded him.

00:25:54.480 --> 00:25:59.280
He was confused and mad about the gate but the signal was given and the cops came after him.

00:25:59.280 --> 00:26:03.680
Alexandre ran but not far. Cops immediately grabbed him and wrestled him into a pair of

00:26:03.680 --> 00:26:08.240
handcuffs. [SIRENS] Alexandre’s phone was quickly taken from him and kept open so it wouldn’t become

00:26:08.240 --> 00:26:13.840
locked. The Thai police ran inside and found his computer open and logged into the AlphaBay

00:26:13.840 --> 00:26:21.200
server as admin. He had been trying to figure out why the servers in Montreal were going down.

00:26:21.200 --> 00:26:24.400
When the Royal Thai Police and the FBI examined his computer

00:26:24.400 --> 00:26:29.200
they found a text file with all the passwords for the AlphaBay site. This would be enough

00:26:29.200 --> 00:26:34.160
evidence to convict him of being the owner of the largest dark market in the world.

00:26:34.160 --> 00:26:39.040
The raid on the Montreal data center was also a success and the FBI was able to seize his servers

00:26:39.040 --> 00:26:43.040
and take them offline immediately. The capture of Alexandre Cazès remained

00:26:43.040 --> 00:26:46.800
quiet. The FBI did not announce they have taken AlphaBay offline.

00:26:46.800 --> 00:26:51.680
This caused a flurry of angry AlphaBay users who immediately thought there was an exit strategy,

00:26:51.680 --> 00:26:57.040
just like how the admins to Evolution had simply closed up and took everyone’s Bitcoins. After days

00:26:57.040 --> 00:27:04.480
of AlphaBay being offline people suspected the site owner had stolen all their Bitcoins too.

00:27:04.480 --> 00:27:09.440
Alexandre Cazès was taken to a Thai jail where he would wait to be extradited to the US.

00:27:09.440 --> 00:27:13.600
They found that Alexandre was married to a Thai woman in her early twenties and he had been

00:27:13.600 --> 00:27:18.480
living in Thailand for the last eight years. AlphaBay was only two years old. Before that

00:27:18.480 --> 00:27:23.280
he was a software developer. Alexandre, in my opinion, looks like an average computer techie.

00:27:23.280 --> 00:27:28.960
He’s 26 years old, white guy, grew up in Montreal, Canada. He looks like a young Elon Musk. His hair

00:27:28.960 --> 00:27:34.080
is always a little out of place and he seems to slightly underdress. Not muscular, not extra-fit,

00:27:34.080 --> 00:27:36.880
not overweight either. He had a traditional Thai wedding

00:27:36.880 --> 00:27:41.920
and all his groomsmen all look Thai, too. I’m not sure if that means he only had Thai friends or

00:27:41.920 --> 00:27:47.680
if he simply lived a very private life. His wife looks kind and generous and happy in the photos.

00:27:47.680 --> 00:27:51.680
From just her appearances she looks like someone who’s simple and a good caretaker.

00:27:51.680 --> 00:27:56.640
She doesn’t dress flashy or extra-sexy or seem to be high maintenance. She just looks like a caring

00:27:56.640 --> 00:28:01.280
and sweet girl. When the police questioned her she said her job was a researcher at an academic

00:28:01.280 --> 00:28:06.480
institution which kind of fits her appearance. She’s likely very close to her parents and down

00:28:06.480 --> 00:28:14.560
to earth. Neither Alexandre or his wife look like kingpins to the world’s biggest drug marketplace.

00:28:14.560 --> 00:28:18.960
The US filed a civil forfeiture complaint against Alexandre and his wife which allowed

00:28:18.960 --> 00:28:23.200
the FBI to seize everything they owned. [MUSIC] While conducting their seizures they

00:28:23.200 --> 00:28:28.160
found Alexandre had kept a meticulous journal of all his assets. This made it

00:28:28.160 --> 00:28:33.040
easy for the FBI to go and collect it all. Here’s what the FBI seized; ten vehicles

00:28:33.040 --> 00:28:39.760
including a Lamborghini purchased at $900,000, a Mini Cooper that his wife drove, a BMW motorcycle,

00:28:39.760 --> 00:28:44.960
and a Porsche Panamera. Numerous pieces of real estate including his primary luxurious villa in

00:28:44.960 --> 00:28:49.600
Thailand, and he owned the house next door which was for his wife’s parents to live in.

00:28:49.600 --> 00:28:55.360
He also was building a new luxury villa in Bangkok and he had vacation homes in Phuket, Antigua,

00:28:55.360 --> 00:29:00.560
and Cyprus. [00:30:00] His home in Cyprus cost 2.3 million dollars because you can become a resident

00:29:00.560 --> 00:29:04.400
of Cyprus if you own two million dollars in real estate which is what he was trying to become a

00:29:04.400 --> 00:29:09.920
resident of. He also paid Antigua $400,000 to become a resident there. He had three Thai bank

00:29:09.920 --> 00:29:14.240
accounts, one Swiss bank account, and one bank account in St. Vincent in The Grenadines.

