Managers of two dark web marketplaces arrested by U.S. and German police
U.S. Authorities Charge a "Popular British Hacker" with Running "The Real Deal" Dark Web Marketplace
According to the U.S. Department of Justice, Daniel Kaye (aka "Popopret," "Bestbuy," "TheRealDeal ", "Logger", "David Cohen", "Marc Chapon", "UserL0ser". "UserL0ser", "Spdrman", "Dlinch Kravitz", "Fora Ward") were charged by the U.S. Department of Justice with operating the "The Real Deal" dark web marketplace. The now-defunct dark web marketplace was used by scammers to buy and sell illegal goods and services, including drugs, hacking tools, and stolen login credentials.
Kaye allegedly operated 'The Real Deal,' a dark web marketplace for illegal items, selling everything from stolen account login credentials for U.S. government computers, stolen login credentials for social media accounts and bank accounts, stolen credit card information, and stolen personal IDs," said a press release from the Justice Department. credit card information, stolen personal identification information, illegal drugs, botnets, and hacking tools.". The market is divided into "Exploit Codes," "Counterfeit Products," "Drugs," "Fraud and More," "Government Data," and "Hacking Tools. "Government Data" and "Weapons" categories. The Marketplace allows vendors to create accounts and list their products. The vendors maintain profile pages that provide a rating system in which buyers can rank vendors.
According to the indictment, Kaye operated "The Real Deal," a dark web marketplace that sold login credentials for computers belonging to the U.S. Postal Service, the National Oceanic, and Atmospheric Administration, the Centers for Disease Control and Prevention, NASA, the U.S. Navy, and other U.S. government computers. Kaye laundered the cryptocurrency obtained from the illegal The Real Deal operation through Bitmixer.io, a coin mixing service.
"While living overseas, the defendant allegedly operated an illegal website that offered hacking tools and login credentials available for purchase, including those of U.S. government agencies." U.S. Attorney Ryan K. Buchanan said. "This case is a timely reminder that during National Cyber Security Awareness Month (October), federal law enforcement will make it possible for those accused of violating U.S. law to face a day of approval in court, no matter where in the world they reside."
Kaye is known as the developer and seller of the GovRAT malware, having sold the GovRAT source code, including the code-signing digital certificate, on "The Real Deal" dark web marketplace for 4.5 bitcoins. His clients had used the malware to compromise U.S. government agencies.
Kaye was arrested by the UK National Crime Agency (NCA) in February 2017. In June 2017, Kaye admitted in court to hijacking over 900,000 routers from the Deutsche Telekom network, and that he used a custom version of the Mirai IoT malware.
Kaye also trafficked login credentials for Twitter and LinkedIn accounts. The man is suspected of running "The Real Deal" dark web marketplace from early 2015 to November 2016. The man was overseas when the lawsuit was filed, and in September 2022, he consented to his extradition from Cyprus to the United States.
German authorities charge a student with running the "Deutschland im Deep Web" dark web marketplace
According to the German Federal Criminal Police Office (BKA), German police arrested a 22-year-old student in Bavaria on suspicion of being the administrator of one of Germany's largest dark web marketplaces, "Deutschland im Deep Web" (DiDW).
The platform, which went offline in March 2022, had 28,000 posts and 16,000 registered users, 72 of whom were high-volume sellers trading banned goods, including weapons and drugs. The suspect now faces criminal charges for operating an illegal trading platform, which carries a maximum penalty of 10 years in prison.
The "Deutschland im Deep Web" (DiDW) dark web marketplace has a long history in Germany. The original DiDW platform was launched in 2013 as a forum to discuss IT security and anonymization. At its peak in 2017, it reached 23,000 registered users and 6 million monthly hits. However, the site was also used to sell illegal items such as weapons and drugs, using a secured system of payment to protect members from fraudulent goods. This essentially makes DiDW a dark web marketplace under the guise of a forum.
In 2017, the site was shut down by the BKA on behalf of the Frankfurt prosecutor's office because of the 2016 Munich shooting, and its operator was arrested and sentenced to seven years in prison in 2018. the BKA's arrest announcement referred to the case, and the killer used the platform to purchase murder weapons and ammunition at the time.
After 2018, two new versions of the DiDW platform appeared on the dark web, claiming that "there are no controls, everything is allowed", meaning that the new operators no longer tried to hide the illegal activities on the site and allowed drug transactions. The second version of DiDW shut itself down in 2019, without giving any reason; just 10 days later, a third version of the site appeared online, becoming the official successor to the dark web marketplace brand.
Eventually, after a 5-year investigation, the German Federal Police managed to identify the administrator of the 3rd version of DiDW and arrested him on October 25, 2022. As part of the police measures, two residential properties were also searched with the involvement of ZCB prosecutors and a large amount of evidence, including computers, data storage disks, and cell phones, was confiscated.
These two cases show that it is not impossible to identify the operators of dark web marketplaces that have been closed for years. Before law enforcement crackdowns are taken, cybercrime investigators conduct adult, technically demanding investigations into these cases in secret, and through international police cooperation and data sharing, are often able to identify and eventually arrest suspects operating anonymously on the dark web.
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.