How Hansa Was Killed

Written by:
by Damian Jennings
Date Posted:
12 March 2018

Shut down.

On Thursday last week Dutch coppers shut down the infamous Hansa dark web site. On live TV. And they pulled off this cop coup thanks to the fact they were running the site. Schneaky.

Grassed up 
Back in 2016, security-minded Bitdefender grassed up the fact that Hansa was being hosted in the land of pancakes and recreational jazz fags. One of things that users liked about Hansa (aside from all the drugs, guns and hit men they could buy) was the fact that funds were not released to the seller until the buyer confirmed the package had arrived. They did this using multi-signature Bitcoin handling. Kind of like an Escrow.

Dark web
Po Po all over the world are pretty embarrassed about these marketplace sites like Hansa. They use Tor to remain hidden. So the old bill aren’t able to find them. Unless of course it’s the old bill that are running the site. The Dutch didn’t just shut it down and confiscate all the Bitcoins. They are charging all the vendors.

The head of the Netherlands National High Tech Crime Unit, Gert Ras said: “We wanted the world to know that you cannot count on staying anonymous online and commit a crime – even on the dark web.”

In 2016, the 5-0 sneakily copied the whole of the site and rebuilt it on their own network. They figured out how to use the back-end admin part of the marketplace and read through the logs which showed it was being run by two Germans. When the Dutchies called up the German cops they learned the two men were already in trouble with them for running an knock off ebook scheme.

Something tipped off the pair that they were in trouble, so they closed down the hosting in the Netherlands and moved it over to Lithuania.

Hidden information
A wiretap allowed the authorities to find out a load more information. The traffic levels, the names of the 4 mods and the log in deets for an encrypted chat client they used.

It was about this time the FBI joined in the fun. They were going after Alphabay, the largest dark web marketplace. And they worked out some of the Alphabay hosting was in the Netherlands. The Feds and local police cooperated and created the stickiest, most tempting honeypot trap ever.

The Feds shut down Alphabay. Very publicly. The users all ran over to Hansa to flog their wares. Just as the police had planned.

In June last year, the German admins were nicked, and quickly coughed up all the passwords and credentials. The police then migrated the web servers, DBs, coin wallets and other stuff. The police were now running a massive dark web marketplace and none of the users knew.

Clever move
Despite the Dutch having a very relaxed attitude to the buying and selling of soft drugs, they can’t be seen to be running an actual drug marketplace. So, they added a new page in the admin for sellers to put in their addresses, tracking numbers and told sellers to update the page with their info.

This info was then given to a drug squad and EUROPOL so they could bust the sellers. Cleverly, they also told the sellers that the HDD containing all the product images had died, and asked them to resend pics. The silly drug dealers didn’t edit the EXIF data, so they had all that. And because many of the photos were taken on mobile phones, it also had geo-location info showing exactly where the weed was at.

After Alphabay was shutdown, the traffic to Hansa went up 7 fold. The Dutch police kept all message logs, keys and transactions.

Then, on July 20th, during a dual press conference in the Netherlands and America, Hansa was killed, live on air. The cops grabbed 2,500 Bitcoins and the details of over 26,000 transactions. Hundreds of arrests happened next and all data will be shared with any local police forces around the world.


Rating: 4.5. From 2 votes.
Please wait...

Leave a Reply

Be the First to Comment!

Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.