Fake Russia Connection? Cybercrime Takedown Reveals Errors
BartSimpson @ Fri Jul 21, 2017 2:38 pm
https://www.usnews.com/news/articles/20 ... were-wrong
Full Title:
$1:
Fake Russia Connection? Cybercrime Takedown Reveals Assumptions Were Wrong
People erroneously believed the world's largest darknet market was Russian.
During AlphaBay's two-year reign as the world's largest online black market, many observers believed the eBay-style site owed its success to being headquartered out of reach of U.S. authorities behind a re-emerging Iron Curtain.
The Russia explanation seemed obvious until the site was busted this month.
Court documents and official statements released this week say the site actually was run by Canadian citizen Alexandre Cazes, who lived in Thailand, had bank accounts in Switzerland and Liechtenstein and owned properties in Cyprus and the Caribbean.
The FBI said in a statement its work "to seize AlphaBay’s servers and shut down the site" was assisted by "authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, along with the European law enforcement agency Europol."
So why did people suspect the site was based in Russia? Because hints from site operators pointed convincingly in that direction.
Among the apparent clues, vendors were banned from selling hacked Russian information. Trading rules required malware to have a "built-in function" preventing installation on computers using Russian IP addresses – numeric designations that identify locations online – "or any other electronic devices belonging to Russian citizens or government."
The protections extended to Russia-friendly countries that are members of the post-Soviet Commonwealth of Independent States, and the leading site administrator, the anonymous Alpha02, signed messages with the Russian phrase "Будьте в безопасности, братья," meaning "Be safe, brothers." Russian-language subforums also were popular.
CyberScoop News laid out the evidence earlier this year, writing that the business "from all appearances, hails right from the heart of global cybercrime: Russia."
Cazes, who authorities say used the account Alpha02, was found hanged July 12 in a Thai jail, an apparent suicide after the FBI quietly seized the site on July 4. No Russia connection is described in an indictment against Cazes, 25, or in a complaint seeking to seize his assets, leading to questions about why the operator would cultivate the misimpression.
At least three theories are being offered as possible explanations.
Nicolas Christin, a Carnegie Mellon University professor who has tracked online darknet sales, offers two: "an attempt to throw the police off-scent" or "perhaps to protect vendors and/or operators from investigations by the Russian police."
"It's hard to tell," he says.
Troy Hunt, an Australian cybersecurity expert who maintains the hack-tracking website haveibeenpwned.com, offered similar potential explanations.
"I can only speculate on the reasons, including a potential false flag to throw suspicion toward Russian operators or concern over Russia more likely taking a harder stance against the service than other nations if their citizens are impacted," he says.
Robert Gehl, a University of Utah professor who followed the site, says, "I'll admit, I suspected that AlphaBay was based in Russia myself, mainly because that was the prevailing wisdom on its forum and other forums."
Gehl says he leans toward adhering to "the theory that they did so to create a false impression."
People erroneously believed the world's largest darknet market was Russian.
During AlphaBay's two-year reign as the world's largest online black market, many observers believed the eBay-style site owed its success to being headquartered out of reach of U.S. authorities behind a re-emerging Iron Curtain.
The Russia explanation seemed obvious until the site was busted this month.
Court documents and official statements released this week say the site actually was run by Canadian citizen Alexandre Cazes, who lived in Thailand, had bank accounts in Switzerland and Liechtenstein and owned properties in Cyprus and the Caribbean.
The FBI said in a statement its work "to seize AlphaBay’s servers and shut down the site" was assisted by "authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, along with the European law enforcement agency Europol."
So why did people suspect the site was based in Russia? Because hints from site operators pointed convincingly in that direction.
Among the apparent clues, vendors were banned from selling hacked Russian information. Trading rules required malware to have a "built-in function" preventing installation on computers using Russian IP addresses – numeric designations that identify locations online – "or any other electronic devices belonging to Russian citizens or government."
The protections extended to Russia-friendly countries that are members of the post-Soviet Commonwealth of Independent States, and the leading site administrator, the anonymous Alpha02, signed messages with the Russian phrase "Будьте в безопасности, братья," meaning "Be safe, brothers." Russian-language subforums also were popular.
CyberScoop News laid out the evidence earlier this year, writing that the business "from all appearances, hails right from the heart of global cybercrime: Russia."
Cazes, who authorities say used the account Alpha02, was found hanged July 12 in a Thai jail, an apparent suicide after the FBI quietly seized the site on July 4. No Russia connection is described in an indictment against Cazes, 25, or in a complaint seeking to seize his assets, leading to questions about why the operator would cultivate the misimpression.
At least three theories are being offered as possible explanations.
Nicolas Christin, a Carnegie Mellon University professor who has tracked online darknet sales, offers two: "an attempt to throw the police off-scent" or "perhaps to protect vendors and/or operators from investigations by the Russian police."
"It's hard to tell," he says.
Troy Hunt, an Australian cybersecurity expert who maintains the hack-tracking website haveibeenpwned.com, offered similar potential explanations.
"I can only speculate on the reasons, including a potential false flag to throw suspicion toward Russian operators or concern over Russia more likely taking a harder stance against the service than other nations if their citizens are impacted," he says.
Robert Gehl, a University of Utah professor who followed the site, says, "I'll admit, I suspected that AlphaBay was based in Russia myself, mainly because that was the prevailing wisdom on its forum and other forums."
Gehl says he leans toward adhering to "the theory that they did so to create a false impression."
More at the link.
BartSimpson @ Fri Jul 21, 2017 2:40 pm
I suspect the guy played the BS that Russia was behind all sorts of hacking because as Dr. Caleb likes to point out: Confirmation Bias.
A large number of people are wanting Russia to be at fault for cybercrimes so it's easy to play on their biases and let them blame Russia and maybe even overlook obvious evidence that points elsewhere...because Trump and because Russia.
Except it wasn't Russia.
It was a fucking Canadian! 