Dream - The Infiltration Of The Dark Net

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

A lot of the video is background (stuff like bayonet & silk road 2.0), but if you already know all that then skip to around 35:30. Whole thing is great though.

👍︎︎ 8 👤︎︎ u/xach_hill 📅︎︎ May 01 2021 🗫︎ replies
Captions
today's video is brought to you by honey now as someone who's grown to realize that all i do is google things for a living i can attest to the fact that searching for things like discount codes is perhaps one of the darkest experiences you'll ever encounter where in some cases you might find yourself on the second page of google and while i've heard rumors about some brave folk who managed to use bing i heard they returned with a coupon code that expired look not all of us have that kind of bravery because that's where today's sponsor comes in honey is the 100 free browser extension that automatically tests coupons to help you save money from over 30 000 supported sites it's two clicks to install and it's as simple as doing your regular shopping then when you check out honey pops up and you just click apply coupons honey will then test all the codes it knows and if it finds one you get to enjoy those extra savings just recently i upgraded my keyboard and mouse and used honey at corsair to save 16 and since every dollar saved is a dollar earned get started keeping more of your money today by going to joinhoney.com barely sociable once again that's join honey.com barely sociable so they know i sent you thanks again to honey for sponsoring this video five weeks ago the fbi shut down what it calls the most sophisticated and extensive criminal marketplace on the internet silk road was a website selling drugs and other illegal goods but this morning as ben tracy reports it may be finding new life this reminds me you mentioned silk road when that went down uh we thought that was gonna have a big impact but this is an economy uh that sort of moves on right and two other three other sites pop up the new site has the same name and the same look on twitter wednesday the silk roads purported new operator announced silk road is back up deja vu anyone we rise again fbi agent swarmed a san francisco home and arrested a man who calls himself this next story is one that's caught the world's attention a canadian man who died while in custody in a thai prison is now accused of being an online kingpin going to build a fortune as the mastermind of the world's largest illegal online marketplace [Music] again like with the last scenario no marketplace has all been able to take on the position of [Music] now it's been a while since we've talked about the underground world of darknet markets however that's not to say that there's not much more to talk about as this topic is so expansive you could quite literally spend all day and night speculating on particular markets and the various mysteries that surround the world of cyber criminals and if there's something that's been made apparent with the silk road it's that taking down one market is guaranteed to lead to many other dark knit markets popping up shortly after and i'm sure many people aren't even aware of the fact the silk road wasn't even the first it was actually the farmer's market that was launched in 2006 and then later moved on to tour in 2010 and the site wasn't seized until 2012 making it one of the longest running digital illicit marketplace technically to this day and i must say that's a very incredible feat to go for six years longer than any crypto market using western union and paypal and in the context of the internet's early history it's believed that the very first transactions that took place via the use of network computers were stanford students using arpanet to contact mit students to arrange the pickup of flour now the reason i bring this up is because while darknet markets may be relatively new the use of technology to facilitate narcotics trade is not and has simply evolved over time and has changed the rules of the game as law enforcement has evolved along with it for instance the use of cryptocurrency and tor are just tools that have been adopted that have created another route of distribution and whenever new tools are adopted by cyber criminals it leads to some new rules for how the meta game works and as a result this has created a very very predictable life cycle to how these markets eventually come to an end while i touched a bit on this on my empire market video i'll reiterate myself once again and say that there are really only two ways that a dark net market will close but to give you a general idea let's go over the average life cycle of a dark net market the beginning of the market cycle will start with the site being founded where the goal is to build trust with users by providing them a good service generally the first zero to three months is spent onboarding vendors and trying to get a wide variety of products available however i will note that some sites are generally created never with the intent to sell anything but more so just to capitalize on the fact that another site has closed at which point when everybody leaves the old market and comes to the new one then they will take everyone's money and exit scam but assuming they are intending to stick around for the long haul the vast majority of them will still be gone within 4-8 months as those initial months will dictate the capability of the market admins during this portion of time you'll find that many dark net sites will succumb to hacking or voluntary closure if a darknet site manages to make it past a year they rarely close due to the result of hacking as the site admins have generally earned enough to reinvest back into their own site security but if a market manages to make it past this point that's when you'll often find that there are really only two outcomes the first way is that law enforcement will compromise the site and it will lead to the arrest of the operators such as the silk road and the second way is that the admins of a dark net market will do what is called an exit scam such as empire which i also did a video on x's scamming in case you are unfamiliar with the term is just when admins close down the market and basically cash out with all of the money left deposited in the escrow practically no market can stick around forever and the operators of dnm's are at all times just one mistake away from completely blowing their cover furthermore the longer the market is operating the more risk it is over time for those involved to get caught generally it doesn't matter how good you are at operational security when you are a human that can make mistakes so for the goal of many involved with dark debt markets is get in and get out exit scam and make a bunch of money but among all of the other markets that have come and gone in this exact same fashion one market has had a bit of a different set of revelations and that is what today's video is focused on the market we're going to be talking about today is dream market and to this day despite this market shutting down as one of the longest running and one of the largest at one point not any real definitive answers as to why this market closed has ever been given and as i stated just a moment ago there are really only two reasons that a dark net market will close assuming it sees this level of success and what was rather peculiar about dream market was that the admins of the site closed and allowed people to