He escaped the Dark Web’s biggest bust. Now he’s back

DeSnake is back, with big promises about keeping AlphaBay up and running this time.

Enlarge / DeSnake is back, with big promises about keeping AlphaBay up and running this time.
Illustration: Elena Lacey | Getty Images

reader comments

11 with 11 posters participating

Just over four years ago, the US Department of Justice announced the takedown of AlphaBay, the biggest dark web market bust in history. Thai police arrested the site’s 26-year-old administrator, Alexandre Cazes, in Bangkok, and the FBI seized AlphaBay’s central server in Lithuania, wiping out a marketplace that was selling hundreds of millions of dollars a year worth of hard drugs, hacked data, and other contraband to its 400,000-plus registered users. The FBI called the disruption of the site a “landmark operation.”

But the fate of one key player in that massive black market scheme was never explained: AlphaBay’s former number-two administrator, security specialist, and self-described cofounder, who went by the name DeSnake. Now, four years after his market’s demise, DeSnake appears to be back online and has relaunched AlphaBay under his own singular leadership. After four years off the radar, he’s not keeping quiet about his return.

In an extended chat interview, DeSnake tells WIRED how he walked away unscathed from the takedown of AlphaBay, why he has resurfaced now, and what his plans are for the resurrected, once-dominant online black market. He communicated with WIRED via encrypted text messages, from a frequently changing series of pseudonymous accounts, after proving his identity by signing a public message with DeSnake’s original PGP key, which multiple security researchers verified.

“The biggest reason I am returning is to make the AlphaBay name be remembered as more than the marketplace which got busted and the founder made out to have committed suicide,” DeSnake writes. Cazes was found dead of an apparent suicide in a Thai jail cell a week after his arrest; like many in the dark web community, DeSnake believes Cazes was murdered in prison. He was driven to rebuild AlphaBay, he says, after reading about an FBI presentation on the circumstances of Cazes’ arrest that he deemed disrespectful. “AlphaBay name was put in bad light after the raids. I am here to make amends to that.”

A kind of practical paranoia permeated DeSnake’s messages to WIRED, both on a personal level and in his plans for AlphaBay’s revamped technical protections. (DeSnake says he uses male pronouns.) The revived version of AlphaBay, for instance, allows users to buy and sell only with the cryptocurrency Monero, which is designed to be far more difficult to trace than Bitcoin, whose blockchain has proven to sometimes allow powerful forms of financial tracking. AlphaBay’s dark web site is now accessible not only via Tor, like the original AlphaBay, but also I2P, a less popular anonymity system that DeSnake encourages users to switch to. He repeatedly described his wariness that Tor may be vulnerable to surveillance, though he provided no evidence.

DeSnake says his security practices—both the ones he’s applying within AlphaBay and on a personal level—go far beyond those of his predecessor, Cazes, who went by the online handle Alpha02. Cazes was caught, in part, through Bitcoin blockchain analysis that confirmed his role as AlphaBay’s boss, a trick that would be far more difficult, if not impossible, with Monero. DeSnake argues that new safeguards like these will make AlphaBay that much harder to remove from the dark web this time around. “I had given [Cazes] many ‘holy grails’ of anonymity, but he chose to use only certain things while he branded other methods/ways as ‘overkill,’” DeSnake writes, in his seemingly foreign-inflected and occasionally misspelled English. “In this game there is no overkill.”

DeSnake credits his ongoing freedom to an operational security regimen that borders on the extreme. He says his work computers run an “amnesiac” operating system, like the security-focused Tails distribution of Linux, designed to store no data. He claims, in fact, not to store any incriminating data on hard drives or USB drives at all, encrypted or not, and declined to explain further how he pulls off this apparent magic trick. DeSnake also claims to have prepared a USB-based “kill switch” device designed to wipe his computers’ memory and shut them off in seconds if they ever leave his control.

Ross Ulbricht—the latter is serving a life sentence for running the original dark web drug market known as Silk Road–while they were open, running, and logged into administrator accounts on the dark web sites they oversaw. DeSnake, by contrast, makes the very bold claim that his work PC could not implicate him even if seized.

But all of those technical and operational protections may matter less than a simple geographic one. DeSnake claims to be located in a non-extradition country, beyond the reach of US law enforcement. In messages to WIRED, AlphaBay’s new boss describes having lived in the former USSR, and he previously wrote Russian-language messages to users on the original AlphaBay’s forums.

