He Escaped the Dark Web’s Biggest Bust. Now He’s Back
Just over four years ago, the US Department of Justice announced the takedown of AlphaBay, the biggest dark web market bust in history. Thai police arrested the site’s 26-year-old administrator, Alexandre Cazes, in Bangkok, and the FBI seized AlphaBay’s central server in Lithuania, wiping out a marketplace that was selling hundreds of millions of dollars a year worth of hard drugs, hacked data, and other contraband to its 400,000-plus registered users. The FBI called the disruption of the site a “landmark operation.”
But the fate of one key player in that massive black market scheme was never explained: AlphaBay’s former number-two administrator, security specialist, and self-described cofounder, who went by the name DeSnake. Now, four years after his market’s demise, DeSnake appears to be back online and has relaunched AlphaBay under his own singular leadership. After four years off the radar, he’s not keeping quiet about his return.
In an extended chat interview, DeSnake tells WIRED how he walked away unscathed from the takedown of AlphaBay, why he has resurfaced now, and what his plans are for the resurrected, once-dominant online black market. He communicated with WIRED via encrypted text messages, from a frequently changing series of pseudonymous accounts, after proving his identity by signing a public message with DeSnake’s original PGP key, which multiple security researchers verified.
“The biggest reason I am returning is to make the AlphaBay name be remembered as more than the marketplace which got busted and the founder made out to have committed suicide,” DeSnake writes. Cazes was found dead of an apparent suicide in a Thai jail cell a few weeks after his arrest; like many in the dark web community, DeSnake believes Cazes was murdered in prison. He was driven to rebuild AlphaBay, he says, after reading about an FBI presentation on the circumstances of Cazes’ arrest that he deemed disrespectful. “AlphaBay name was put in bad light after the raids. I am here to make amends to that.”
A kind of practical paranoia permeated DeSnake’s messages to WIRED, both on a personal level and in his plans for AlphaBay’s revamped technical protections. (DeSnake says he uses male pronouns.) The revived version of AlphaBay, for instance, allows users to buy and sell only with the cryptocurrency Monero, which is designed to be far more difficult to trace than Bitcoin, whose blockchain has proven to sometimes allow powerful forms of financial tracking. AlphaBay’s dark web site is now accessible not only via Tor, like the original AlphaBay, but also I2P, a less popular anonymity system that DeSnake encourages users to switch to. He repeatedly described his wariness that Tor may be vulnerable to surveillance, though he provided no evidence.
DeSnake says his security practices—both the ones he’s applying within AlphaBay and on a personal level—go far beyond those of his predecessor, Cazes, who went by the online handle Alpha02. Cazes was caught, in part, through Bitcoin blockchain analysis that confirmed his role as AlphaBay’s boss, a trick that would be far more difficult, if not impossible, with Monero. DeSnake argues that new safeguards like these will make AlphaBay that much harder to remove from the dark web this time around. “I had given [Cazes] many ‘holy grails’ of anonimity, but he chose to use only certain things while he branded other methods/ways as ‘overkill,’” DeSnake writes, in his seemingly foreign-inflected and occasionally misspelled English. “In this game there is no overkill.”
DeSnake credits his ongoing freedom to an operational security regimen that borders on the extreme. He says his work computers run an “amnesiac” operating system, like the security-focused Tails distribution of Linux, designed to store no data. He claims, in fact, not to store any incriminating data on hard drives or USB drives at all, encrypted or not, and declined to explain further how he pulls off this apparent magic trick. DeSnake also claims to have prepared a USB-based “kill switch” device designed to wipe his computers’ memory and shut them off in seconds if they ever leave his control.