In July 2017, the FBI shut down AlphaBay, one of the largest illegal dark web marketplaces in the world, and arrested its administrator, Alexandre Cazes. He died while in custody of Thai police days later by suspected suicide.
At a cybersecurity conference in Manhattan Tuesday, an FBI agent involved in the case showed a video of Cazes’s arrest to journalists and law enforcement, and joked about how the arrest went down.
“See if you can spot the moment when he realizes he's about to be arrested," FBI special agent Nicholas Phirippidis said as he played a few seconds of the surveillance footage of the arrest at Fordham University’s International Conference on Cyber Security; the audience laughed as the video played.
Cazes died eight days after the arrest. He was 26, and never got a trial.
Phirippidis told the audience that the bureau managed to corner Cazes and arrest him while he was still logged in as the admin of AlphaBay by ramming a car through the front gate of his home in Thailand.
This footage has yet to be publicly released and the FBI declined to send us the actual video file, but as I realized what the video was, I filmed some of it on my phone. You can see a brief segment of the video and Phirippidis’s comments below. The FBI declined to send us any of the materials used in the briefing and would not make an agent available for an interview.
On the right, you can see Cazes’ house, and in the middle, Thai agents capture him after luring him out.
It is not unusual for the FBI to give talks at security conferences about closed investigations, but in this case, the FBI is promoting the arrest of a man who wasn't given a trial because he died while in the custody of law enforcement.
The FBI's plan was to crash the undercover police car onto Cazes’ front gate and get him to come out. This wasn’t just to get their hands on him, but also to get his computer before he managed to encrypt his data, something FBI directors have been warning against for years.
The idea was to get Cazes’ computer unlocked and unencrypted to avoid having to potentially crack into it by breaking its encryption, Phirippidis said. Increasingly, police and federal agents try to seize computers while they are on and unlocked to avoid the Apple vs, FBI scenario, where feds initially couldn’t access data on an encrypted iPhone.
After crashing the car at the front gate, the agents played dumb, acting like they screwed up a three-point turn. After a minute that “seemed like an eternity,” Phirippidis said, Cazes came downstairs, where the police took his phone and arrested him.
“When we get to his bedroom we see that he’s actually logged in as admin on AlphaBay, which you're not going to get much better evidence than that," Phirippidis said, showing a screenshot of Cazes’s laptop. “We got lucky."
The arrest was the dramatic end to an investigation that started two years earlier thanks to a Hotmail account that linked Cazes to his online, criminal persona on AlphaBay. With that first piece of evidence, Phirippidis and his colleagues at the bureau then “followed the money,” or in this case, his Bitcoin transactions, payments, and cashouts—something that can be done in part with open source tools.
Phirippides closed his talk on another light-hearted note, explaining that the operation to get Cazes was called “Bayonet,” because they wanted to make a “triple-pun” using the word bay, the word net for internet, and for catching “bad guys.”
“It sounded like something,” he said. “We Googled it and there wasn't one already, so we were 'alright!'”