Two Germans are believed to have been the creators and operators of Hansa Market, the world’s third largest dark web marketplace before it was shut down by authorities in 2017.
On the same day that Dutch infiltrated the site’s servers, the two men, both in their early 30s, were apprehended and held in Bavarian prison. They were accused by Frankfurt prosecutors of abetting the sale and distribution of banned drugs through their darknet platform. In addition, other charges included plagiarism through abetting the sale of stolen information and the illegal sale of weapons.
In a separated incident, it was reported that Karsten Zimmer, an IT guru, had shared evidence with Europol concerning a company employee’s access to Hansa market. The German local news quoted him stating that after examining the employee’s computer, he found an open Hansa website and child porn files.
By the time of its closure, authorities had established that Hansa had accumulated an enormous customer base, all thanks to the tech-savvy nature of its founders and operators.
Having looked at the Hansa Market in a nutshell, the following sections will provide a cascade of events detailing its heydays and eventual infiltration and seizure.
A Major Marketplace
By the time Hansa was closed down, the darknet marketplace had become king within the corridors of dark web commerce. It traded high volumes of illegal stuff and services that could match AlphaBay’s turnover.
Quite obviously, both platforms served to fulfill the dreams of underground communities that affected the lives of countless individuals, working tirelessly to evade the radar of law enforcement authorities. At its peak, Hansa hosted more than 3, 000 dealers offering an excess of 24, 000 drug listings that ranged from cocaine to MDMA and the deadly heroin. In addition, counterfeit goods and stolen credentials fell right into the center of the market’s portfolio.
Post-AlphaBay Refugee Camp
Hansa’s eventual shutdown came hot in the heels of the AlphaBay’s seizure, which at the time was the biggest darknet market. It later turned out that Hansa’s sharp rise in popularity and customer base was pursuit to the movement of a large number of former AlphaBay users to its main competitor.
Former U.S. Attorney General Jeff Sessions termed the AlphaBay closure as “the largest takedown in global history”, a law enforcement operation that targeted 40, 000 vendors who traded 250, 000 drug listings to more than 200, 000 customers.
Indeed, the outcome of AlphaBay’s demise gave rise to a couple of events that would favour Hansa market. At first, customers thought that the site’s takedown was an exit strategy by AlphaBay admin in which they would disappear with their crypto investments. With time, the period of denial was over and a majority of them shifted focus to AlphaBay’s counterparts.
In this event, Hansa was the most preferred platform which, at the time, ran about 24, 000 drug listings. The site opened up to hordes of AlphaBay “refugees” until its servers suffered the workload, thereby prompting the administrators to halt new registrations.
Thereafter, Hansa went ahead to ban the sale of fentanyl, a dangerous synthetic drug at the center of the American opioid crisis. Interestingly, it would later turn out that this ban was imposed by Dutch authorities that had taken over the website.
The mass migration of former AlphaBay users into Hansa played right into “Operation Bayonet”, an international law enforcement venture to fight the illicit network of dark web economy.
According to a press release a cybersecurity company called BitDefender provided counsel to the European Cybercrime Center by Europol, enabling it to charge the Dutch Police with a lead to probe into the affairs of Hansa market in 2016.
Thereafter, law enforcement agents succeeded in pointing out the location of the darknet platform’s infrastructure in the Netherlands – including the apprehension of a pair that worked as administrators for the site. Hansa’s servers were also seized in the Netherlands, Lithuania and Germany.
Seizure of the servers was followed by a replication of the marketplace, its exact copy was plugged to Dutch servers. This total takeover of the marketplace would allow Dutch authorities to harvest a plethora of information from unsuspecting visitors. Almost immediately, the large volume of daily sales became apparent to the law enforcement agents.
In the technical sense, the website had been configured to automatically to gather metadata from uploaded product pictures. This altered feature enabled the police to extract geolocation data from vendor photos that described illicit wares.
Shutdown and Dark Web Impact
About 27 days after the law enforcement takeover of the Hansa market, authorities unplugged the site – replaced it with a seizure notice and the website link to the Netherlands National High Tech Crime Unit (NHTCU) Tor site, which listed a number if identified and apprehended darknet drug vendors and customers.
The Hansa takeover yielded massive results. First, Dutch authorities harvested data belonging to 420,000 users, including an excess of 10,000 addresses to people’s residences, all of which was submitted to law enforcement agencies in Europe and across the world.
In addition, the aftermath of the takedown led to the arrest of Hansa’s most notorious sellers and the seizure of 1,200 bitcoin worth $12 million. Point to note, the ability for the NHTCU to seize Hansa’s crypto was only made possible by the law enforcement infiltration of the site and its subsequent disabling of its security measures – Hansa had laid down a multi-signature transaction protocol that prevented the unauthorized access to the virtual funds.
The entire operation against Hansa produced important results in the global fight against darknet drug markets. This aspect was well reflected in a study by the Netherlands Organization for Applied Scientific Research, which explained the significance of the Hansa takedown in comparison to the outcomes of all previous darknet seizures.
According to the study, a majority of the drug sellers who fled Hansa did not appear in other competitor sites. This is quite an opposite case compared to what was witnessed in the AlphaBay takedown – most vendors simply shifted to Hansa while retaining their online identities.
Thus, the Hansa takedown stood out to be a game changer in anti-darknet law enforcement where police intervention appeared to have made a significant impact.
Join the discussion here