Just four years ago, the US Department of Justice announced its closure AlphaBay, the largest drug market in its history Dark Web.
Thai police have arrested a 26-year-old webmaster. Alexandre Cazes, in Bangkok and the FBI seized AlphaBay 's main server in Lithuania, closing a market that was making millions of dollars a year from the sale of drugs, stolen data, and more illegally to its 400.000 plus registered users.
The FBI called the closure of the site a "landmark operation."
But one key player escaped. The former AlphaBay admin number two, and security expert, self-described as a co-founder, was called DeSnake.
Four years after the market closed, DeSnake seems to be online again and has even relaunched AlphaBay.
In an extensive interview, DeSnake describes to WIRED how he escaped the "fall" of the authorities on AlphaBay, why he came back and what his plans are for the resurrected Dark Web market.
He communicated with WIRED via encrypted text messages, from a frequently changing series of accounts with different aliases, after proving his identity by signing a public message with DeSnake's original PGP key, which was confirmed by many security researchers.
"The biggest reason I come back is to mention the name AlphaBay and why the founder committed suicide," says DeSnake.
Cazes was found dead in a Thai prison cell a week after his arrest. But many in the DarkWeb community, including DeSnake, believe Cazes was murdered.
The updated version of AlphaBay allows users to buy and sell only with the Monero cryptocurrency, which is designed to be much harder to detect than Bitcoin, whose blockchain has been shown to allow financial tracking.
AlphaBay's new site is now accessible not only via Tor, like the original AlphaBay, but also with I2P, a less popular anonymous system that DeSnake encourages users to use. He has repeatedly stated his skepticism about Tor and that he is vulnerable to surveillance, but without giving any evidence.
Table of Contents
A Safe and Secure Haven
DeSnake says his security practices - both on the new AlphaBay and on a personal level - far exceed those of his predecessor, Cazes, who used the nickname Alpha02.
Cazes was caught, in part, by a Bitcoin blockchain analysis confirming his role as AlphaBay admin, a trick that would have been much more difficult, if not impossible, with Monero.
DeSnake claims that the new security practices he uses will make AlphaBay much more invincible this time around.
DeSnake attributes his freedom to a business security scheme he uses with reverence. He states that his computers work with one "Amnesia" operating system, a Linux distribution that focuses on security, designed not to store data.
He claims that he does not store any incriminating data on hard drives or USB, encrypted or not. He also says that he has prepared a "kill switch" device on a USB, which is designed to erase the memory of his computers and close them in seconds, if he ever leaves them in control.
To avoid the risk of being snatched from his computer while connected to AlphaBay, DeSnake says he shuts it down completely every time he walks away from it, even to go to the bathroom. "The biggest issue in this regard is human needs… I would say this is the biggest inconvenience," says DeSnake. "You make sacrifices and once you get used to it, it becomes second nature."
Recall that the authorities confiscated the laptops of Alexandre Cazes and Ross Ulbricht - the latter is serving a life sentence for operating the Silk Road - while open, operating and logged in to DarkWeb administrator accounts.
DeSnake, on the other hand, claims that his work computer could not license others, even if confiscated.
But all these technical and functional protections may be less important than a simple geographical protection. DeSnake claims to be in a country that cannot be extradited, and is far beyond the reach of US law enforcement.
In messages to WIRED, the new admin of AlphaBay states that he lived in the former USSR and even used to write in Russian to users of the first AlphaBay.
AlphaBay has long been rumored to have some kind of relationship with Russia or with Russians. Its rules forbade the sale of data stolen from victims in countries of the former USSR, in order to prevent the Russian authorities from getting involved. Alexandre Cazes wrote under the name Alpha02 on the website, a Russian phrase for "stay safe". But when Cazes was located and arrested in Thailand, many speculated that AlphaBay's Russian footprints were designed to mislead the authorities.
Meet Alexandre Cazes
DeSnake first appeared on the first AlphaBay in the fall of 2014, looking for a new home after Evolution executives escaped with their users' money. Alpha02 became friends with a very unorthodox method:
He claims that "a shell" exploded on AlphaBay, hacked the site and he could run his own commands on the server. But instead of taking advantage of this breach, he helped the administrator to correct it and soon became the number two administrator and head of security on the site.
What is happening today
Dark Web buyers and suppliers are not exactly crowded on AlphaBay after its return. A few weeks after the restart, it has just 500 listings, compared to more than the 350.000 that the old AlphaBay had in 2017.
These low numbers are probably due to DeSnake's insistence on accepting only Monero. Of course, there are many skeptical DarkWeb users waiting to see if the new AlphaBay goes ahead. DeSnake, on the other hand, says that dark markets usually gain new users only if another popular market closes or is ruined by the authorities.
DeSnake, meanwhile, is trying to lure users with promises of another unproven system called AlphaGuard, which is designed to allow users to withdraw money even if authorities seize AlphaBay servers again. .
Suspicions
Many see the DeSnake move as very suspicious. If the authorities had contacted him and launched the new AlphaBay as a honeypot, they could "gather" a lot of people, buyers and suppliers.
Of course, DeSnake says that if that had happened, the authorities would have reused the original AlphaBay code. Instead, he says, he rewrote the code from scratch. He also points out that the restriction on transactions with Monero only protects users much more than a site that simply accepts Bitcoin.