Security
Headlines
HeadlinesLatestCVEs

Headline

The Hunt for the Dark Web’s Biggest Kingpin, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

Wired
#vulnerability#web#ios#cisco#git#acer#auth

The notorious Alpha02 oversaw millions of dollars a day in online narcotic sales. For cybercrime detectives, he was public enemy number one—and a total mystery.

Illustration: Hokyoung Kim

The Rise and Fall of AlphaBay

It was the largest online drug and crime bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

****PROLOGUE** **

on the morning of July 5, 2017, a gray Toyota Camry slowly turned into the cul-de-sac of a quiet neighborhood in Bangkok—a moderately upscale subdivision on the western edge of the city, where the pulsating capital’s downtown high-rises began to flatten out into highways and canals snaking through tropical forest and farmlands.

Behind the wheel sat a woman who went by the nickname Nueng. A slight, 46-year-old agent of the Royal Thai Police with a short, boyish haircut, she wore a white polo shirt and black pants rather than her usual military-style uniform. Both she and the female officer beside her in the passenger seat were working undercover.

Nueng’s heart pounded. For more than two years, law enforcement agents from around the world had been hunting the dark-web mastermind known as Alpha02, a shadowy figure who oversaw millions of dollars a day in narcotics sales and had built the largest digital drug and crime bazaar in history, known as AlphaBay. Now, a coordinated takedown and sting involving no fewer than six countries’ agencies had tracked Alpha02 to Thailand. The operation had finally led to this quiet block in Bangkok, to the home of a 26-year-old Canadian named Alexandre Cazes. Nueng knew that the success of the plot to arrest Cazes and knock out this linchpin of the global underworld economy hinged on what she did in the next few moments.

Trying to give the impression of an inexperienced driver, Nueng slowly rolled the car toward a model home and real estate office at the end of the cul-de-sac. She signaled to a security guard outside the house that she had taken a wrong turn and needed to pull a 180. She heard him shout at her to back directly out instead, that the street was too narrow for a three-point turn.

Nueng quickly muttered a nearly silent prayer—an adapted, high-speed plea to the holy trinity of the Buddha, his teachings, and all the monks and nuns in his service. “Dear Buddha, please bless me with success,” she whispered in Thai. “Dear Dhamma, please bless me with success. Dear Sangha, please bless me with success.”

Then she put the car in reverse, turned the wheel to the left, and ever so gently—almost in slow motion—slammed the Toyota’s fender into Alexandre Cazes’ front gate.

CHAPTER 1

****ALPHA02****

Around 18 months earlier, Robert Miller sat in the US Drug Enforcement Administration’s wiretap room in Fresno, California, spending another painfully boring day listening in on the life of one of the DEA’s endless supply of narcotics targets in California’s Central Valley.

All Miller ever wanted was to be on a SWAT team. At the academy, instructors had praised him for his instinctive judgment and thoroughness—how, in training raids on the academy’s mock-ups of drug dens, he always meticulously cleared his corners and covered his blind spots. And when the young DEA agent was assigned to the agency’s field office in Fresno right after graduation, he had high hopes it would put him where he wanted to be: making arrests, carrying out search warrants, “hitting doors,” as he put it. (Miller’s name and some personal details have been changed, per his request.)

The sunbaked agricultural city in the middle of California had long served as a corridor for cocaine, heroin, weed, and methamphetamine smugglers, as traffickers from the southern border made their way to buyers in the Northwest and on the East Coast. Agents spent their days carrying out undercover buy-and-busts, following trucks packed with dope along Highway 99 and tracking, raiding, and arresting cartel operators.

But not long after he moved to Fresno, Miller injured his foot and his shoulder while rock climbing. Both injuries required surgery. There would be no SWAT team, no “hitting doors”—not, at least, for the two years it would take to recover.

So Miller was assigned to surveillance. He’d stake out targets from his car or sit in the office’s wiretap room, listening to suspects’ phone calls and reading their texts for weeks or sometimes months on end. The work was often mind-numbingly mundane. “Ninety-nine percent boredom and 1 percent excitement,” as he remembers it.

