The Hunt for the King of the Dark Web

On the morning of July 5th, 2017, a man sits in front of his laptop in his villa in Bangkok. Online he is only known under a pseudonym: Alpha02 He is a multi-millionaire, lives a luxurious life and drives expensive cars. He feels safe in Thailand.

Suddenly, he hears a loud bang in front of his house. A woman crashed her Toyota Camry into his front gate. He leaves everything behind and runs out of his house to the scene of the accident.

A mistake with serious consequences. The driver is an agent of the Royal Thai Police force. FBI and DEA investigators have been waiting for this moment for months.

Authorities from seven countries have worked relentlessly towards this day. Will the hunt for the king of the dark web finally come to an end? The Wired journalist Andy Greenberg has published the story on the hunt for the Darknet kingpin in a multi-part series.

Additionally, there's a phenomenal Darknet Diaries episode on Operation Bayonet, which is covered in chapter 3 of this video. You can find both links in the description. It's the early 2010s.

The dark web is picking up speed. The promises of anonymity and privacy are attracting more and more people. Thanks to Bitcoin, there is a new form of payment that isn't controlled by authorities.

It's become easier than ever for criminals to sell their products online at a massive scale. With the advent of the dark web, the gigantic global game of cat and mouse began and it continues to this day. The Silk Road is perhaps the most legendary dark web marketplace to date.

The platform went live in February 2011 and became incredibly popular. More than 100,000 customers bought drugs there, but only 2. 5 years later, the operator of the site was caught and the Silk Road went offline.

The authorities wanted to set an example in the fight against drugs. The Silk Road founder received a life sentence. But the business was too lucrative to drive away other operators.

So after the closure of the Silk Road, the number of darknet markets exploded. They all fought for the top spot. Silk Road 2.

0 was released just 35 days after the closure of its predecessor. The site survived less than a year. Evolution was another popular marketplace with a comparable size to the two Silk Roads.

To buy things on evolution, you had to pay Bitcoin to an account on the platform, a kind of dark web escrow account. And once the items arrived to the customers, the sellers were paid. There was an incredible amount of money with the platform operators at all times.

At some point, these operators decided to steal this money, a so-called exit scam. Agora has also been named as a worthy successor to the original Silk Road. But the founders voluntarily took the site offline in August 2015.

Business was getting too hot. Exit scams, arrests, voluntary withdrawals and hacks. All of these were benefiting a new emerging dark web market: AlphaBay.

In July 2014, a man who calls himself "Alpha02" starts to develop AlphaBay. Only five months later, his platform goes live. Initially, only stolen credit card data is offered and sold, but AlphaBay quickly begins to offer more lucrative products.

In addition to data and logins, there are now drugs, weapons and malware. Services such as money laundering are also offered. Few things are forbidden.

But items or data related to child abuse hit-and-runs and stolen bank account information from Russia is strictly prohibited. AlphaO2 probably doesn't want to mess with Russian law enforcement agencies. Maybe he also wants to pretend to be Russian in order to mislead investigators.

The website itself works similar to Amazon. It is user-friendly, there are search functions, filters and categories You are able to pay with Bitcoin, Monero or Ethereum. This is supposed to provide anonymity.

AlphaBay even offers a so-called tumbler, purchases are blurred by bundling multiple transactions from different people. The platform works well and dominates the dark web. While other marketplaces popped up and disappeared.

AlphaBay remains strong. The number of users is growing rapidly. Barely a year after it was founded, the site has more than 200,000 registered users and 40,000 sellers.

In 2017 AlphaBay has over 300,000 items on their website and over half a million dollars in sales every day. AlphaO2 is making money with every single transaction receiving a share between 2 to 4%. He becomes a multimillionaire.

Right now, an entire team is working on AlphaBay. Alpha02 has a representative named "DeSnake", several moderators who handle disputes between buyers and sellers and a PR manager. With the site's explosive success the founder decides to retire from day-to-day operations.

He renames himself. "Alpha02" simply becomes "Admin" From now on, communication only runs through “DeSnake”. As AlphaO2 retreats, American investigators are paying more and more attention to his true identity.

Who is the powerful mastermind behind the platform ruling the dark side of the Internet? A hunt that stretches across the globe and will last for more than several years begins. You don't have to surf the dark web to find malware.

The regular Internet is full of malicious ads and pop-ups. That brings us to NordVPN. NordVPN has many features, such as built-in threat protection, which can detect and block malicious ads and pop-ups on websites.

With a VPN you can also change your location virtually. And that's super easy. You select a country, click on it, and you're surfing from the U.

S. VPNs can also help you bypass many geoblockings. Streaming services have different catalogs in different countries.

With NordVPN you can access all of those catalogs. This also works with news portals such as the New York Daily. The site cannot be accessed from most of Europe.

