The US Department of Justice proclaimed the seizure of AlphaBay, the largest dark web market bust in history, a little over four years ago. Alexandre Cazes, the 26-year-old administrator of the site, was arrested in Bangkok by Thai police, and the FBI detained AlphaBay’s central server in Lithuania, effectively shutting down a marketplace that was selling hundreds of millions of dollars in hard drugs, hacked data, and other contraband to its 400,000-plus registered users. The interruption of the facility was dubbed a “landmark operation” by the FBI.
DeSnake tells wired in an extensive chat interview how he escaped the AlphaBaytakedown unharmed, the reason he has returned now, and what his intentions are for the revived, once-dominant online black market. After confirming his identity by signing a public message with DeSnake’s original PGP key, which numerous security researchers validated, he talked with wires via encrypted text messaging via a regularly shifting set of pseudonymous identities.
“The main reason I’m returning is to ensure that the AlphaBay name is remembered for anything other than the marketplace that was raided and the founder was falsely accused of suicide,” DeSnake adds. Cazes was discovered dead in a Thai jail cell a week after his detention, apparently by suicide; DeSnake, like many others in the dark web community, believes Cazes was killed in prison. After reading about an FBI presentation on the circumstances of Cazes’ arrest that he found insulting, he was inspired to recreate AlphaBay, he claims.
DeSnake’s signals to wires were tinged with a kind of practical paranoia, both on a personal level and in his intentions for AlphaBay’s improved technological safeguards. (DeSnake claims to speak in masculine pronouns.) For example, the resurrected version of AlphaBay enables users to purchase and sell exclusively using the cryptocurrencyMonero, which is meant to be considerably more difficult to monitor than Bitcoin, whose network has occasionally allowed for strong kinds of financial surveillance. The dark web site of AlphaBay is now available not just through Tor, as was the case with the previous AlphaBay, but also through I2P, a less popular anonymity technology that DeSnake urges people to utilize. He expressed his concern that Tor may be subject to monitoring on several occasions, although he presented no evidence.
DeSnake claims that his security measures, both at AlphaBay and home, are considered superior to those of his predecessor, Cazes, who went by the online moniker Alpha02. Cazes was apprehended in part because of Bitcoin blockchain analysis, which revealed his position as AlphaBay’s leader, a ploy that would be considerably more difficult, if not impossible, to pull off with Monero. DeSnake claims that additional protections like these will make removing AlphaBay from the dark web much more difficult this time.
DeSnake attributes his continued freedom to a stringent operational security routine. His work computers, he claims, use an “amnesiac” operating system, such as the Tails Linux distribution, which is meant to save no data. He claims not to keep any incriminating material on hard discs or USB devices, encrypted or not, and he refuses to elaborate on how he does this seeming magic trick. DeSnake also claims to have built a USB-based “kill switch” gadget that will wipe the memory of his computers and turn them off in seconds if they ever leave his control.
After all, law enforcement seized AlexandreCazes and Ross Ulbricht’s laptops while they were open, running, and logged into administrator accounts on the dark websites they oversaw–the latter is serving a life sentence for running the original dark web drug market known as Silk Road–while they were open, running, and logged into administrator accounts on the dark web sites they oversaw. DeSnake, on the other hand, makes the bold claim that even if his work PC was taken, it would not be able to implicate him.
All of those technical and operational safeguards, however, may be less important than a basic geographic one. DeSnake claims to be in a non-extradition nation, out of reach of American authorities.AlphaBay’s new leader mentions living in the old Soviet Union in letters to wired, and he previously posted Russian-language comments to members on the earlier AlphaBay’s forums.
AlphaBay has long been suspected of having Russian or Russian-related ties. Its regulations have long prohibited the selling of data taken from victims in former Soviet Union nations, a typical practice by Russian hackers to keep them out of Russian law enforcement’s sights. And when AlexandreCazes commented on the site as Alpha02, he would occasionally sign off with a Russian word that meant “keep safe.”When Cazes was subsequently found in Thailand, many people thought AlphaBay’s Russian fingerprints were faked to deceive police.
However, DeSnake now maintains that he and others engaged in the original AlphaBay are still safe from Western law enforcement. He says of AlphaBay’s prohibition against selling stolen data from ex-Soviet residents, “You do not crap where you sleep.”
While few of DeSnake’s claims have been verified, he has a long track record for a dark web market operator. According to security company Flashpoint, DeSnake has been working under the same alias since at least 2013, first as a credit-card-focused cybercriminal on sites like Evolution and Tor Carder Forum before becoming a market administrator himself.
DeSnake, a dealer of credit card fraud, commonly known as “carding” tools and tips, initially surfaced on the old AlphaBay’s forums in the fall of 2014, searching for a new home after the administrators of Evolution absconded with their customers’ money in a so-called “exit scam.” He claims to have rapidly befriended Alpha02 using an unconventional method: He claims to have “popped a shell” on AlphaBay, hacking the website and getting access to its server to perform his instructions. Rather than exploiting the flaw, he says he assisted the administrator in repairing it, and he quickly rose to become the site’s second administrator and security head.
Since its relaunch, dark web consumers and sellers haven’t exactly flocked to AlphaBay’s. It has little under 500 listings a few weeks after relaunching, compared to more than 350,000 during AlphaBay’s peak in 2017. Those low numbers are likely due to DeSnake’s insistence on exclusively taking Monero, as well as a barrage of distributed denial-of-service assaults that have taken the site offline since its debut. However, according to DeSnake, dark web marketplaces generally attract new members only when a major market closes or is caught by law enforcement; neither has happened since AlphaBay reopened.