00:29:14.240 --> 00:29:17.440
He was also holding large amounts of crypto-currencies including Bitcoin,

00:29:17.440 --> 00:29:23.520
Ethereum, Monero, and Zcash. Between his bank accounts and crypto-currencies the FBI seized 8.8

00:29:23.520 --> 00:29:29.120
million dollars. On top of all that the FBI seized all the Bitcoin, Monero, and Ethereum that were on

00:29:29.120 --> 00:29:35.120
the AlphaBay servers that were seized in Montreal. When AlphaBay was seized it had 250,000 active

00:29:35.120 --> 00:29:40.800
listings. To put this into perspective, Silk Road had only 13,000 listings when it was shut down.

00:29:40.800 --> 00:29:45.200
You can see AlphaBay was almost twenty times bigger than Silk Road in terms of active listings.

00:29:45.200 --> 00:29:51.200
Alexandre was charging 2 - 4% commission on every transaction and the logs showed that about 840,000

00:29:51.200 --> 00:29:56.800
Bitcoins were transferred through AlphaBay totaling around $450,000,000 in transactions.

00:29:56.800 --> 00:30:02.160
The feds estimated his commissions for all this was somewhere between 9 and 18 million dollars.

00:30:02.160 --> 00:30:06.080
According to Alexandre’s notes, he claimed he had a self net-worth of $23,000,000.

00:30:06.080 --> 00:30:13.520
[MUSIC] This kind of cash is what I expect a kingpin like this to have

00:30:13.520 --> 00:30:17.280
because he knew full well what he was getting himself into when he started this.

00:30:17.280 --> 00:30:22.080
It’s a risky, extremely risky business. He knew his life would be in danger and he had

00:30:22.080 --> 00:30:27.760
to be absolutely perfect at not being caught every step of the way. To take this ride with

00:30:27.760 --> 00:30:33.840
the devil, it better be worth it. Millions of dollars seemed to make it worth it for Alexandre.

00:30:33.840 --> 00:30:38.400
Again, looking at his photos of his wife he simply doesn’t seem like your stereotypical millionaire

00:30:38.400 --> 00:30:43.280
drug lord. She looks like the girl next door. He looks a little dorky and even when he wears

00:30:43.280 --> 00:30:47.760
a suit and poses in front of his Lamborghini he seems to be out of place in the suit.

00:30:47.760 --> 00:30:53.280
I don’t know, maybe I should start changing how I perceive big-time drug dealers.

00:30:53.280 --> 00:30:58.160
A Montreal-Canadian news outlet would later interview Alexandre’s father who said Alexandre

00:30:58.160 --> 00:31:03.520
was so kind and caring. He wouldn’t hurt a fly. He never had a criminal record, never smoked, never

00:31:03.520 --> 00:31:09.040
did any drugs. He was very smart and even skipped a whole year in school because he did so well.

00:31:09.040 --> 00:31:14.240
According to his father, his wife was eight months pregnant.

00:31:14.240 --> 00:31:19.040
While in jail, Alexandre knew everything was being seized and taken away from him and his wife

00:31:19.040 --> 00:31:23.200
was being questioned and he was concerned about her parent’s house being seized away from them

00:31:23.200 --> 00:31:27.200
and he also knew full well that Ross Ulbricht, the guy who got caught running Silk Road,

00:31:27.200 --> 00:31:36.400
received life in prison without the possibility of parole. Alexandre was scared, really scared

00:31:36.400 --> 00:31:40.080
and felt like he had no options. The world was

00:31:40.080 --> 00:31:45.200
closing in on him all around and he didn’t want to face any of it.

00:31:45.200 --> 00:31:50.320
On July 12th after sitting in a Thai jail for seven days Alexandre wrapped a towel

00:31:50.320 --> 00:31:59.600
around his neck, twisted it tight, tied it into a knot, and committed suicide.

00:31:59.600 --> 00:32:03.280
The next morning the Thai police found him dead in his jail cell and this hit the

00:32:03.280 --> 00:32:08.000
news in Thailand. At that point the Wall Street Journal broke the story for the rest of the world

00:32:08.000 --> 00:32:13.760
that AlphaBay was seized by the feds and the owner of the site was dead. This sent the users of the

00:32:13.760 --> 00:32:18.800
dark markets into a panic. [MUSIC] People were freaked out that the feds had taken over AlphaBay.

00:32:18.800 --> 00:32:23.280
Numerous conspiracy theories started springing up about his death; was he murdered by another

00:32:23.280 --> 00:32:28.640
dark market owner? Was he murdered by the real AlphaBay owner? Was he murdered by the feds?