At one point in 2013, Miller’s partner on a surveillance assignment suggested they try to work on a new sort of case. She had heard about a booming drug market on the dark web called Silk Road—a site where anyone could connect through the anonymity software Tor and spend bitcoins to buy any drug imaginable—and its pseudonymous creator, the Dread Pirate Roberts. But when Miller asked his superiors about the site, he was told that teams in New York and Baltimore were already on it. Not long after, while Miller was on a surveillance stakeout in his car in a mall parking lot, his phone buzzed with an alert that the notorious market had been busted. The Dread Pirate Roberts turned out to be a 29-year-old Texan with no criminal record named Ross Ulbricht. He had been arrested in the science fiction section of San Francisco’s Glen Park Public Library with his laptop open and logged in to Silk Road.

Two long years later, in early 2016, Miller’s boss came into the wiretap room and asked whether Miller wanted to join a different team. Someone in the office had remembered Miller’s inquiry into Silk Road. A local assistant US attorney had assembled a group to focus on dark-web crime, and he was looking for volunteers from all the federal agencies clustered around Courthouse Park in Fresno’s downtown square: the Internal Revenue Service, Homeland Security Investigations, and the Drug Enforcement Administration. The assignment, Miller knew, was pretty much the opposite of the SWAT team. But at least it would be something new. “OK,” he said. “I’ll do it.”

Grant Rabenn, the young prosecutor at the helm of Fresno’s dark-web strike force, laid out a set of modest initial goals for the group: They would be going after individual money launderers and drug dealers, not kingpins and masterminds. “We are not the Southern District of New York. We are in a dusty town in the Central Valley of California,” as Rabenn put it. “Let’s hit singles before we try to go for a home run.”

That humble starting point was fine with Miller, who had little idea of how the dark-web drug trade even worked. When Rabenn asked Miller to start making undercover heroin buys, he couldn’t figure out how to buy bitcoins, let alone the drugs themselves. He drove two and a half hours to San Jose to find a physical bitcoin ATM rather than simply use an online exchange. Even then, he discovered that after transaction fees he could purchase only half a gram of heroin instead of the 2 grams he’d planned on.

But slowly, as Miller poked around the dark web and perused the various markets, he got a feel for the post-Silk Road online drug economy. He soon came to see that it was dominated by a single entity: AlphaBay.

AlphaBay had first appeared in late 2014, just one in the broad scrum of markets vying for a share of the growing dark-web criminal trade. But the site’s pseudonymous administrator, Alpha02, seemed cannier than those behind many of the competing markets. Alpha02 was a well known if not exceptionally talented “carder,” a cybercriminal hacker focused on credit card theft and fraud. He’d become a significant player on Tor Carding Forum, a dark-web site where hackers traded in stolen data. He’d even sold his own 16-page “University of Carding Guide,” designed to teach beginners the tricks of the trade, like how to “social-engineer” customer service representatives at banks, calling from spoofed telephone numbers to deceive them into approving fraudulent transactions.

In its first months online, AlphaBay seemed destined to serve much the same hacker clientele. It was devoted almost exclusively to cybercriminal wares, such as stolen account logins and credit card data. But as Alpha02 bootstrapped the site from its carder origins, its portfolio of vendors quickly expanded to offer the dark web’s more lucrative contraband: ecstasy, marijuana, meth, cocaine, and heroin, all shipped through the mail. Soon it became clear that Alpha02’s grand vision was to unite two spheres of the dark web that had, until then, been somewhat distinct—one devoted to cybercrime and the other to drugs—to create a single mega-market. AlphaBay’s goal, he declared, was “to become the largest eBay-style underworld marketplace.”

Silk Road’s Dread Pirate Roberts had espoused a kind of anarcho-capitalist ideal, describing his site as a “movement” or a “revolution” bent on liberating mankind from oppressive government control of commerce and limiting sellers, at least in theory, to offering only “victimless” products. Alpha02, by contrast, seemed to adopt a much less high-minded focus on the bottom line. Aside from a ban on child abuse materials and murder for hire, the only rule Alpha02 imposed on AlphaBay’s vendors was that they not sell data or accounts stolen from Russia or other former Soviet states, or infect those countries’ computers with malware. This prohibition, common among cybercriminals from that part of the world, was typically designed to avoid trouble from Russian law enforcement—a kind of “don’t shit where you sleep” principle. For Miller and other federal agents and prosecutors sniffing around the site, it also suggested that AlphaBay and its mysterious founder were likely based in Russia—an impression cemented by Alpha02’s signature in messages on the site’s forums: “Будьте в безопасности, братья,” Russian for “Be safe, brothers.”