withdraw their money from the market with them not only announcing its closure but announcing it a month prior so everybody was able to get their money back considering the fact that those admins would have had to put their ass in the line for five and a half years building trust up on that site naturally you have to ask why would they give away the millions of dollars at the end if they didn't exit scam the only other option would be that they were compromised by law enforcement and as far as the official record goes only a single arrest of one prominent vendor and main moderator took place in 2017 but what is rather bizarre is that the market closed in 2019 and this very premise is what we are going to be discussing today because once you understand the full context of dream market it starts to point to something very peculiar going on on the dark web now when it comes to the archives regarding dream market i will note that it's nowhere near as extensive as the silk road where basically every vendor identity was pulled apart and analyzed bit by bit in complete archives but in the case of dream market it's just a few articles over the years and a short wikipedia entry and that may have been one of the market's stronger features it was able to keep a relatively low profile in its early years and its humble beginnings were easily overshadowed by the theatrical collapse of the silk road and the hectic news cycle that followed nonetheless dream market launched in november of 2013 via the use of deep.wabba with the operator of the site going by the pseudonym speed stepper and a dream was just one of the many markets that were popping up during this time making it very easy to get lost in the noise when the new wave of darknet markets made it onto the scene during the deep dot web era now during this time period the barrier to entry for creating a dark debt market was low and as a result it created a massive influx of short-lived markets from cyber criminals with little to no experience and the desire to make lots of money in a short time and the reason i call it the deep dot web era is because one review site basically streamlined the process of connecting markets with buyers on the surface web this vastly grew this underground industry and put law enforcement behind for several years essentially playing whack-a-mole and to understand why this occurred if you're familiar with the story of the silk road marketplace think back to how ross ulbrich first advertises silk road he acted as if he had just stumbled upon a random website and was vouching for its legitimacy on shroomery.org a surface web forum and realistically all it took for the feds was a trip to google to find the moniker altoid was the first person to mention the site's existence on the surface web now naturally this was just one of the multiple operational security failures from ross ulbricht but it would have been a hurdle for anybody else at the time too marketing a dark net site needs some degree of word-of-mouth marketing and people to vouch for the site's trustworthiness in authenticity and prior to late 2013 there weren't any efficient ways for markets to get started without leaving a kind of paper trail deep.webb acting as a link aggregator for various hidden services essentially became a solution to this very hurdle and soon after this review site quickly became a multi-million dollar funnel as it took people from the surface web to the dark web and would educate them on the markets to buy but ultimately as it emerged in popularity now anybody from 2013 onward had the cover of the review site to expedite getting the word out and to set the stage for how dream markets existence fit into the broad scope of things let me share with you just how hilariously hectic it all was because of the silk road going down and an opportunity there everybody was hopping online to become the next dread pirate roberts [Music] now as a general note what i'm about to go over is by no means the full history of the dark web and the various markets that came and went but these are just some of the ones that i found interesting and how they tie into our story but starting off in september of 2013 atlantis the first market to accept litecoin exit scammed a week prior to the silk road getting raided about a month later another market by the name of project black flag with an operator who went by the name of meta dread pirate roberts exit scammed as well and i want you to keep in mind that every time that a market falls it creates another opportunity for another exit scam to pop up right after but continuing on the next major exit scam would come from sheep market who managed to soak up a large amount of the market share after silk road had gone down a vulnerability was found in cheap marketplace that led to two users stealing about four and a half million these transactions were later traced to coinbase in 2016 and two men from florida were arrested and they ended up just forfeiting the money also the sheep marketplace admin who took the rest of the money that was left over in the escrow was later arrested and sent to prison for nine years however it's worth noting that about 40 million total was estimated to have been stolen from sheep marketplace to the state despite authorities tracking down various purchases made by the creator of sheet marketplace they are still unaware as to what happened to the rest of the user's funds perhaps my favorite excuse came from 2013 from a market by the name of black market reloaded who after quickly gaining popularity stated that there were quote too many customers and too little competition that made them the only target for law enforcement at the time naturally they exit scammed as well heading into 2014 the silk road was launched with version 2.0 alongside agora marketplace in the earlier part of the year soon after another market by the name of utopia would launch for a mere eight days until dutch law enforcement managed to take it down and while you might think that that market was short-lived one market by the name of black goblin absolutely takes the cake as the owner announced the site's launch through reddit and the site was hosted through an http which failed to use the tor hidden service and basically didn't even protect his server ip in the clearnet users on reddit would dox the server ip within minutes and while this might seem like the worst attempt at a dark net market in history and i agree another market flower road managed to come in at close second and was also taken down in a matter of days when it was hacked via the use of sql injections seeming to indicate that the website's operator had little to no knowledge on cyber security or even some of the most basic exploits and i think you could even make an argument that there were a little bit too many markets popping up at this point that so many people were very hesitant to even touch them and to give you an example of what i'm talking about one market that popped up on reddit went by the name of breaking bad market this market didn't get a single sale and i think the name speaks for itself on that one now just for the details that i've shared with you regarding the early years of the silk roads fallout and deep dot web you can probably tell that there was a lot going on and the gave way for a lot of noise that would make even paying attention to dream market at the time highly unlikely and in actuality around late 2014 dream market didn't even seem to have much momentum at all as a capture from the wayback machine shows that its first reviews on deep dot web were made around the turn of the year in 2015. however little did anybody know that one final event in 2014 would set precedent for the present-day mystery surrounding dream market years later [Music] in the last 24 hours there has been global coordinated law enforcement activity targeting those people and those systems that are using the dark web to carry out criminal activity the notable event that occurred in late 2014 was to collapse the silk road 2 in an event called operation anonymous or the alternative name given by the nca as project protein which was a collaborative effort by several law enforcement agencies including the fbi nca europool department of homeland security ice and euro just to take down various dark net marketplaces the project was announced after the fact with the arrest of the market operator of the silk road 2.0 by the name of blake benthal a former spacex software engineer at the time he was arrested he was not suspiciously wealthy aside from his tesla which he bought using bitcoin before that was a thing and blake benthal was a 26 year old coder involved with various startups living in san francisco running this thing by night and he was charged for running the silk road 2 under the name defcon but i will note that the silk road 2 is hampered with problems as it was started by various veterans of the old site where many of the other operators were arrested early on and the original dpr in regards to the silk road 2.0 ended up handing off the site to defcon around december of 2013. and the man responsible for being a dpr2 in this case was a man by the name of thomas white who was later arrested but that wasn't the only thing that happened in november of 2014 as operation anonymous announced 400 plus seizures of hidden services included in this particular event and i will note this point in time it seemed to mark the first operation that involved collaboration among law enforcement agencies and raised plenty of eyebrows that so many busts could occur at once the first trick is to identify where they are and there are some technical aspects i cannot share with with your audience but we were able together to identify these hidden services and some of the people behind it and then the whole idea was to coordinate this to make the arrest simultaneously and also the takedown so they cannot warn each other because as soon as you do anything in this dark web you will get warnings out to everybody and they will unplug so we of course had to act very very rapidly this was the whole point about having all these member states here and then simultaneously do it and we have proven that we actually very very good in cooperating we could not say this a year ago but international police corporation has really really improved very very much so i'm very optimistic because this is the first operation and more will follow and have these websites actually been taken down or are you still able to to operate inside these dark web zones these websites that we have identified has been removed you will see a so-called takedown site where you will see that if you try to buy drugs at your normal you know service provider you will see that you cannot we have taken over this side and it's down so the whole infrastructure is also gone we hope this will also be a significant blow to them they can of course repair this those we haven't caught can be up and running again but then we will take them down once again and and this will be a costly affair so it's not risk-free and it's not cost-free to run business on the darkness and this is also part of the signal and it is also worth noting that the goal of this announcement of these seizures was to make it appear that the feds had cracked open the tor network and in regards to this particular bust the methods used to do so have never been fully disclosed as a representative of the europool put it this is something we want to keep to ourselves the way we do this we can't share with the whole world because we want to do it again and again and again however on the other hand it's worth noting what was actually taken with this seizure as the 400 plus claimed hidden services seemed to indicate a mind game being played by the feds because this 400 figure was later lowered to 50 sites without any explanation and based on the actual seizures that were trackable it really only meant about 27 real individual services where 14 listed in the criminal complaints were actually dark debt markets with the remainder being hidden services used to sell particular one-off things such as stolen credit card information now numbers aside this was still fundamentally questionable because 27 sites seized it once is still very substantial and this still points to law enforcement agencies having knowledge of some zero-day exploit within the tor network that would allow for them to de-anonymize its users and by zero day exploit i essentially mean a backdoor that only the feds knew how to use now in case you're unfamiliar with tor despite its bad reputation for usage from criminals to browse anonymously it's also used for government operations in different countries it's used by activists it's used by whistleblowers and in some cases it's been used to spread news in countries where censorship is heavily prevalent in their media and just so you understand the concern here is that if this exploit was leaked to other people this could have put many other innocent bystanders in harm's way on the tor network now while there have been multiple documented vulnerabilities in the tor network over the years and the protocol does have its limitations what makes this particular instance suspicious was the timeline of one major tour exploit that was found earlier in 2014 that being something called a relay early traffic confirmation attack as court documents involved with the silk road 2.0 case and one of the admins who was arrested that being dr clue or brian farrell would later reveal that the fbi had used a quote university-based research institute to identify mr farrell as according to the search warrant that was used on mr brian farrell from january to july of 2014 fbi sourced information of quote reliable ip addresses from tor hidden services such as silk road 2. and according to a legal document from his defense on october 13th 2015 the government provided defense council a letter indicating that mr farrell's involvement with the silk road 2.0 was identified based on information obtained by a university-based research institute that operated its own computers on the anonymous network used by silk road 2.0 also known as tor in response to this letter underscience council requested additional discovery from the government to determine the relationship between the university-based research institute and the federal government as well as the means used to identify mr farrell on what was supposed to operate as an anonymous website to date the government has declined to produce any additional discovery now it was alleged that the university of carnegie mellon cert and researchers there were the ones who were responsible where if this allegation were true this is essentially outsourcing police work under the guise of research for something that you would normally need a warrant to do and now i should note that the person who was making this allegation was the head of the tor project who also claimed that they were paid around 1 million dollars to conduct research on their behalf and what makes this so particularly interesting is that an attack on the tor network did take place exactly from around january 30th to july 4th matching the exact timeline used in the search warrant moreover this attack on the tor network was known for quite some time as it was noted by ed felton of princeton university public affairs and the center of information technology that on january 30th 2014 115 new machines joined the tor network as relays carrying out the ongoing attack and on february 18th to april 4th assert researchers had submitted a presentation proposal discussing a new identification attack on tor and in june their proposal was accepted to the black hat cyber security conference where they plan to share their research and give a talk on the subject i looked up the actual abstract of this talk they planned on giving and it stated in this talk we demonstrate how the distributed nature combined with newly discovered shortcomings in design and implementation of the tor network can be abused to break tor anonymity in our analysis we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands of tor clients and thousands of hidden services within a couple of months total investment cost just under 3 000. during this talk we will quickly cover the nature feasibility and limitations of possible attacks and then dive into dozens of successful real-world de-anonymization case studies [Music] however around july of 2014 before operation onimus was even announced the torah project noticed the attack and patched the vulnerability in july of that year and this was a major turning point as it seemed to sort of change the tides in the dark net markets for some time as markets would continue to come and go but there was far more stability in 2015 onward while you definitely had your share of exit scams throughout 2015 with several large markets such as evolution in march taking with it 12 million dollars in that exit black bank in may and agora in august these would all ultimately lead to a market 10 times larger than the silk road [Music] okay this next story is one that's caught the world's attention a canadian man who died while in custody in a thai prison is now accused of being an online kingpin one who built a fortune as the mastermind of the world's largest illegal online marketplace called alpha but you never would have found the site through a search engine it lived on the so-called dark web now every day business is done on this little understood part of the internet that to the vast majority of us is completely invisible much of what is bought and sold on the dark web is illegal drugs stolen data even guns but now alpha bay is no more police from several countries have shut it down in one of the largest dark web sting operations ever alpha bay was set to become one of the largest stockton markets of all time that would actually cause a significant ripple effect in the dark knit markets as you will soon see because as i mentioned before operation animus was the first attempt by law enforcement to address dark net markets as a whole and as you could probably guess given enough time it would not be the last but with the tor vulnerability fixed it did create more stability from 2015 onward buying time for markets to grow and by october of 2015 the various closures cleared much the competition for alpha bay which had already built quite a strong user base at 200 000 users after it had received a large amount of press when a stolen uber accounts were sold on the site forcing uber to make a statement on the data breach which in turn brought more customers to the market this had also occurred with another company by the name of talk talk alpha based creator or admin went by the name of alpha o2 or d snake and while you might think that the name alphabay would just be something chosen at random just like many of the other markets but in this case if you understand the person who was running it it makes far more sense that person went by the name of alexander kazus he was a canadian man who later moved to thailand likely due to his obsession with pickup artistry as well as the fact that thailand for quite some time was an area that cyber criminals like to flock to as prior to 2019 government agencies didn't have as much control over web traffic monitoring but back to causes a good chunk of the guy's time spent online was bragging on a pickup forum which he apparently paid to be a member of on this forum dedicated to that particular pickup artist he wrote several thousand word posts about wife hunting in thailand he self-described himself as a professional cheater and he made posts like the most beta thing you did in his multiple thousands of online posts regarding a pickup discussion he frequently preached about his hatred of western women and while a simple way to describe him would be just a misogynist i can't help but feel that this person's personality was so completely ingrained in their overcompensation and trying to appear quote alpha now the name alphabet might make a bit more sense and you'll soon see his attachment to this word spans as far back as 2008 all the way up through starting alphabay but continuing on alphabay was notable for its integration of monero and the sheer size that it grew to as by the time it had grown to become the top market in 2015 it already had 200 000 users and by 2017 it had grown to a staggering 400 000 where at its peak it was doing an estimated 800 000 a day in revenue and when it came to sheer product listings on alphabay it peaked at 250 000 listings for substances and a hundred thousand plus listings for other items like fraudulent documents malware and other things like that which by comparison the silk road had a mere 14 000. and this insane discrepancy may have signaled law enforcement that their actions and their frequent takedowns of markets had really only been affecting admins as a number of vendors and items for sale really had only seemed to go up but that being said it's pretty incredible that alpha bay even made it as long as it did because when it comes to how he ended up getting caught it really wouldn't take an alpha to figure this one out [Music] [Music] according to the court documents law enforcement learned in 2016 when new users first signed up the site when it first opened in 2014 the welcome email included his email address pimp alex91 at hotmail.com this was located in the header information of the email as well as when users went to reset their password on the forum this means he screwed up just as bad as black goblin and but continued going on anyways this was later changed but it appears that law enforcement got access to an early account or an early email from alphabay as according to the forfeiture complaint law enforcement learned in december of 2016 about this email address and while they don't specify on how they figured this detail out i can only hazard a guess that someone either sent a tip into police or someone used it as a bargaining tool after they got caught this is just conjecture but the reason i say this is that in the original criminal complaint it outlines the alphabay enterprise and through and throughout the indictment two counties in eastern california are redacted as it pertains to particular vendors and in regards to the undercover purchases made by law enforcement several vendors and around 26 alexander kazus was not necessarily a smooth operator for one the alpha based servers were hosted under an account that was directly tied to his real name also the name alphao2 was a reused username when the site first launched as he used to sell guides on various forums tied to carting fraud now this wouldn't have been horrible but this was the same alias he used as far back as 2008 on a surface web forum directly tied to his email as well it's safe to say the guy really had an attachment to the word alpha and in regards to how he was managing his wealth doing things under the table he was anything but subtle he had multiple properties across various jurisdictions who drove multiple luxury vehicles including a lamborghini aventador and porsche panamera all while acting under the guise of a company called ebx technologies which did not update its website since 2015 and his business bank account was cashing out millions all while no verifiable real business was actually going on now as to how casus got arrested this began when canadian police would raid ebx technology where the alpha based servers were hosted in montreal once they had access to the back end of the website they could then monitor everything that was happening here after they would stage a system failure of the servers this would cause causes to go check on his site and log back in and restart it after they knew he was logged in they then staged a car accident outside of his front gate this distracted kazus away from his computer where he would go check on his cars to make sure everything was okay hereafter law enforcement would snag him at this point and they arrested him as he walked outside as a way of making sure that he was unable to get to his computer and encrypt anything although this wasn't needed as it seemed that his entire laptop contents remained fully unencrypted after being arrested on july 5th alphabay would mysteriously go offline while users of the site speculated about an exit scam as none of this information was released publicly at the time he was arrested on july 12th while facing extradition to united states and many criminal charges that would have easily made life in prison the low end kazus would be found passed away two hours before his extradition as an apparent result of his own doing he was last seen asking the time before entering the cell bathroom however this was far from the end because naturally you have to question if the feds learned about this in 2016 and this was such an obvious case who was running the site then why did it take almost seven months to get anything done and the answer to that question is where operation bayonet and dream marketplace come into play operation bayonet was once again another collaborative takedown from multiple agencies including the dutch royal police fbi europool and so on but this time it just included two markets alpha bay and hansa however it appears that the target was a bit different and the feds appeared to take a different approach the alphabet case is part of a larger international effort to attack dark web marketplaces that broker criminal transactions this was a coordinated international operation against alpha bay and also another website known as hansa market which the dutch authorities have been investigating and shut down earlier today as part of this operation the two sites administrators were arrested and authorities seized extensive evidence and illicit assets related to those enterprises now as operation anonymous was in operation with the intent to go after market admins operation bayonet would be a coordinated equivalent to go after the users and vendors in bulk as the goal of this takedown was to seize the largest market and the second largest market where that second market was a honey pot designed to extract as much intel on its users as possible and if i had to guess alpha based success may have been over extended for the sake of popping that bubble later in the operation because hansa had been compromised just 10 days prior to alexander kaza's warrant and what i mean compromised instead of an immediate shutdown they silently took over the website and continued to impersonate the admins all while simultaneously gathering intel and data on its vendors as the dutch police continued to run the site for a few weeks all user passwords were logged in plain text which were later used to check if those users had used the same account logins on multiple different markets hansa also had a pgp encryption tool on their site for users who did not want to encrypt things on a different application this was sabotaged and recoded to spit out a plain text version of the pgp messages using this tool meaning that during the time this was taken over any vendors using this tool would have all of their messages unencrypted the website also had a tool that was used to remove metadata on photos and that was altered to log metadata prior to stripping it off and putting it on the site the site also used a multi-signature escrow which was sabotaged so more funds could be seized and lastly some vendors were tricked into downloading an excel file that was meant to include a recent summary of all of their transactions when it was downloaded it would automatically run a script to ping their target computer without the use of tor thus getting their ip [Music] and on july 20th after spending several weeks collecting as much data as possible and receiving an estimated 8 000 new signups a day a seizure notice would finally appear that would list the names of identified buyers and vendors in real time this was obviously another massive shake-up as many users would log on and see their real name typed right in front of them while the site would update as arrests were made now i will say for as resilient as these communities in the dark web can be this one seemed to spark substantial paranoia this seemed to mark a point where it was no longer about the market admins but more so about its users and the thought of law enforcement actively profiling and collecting info such as facebook but on the dark web made more people willing to look over their shoulder rumors would begin to emerge that certain markets had been compromised by law enforcement as is fundamentally undermined trust in markets as a whole as that was the goal of this entire operation as it was made to maximize paranoia and target the user trust the fbi delayed the announcement of alphabay to make people think an exit scam had occurred and compounded it by finally announcing it when the dutch police had just disclosed that the site had been under dutch law enforcement control for quite some time and while you think this type of infiltration might be relatively contained to the two markets this paranoia was maximized by the fact that dutch police had also used login credentials on one market to log into another market clear off the funds in that account and then re-upload a new pgp key to that vendor's account thus allowing them to impersonate other vendors on other markets rumors would begin to emerge that certain markets had been compromised by law enforcement and while ultimately hansa's shutdown would lead to the rise of dream market that's not to say that some of those paranoid thoughts weren't justified [Music] now when it comes to dream market and how it rose to the top i should state it got nowhere near as large as alpha bay peaking at a hundred thousand total listings at its height while subsequent research studies in the dark net as a whole showed that trust was eroding in the markets and no market really rose to fill that gap where alphabay had been left but that being said considering the main funnel into the dark net was still deep.webb and it was there directly listed at the top during 2017 this would naturally make it the next target for law enforcement but as you'll soon see the events that surround a dream market are anything but typical and to show you how things just weren't quite right i want to play a clip from digital shadows which was a cyber security company that had released an extensive research report in 2018 nearly a full year after alpha bay went down i guess we start with the first one and the one that we would expect to have been the leader in terms of the establishment was dream market but that hasn't really panned out too well um very few people are looking at that as a viable marketplace now if you look at the stuff that's being sold there it's very minimal and uh people i think one person said it was like the bodies are live but nobody's actually there's a zombie market yeah then there's a couple of things going on there one is there's been really poor communication from the administrators and when people moved over to hansa initially again hansel was having sight technical difficulties people were having trouble contacting the administrators so when you put all of that together what we get is what's really come out of this research is this issue of trust people are very suspicious after what happened with hansa and that that honeypot operation was actually being run by law enforcement to lure people in people are very skeptical of any site that the administrators are being quiet or the site keeps going down so dream market has been a victim of that as well people are just generally a lot more suspicious since operation bayonet and i think that's one of the reasons the established marketplaces have been unable to really cement their position what's more i think it's worth stating though that law enforcement clearly has its priorities when it comes to these markets while the shutdown of alphabay and hansa would deter people for some time that wouldn't be the case forever and they knew that because when those users would ultimately return you'd probably imagine that law enforcement would have another set of strategies to implement so that's why i want to share with you a bit of government-funded research from 2016 as well as 2015 to help you get inside the heads of law enforcement and once i get you through this you'll understand why i spent so much time laying out all of this context for you and according to a study done by researchers at the university of carnegie mellon who also actively monitored and scraped pages for research within 16 marketplaces from 2013 to 2015. and while i know quite a few key points about the average distribution of sellers in the dark web as well as other things that are very interesting such as over 2013 to 2015 the top one percent of most successful vendors were responsible for 51 percent of all the volume and the bottom 70 percent only managed to sell less than a thousand dollars but perhaps the more interesting point came from the public policy takeaways section our measurements suggest that the ecosystem appears quite resilient to law enforcement takedowns we see this without ambiguity in response to the original silk road takedown and while it's too early to tell the long-lasting impacts of operation anonymous its main effect so far seems to have been to consolidate transactions in the two dominant marketplaces at the time of the takedown more generally economics tell us that enterprising individuals will seemingly always be interested in accommodating this demand the natural question is whether the cat and mouse game between law enforcement and marketplace operators could end with a complete demise of online anonymous markets our results suggest it is unlikely thus considering the expenses incurred in very lengthy investigations and the level of international coordination needed in operations like operation anonymous the time may be ripe to investigate alternative solutions and later on in the conclusion section of this research paper it will be well worth investigating whether more targeted interventions at the seller level have had measurable effects in the overall ecosystem and as you can see this was funded in part by the department of homeland security keep in mind this paper was written in 2015 and two years later i think they got their considerable results because according to another paper in 2018 titled the lost in the dream measuring the effects of operation bayonet on vendors migrating to dream market they noted some particularly interesting effects occurring with these vendors notwithstanding these limitations if we apply our methodology to measure the effects of operation bayonet on migrating vendors to dream market we see quote signs of a game-changing police intervention compared to quote simple takedowns like the alphabay takedown the hanson market takedown stands out in a positive way police might add as users do not just move along after the hanson market shutdown few of them simply migrated some take evasive measure like changing their username and or pgp key but many start with a completely clean slate on dream market this may sound as a minor detail but the opposite is the case when a vendor starts over he she loses their track record reputation and customer base like a michelin star restaurant moving cities whilst changing its name website and phone number nobody will recognize the fancy restaurant from before and the chef will likely be forced to start rebuilding a reputation from scratch we have to see if the effects of this innovative intervention hold in the long run but for now the initial effects are remarkable in the light of the earlier interventions aimed at online anonymous marketplaces now i will note that this paper was done by researchers on behalf of tnl which is also government funded but i think it's apparent that these honey pots which target the users trust are far more effective at hindering growth within the entire space so i think it's a natural assumption that when it comes to these markets just like how vendors and admins evolved to adopt more advanced strategies likewise law enforcement strategy will be to try and build on top of their previous successes with additional advancements and this is what leads me to a paper from 2016 and in this 200 page report they come to four conclusions based on what their further action will be the first of which is traditional investigation techniques applied to the supply chain the second one is postal detection and interception the third is online detection big data techniques monitoring of online marketplaces and tracking money flows and the last one is online disruption being the last option and that is taking down online marketplaces now the one i want to highlight here is the third one now in case you're unfamiliar with quote big data techniques it's essentially referring to machine learning and in case you've never heard that term before essentially just think about how you as a human learn we learn from our past experiences and our brains try to figure out what pattern led us to a particular result computers can do the same thing such as feeding large amount of pictures of a dog or cat to a computer where thereafter the computer can begin to identify cats and dogs on its own however the main difference here is that the computer is the one that understands what it's doing the person who coded the program does not fully understand how it works and lastly the more data the computer has the more accurate and fine-tuned it can be at finding a particular result and the applications of machine learning in regards to dark debt markets is actually incredibly high for one it can be used to track bitcoin transactions and find other wallets related to particular entities and the same machine learning principle that will only become better over time applies to particular ceos who preach that bitcoin can be used to avoid taxes too the classic bitcoiner response is oh yeah my bitcoin uh i lost it in a boating accident you ever heard that phrase it's it's kind of a trope but what it means is at the end of the day if you push me too far i lost it it's gone sorry that's it tax that operation hidden treasure and one might surmise from that that it's something very cool uh turns out it's not it is a new program initiated by the irs to root out unreported crypto income and just a month later south korea began seizing user funds of tax evaders who were hiding their assets using cryptocurrency but that's not the only big data technique that's being used with these dark net markets as well as another paper from the same researchers at carnegie mellon in 2019 who managed to train an algorithm to identify multiple vendor accounts belonging to the same person even when they attempted to hide their original identity and use different usernames with the algorithm's highest accuracy being found pertaining to larger vendors who had over eleven thousand dollars in sales even more impressive the algorithm was also able to some degree to detect when users were impersonating other vendors as well as being able to detect when particular users had been compromised we manually reviewed some false negatives where the model predicted pairs to be extremely unlikely to belong to the same seller yet they shared the same pgp key we found that 26 out of 117 of these manually reviewed pairs had the same key only because the dutch national police had briefly taken over these accounts and changed the key to theirs with that being said the implication of big data techniques being used this implies an interest in wanting to collect more data for the future to refine these processes as well as large amounts of data being collected on the dark web and that's where dream market fits into all of this because what better way to collect data on its users than to run a dark net market yourself [Music] [Music] now i want to make it explicitly clear that everything i'm referencing to come up with the information that i have is publicly available information while law enforcement has never explicitly stated that they were operating dream market they have not really denied it either and as far as the official record goes only one moderator was arrested about a month and a half after hansa shut down in august of 2017. but that being said it's rather odd than any research paper titled into the reverie exploration of dream market where it lists incredibly detailed data on dream market and one of the introductory paragraphs they state law enforcement interventions such as animus along with exit scams and hacks have successfully shut down numerous crypto markets including alpha bay silk road dream and more recently wall street and in regards to all of these markets one of these is not like the others as no actual announcement regarding dream market was actually made and we know they didn't exit scam either as the users were able to withdraw their funds an entire month before and in the reference beside it if you actually check the article they're referring to the article never mentions it being closed by law enforcement or being controlled either and if you actually look at the article it states judging by that buzzing trade there's hint that just a week before global law enforcement announced the takedowns of two of the world's largest dark websites known as wall street market and valhalla or that the most popular market called dream had taken itself offline at the end of last month perhaps sensing law enforcement closing in as you can see the citation does not match the article and keep in mind this paper was funded by the national science foundation another government-funded entity how did you not know the outcome of the market that you're writing an extensive research report on and in regards to the moderator that was arrested in 2017 i think i should explain that full context because i think the only way any of this makes sense is that speedstepper was in fact the same moderator that went by the name of oxymonster one of the accounts he used for administrative duties and then the second identity was for most of the legwork and acting as a vendor the investigation into dream market began in february of 2016. law enforcement noted that the original dream market forums and the person who announced the admin hierarchy was not speed stepper the person who announced it was oxymonster where he almost immediately becomes an admin without much natural progression into the community basically as oxy monster would become more prominent a speedstepper would fade out of the picture according to his own indictment they noted that dream market's tip jar in the forums was found in his forum signature where they later tracked the bitcoins that were in his account all the way back to a local bitcoin account to a citizen by the name of gal valerius and at this point they looked into his personal identity his social media accounts and began to monitor him around august of 2017 galvalarius was headed to a beard competition in austin texas to compete and at the airport police stopped him and his computer was searched where it revealed a large sum of bitcoin totaling around a 700 thousand dollars at this point it's worth noting the official report just labeled him as a main administrator and the guy was facing 40 years on his original indictment that's rather high for just a moderator slash vendor and he was also labeled a kingpin initially where the miami herald reported tracking down valerius the biggest of a half dozen dark web targets charged over the past year in south florida was not easy it involved the dea fbi irs homeland security investigations and the u.s postal inspection service now isn't it rather bizarre that the biggest target they wanted to go after was a moderator not speed stepper who we know was the founder this only makes sense if they were the same person but moreover what many people don't know about this case is that valerius ended up getting a plea deal reducing his sentence to 20 years now assuming the intent here was to go after someone higher up the chain why would you announce his plea deal publicly when in the case of the silk road they kept it under wraps for quite some time this seems to point at the fact that the goal of the plea deal was something else the feds wanted help with to quote the agreement given on the plea deal the defendant agrees that he shall fully cooperate with the office by a providing truthful incomplete information and testimony and producing documents records and other evidence when called upon by this office whether in interviews before a grand jury or at any trial or other court proceedings b appearing at such grand jury proceedings hearings trials and other judicial proceedings and at meetings as may be required by this office if requested by this office working in an undercover role under the supervision of and in compliance with law enforcement officers and agents in addition the defendant agrees that he will not protect any person or entity through false information or omission that he will not falsely implicate any person or entity and that he will not commit any further crimes in paragraph 18 it states the defendant agrees not to make a request under the international prison transfer program until such time as his cooperation pursuant to paragraph 11 the one we just read of this agreement is complete or three years from the date of his arrest whichever comes first this plea agreement was filed on june 12th 2018. this was all while dream market was still up and running and what's rather odd was that about 10 days prior dream market had announced it had taken down its main forum which was on a tour hidden service and instead replaced a new forum on the clear net like could you make it even more obvious at this point now considering the fact that deep web network which was the name of the website that was the forum was hosted by godaddy it would be as simple as the government to go subpoena godaddy for control over the server that's literally in their jurisdiction but that's not what happens instead dream market continues on like nothing ever happened and i should let you know that the person who registered this domain originally was a dutch person given the fact that hansa was controlled by the dutch police this makes a lot of sense as the fbi was working closely with them for some time the entity i have blurred here was the one that was controlling deep web network and i also believe them to be the moderator by the name of water chain and the email was registered to a pgp key as well as being tied to the deep web network twitter which is now deleted deep web network seemed to be kind of a spin-off of deep.web and i also want to bring up the fact that speedstepper ended up signing his pgp key on deep web network as a website in a later capture several ips were also found in the code one ip that was leaked linked the site's hosting to a miami-based hosting company that is known to have government data centers and despite this being reported to the hosting company they never followed up dream market also claimed to have a hard drive crash causing all user wallet funds to have been drained in september of 2017. and i also find it hilarious at the moment the site seems to go under law enforcement control in 2017 the messages are signed team speed steppers despite the fact that speedstepper was never a plural up until this point they also enabled monero deposits only to take the money and let people donate to uncle sam but perhaps the most insane turn of events was how the operation came to an end with one final operation in 2019 going by the name of operation saboteur the day that dream market announced its closure it came on the exact same day the dea announced a crackdown on darknet markets along with 61rs they likely did this to track those funds into new aliases when people would sign up on new markets and i want to read you the closing message that came from a user by the name of water chain who let me remind you is almost 100 law enforcement hey everyone i am official dream market moderator as you know already dream market is planning to shut down on april 30th 2019. as we also stated that dream will be transferring to a partner company which will be fair and honest company dream market has been being ddosed for the last seven weeks by a user that wanted 400k in usd and we have denied that the real problem with the ddos was a big issue for dream market our tech team of dream market worked as hard as they could but the real problem about the ddos attack is on the tor browser side so we had no problem to resolve this error there is some people who asked why there was random v3 mirror on dream market i can explain that this there is versions such as one two three and we were using the v2 version we thought the v3 is more updated and would prevent the ddos which did not help also a reminder that and this should be respected a lot that everyone can withdraw his money before dream market will be shut down i also want to remember everyone that there are some unstable people spreading fud around about law enforcement etc you name it just ignore all the fud that is being spread around and to make everyone happy wait for the new market to come out it's going to be as good as dream itself plus i am a person who wants the best for everyone and look positive at the future all i am asking you is to have a smile be hyped and wait till the new market comes out if you have a dispute that needs to be done from today wednesday feel free to pm and i'll take a look at it smiley face thank you everyone for supporting dream hopefully we will see you on the new market soon look i'm just gonna flat out say none of that made any sense none of the reasoning is consistent and his last message which he follows up an hour later or his retirement speech and assuming this person was dutch law enforcement this may be one of the most messed up things i've ever seen dear darknet users this is my official retirement speech to everyone i want to thank everyone i have met in this dark world there is many great people around i would like to thank speed stepper dream market hug bunter dread staff and everyone i met i have no longer any say in dream market since i've been locked out of my account by two corrupted dream moderators speedstepper has been mia since the market shutdown i am sure speed is still out there and the other market will be fine after this message i will be dust and disappear forever i recommend everyone keep using dread and support it also for everyone who has used dream market i suggest you to give wall street market an opportunity since it is number one or two on the list speed if you ever read this it was an honor to work with you as i stated before keep using dread and give wall street market a chance to be number one goodbye everyone i love you all first he's claiming adidos then he's claiming that a corrupt moderator locked him out of his account and i think you should know that after everybody was allowed to withdraw their funds up until the 30th and i think they even left it up longer than that nonetheless on may 3rd just three days after dream market was to be taken down europool announced the seizure of valhalla and the doj announced the seizure of wall street market and notably these announcements were coordinated because the arrests that happened for wall street market happened earlier in the month as the men involved with wall street market were arrested on the 23rd and 24th as they attempted to exit scam on april 16th and i think it's safe to assume that this was coordinated to move one market to the other but that wasn't all because on may 7th the final door would be shut as deep.webb the review site or gateway into all of these markets had also been shut down with its operators being arrested for getting kickbacks in the sale of darknet purchases thus concluding the deepa.web era this is barely sociable have a good night [Music] [Music] [Music] [Music] you
Info
Channel: Barely Sociable
Views: 3,028,655
Rating: undefined out of 5
Keywords: dream, documentary, cybercrime
Id: 1VZkiQUzITU
Channel Id: undefined
Length: 58min 12sec (3492 seconds)
Published: Fri Apr 30 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.