00:32:28.640 --> 00:32:36.320
Why did he commit suicide? Darknet forums were abuzz with the chatter about this event.

00:32:36.320 --> 00:32:40.720
Once AlphaBay shut down, just like according to plan, a ton of new users started registering at

00:32:40.720 --> 00:32:45.920
the Dutch government-controlled Hansa dark market. Over 5,000 new users a day were

00:32:45.920 --> 00:32:50.320
registering at the site which is a massive jump from the normal 600 new users a day.

00:32:50.320 --> 00:32:54.080
In fact the number of new users were so high it broke the registration system

00:32:54.080 --> 00:32:58.240
and the Dutch police had to spend a few days getting it back online. Under Dutch law they

00:32:58.240 --> 00:33:03.120
were required to track and report every sale on the site, about 1,000 transactions a day were

00:33:03.120 --> 00:33:07.280
being conducted on Hansa and this was becoming too much paperwork for the Dutch authorities to

00:33:07.280 --> 00:33:12.720
handle. After the Dutch government had ran Hansa for 27 days and collected information on about

00:33:12.720 --> 00:33:18.720
27,000 transactions they pulled the plug on the server, shutting the whole operation down.

00:33:18.720 --> 00:33:23.360
Immediately the Dutch authorities placed a banner on the site. It said the Hansa hidden site had

00:33:23.360 --> 00:33:28.560
been seized by the Dutch National Police. At the same time AlphaBay’s site started displaying it

00:33:28.560 --> 00:33:33.760
had been seized by the FBI. News of both sites being controlled by government agencies shattered

00:33:33.760 --> 00:33:39.280
trust in many dark market buyers and sellers and it sent the whole community into chaos. Two days

00:33:39.280 --> 00:33:43.680
after Hansa was shut down, US Attorney General Jeff Sessions made a press statement.

00:33:43.680 --> 00:33:52.080
JEFF: Today the Department of Justice announced the takedown of the dark web market AlphaBay.

00:33:52.080 --> 00:33:59.600
This is the largest dark market web place takedown [00:35:00] in world history. This is likely one of

00:33:59.600 --> 00:34:07.040
the most important criminal investigations of this entire year. I have no doubt of that. Make

00:34:07.040 --> 00:34:13.280
no mistake, the forces of law and justice face a challenge from criminals and transnational

00:34:13.280 --> 00:34:20.800
criminal organizations who think they can commit their crimes with impunity by going dark.

00:34:20.800 --> 00:34:26.880
This case, pursued by dedicated agents and prosecutors says you are not safe.

00:34:26.880 --> 00:34:34.640
You cannot hide. We will find you, dismantle your organization and network, and we will prosecute

00:34:34.640 --> 00:34:41.120
you. The darknet is not a place to hide. JACK: For the FBI they were able to gather more

00:34:41.120 --> 00:34:46.080
evidence and go after moderators of AlphaBay and capture and arrest them. For the Dutch police,

00:34:46.080 --> 00:34:52.080
they collected information on over 420,000 users and collected 10,000 home addresses.

00:34:52.080 --> 00:34:55.280
They turned this information over to Europol to further take action.

00:34:55.280 --> 00:34:59.600
They seized about $12,000,000 worth of Bitcoin that was on the Hansa server at the time of

00:34:59.600 --> 00:35:04.160
shutdown and they arrested over a dozen dealers that were located in the Netherlands. They also

00:35:04.160 --> 00:35:08.240
claimed to have conducted over fifty knock and talks where the police would come visit someone

00:35:08.240 --> 00:35:13.760
and talk to them if they were a known big buyer or seller. The FBI and Dutch police continue to

00:35:13.760 --> 00:35:18.240
this day to go through the data they collected to track down anyone they got information on.

00:35:18.240 --> 00:35:22.640
When both AlphaBay and Hansa went down and the people discovered it was taken over by the feds,

00:35:22.640 --> 00:35:27.520
this really rattled the dark market communities. After Hansa there wasn’t a mass migration to

00:35:27.520 --> 00:35:32.400
another site. Users scattered. They went back to the streets or simply gave up on it altogether.

00:35:32.400 --> 00:35:36.720
The feds not only infiltrated the darknet but they infiltrated the minds of the people on the

00:35:36.720 --> 00:35:42.160
darknet. Immediately after these takedowns, people were much more cautious. Some were panicking. They

00:35:42.160 --> 00:35:46.640
weren’t using good operation security and they reused passwords and put in their home address

00:35:46.640 --> 00:35:51.280
and they were sloppy with privacy. It certainly made a dramatic short-term impact on the dark

00:35:51.280 --> 00:35:56.000
market trading scene. After all, this was the most elaborate and coordinated sting

00:35:56.000 --> 00:36:00.000
ever conducted on the darknet. But the long-term impact is yet to be

00:36:00.000 --> 00:36:05.360
seen. Today new dark markets are gaining in size such as Dream Market and Wall Street.