In an interview in April 2015 with the news site and dark-web directory DeepDotWeb, Alpha02 reassured his users that he and his site were beyond the reach of any Silk Road-style seizure. “I am absolutely certain my opsec is secure,” he wrote, using the shorthand for “operational security,” and added, “I live in an offshore country where I am safe.”

Throughout that interview, Alpha02 wrote in the style of a corporate press release: “We have made sure to have created a stable & fast marketplace web application which has been built with security in mind right from the start,” he wrote, adding, “We would like to assure all of our users (both vendors & buyers) that their security, privacy and anonymity rank first place in our priorities list.”

What Alpha02 lacked in political inspiration he seemed to make up for in technological aspiration and coding competency. He boasted about features that included auction-style bidding, search tools that helped fraudsters comb through stolen data to carefully choose their victims, and a multi-signature transaction scheme designed to reassure users that it would be far harder for law enforcement or rogue staff to steal funds held in escrow.

“We want to have every imaginable possible feature to be the #1 market,” he wrote to DeepDotWeb. On each page of AlphaBay, he’d signed his work: “proudly designed by Alpha02.”

When a judge imposed a double life sentence on the Silk Road’s Ross Ulbricht in May 2015, she told the court that the draconian sentence was partly meant to scare off future dark-web drug buyers, dealers, and administrators. By the time of AlphaBay’s rise, that unprecedented punishment seemed to have had the opposite effect. A study in The British Journal of Criminology found that sales on what was then the top dark-web site, Agora, more than doubled in the days following the news of Ulbricht’s sentencing, to more than $350,000 a day. The study’s author, trying to interpret that unexpected increase, reasoned that by imposing such a shocking prison term, the judge had only generated new awareness of the dark-web drug trade. Rather than deterring users, the judge seemed to have created a massive advertisement for the world’s burgeoning cryptocurrency black markets.

Alpha02 was hardly fazed by the news. Following Ulbricht’s sentencing, in an interview with Vice’s tech news site, Motherboard, he momentarily affected a revolutionary posture, picking up the Dread Pirate Roberts’ torch. “Courts can stop a man, but they can’t stop an ideology,” he wrote. “Darknet markets will always be around, until the war on drugs stops.”

But in response to other questions, AlphaBay’s boss seemed to ditch the torch and speak more plainly. “We have to carry on with business,” he wrote. “We all need money to eat.”

By the fall of 2015, AlphaBay was the biggest market on the dark web. Agora’s administrators had taken their site offline that August, citing concerns that a vulnerability in Tor, the online anonymity system that powered the dark web, might be used to locate Agora’s servers. AlphaBay appeared to have no such security flaw. As it absorbed Agora’s tens of thousands of buyers and vendors, the growing crowd of law enforcement agents around the world surveilling the site could find no coding or opsec slipups to give them the slightest clue as to where they might find its servers, not to mention its founder.

Shortly before AlphaBay took over the dark web’s top spot, Alpha02 had changed his username on the site to merely “admin” and announced that he would no longer accept any private messages sent to him by anyone other than AlphaBay’s staff. Instead, he left much of the site’s communications work to his second-in-command and head of security, a figure who went by the pseudonym DeSnake.

The Alpha02 moniker had served its purpose, lending the site its initial credibility. Now the person behind it intended, like discreet criminal bosses the world over, to slip into the shadows, raking in his fortune as quietly and anonymously as possible.

That fortune was, by the time of Alpha02’s name change, growing at an unprecedented rate: By October 2015, AlphaBay had more than 200,000 users and more than 21,000 product listings for drugs, compared to just 12,000 listings on Silk Road at its peak. Sometime around the middle of 2016, AlphaBay surpassed Agora’s peak sales rate of $350,000 a day, according to researchers at Carnegie Mellon. It had become not only the biggest black market on the dark web, but the biggest cryptocurrency black market of all time. And it was still growing wildly.

