How the Seizure of AlphaBay Lead to an Anti-Terrorist Operation

Published:
Updated:
Category:

News

alphabay_explosive_thumbnail

Alphabay is a debunked dark-net market. Up until its shutdown in late 2017, the platform grew significantly. The market has grown so big it was a big part of international crime business. Alphabay hosted all types of criminal activity, you just had to be a vendor and you could create a listing for anything. Drugs, fraud, weapons even poisons, Alphabay did not have limits.

Getting Under the Radar

After the seizure of the market, a counter-terrorist operation was initiated. The plan was to discover Mohamed Humza and his residence in London. The contents of a Macbook computer led the investigation and established a link to the suspect. Mohamed used Tor browser to access the dark-net and conduct his illicit activity.

The investigation also established another link. The suspects internet search history was related to the illicit activity. It was found that the suspect has also searched the key words "shipping gun to the UAE". Investigators found that Humza was loyal to Alphabay market. As hard as the investigators looked, there was no evidence of his presence on any other market. Competing marketplaces such as Silk Road had no link to the suspect.

Police also found some other clues about the suspect. Mohamed expressed interest in a New York driver's license. Not just that by they found he was looking or an electronic hotel key bypass gadget.

Court records mention some more details about the 29 year old man. Mohamed was operating under the username mh.nn243. This is the username he used on the AlphaBay marketplace. On AlphaBay, Mohamed tried looking for dangerous explosives. Specifically F1 fragmentation grenades and Semtex explosives.

Leading the Investigation

Humza was found and arrested in November of 2016. While on AlphaBay rocking his mh.nn243 username the user fell for a very common trap. The suspect got in trouble after unknowingly getting in touch with an FBI agent to order the explosives. Fortunately the suspect was stupid enough to lead the FBI to him.

Since his arrest, the threat actor has denied any charges leveled against him. The charges laid against him are for trying to possess an explosive for illicit purposes. This is between the months of July and September 2016.

Interestingly enough, the suspect not only lacked an understanding of reality alongside anonymity. The username used helped investigators confirm their target. Not only he used his initials in his username but hist wife's, Nazir Naz too.

On the 8th of October, the National Crime Agency provided the evidence needed by the court to prove Humza is the suspect. The critical evidence provided was enough to prove that Humza has accessed AlphaBay. Not just that but it also proved he accessed it to illicitly source explosives.

Anders Ho is a part of the Dark-Web intelligence and Exploitation Unit intimated at the NCA. He mentioned that the suspect has executed a number of test purchases on the market. This was done right before the platform was shutdown by U.S. law enforcement.

The jury at Mohamed's trial had more details on the case. He found that mh.nn243 made multiple requests to an AlphaBay vendor for 4 grenades priced at $115 each. These grenades would be shipped to Watford, Hertfordshire.

The business deal was never confirmed but mh.nn243 showed enough interest. Mohamed then transferred enough cryptocurrency for 2 grenades onto an escrow platform. This is the first and main step in placing an order on the dark-web. This is also enough evidence to support the suspects interest and prosecute him.

As it turns out the undercover law enforcement who pretended to be a vendor could not proceed with the order. He claimed that he run out of grenades and transferred the funds back to the suspect.

At this point the suspect spoke too much and gave law enforcement much needed details. The suspect mentioned his need to purchase Semtex and a fuse detonator. At this stage of the undercover operation, law enforcement was led to the suspect's residence. After raiding him at Watford, the suspect was taken into custody and is due to face court. As it stands the trial is still in progress.

Conclusion

As it turns out, law enforcement presence on the dark-net can lead to positive results. Typically this many resources would not be poured into finding a typical dark web drug buyer. This is an example of law enforcement focusing on important dark-web targets. This is one of the earliest cases of undercover law enforcement presence on the dark-web.

Leave a comment

Captcha