So just select a server in the US and you can read through their articles. At nordvpn. com/ferntv you can get an additional 4 months on a two-year plan and there's also a 30-day money-back guarantee.

You also support our channel. So thank you. The American investigators want to find out where AlphaBay servers are located.

With access to the servers they can close the platform or secretly infiltrate it and perhaps locate the operators. IP addresses provide information about the locations of users and servers. In closed networks like TOR.

Website requests are routed through a number of random servers around the world. Routing through many servers cannot be traced back. It is purposely made difficult to find out where servers, operators and sellers are located.

Because of that, the American investigators had to try a different way. They start browsing the platform and buy drugs anonymously, hoping for any mistakes by the sellers. Perhaps the product's packaging or postage stamps can provide clues to the identity of the respective drug dealer.

Then they could arrest him. But these are just the small fish. Dealers come and go.

Investigators want Alpha02. But the mastermind behind AlphaBay seems to take every precaution. He seems to know every rule of the game.

So the investigators become desperate until December 2016. Robert Miller sits behind his desk in Fresno, California. He works for the DEA, the American Drg Law Enforcement Agency.

He's working on AlphaBay. And until this day, it was a pretty thankless job. But suddenly, an email appears in his inbox.

The sender is anonymous. It seems like AlphaO2 made a fatal mistake in the early days of AlphaBay. Every user who registered on the website at the time received a welcome email.

The email address of the true sender was visible in the metadata of this email. Although the error was immediately corrected, the anonymous tipster saved one of those first welcome emails. Maybe the tipster was one of Alpha02's first customers, maybe an operator of a competing site that got a hold of the mail somehow.

Who knows? Anyway, he silently watched AlphaBay growing on the dark web, only to then hand the mail address over to the DEA. The email address is.

. . pimp.

. . pimp_alex_91@hotmail.

com This email was the breakthrough for Millar and his colleagues Via the email address, the investigators find photos from 2008 and 2009 of an "Alex" on Skyrock. com That's a French-language social media platform. He also linked an old dating profile.

The profile lists Trois-Rivières as his hometown. It is located in southern Quebec, Canada. According to the profile, he was 17 years old at the time.

So the 91 in his email address could be the year he was born. He would have been 23 years old when AlphaBay was founded. The username "Alpha02" also appears on a French-language technology forum.

In 2008 he explained how to remove a virus from an image. His email address is at the bottom of the post and also his full name. Alexandre Cazes.

The investigators have his name, but where is he? They find Caze's PayPal account. He provided his private email address there as well.

Through his LinkedIn profile, they also find out that he works as a freelance software designer. He also seems to run his own tech company called EBX Technologies. On Facebook the investigators find the profile of his fiancee, a Thai woman.

Apparently, the Canadian lives in Thailand. The clues lead investigators to the country's capital, Bangkok. With the help of Thai authorities, the investigative team identifies three properties owned by Cazes in the city.

One house is located in a gated community. Alpha02 lives there with his wife. Then there's a second house and a 3 million worth mansion in the outskirts of Bangkok.

He also has a holiday home in Phuket and is in the process of buying another villa in Cyprus. Investigators begin tailing him. The lifestyle of the multi-millionaire, includes several cars.

Cazes enjoys driving around Bangkok in his Lamborghini. Agents watch him, follow his routes and track his iPhone. Whereas Cazes lives in a beautiful house of his wife, He invites his many affairs to one of his other houses in Bangkok.

The investigators called that place the "Bachelor Pad". Cazes is an active member of a pickup artist forum. There, men give each other advice on how to be successful with women.

Under the name Rawmeo Cazes publishes conservative family values and keeps a quasi-sexist live blog about his "successful" sex life. Other than that, his everyday life is quite normal. Pretty unspectacular for the King of the dark web.

He gets up early, checks his social media accounts, works and is home a lot. From time to time, he attends a language course or goes out to eat with his wife. Around these routines, the authorities meticulously plan his arrest.

In June 2017, a few weeks before the attack, a few American agents were sitting in the lounge of the 5-star Athenee Hotel in Bangkok. Suddenly Cazes appears. He parks his Porsche Panamera at the entrance and casually strolls through the lobby area straight towards the agents.

There are thousands of hotels in Bangkok. Are they busted? Has the king of the dark web outwitted them?

Cazes sits at a table a few meters away from the agents. They have never been so close to him. But he only meets for a business dinner.

An incredible coincidence. At this point, no one suspects that just one month later, Cazes will be dead. AlphaBay is the largest darknet market in the world at this time.

But there is competition. In Europe, the Hansa Market is growing rapidly, keeping European authorities busy. Dutch investigators find the servers of the Hansa Market thanks to a tip from a security researcher.

