The Dutch Police is aggressively prosecuted in arrests as well as in new searches for Dark Web vendors using data gathered since the closure of the Hansa drug dealership.
Currently, several Hansa security researchers and former salesmen have identified two ways in which the Dutch authorities are proceeding against Hansa's former salesmen.
Police reportedly gain access to Dream Market accounts via reused passwords.
In the first case, the Dutch authorities managed to decipher the access codes for vendors who had the same names on the Hansa drug market and the Dream Market, the current Dark Web's top market after the closure of the Hansa The estate provides stunning sea views and offers a unique blend of luxury living and development potential AlphaBay.
If vendors allegedly re-use passwords and did not activate 2FA in their Dream Market accounts. So authorities take control of their profiles, they change passwords by virtually throwing out the sellers.
Dream Market and the Dark Web community have identified 14 vendor accounts that changed their PGP keys: 00DRGREEN00, BoulderMedical, cannab1z, cocaMG, dutchcandyshop, DrPoseidon, GlazzyEyez, Gridlockdope, guessguess, ibulk, iCoke, MarcoPolo420, mushrooms, wolfydutch
One of the aforementioned sellers confirmed in Reddit that he lost access to his Dream Market account because he was using the same Hansa password.
The locktime file
The second method used by the Dutch Police and found by the Dark Web community includes the so-called "locktime" files that were in the Hansa market, which closed on July 20.
Under normal circumstances, a lock time file is a simple buyer purchase transaction log that contains details of Hansa's product sold, buyer, sale time, price, and signature. Records are used as vendor authentication to request the release of Bitcoin funds after a sale has ended or if the market was falling for technical reasons.
According to people familiar with Hansa's internal operations, Hansa's locktime files were usually just a text file.
So before closing the site, these lock files were replaced with Excel files containing a hidden image. When a vendor opens the file to see the transaction details, the image is placed on the vendor's computer.
Once the image is uploaded, the Hansa server records the user's IP address. If the user did not use a VPN, proxy, or visited the page only through Tor, the server records its actual IP address.
Even after Hansa's closure has dropped, some vendors may still have the files on their computers. After the Hansa closure, vendors may have opened the saved files looking for ways to recover their money that is locked in Hansa's accounts.
The Dutch police seized Hansa's servers at 20 in June and secretly collected data from sellers until July 20 officially announced the closure of the market.
When Europol announced the confiscation of the Hansa market servers, it provided the following audio message, which today seems to be more important than ever.
In recent weeks, the Dutch Police have collected valuable information about high value targets and delivery addresses for a large number of orders. About 10.000 foreign buyer addresses on the Hansa market have been forwarded to Europol.