The dark web is really shaken up. On Thursday, US authorities confirmed they had identified the alleged administrator of AlphaBay, the world's largest dark web marketplace. And European law enforcement agencies announced they had secretly taken over Hansa, another popular illicit market.
In an interview with Motherboard, Rob Wainwright, the head of Europol, highlighted how a tip from a private company helped start the investigation into Hansa.
"This is a massive hit—two of the top three—but also done in a coordinated way that perhaps surprises them [site users] about what the capability of law enforcement might be when we get our act together," he told Motherboard in a phone call after the announcement.
Alexandre Cazes, the alleged AlphaBay creator, was identified because he included his personal email address in one of the site's welcome messages, according to the US forfeiture complaint.
It's not clear yet what exactly happened with the Hansa shutdown, but Wainwright said the investigation relied on technical assistance from a private firm.
"There was certainly help that we received from Bitdefender at a technical level," Wainwright added, referring to the cybersecurity company that makes anti-virus software. In 2014, the company offered to help police fight cybercrime, by reverse engineering malware or taking on other technical tasks.
Catalin Cosoi, chief security strategist at Bitdefender told Motherboard in an email "Unfortunately, even though we would love to, we cannot give specific details about the investigation." Cosoi added that the takedown was an example that public and private partnerships are successful. "We are glad to provide our technical expertise in fighting cyber-crime to help make the world a better place."
That help, Wainwright added, "was an important, very early step in this that allowed Europol to then find the first investigative lead, the second lead," Wainwright continued. "Then a lot of technical help afterwards, operating under what effectively was the judicial authorization of the Dutch."
Investigators have previously used hacking tools or computer exploits to identify users of dark web sites. Last year, a likely European law enforcement agency deployed a Firefox zero-day exploit on a dark web child abuse forum.
When Motherboard asked if a similar technique had been used on Hansa, Wainwright implied that some form of technical tool was used in the investigation, but declined to elaborate further.
Increasingly, law enforcement agencies are deliberately coordinating their announcements of dark web seizures, in the hope of making a greater impact. During Operation Onymous, which took down Silk Road 2.0 and several other markets, multiple law enforcement agencies claimed arrests around the world. For international Operation Hyperion, several agencies announced package seizures and investigations at the same time, even though much of the operation itself was PR hot-air. The dual takedowns of AlphaBay and Hansa followed a similar model; with many users ironically migrating to Hansa once AlphaBay closed.
"A strategic interest, I think, is to operate at scale, with impact, so that we can dismantle a large part of the infrastructure in one go, rather than nibbling away at it," Wainwright said.
Updated: This piece has been updated to include additional comment from Wainwright.