By Rob Medley
AlphaBay founder Alexandre Cazes had a bad week. Business on his Dark Web version of eBay was making the Canadian lots of money, literally hand over fist. He didn’t need to worry about the police, his service operated via anonymizing methods such as Tor and I2P. Things were really looking up, until the man found himself in a dank Bangkok jail. It seems, in a veritable twist of irony, that Cazes had fallen victim to the same hacking techniques as millions of individuals and businesses face each day.
“You will never find a more wretched hive of scum and villainy. We must be cautious”
AlphaBay, like Mos Eisley Spaceport in the Star Wars saga, was a bazaar of digital dubiousness. Anything and everything could be found there, from drugs, to arms, to hacking tools with extensive instructions and even customer support. It was a thriving bastion of Capitalism dedicated to the underworld. Unfortunately, the 1% were not getting their cut, so it had to be taken down. The beginning of the end happened simply enough. Police had acquired Cazes’ email address ‘Pimp_alex_91@hotmail.com’ way back in 2014 while monitoring the site. In a fait accompli, Cazes had somehow added his personal email to the new user welcome message; a good thing for legitimate CEO’s, showing that they care, but not so much for something that could land you in a Thai jail.
“Treachery has existed as long as there’s been warfare, and there’s always been a few people that you couldn’t trust.”
General James Mattis, the stalwart symbol of American military prowess, follows the eastern philosophy which teaches knowledge as the key to defeat an enemy. By the same token, any hacker worth his salt can break into a network with just a single piece of information, like an email address. Conducting reconnaissance using the address can reveal social media and financial accounts, domain registration data, and daisy-chain contacts associated with the email. The exploitation process after this can be as easy as sending a compromised link in a phishing email from one of the targets friends, placing malicious code on a site the target is most likely to visit, to planting a rootkit.
“Once you’ve lost your privacy, you realize you’ve lost an extremely valuable thing.”
Billy Graham, the champion of cable TV Christianity, has a net worth of $25 Million. Alexandre Cazes’ net worth, by contrast, was about the same, coming in at $23 Million. When police launched operation ‘Bayonet’, they basically followed the trail from Cazes’ compromised email address to his PayPal account and a front company, EBX Technologies. Eventually, this led them to Cazes himself in Bangkok, Thailand. A raid on the swashbuckling entrepreneurs house procured the laptop Cazes used to run AlphaBay, which was unencrypted and logged into the AlphaBay site at the time of its seizure. The lesson here? Encrypt your hard drive and traffic. Also, have an extremely short inactivity lockout, especially if you are on the wrong side of the law.
“Have no fear of perfection – you’ll never reach it.”
Salvador Dali, mustachioed master of Surrealism, knew that perfection can never be achieved; the same is true in security. Navigating the digital world around us takes caution and a hefty amount of risk acceptance or mitigation. It was not some grand marvel of network subversion that took down AlphaBay, but human carelessness. It is an ironic cautionary tale that those on the wrong side of the light, legally speaking, are just as susceptible to hacking as we are in bountiful lands of the mapped Internet. Basic awareness and caution should be globally embraced by anyone engaged in digital activities, because all it takes, is an email address.