AlphaBay has long been rumored to have some sort of connections to Russia or Russians. Its rules have always banned the sale of data stolen from victims in former USSR countries, a common prohibition among Russian hackers intended to shield them from Russian law enforcement scrutiny. And when Alexandre Cazes wrote under the Alpha02 moniker on the site, he sometimes signed off with a Russian phrase for “stay safe.” But when Cazes was later tracked down in Thailand, many assumed AlphaBay’s Russian fingerprints had been designed to mislead investigators.

DeSnake now claims, however, that he and others involved in the original AlphaBay do in fact remain beyond the reach of Western law enforcement. “You do not shit where you sleep,” he writes of AlphaBay’s rule against selling the stolen data of ex-Soviet citizens. “We did that for security of other staff members. [Cazes] decided to embrace it as a way to secure himself.”

Regardless, DeSnake claims that he has traveled to “several continents within the last 4 years” and “had zero problems,” leading him to believe that his years of freedom have been a result not only of his location but of having technically outmaneuvered the law enforcement agencies tracking him. Of course, everything DeSnake told WIRED may itself be misdirection designed to help him further evade those agencies.

When WIRED reached out to Justice Department officials, including one who participated in the original investigation of AlphaBay that resulted in its 2017 takedown, they either didn’t respond or declined to comment.

While few of DeSnake’s claims can be confirmed, he has at least enjoyed unusual longevity for a dark web market operator. Security firm Flashpoint says it has seen evidence and descriptions of DeSnake operating under the same pseudonym—first as a credit-card-focused cybercriminal on sites like Evolution and Tor Carder Forum before becoming a market administrator himself—since at least 2013.

DeSnake first appeared on the original AlphaBay’s forums in the fall of 2014, a vendor of credit card fraud—also known as “carding”—tools and guides, looking for a new home after the administrators of Evolution absconded with their users’ money in a so-called “exit scam.” He says he quickly befriended Alpha02 by an unorthodox method: He claims he “popped a shell” on AlphaBay, hacking the website and gaining a foothold to run his own commands on its server. Rather than exploit that breach, he says, he helped the administrator fix it and soon became the site’s number-two admin and security lead. “I took care of the security and certain admin stuff,” DeSnake says. “He took care of the rest.”

Nearly three years later, Cazes was arrested and the site torn offline, thanks in part to a trail of evidence that began when the AlphaBay founder leaked a personal email address in the metadata of a welcome message to new users on its forums, a problem DeSnake says he had fixed early on by switching the site’s forum software. “I am still in disbelief to this day that he had put his personal email on there,” DeSnake says. “He was a good carder and he knew better opsec.”

Dark web buyers and vendors haven’t exactly flocked back to AlphaBay’s since its return. A few weeks into the relaunch, it has just under 500 listings, compared to more than 350,000 at AlphaBay’s 2017 peak. Those low numbers likely stem from DeSnake’s insistence on accepting only Monero, from skeptical dark web users waiting to see if the new AlphaBay is legitimate, and from a barrage of distributed denial-of-service attacks that have knocked the site offline since its launch. But DeSnake argues that dark web markets typically gain an influx of new users only when another popular market shuts down or is busted by law enforcement; neither has happened since AlphaBay came back.

Dutch police took over and controlled Hansa, the second-largest dark web market at the time. “It’s unlikely,” Christin says of theories that DeSnake is compromised, “but not impossible.”

DeSnake counters that if law enforcement had gotten to him and launched the new AlphaBay as a honeypot, they would have simply reused the original AlphaBay’s code. Instead, he says, he rewrote it from scratch. And he points out that the Monero-only restriction for the site would make it far less effective for trapping unsuspecting dark web buyers than a site that simply accepts Bitcoin.

“With all of that said you decide for yourself whether you ride the wave with us to the top and beyond,” he wrote in a message to users on the dark web market forum Dread. “I understand if you decide not to but over time you will be proven that we are the original AB and we have never been ‘compromised’ in any way shape or form.”

If DeSnake and his revitalized AlphaBay are in fact legit, they may prove to be the opposite of a honeypot: A highly motivated digital black market seemingly beyond the grasp of US law enforcement. And that might well mean that the long track record of one of the dark web’s oldest players still has no clear end in sight.

This story originally appeared on wired.com.

Article Tags:
Article Categories:
Technology