00:36:05.360 --> 00:36:09.840
But users of those sites should be aware of the history of dark markets. You never know if the

00:36:09.840 --> 00:36:14.560
feds are selling or buying drugs on there or controlling the site outright. You can never

00:36:14.560 --> 00:36:20.720
guess as to when the owner just might decide to shut down the site and steal everyone’s Bitcoins.

00:36:20.720 --> 00:36:24.960
But here’s what I take away from this story; the only way the feds were able to catch anyone

00:36:24.960 --> 00:36:29.840
was because of that person’s poor personal security. Alexandre was only discovered because

00:36:29.840 --> 00:36:35.120
he accidentally put his personal e-mail address in the Reply To of the welcome e-mail which directly

00:36:35.120 --> 00:36:39.280
connected him to his LinkedIn profile. The German Hansa guys were only caught because

00:36:39.280 --> 00:36:43.040
they put their real names and addresses in the chat logs on their server.

00:36:43.040 --> 00:36:46.640
The big-time sellers that the Dutch government caught were only discovered because they didn’t

00:36:46.640 --> 00:36:51.360
scrub out the metadata from the photos and didn’t cover their tracks properly. The feds caught all

00:36:51.360 --> 00:36:56.400
these people because these people slacked off just a tiny bit on their own security. Not

00:36:56.400 --> 00:37:01.200
because there’s some super-secret way to track who owns a Bitcoin wallet or who is on Tor.

00:37:01.200 --> 00:37:05.840
Jeff Sessions says the darknet is not a place to hide but clearly it is if the right precautions

00:37:05.840 --> 00:37:10.640
are made. With all the time and money and effort they put into taking down AlphaBay, the feds would

00:37:10.640 --> 00:37:15.440
have used a more scary method to track down these guys if they had scary ways to do it.

00:37:15.440 --> 00:37:20.240
But they had to wait and watch for years to spot a mess up in operational security.

00:37:20.240 --> 00:37:23.600
It’s probably true that you’ll never shake the feds from trying to track you if you

00:37:23.600 --> 00:37:27.760
run the largest dark market in the world. They’ll probably catch you eventually but

00:37:27.760 --> 00:37:32.400
maybe you make enough money and give the site to someone else and then disappear completely.

00:37:32.400 --> 00:37:37.520
Alexandre had $20,000,000 in assets and I wonder how much more he thought he needed

00:37:37.520 --> 00:37:42.160
for him to just disconnect from it all and change his name and live a nice happy life with his

00:37:42.160 --> 00:37:47.440
wife in Antigua. If you do want to be anonymous and conduct massive illegal activities online,

00:37:47.440 --> 00:37:52.000
you still can but it takes a lot of time and effort for it to become that safe.

00:37:52.000 --> 00:37:55.760
You need to exercise all the options you can to stay anonymous.

00:37:55.760 --> 00:38:01.280
Here’s a starter pack; use Tor, use a VPN, take advantage of Bitcoin tumblers,

00:38:01.280 --> 00:38:06.960
use PGP in encrypted chats, use fake personas. Don’t ship anything to your actual house.

00:38:06.960 --> 00:38:10.880
Strip out all metadata from photos and use a separate computer to do

00:38:10.880 --> 00:38:15.920
all this on. Because if you take all these steps to be anonymous then you just log into Facebook,

00:38:15.920 --> 00:38:20.240
if someone was tracking your anonymous persona they now know you own that Facebook account and

00:38:20.240 --> 00:38:25.120
can link it back to you. When you set all this up keep it separate from everything that’s connected

00:38:25.120 --> 00:38:29.600
to your real persona and don’t tell anyone about it. Another thing this story proves to

00:38:29.600 --> 00:38:35.360
me is that there’s a massive world-wide demand for illegal items. When there’s a demand this large

00:38:35.360 --> 00:38:39.920
there will always be someone willing to risk their life and take that forbidden ride Fand build a

00:38:39.920 --> 00:38:51.280
dark market and cash in on that demand. JACK (OUTRO): [OUTRO MUSIC]

00:38:51.280 --> 00:38:54.480
You’ve been listening to Darknet Diaries. Please consider donating

00:38:54.480 --> 00:38:58.720
to help support this show [00:40:00] by visiting darknetdiaries.com/donate.

00:38:58.720 --> 00:39:04.240
It really helps a lot. This show is created by me, Alpha03, Jack Rhysider. Mixing is

00:39:04.240 --> 00:39:12.160
done by Sono Sanctus and the theme music is created by the hooded Breakmaster Cylinder.