They're located in a data center in the Netherlands. Unique opportunity arises. They monitor the servers, copy the data and dig through countless chat entries from the operators of the site.

They find out that the operators are Germans, who probably still live in Germany. Together with the German Federal Criminal Police ("BKA"), the Dutch want to bring the Hansa Market under their control. But suddenly the Hansa Market disappears from the Dutch servers.

The admins probably found out that their servers had been copied. In the chats of the operators the authorities also find a few Bitcoin addresses. They start tracking the transactions of these bitcoin wallets until they end up at a Dutch crypto exchange.

They contact the exchange and ask for the data. The bitcoins lead to Lithuania. Together with the authorities there, the Germans and the Dutch try and locate the new servers.

This time the authorities want to strike. But something unexpected happens. The FBI tells European authorities about their plans to arrest AlphaO2 and to shut down AlphaBay.

"Operation Bayonet" is born. The operation is led by the FBI and DEA and involves the cooperation of law enforcement agencies from a total of 7 countries. Europol is also involved.

The FBI is instructed to wait with the takedown of AlphaBay until the Dutch in cooperation with the Germans have taken control of the Hansa Market. If AlphaBay is taken down, Hansa would be swamped with new buyers and sellers. This is often the case in the dark web when a site closes or if there's an exit scam, customers and dealers simply move.

But this time, customers and dealers would move to a site that's been hijacked by law enforcement. With that data, the Dutch could convict thousands of unsuspecting criminals. A honeypot.

Alexander Cazes knows nothing. He continues to drive through Bangkok in his Lamborghini, writes nonsense in his favorite forum and cheats on his wife. On June 20th, 2017, the first part of the mission succeeds.

The data center in Lithuania is stormed by Dutch forces. At the same time, German authorities arrest the two operators of the Hansa Market in Siegen and Cologne. The operators cannot warn anyone before their arrest.

The Hansa Market is under Dutch control and nobody in the dark web knows about it. July 5th, 2017, Bangkok. It’s time.

There's a warrant for Cazes. Today, the Royal Thai Police, DEA and FBI will arrest him. Alpha02 could finally be put down after more than 2 years.

A gray Toyota Camry drives down a dead-end road towards Cazes house with the Royal Thai Police force agent at the wheel. She tells the security guard that she took a wrong turn. She wants to turn around, but "unintentionally" causes a minor accident.

The noise and chaos are supposed to lure Cazes out of his house. He's supposed to come out spontaneously without thinking about it. This part is important: In the optimal case, his devices should stay unlocked when he is getting arrested.

If his hard drives were locked and encrypted, it would be difficult for authorities to access AlphaBay. Cazes leaves his house and approaches the Toyota. He has a cell phone on him.

Suddenly, several officers try to catch Cazes. He attempts to run back inside, possibly to shut down his computer. But he's overpowered.

The investigators run into his house and look for his laptop. It's in the bedroom on and not on Stand by. The officials have caught him.

Alpha02 is still logged into the server hosting AlphaBay. Investigators searched the laptop and find multiple passwords for the AlphaBay website and servers. The Canadian had a fortune of $23 million.

Authorities confiscated his luxury cars, houses a hotel and millions in cryptocurrency. Cazes wife is charged. The Thai woman is accused of money laundering.

[Trigger Warning Suicide - Skip Forward 20 Seconds] 1 week later, on July 12. Alexander Cazes is dead. He committed suicide while in custody.

The King of the Dark Web is history. The shutdown of AlphaBay by authorities is being purposely kept secret for the time being when the platform is suddenly offline, no one knows why. An exit scam?

A hack? Have the operators retired? As expected, countless users migrate to the other Darknet platforms, including the Hansa Market.

For four weeks, the Dutch authorities watched thousands of criminals trade on the platform. They collect valuable incriminating evidence. So on July 20th, 2017, the Hansa Market is shut down as well.

On the same day, the US Department of Justice announces the end of AlphaBay and Hansa, a gigantic success for the global authorities. The dark web itself is not an evil technology just for criminals. We need places on the Internet in which whistleblowers and journalists are relatively safe.

Marketplaces like AlphaBay or however still part of the picture. The global game of cat-and-mouse is far from over. The demand for illegal drugs, weapons, counterfeit money and malware is too high.

It didn't take long for the Hansa Market and AlphaBay to be forgotten. Users flocked to other existing platforms. A number of new Darknet markets sprouted up and positioned themselves better than the former market leaders.

The Russian Darknet market Hydra was at times more than twice the size of AlphaBay. In 2021, it was also shut down by German and American authorities. So now there's a new contest for the title of the King of the Dark Web.

A promising contender is the "DeSnake". He relaunched AlphaBay in 2021 and still runs the darknet marketplace to this day.