Lawfare Profile picture
Apr 12 24 tweets 6 min read
Big day - Law enforcement seizure and takedown of two major cybercrime forums, documents up on the site now thanks to @Alvaro_In_Tech…
Let's dig into the first one--Indictment against Dmitry Olegovich Pavlov, an alleged operator and administrator of the servers used to run Hydra Market, “the world’s largest and longest-running darknet market”
Hydra was created around 2015 as "a result of a partnership... in order to compete with another Russian darknet market..."

The other market (not named) has been taken down, and now Hydra is too- bummer for criminals, I guess
Hydra served a Russian-speaking market and the indictment describes some main areas of what the marketplace offered: drugs, hacking services, money laundering, fake IDs.
As for drugs, there was a "variety"--incl. cocaine, heroin, methadone, methamphetamine, LSD, and opioids.

In Sept 2020, undercover law enforcement bought 5 grams of methamphetamine hydrochloride from a vendor on the site
VENDORS--like other marketplaces, buyers could rate products and vendors with a 5-star system.

Vendors also tried to jazz up their listings with artistic photos, like this one for fake passports that features Cruella de Vil (???) A screenshot of a product l...
Fake passports, by the way, were available in 1-3 weeks plus shipping--if only real passports came through that fast!
Okay, let's talk money. The indictment estimates that Hydra received about $5.2 billion in crypto from 2016-2022 and that Hydra accounted for about "80% of all darknet market-related cryptocurrency transactions."
Hydra seems to have made its money by taking a cut of all the transactions on the site.

Where does it go now? Well, the indictment calls for the forfeiture to the US govt “any property, real or personal, involved in such offense, or any property traceable to such property.”
Hydra also had a "in-house mixing service" which would launder and then process vendor's cryptocurrency withdrawals.

Apparently this was such a popular service that people set up dummy vendor accounts just to use the service to launder their coins.
Undercover law enforcement used this service to conduct a transaction in 0.15 Bitcoin--somebody comment with how much that was (November 2021).

Hydra took a cut, but again it doesn't say how much
Anyway, that's Hydra- and DOP was an active administrator for the site--the full indictment against him is for Money laundering conspiracy, Narcotics conspiracy, Forfeiture allegation.

Will update this thread later on the second doc so stay tuned!
Okay let's dig into the second document, indictment of Diago Santos Ceolho and seizure of RaidForums

Here's the link and thank you to @Alvaro_In_Tech…
Coelho is the alleged founder and chief admin of RaidForums, "a popular marketplace for cybercriminals to buy and sell hacked data."

He also goes by: Omnipotent, Downloading, Shiza, and... Kevin Maradona
The indictment uses the term "access device" a LOT.

Per,this is any kind of data or equipment or whatever that can be used to obtain money or other valuable things.

Examples: password, credit card #, SSN, bank routing #…
Coehlo's alleged crimes are all connected to access devices:

Conspiracy to commit access device fraud; access device fraud–using or tracking in unauthorized access device, possession of fifteen or more unauthorized devices, unauthorized solicitation; aggravated identity theft.
So, how did Coehlo's site RaidForum work?

It had four tiers of membership: Free, VIP, MVP, and God. The more expensive tiers gave you more access to the site--God tier was "almost unlimited."

It doesn't say how much the tiers cost
Besides the tiers, the site sold credits to members which could then be used to "unlock" the products.

Criminals on the broker side could also earn credits by "posting instructions on how to commit certain illegal acts."
Coehlo also offered a middleman service for a fee--he would accept a buyer's crypto and a seller's product and verify it to both parties satisfaction before handing it on.
How much did he make? The indictment is suspenseful, throwing out different amounts here and there but right at the end (where it says Coehlo should forfeit it to the govt), it lists Coehlo's proceeds as "not less than $215,571."
The amounts it gives along the way are interesting.

A confidential source working for the FBI spent just $4,000 worth of Bitcoin on access devices (incl. SSNs and bank info) obtained from an "online tax filing company"
In another transaction, undercover law enforcement sent Coehlo $4,000 in Bitcoin for access devices (credit card info) obtained from a hotel breach - and he never sent the data! #NoHonorAmongThieves (#Allegedly)
Getting into bigger numbers--hacked data from "a major telecommunications company" was put up for sale, with Coehlo acting as the middle man.

