This week, police announced the takedown of two of the dark web’s largest marketplaces for illegal goods: AlphaBay and its substitute, Hansa. Through a combination of online and conventional detective work, federal agents shut down these two hubs of criminal trade and arrested the major players involved. It’s a substantial blow to the dark web’s community of consumers, who had taken to AlphaBay, and then, Hansa, after Silk Road 2 went under.

Still, this kind of website can be extremely persistent, and authorities often find themselves playing a whack-a-mole game with the various sites. Among dark web experts, there’s a general consensus that there will only be more dark web marketplaces and subsequent takedowns to come.

Despite the sophistication of anonymity tools like Tor and Bitcoin, law enforcement’s best clues in this case seem to have been the result of criminal ineptitude. In December 2016, police discovered Alexandre Cazes, AlphaBay’s apparent creator, through his hotmail email address Pimp_Alex_91@hotmail.com, which was used to send out password recovery emails for AlphaBay. That email address was also found on a French tech troubleshooting website with Cazes’ full name. That led investigators to Cazes’ LinkedIn account, where he listed awfully familiar skills like website hosting and cryptography, making his prominence as a suspect in the case only continue to grow. Despite all the skills Cazes claimed to have on LinkedIn, his drug front company website, EBXtech.com, was “barely functional,” according to court documents; and EBX company bank records showed little to no income.

“A SINGLE SLIP UP LIKE THIS CAN HAVE DOMINO EFFECTS.”
As a final nail in the coffin, authorities acquired Cazes’ PayPal records, which listed Pimp_Alex_91@hotmail.com as contact information, directly tying Cazes’ payment information back to the incriminated address. This put a swift end to Cazes’ almost three-year-old eBay-style illegal goods site.

Criminals and undercover cops alike hide under the anonymity offered by Tor and other safe practices when using bitcoin to buy and sell illegal goods, which makes the dark web a nebulous playing field for digital crime where neither side can catch the other.

Instead of attempting to strong-arm their way through this technology, authorities catch crooks through slip-ups like an email address mistakenly dropped outside of the secure Tor browser and a suspiciously detailed resume listing cryptography and server admin skills. “It is never really the technology — for example, Tor — that lets these operators down,” says dark web researcher Sarah Jamie Lewis. “It’s the practices that go around, such as emails, payments, shipping, that tends to be the undoing.”