US law enforcement takes down site hosting Medicare data sale

AlphaBay, Hansa darknet marketplaces shut down

The US Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA), the Dutch National Police, and Europol have cracked down on darknet markets, shutting down two of the major Tor-concealed marketplaces for illegal goods and services: Hansa and AlphaBay.

The US Department of Justice overnight announced that it had seized AlphaBay, the darknet market site that hosted the so-called ‘Medicare Machine’ service.

AlphaBay has been offline since 5 July.

The Medicare Machine was a service that offered to obtain the Medicare card details of any Australian when provided with his or her name and date of birth.

The Australian Federal Police are investigating the service and the government has commissioned a review into the HPOS service believed to be the source of the data.

AlphaBay was considered to be the largest darknet market. The site’s alleged operator, Canadian Alexandre Cazes, was arrested in Thailand earlier this month. He died in custody, apparently taking his own life.

The Department of Justice said investigators had found Cazes' personal Hotmail email address, Pimp_Alex_91@hotmail.com in the header information of a welcome email sent to new AlphaBay users in December 2014.

AlphaBay was believed to have more than 200,000 users and 40,000 vendors. It supported transactions using a range of cryptocurrencies including Bitcoin, Monero and Ethereum.

“This is likely one of the most important criminal case of the year,” US attorney-general Jeff Sessions said at a press conference announcing the seizure.

“Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organizations who think they can commit their crimes with impunity by ‘going dark.’

“This case, pursued by dedicated agents and prosecutors, says you are not safe.  You cannot hide. We will find you, dismantle your organization and network.  And we will prosecute you.”

Investigations by Dutch National Police, aided by Bitdefender, led to the location of infrastructure for the Hansa marketplace. Servers have been seized in the Netherlands, Germany and Lithuania.

Two alleged Hansa administrators have been arrested in Germany.

Europol revealed that the Dutch National Police had taken over the site on 20 June, monitoring its usage.

“In the past few weeks, the Dutch Police collected valuable information on high value targets and delivery addresses for a large number of orders,” Europol said.

“Some 10 000 foreign addresses of Hansa market buyers were passed on to Europol.”

At least one forum dedicated to darknet marketplaces is warning its users to avoid using the Dream Market, one of the next most popular sites. A snippet of JavaScript on the site contains an IP address associated with Swedish web host Loopia AB.

Computerworld has confirmed the code is still present on the Dream Market Site; however the presence of the IP address in the code, apparently used for a pop-up chat function, does not necessarily indicate Dream Market’s infrastructure is hosted by Loopia (or hosted in Sweden).

Join the newsletter!

Error: Please check your email address.

Tags securityDarknetcyber security

More about ABAustralian Federal PoliceDepartment of JusticeEuropolFBIFederal Bureau of InvestigationFederal PoliceHotmailUS Department of JusticeUS Federal Bureau of Investigation

Show Comments

Market Place