For Grant Rabenn, the Fresno-based prosecutor, it was clear that Alpha02 was now the most wanted man on the dark web; Rabenn compared his notoriety among digital crime investigators to that of Osama bin Laden. AlphaBay and Alpha02 were invoked at every law enforcement conference on cybercrime, every interagency meeting, every training event, Rabenn says. And as the target on Alpha02’s back loomed larger, so too did the unspoken fear that this mastermind might stay a step ahead of them indefinitely.

“Is this person just a pure genius who’s figured out all of the possible mistakes?” Rabenn remembers asking himself. “Has this individual found the perfect country with the right IT infrastructure to run a marketplace, and he’s able to bribe the officials there so we’ll never touch him?

“As every day passed there was, more and more, a sense that this might be the special one,” Rabenn says. “You begin to wonder: Is this the Michael Jordan of the dark web?”

But Rabenn followed these discussions of Alpha02 from a distance. The idea that his Fresno team might actually take on the Michael Jordan of the dark web had never occurred to him. “It’s not expected for people like us,” he says simply, “to go after a site like that.”

CHAPTER 2

****THE TIP****

Before Grant Rabenn became a federal prosecutor, his second job out of law school was at a boutique firm in Washington, DC, devoted to defending white-collar criminals. The young, olive-skinned lawyer with dark hair and a Hollywood smile ended up representing Russian oligarchs and corporate executives accused of bribing foreign governments. “Very interesting, wealthy people trying to hide their assets and avoid scrutiny,” as he described them, or alternatively, “James Bond characters who are jet-setting around the world with suitcases full of cash.”

Rabenn was captivated by these glimpses into a world of billions of dollars moving in invisible transactions. But he also found that he admired and envied the prosecutors on the other side of the table—the way they worked in the public interest and possessed a certain autonomy, choosing which cases they would pursue. So he began applying for Justice Department jobs, finally finding one in Fresno.

Despite having grown up in Southern California, Rabenn couldn’t place Fresno on a map. But when he arrived at its DOJ office in 2011, he found what he’d always wanted: a place with almost no hierarchy or bureaucracy, where he was simply told to focus on money laundering and was otherwise given free rein. For the next few years, he and the local agents tackled fraud and extortion, child exploitation, corrupt cops, and, of course, drug trafficking—following illicit trails of money wherever they led. “We were just running and gunning,” Rabenn says of those prolific years with a boyish enthusiasm.

Rabenn’s money-laundering cases often began with the stream of suspicious activity reports that banks were required to file under the Bank Secrecy Act. By mid-2013, Rabenn found that more and more of those reports were being triggered by financial transfers out of crypto exchanges, platforms where users could trade digital currency for traditional money like dollars, euros, or yen. The banks often suspected that these currency swaps were cash-outs of dirty digital profits. So Rabenn immersed himself in dozens of hours of YouTube videos to understand this still new currency called Bitcoin, its mechanics, and how it seemed to be powering an anonymous underworld of online commerce.

Criminals flocked to these dark markets because the cryptocurrency was widely believed to be anonymous and untraceable. Sure, every transaction was immortalized on Bitcoin’s blockchain, an unforgeable, unchangeable, and altogether public ledger. But that ledger recorded only which bitcoins resided at which Bitcoin addresses—long, unique strings of letters and numbers—at any given moment. In theory, at least, that meant buyers and sellers of illicit goods on opposite sides of the globe could send one another cash payments from behind the mask of those cryptic addresses without revealing any hint of their real-world identities.

But just as cryptocurrency-based platforms like AlphaBay opened up vast new global markets to criminals, they also opened up huge new opportunities for law enforcement, as Rabenn quickly realized. The dark web presented him with the chance to work cases on a scale that would otherwise be impossible in Fresno: As long as a dark-web drug dealer could be coaxed into sending a package to the Eastern District of California, the crime officially occurred in his jurisdiction.

Rabenn had no real idea how to pierce the veil of the blockchain’s anonymity. But he figured that even dark-web dealers must sometimes make mistakes that could be caught through traditional buy-and-bust police work. For an ambitious young prosecutor, the possibility was thrilling. “I wasn’t necessarily happy with just prosecuting drug mules driving meth up the 99 freeway,” he says. If he could arrange an undercover buy online and somehow identify the seller, he could arrest dealers all over the country. “All I have to do is order dope from them, and then we can go get them. And that’s what we did.”

