Big day - Law enforcement seizure and takedown of two major cybercrime forums, documents up on the site now thanks to @Alvaro_In_Tech
lawfareblog.com/document-law-e…
lawfareblog.com/document-law-e…
Let's dig into the first one--Indictment against Dmitry Olegovich Pavlov, an alleged operator and administrator of the servers used to run Hydra Market, “the world’s largest and longest-running darknet market”
Hydra was created around 2015 as "a result of a partnership... in order to compete with another Russian darknet market..."
The other market (not named) has been taken down, and now Hydra is too- bummer for criminals, I guess
The other market (not named) has been taken down, and now Hydra is too- bummer for criminals, I guess
Hydra served a Russian-speaking market and the indictment describes some main areas of what the marketplace offered: drugs, hacking services, money laundering, fake IDs.
As for drugs, there was a "variety"--incl. cocaine, heroin, methadone, methamphetamine, LSD, and opioids.
In Sept 2020, undercover law enforcement bought 5 grams of methamphetamine hydrochloride from a vendor on the site
In Sept 2020, undercover law enforcement bought 5 grams of methamphetamine hydrochloride from a vendor on the site
VENDORS--like other marketplaces, buyers could rate products and vendors with a 5-star system.
Vendors also tried to jazz up their listings with artistic photos, like this one for fake passports that features Cruella de Vil (???)
Vendors also tried to jazz up their listings with artistic photos, like this one for fake passports that features Cruella de Vil (???)
Fake passports, by the way, were available in 1-3 weeks plus shipping--if only real passports came through that fast!
Okay, let's talk money. The indictment estimates that Hydra received about $5.2 billion in crypto from 2016-2022 and that Hydra accounted for about "80% of all darknet market-related cryptocurrency transactions."
Hydra seems to have made its money by taking a cut of all the transactions on the site.
Where does it go now? Well, the indictment calls for the forfeiture to the US govt “any property, real or personal, involved in such offense, or any property traceable to such property.”
Where does it go now? Well, the indictment calls for the forfeiture to the US govt “any property, real or personal, involved in such offense, or any property traceable to such property.”
Hydra also had a "in-house mixing service" which would launder and then process vendor's cryptocurrency withdrawals.
Apparently this was such a popular service that people set up dummy vendor accounts just to use the service to launder their coins.
Apparently this was such a popular service that people set up dummy vendor accounts just to use the service to launder their coins.
Undercover law enforcement used this service to conduct a transaction in 0.15 Bitcoin--somebody comment with how much that was (November 2021).
Hydra took a cut, but again it doesn't say how much
Hydra took a cut, but again it doesn't say how much
Anyway, that's Hydra- and DOP was an active administrator for the site--the full indictment against him is for Money laundering conspiracy, Narcotics conspiracy, Forfeiture allegation.
Will update this thread later on the second doc so stay tuned!
Will update this thread later on the second doc so stay tuned!
Okay let's dig into the second document, indictment of Diago Santos Ceolho and seizure of RaidForums
Here's the link and thank you to @Alvaro_In_Tech
lawfareblog.com/document-law-e…
Here's the link and thank you to @Alvaro_In_Tech
lawfareblog.com/document-law-e…
Coelho is the alleged founder and chief admin of RaidForums, "a popular marketplace for cybercriminals to buy and sell hacked data."
He also goes by: Omnipotent, Downloading, Shiza, and... Kevin Maradona
He also goes by: Omnipotent, Downloading, Shiza, and... Kevin Maradona
The indictment uses the term "access device" a LOT.
Per Justice.gov,this is any kind of data or equipment or whatever that can be used to obtain money or other valuable things.
Examples: password, credit card #, SSN, bank routing #
justice.gov/archives/jm/cr…
Per Justice.gov,this is any kind of data or equipment or whatever that can be used to obtain money or other valuable things.
Examples: password, credit card #, SSN, bank routing #
justice.gov/archives/jm/cr…
Coehlo's alleged crimes are all connected to access devices:
Conspiracy to commit access device fraud; access device fraud–using or tracking in unauthorized access device, possession of fifteen or more unauthorized devices, unauthorized solicitation; aggravated identity theft.
Conspiracy to commit access device fraud; access device fraud–using or tracking in unauthorized access device, possession of fifteen or more unauthorized devices, unauthorized solicitation; aggravated identity theft.
So, how did Coehlo's site RaidForum work?
It had four tiers of membership: Free, VIP, MVP, and God. The more expensive tiers gave you more access to the site--God tier was "almost unlimited."
It doesn't say how much the tiers cost
It had four tiers of membership: Free, VIP, MVP, and God. The more expensive tiers gave you more access to the site--God tier was "almost unlimited."
It doesn't say how much the tiers cost
Besides the tiers, the site sold credits to members which could then be used to "unlock" the products.
Criminals on the broker side could also earn credits by "posting instructions on how to commit certain illegal acts."
Criminals on the broker side could also earn credits by "posting instructions on how to commit certain illegal acts."
Coehlo also offered a middleman service for a fee--he would accept a buyer's crypto and a seller's product and verify it to both parties satisfaction before handing it on.
How much did he make? The indictment is suspenseful, throwing out different amounts here and there but right at the end (where it says Coehlo should forfeit it to the govt), it lists Coehlo's proceeds as "not less than $215,571."
The amounts it gives along the way are interesting.
A confidential source working for the FBI spent just $4,000 worth of Bitcoin on access devices (incl. SSNs and bank info) obtained from an "online tax filing company"
A confidential source working for the FBI spent just $4,000 worth of Bitcoin on access devices (incl. SSNs and bank info) obtained from an "online tax filing company"
In another transaction, undercover law enforcement sent Coehlo $4,000 in Bitcoin for access devices (credit card info) obtained from a hotel breach - and he never sent the data! #NoHonorAmongThieves (#Allegedly)
Getting into bigger numbers--hacked data from "a major telecommunications company" was put up for sale, with Coehlo acting as the middle man.
A sample was sold for $50k in Bitcoin, and the full set for $150k in Bitcoin.
The buyer? The hacked company itself! RIP "Company 3"
A sample was sold for $50k in Bitcoin, and the full set for $150k in Bitcoin.
The buyer? The hacked company itself! RIP "Company 3"
That's about that for Coehlo. Thanks for following along with us!
Give @Alvaro_In_Tech a follow for more tech news, and if you liked this thread, please check out our Patreon!
patreon.com/lawfare
Give @Alvaro_In_Tech a follow for more tech news, and if you liked this thread, please check out our Patreon!
patreon.com/lawfare
• • •
Missing some Tweet in this thread? You can try to
force a refresh
