HOME

TheInfoList



Click Here for Items Related To - Hansa (market)
OR:
Hansa (market) on:   [Wikipedia]   [Google]   [Amazon]

Hansa was an
online In computer technology and telecommunications, online indicates a state of connectivity and offline indicates a disconnected state. In modern terminology, this usually refers to an Internet connection, but (especially when expressed "on line" o ...
darknet market which operated on a hidden service of the
Tor network Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conc ...
. On July 20, 2017, it was revealed that it had been compromised by
law enforcement Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules Rule or ruling may refer to: Education ...
for several weeks before closing shortly following AlphaBay as a culmination of multinational law enforcement cooperation in Operation Bayonet.


Compromise

Dutch police discovered the true location of the site after a 2016 tip from security researchers who had discovered a development version. The police quickly began monitoring all actions on the site, and discovered that the administrators had left behind old
IRC Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...
chat logs including their full names and even a home address, and they began to monitor them. Although the administrators soon moved the site to another unknown host, they got another break in April 2017 by tracing bitcoin transactions, which allowed them to identify the new hosting company, in Lithuania. On June 20, 2017, German police arrested the administrators (two German men) and the Dutch police were able to take complete control of the site and to impersonate the administrators. Their plan, in coordination with the FBI, was to absorb users coming over from the upcoming AlphaBay shutdown. The following changes were made to the Hansa website to learn about careless users: * All user passwords were recorded in plaintext (allowing police to log into other markets if users had re-used passwords). * Vendors and buyers would communicate via PGP-encrypted messages. However, the website provided a PGP encryption convenience feature which the police modified to record a plaintext copy. * The website's automatic photo
metadata removal tool Metadata removal tool or metadata scrubber is a type of privacy software built to protect the privacy of its users by removing potentially privacy-compromising metadata from files before they are shared with others, e.g., by sending them as e-ma ...
was modified to record metadata (such as geolocation) before being stripped off by the website. * Police wiped the photo database, which enticed vendors to re-upload photos (now capturing metadata). *
Multisignature A cryptocurrency wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often a ...
bitcoin transactions were sabotaged, which at shutdown would allow police to confiscate a larger amount of illicit funds. * Police enticed users to download a
Microsoft Excel Microsoft Excel is a spreadsheet developed by Microsoft for Windows, macOS, Android and iOS. It features calculation or computation capabilities, graphing tools, pivot tables, and a macro programming language called Visual Basic for App ...
file (disguised as a text file) that, when opened, would attempt to ping back to a police webserver and unmask the user's
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
.


Shutdown

AlphaBay was then shut down on July 4, and as expected a flood of users came to Hansa, until its shutdown on July 19/20. During this time, the police allowed the Hansa userbase (then growing from 1000 to 8000 vendors per day) to make 27000 illegal transactions in order to collect evidence for future prosecution of users. Local cybercrime prosecutor Martijn Egberts claimed to have obtained around 10,000 addresses of Hansa buyers outside of the Netherlands. After shut down, the site displayed a seizure notice and directed users to their hidden service to find more information about the operation.


References

Defunct Tor hidden services Defunct darknet markets {{website-stub