In 2014, Rabenn began forming his dark-web strike force, inviting local investigators from Fresno’s Homeland Security Investigations and IRS Criminal Investigations offices to join. It was a small team of “odd ducks,” as he describes them—agents on the more cerebral side, content to work cases largely on a computer screen instead of kicking down doors like their Central Valley colleagues.

By the time he recruited Robert Miller out of the DEA’s wiretap room, Rabenn’s team had already achieved some success with their undercover approach. They’d started by cracking down on a few so-called peer-to-peer exchangers—individuals who bought and sold bitcoins in the real world and were often used by dark-web dealers to cash out their dirty cryptocurrency. In several cases, they’d mined those exchangers’ Rolodexes for leads on the legal names of dealers who’d done business with them, tracked them down, and arrested them.

But Rabenn had also begun to suspect that his original hunch was correct: Many of the dealers they targeted were indeed sloppy enough that agents could simply purchase drugs and look for clues either in their packaging or the vendors’ online profiles.

Miller, starting his new assignment, assembled the usernames of AlphaBay’s top dealers of heroin and the powerful synthetic opioid fentanyl, and he began to buy from them one by one. As the packages arrived, triple-sealed in silver Mylar and plastic, Miller and the team scrutinized both the shipments and their sellers’ online presence. They found that one vendor had made an elementary mistake: He’d linked his PGP key—the unique file that allowed him to exchange encrypted messages with customers—with his email address on the PGP key server that stores a catalog of users’ identities.

Miller and Rabenn quickly tied that email to the dealer’s social media accounts and real name. They learned that he was based in New York. Miller then found fingerprints on a package of heroin sent from one of his accounts, which matched those of another New York man. Finally, Miller worked with postal inspectors to get photos taken by a post office self-service kiosk. The photos showed the second New Yorker putting a dope shipment in the mail. Miller and a team of agents flew across the country, searched the two men’s homes, and arrested them both.

The same simple PGP trick allowed Miller to find the real name of another dark-web opiates dealer—which turned out to be part of his dark-web handle, written backward—and caught him shipping dope, again using evidence from a post office kiosk camera. When agents raided the man’s home in San Francisco, Miller says, they found piles of fentanyl and heroin powder sitting on tables and in open plastic containers.

Rabenn’s team was now on a roll, building significant cases—and even a reputation. When Miller ordered a package of opiates addressed to Fresno, he was amused when his San Francisco suspect warned him that a particularly aggressive group of feds operating out of the Central Valley seemed to be targeting players on the dark web and that he’d better watch his back.

But Miller and Rabenn didn’t kid themselves: Busting a few of AlphaBay’s sloppier dealers wasn’t any more likely to topple that black market than the DEA was to defeat Mexican cartels by chasing yet another meth mule up Highway 99.

By November 2016, Miller was ready to try something new again. He’d achieved a couple of decent dark-web busts, but he didn’t love the paperwork or the weeks spent in front of a screen. His shoulder and foot had finally recovered. Perhaps it wasn’t too late to get onto the SWAT team after all.

Then, one afternoon, Miller returned to the office after picking up lunch, his In-N-Out Burger bag still in hand, to find an email from an intriguing stranger.

The email explained that the sender had been googling dark-web arrests, looking for a law enforcement contact. They’d tried the FBI tip line, but no one had responded. They’d tried Homeland Security—no luck there either. Finally, they’d found Miller’s contact information in one of the Fresno team’s criminal indictments of an AlphaBay drug dealer.

So the stranger had decided to try getting in touch with Miller. And now they were ready to share a tip about who Alpha02 might really be.

Continued next week: On the trail of a mastermind, a tip leads detectives to a suspect in Bangkok—and to the daunting task of tracing his millions in cryptocurrency.

This story is excerpted from the book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, available November 15, 2022, from Doubleday.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Chapter illustrations: Reymundo Perez III

Photo source: Getty Images

This article appears in the November 2022 issue. Subscribe now.

Let us know what you think about this article. Submit a letter to the editor at [email protected].

  • The search for a pill that can help dogs live longer

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist