Proof Cazes email was NOT exposed in Headers

On Jan. 9, FBI Special Agent Nicholas G. Phirippidis told attendees at the ICCS 2018 how "Operation Bayonet," as it was dubbed, came together.

The bureau's first break in identifying Cazes came when an agent in Fresno made two arrests of vendors who'd been selling on AlphaBay. Those arrests prompted someone to leak to the agent an e-mail that Cazes had sent to an early user of AlphaBay, and that e-mail revealed both an ISP address and Cazes' personal Hotmail account.

Phirippidis said that as they began to track down his digital footprint on social media sites around the internet, it appeared Cazes had cleaned up other parts of his name online.

"For the most part, he had a lot of success, but the internet archive and a few other sites that take snapshots through time allowed us to go back and see some of the early uses of the e-mail address affiliated with his name," he said.

"Like many of these subjects on the dark web, they try to have a firm firewall [to protect their public persona], and every once in a while, they'll make the smallest mistake. That's usually how we can attribute a true name to a moniker on the dark web."

Another feature of AlphaBay that the FBI explored was the site's so-called "bitcoin mixer," which was billed as a foolproof way to launder cryptocurrency but which FBI analysts could figure out. They were able to trace the exchangers who Cazes had been using to convert bitcoins into real-world currency.

A Bizarre Coincidence, a Staged Accident Phirippidis said the bust, which took place from July 2 to 6 in five countries, was as dramatic as a Hollywood thriller. Coincidentally, three days before the scheduled arrest, he and his team were sitting at the bar in the lobby of their Bangkok hotel when a Porsche Panamera E-Hybrid pulled up in front.

"As a joke, one of the prosecutors said 'Hey look at that car, that looks like one of Cazes' cars. I'm sure there are more than one of them in Bangkok,'" he said.

"Then we passed Cazes, who was entering through the sliding door in the lobby. It was the most bizarre coincidence I've ever been a part of."

On the day of the arrest three days later, they lured Cazes out of his apartment abruptly by purposely crashing a car into the gate outside his villa. As luck would have it, when they entered the apartment, they found his computer on and already logged onto AlphaBay through his e-mail account.

A week before the FBI took over AlphaBay, European authorities had quietly taken control of Hansa, a similar site to which those fleeing AlphaBay joined on to. They operated it for two weeks to collect information of thousands of users, and then made more arrests.

"The whole point was to throw a curve ball at the dark web community, so they never really know moving forward who they could trust," Phirippidis said.

"Looking ahead, we want to make sure we can leverage any kind of tactic to hit this thing with a hammer."

https://news.fordham.edu/politics-and-society/take-dark-net-marketplace-luck-skill-cooperation-required/


Comments


[7 Points] stonedbuyer01:

could this be the agent variety jones spoke of Nicholas G. Phirippidis


[5 Points] ajax_jives:

reading the comments i swear half these idiots didn't even read the article

don't just read the title if you want the info, jesus


[3 Points] Raverdewd2018:

Well it doesn't explain how the arrested on the vendors caused someone to leak an email and who the leaker was. This was one of the theories circulating right after the arrest.

Those arrests prompted someone to leak to the agent an e-mail that Cazes had sent to an early user of AlphaBay, and that e-mail revealed both an ISP address and Cazes’ personal Hotmail account.


[2 Points] None:

We both have a boner for this man.


[3 Points] Avengerhack:

We still going to talk about this? This guy was so obvious, out of all the DNM admin arrests this guy didnt know what hes doing.

In his country you could pay the police or government for protection but this dumb cumt didnt. SpeedSteppers would be able to give more advice. :-)


[2 Points] dnmuser1234:

to me, this just raises more flags. it's hard to believe that Cazes was that dumb and sent an email to a vendor that contained his personal email. even if he did it inadvertently, he surely would have shut down ab right after that because it would be pointless running it if somebody could extort all the potential profits from him. it sounds like these investigator's had trouble getting their stories straight before their big conference.


[1 Points] _PrinterPam_:

“The whole point was to throw a curve ball at the dark web community, so they never really know moving forward who they could trust,”

And yet...life moves on. Nice try.


[1 Points] STFUMandy:

Wasup my Raw Dawgs?!


[1 Points] ajax_jives:

yeah we all know this 'Spec/No Proof' flair was by the fed mods


[1 Points] FuckfuckySucksucky:

I'm very high and tried to understand. whats the red herring. with 20 votes i doubt its good


[1 Points] Brookklyn:

Good read


[-1 Points] InsanityDRM:

Well, that was stupid. Emailing a user of your DNM from your personal email.


[-1 Points] twistersisters:

Cazes is just a fall guy. The rest got away.