A sample was sold for $50k in Bitcoin, and the full set for $150k in Bitcoin.

The buyer? The hacked company itself! RIP "Company 3"
That's about that for Coehlo. Thanks for following along with us!

Give @Alvaro_In_Tech a follow for more tech news, and if you liked this thread, please check out our Patreon!

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Lawfare

Lawfare Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lawfareblog

Apr 14
In the latest episode of #ArbitersOfTruth, @evelyndouek and @qjurecic spoke with @KAlexaKoenig about how a post on social media becomes evidence in a war crimes prosecution.…
Although there have been "tremendous gains" in the past 7-8 years, @KAlexaKoenig says, the current conflict in #ukraine is a little like "building the airplane while you're flying."

The conflict has a huge amount of social media content, & investigators/platforms must take care
@KAlexaKoenig As @evelyndouek said, this episode is a masterclass in the different issues concerned with social media as evidence of war crime.

One big issue is the competing interests for platforms: preserving evidence of atrocities vs removing it due to the psych harm it causes to viewers
Read 7 tweets
Apr 14
A year ago today, Biden announced the withdrawal from Afghanistan. It ended at the Kabul airport where 1000s were left behind.

#ALLIES will tell the 20-year story of how the US failed its local eyes and ears in Afghanistan.

Listen to the trailer:… Image
From @BryceKlehm and @GoatRodeoDC, #ALLIES will take you, in 7 episodes, through the decades-long effort to honor America’s promises to its partners, and how that promise ended in catastrophe at an airfield in Kabul.
@BryceKlehm @GoatRodeoDC Premiering May 16th, #ALLIES will cover the time period from just before the invasion to now, and how veterans, advocates, lawmakers, and Afghans who made it to the U.S. continue to fight for those still in Afghanistan.

Watch the trailer on YouTube:
Read 4 tweets
Mar 29
Not even the plague can stop our editor in chief:

"It is no exaggeration to say that the history of the United States has never seen an account of a president’s conduct quite so devastating as the first nine pages of Judge David Carter’s opinion of Mar 28 in Eastman v. Thompson"
See also our thread about the text of the decision and read the document yourself 👇

And what our team wrote (Mar 3) when the Jan 6 committee filed a brief in this case arguing that Trump had committed the offense of obstruction:…
Read 4 tweets
Mar 28
Two new documents posted to our #January6 resource page by @rohini_kurup and @katherinepomps

Court order requiring John Eastman to turn over documents to the Committee, and Navarro and Scavino Contempt Report

Both found here:…
For those catching up - the #Jan6 Committee wants emails sent or received by Eastman between 3 Nov 2020 and 20 Jan 2021 - Eastman had claimed privilege over some, and the court has ruled against him.
The big takeaway from this court order though, of course, is the judge ruling that Trump’s actions “more likely than not constitute attempts to obstruct an official proceeding.”

(Starts on Page 31, “i. Obstruction of an official proceeding.”)

Read 6 tweets
Mar 25
On March 24, the Department of Justice unsealed two indictments against four Russian government employees for their alleged involvement in “two historical hacking campaigns targeting critical infrastructure worldwide.”

Posted by @Alvaro_In_Tech…
The two indictments are for United States v. Evgeny Viktorovich Gladkikh (June 2021) and United States v. Pavel Aleksandrovich Akulov, et al. (August 2021)
Let’s dig into Gladkikh first. He’s described in the indictment as an employee of the Russian Ministry of Defense and is charged with conspiracy to cause damage to an energy facility, attempt to cause damage to an energy facility and conspiracy to commit computer fraud.
Read 9 tweets
Mar 25
Two major government reports were released this March on the issues of internet crime and ransomware.

Posted by @Alvaro_In_Tech:…
@Alvaro_In_Tech First, the FBI released their internet crime report in which they say that “in 2021, America experienced an unprecedented increase in cyber attacks and malicious activity.”

Among the top: ransomware, business email compromise schemes, and the criminal use of cryptocurrency.
If you love a good graph, the FBI reports that the top state by both number of victims and amount of money loss is California, followed by Texas and New York. (Note that it is total, not per capita).
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!