Type of site
With the closure of AlphaBay in July 2017, it was predicted to become one of the leading markets. However on July 20, 2017 it was revealed that it had been compromised by law enforcement for several weeks before closing shortly after AlphaBay as a culmination of multinational law enforcement operation Operation Bayonet.
Dutch police discovered the true location of the site, after a 2016 tip from security researchers who had discovered a development version. The police quickly began monitoring all actions on the site, and discovered that the administrators had left behind old IRC chat logs including their full names and even a home address, and they began to monitor them. Although the administrators soon moved the site to another unknown host, they got another break in April 2017 by tracing bitcoin transactions, which allowed them to identify the new hosting company, in Lithuania.
On June 20, 2017, German police arrested the administrators (two German men) and the Dutch police were able to take complete control of the site and to impersonate the administrators. Their plan, in coordination with the FBI, was to absorb users coming over from the upcoming AlphaBay shutdown. The following changes were made to the Hansa website to learn about careless users:
- All user passwords were recorded in plaintext (allowing police to log into other markets if users had re-used passwords).
- Vendors and buyers would communicate via PGP-encrypted messages. However, the website provided a PGP encryption convenience feature which the police modified to record a plaintext copy.
- The website's automatic photo metadata removal tool was modified to record metadata (such as geolocation) before being stripped off by the website.
- Police wiped the photo database, which enticed vendors to re-upload photos (now capturing metadata).
- Multisignature bitcoin transactions were sabotaged, which at shutdown would allow police to confiscate a larger amount of illicit funds.
- Police enticed users to download a Microsoft Excel file (disguised as a text file) that, when opened, would attempt to ping back to a police webserver and unmask the user's IP address.
AlphaBay was then shut down on July 4, and as expected a flood of users came to Hansa, until its shutdown on July 19/20. During this time, the police allowed the Hansa userbase (then growing from 1000 to 8000 vendors per day) to make 27000 illegal transactions in order to collect evidence for future prosecution of users. Local cybercrime prosecutor Martijn Egberts claimed to have obtained around 10,000 addresses of Hansa buyers outside of the Netherlands.
- "Deep Dot Web - Hansa".
- Buntinx, JP (16 July 2017). "Top 4 Darknet Marketplaces Poised to Take AlphaBay's Place". Retrieved 20 July 2017.
- "Massive blow to criminal Dark Web activities after globally coordinated operation". 20 July 2017. Retrieved 20 July 2017.
- "Underground Hansa Market taken over and shut down". Politie (Dutch Police). 20 July 2017.
- "Operation Bayonet: Inside the Sting That Hijacked an Entire Dark Web Drug Market". Wired. 2018-03-08.
- Cox, Joseph (August 25, 2017). "This Is How Cops Trick Dark-Web Criminals Into Unmasking Themselves". The Daily Beast.
- pxx51092 (July 25, 2017). "DON'T open the xlsx locktime file, beacon image confirmed in it with Hansa's server IP address". reddit. Archived from the original on October 9, 2017.
- Riggs, Mike (2017-07-26). "Five Lessons from the Hansa and AlphaBay Busts". Reason Hit&Run. Retrieved 2017-07-26.
- Satter, Raphael; Bajak, Frank (2017-07-21). "Dutch 'darknet' drug marketplace shut down". Portland Press Herald. Retrieved 2017-07-22.
- DeepDotWeb (31 October 2016). "Dutch National Prosecution Service and police launch Hidden Service in global Darknet enforcement operation". Retrieved 26 July 2017.
- Vitaris, Benjamin (20 July 2016). "Hansa Market Taken Down in Global Law Enforcement Operation".
|This website-related article is a stub. You can help Wikipedia by expanding it.|