thegrugq's article Dark Net Trap on the mistakes made by Alphabay Admin Alpha02

THE ARTICLE

Written in his article, LE learned in December 2016 that Cazes' email was included in the header of Alphabay's welcome email to new users sent in December 2014. THEY WERE TIPPED OFF by someone.

Alexandre Cazes' email Pimp_Alex_91@hotmail.com was found in myspace, linkedin, exploit.in and 000webhost breaches too, and is confirmable on the website HaveIBeenPwned

He saved the server passwords in a unencrypted txt file. He also had a document describing his various financial assets in a txt file too in which he reportedly claimed to have a net worth of $23 million. He made blunder after blunder.

A guy was even able to reset Alexandre Cazes' Linkedin password and take control of the account, even his 000webhost account!!!

The article is well worth the read, do check it outl.


I've been reading thegrugq for a while. He's a security researcher and regularly writes articles on cybersecurity, anonymity, privacy, etc.


Comments


[16 Points] Clay_Bateman:

Unbelievable. You expect a few of us low level users to make these mistakes but not the guy in charge of the largest DNM ever seen.


[10 Points] heroinlobotomy:

Love grugq. He has some pretty good lectures uploaded to Youtube. Check them out if you wanna go a step further in your opsec, or practice internet security as a trade.


[5 Points] Wheredmydickgo:

Isnt it convenient that he isn't around to refute that evidence... i mean do you really think he would have just left all of that lying around?? I dont even think your average fucking reddit user would have done that, let alone someone with a serious reason to be paranoid. Im calling bullshit. Theyre using tools that they arent willing to discuss


[5 Points] stabBarbie:

All my passwords are in an unencrypted text file when I have it opened, when I'm done I close the container and now its encrypted, they caught him with the laptop opened logged in so it makes sense it wasnt encrypted


[4 Points] cdimeo:

The Krebs article also said they received a "tip" about the physical location of hansa servers. That could be anything, but I wonder if one or both weren't actually something along the lines of someone in the community finding a vulnerability, going for blackmail, and if nothing comes of that, turning them in. Or competition. That'd be brutal as fuck.


[3 Points] None:

[deleted]


[2 Points] twototheloo:

I think LE try to control the news flow.

If AB en Hansa were busted on the same day all would have been forgotten by now. By separating AB en Hansa they stay in the news much longer. Every day more vendors and buyers are getting scared. If rumors about Dream are true they the next victim and LE will tell that story loud and proud.

After that it will get quiet. Remaining markets, vendors and buyers will tighten their opsec. Unless they have a tor exploit it will get much more difficult for LE to take down dnm's