IcyEagle Gets Four Years in Jail for Selling Stolen Info on AlphaBay

Aaron Glende, using the pseudonym “IcyEagle” was found guilty of selling hacked personal information on Alpha Bay Market.
Aaron Glende, using the pseudonym “IcyEagle” was found guilty of selling hacked personal information on Alpha Bay Market.

Aaron James Glende, 35, was charged and brought before the United States District Court in Atlanta for selling personal credential information, including stolen bank account login details. Aaron used a pseudonym “IcyEagle” to conduct his illicit activities on Alpha Bay Market.

It is revealed that IcyEagle began marketing his criminal services on the Alpha Bay Market from November 2015 to May 2016.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

Alpha Bay Market is a darknet market built with features that made it easy for buyers with intentions to procure criminal services.

The listings on the darknet market even had categories such as fraud, drugs, counterfeit items, etc. Users could, however, make payments using digital cryptocurrency such as Bitcoin.

The Alpha Bay Market vendor known as IcyEagle was said to have sold a lot of customers’ information of various companies, including banks.

However, the most popular dealings were the transactions IcyEagle made with regards to information belonging to SunTrust Bank clients.

Hacked SunTrust Bank Account login for sale on AlphaBay
Hacked SunTrust Bank Account login for sale on AlphaBay

The FBI revealed the criminal activities of IcyEagle on Alpha Bay Market.

In the months of March and April this year, on totally different dates, an undercover agent accessed the Alpha Bay Market and made the purchase of SunTrust Bank account information from the vendor, IcyEagle, using bitcoin.

The undercover FBI agent revealed that the information he obtained from IcyEagle actually contained active email addresses, bank account numbers, telephone numbers, usernames, and passwords of at least five different customers of SunTrust Bank.

As a matter of fact, IcyEagle priced and categorized the SunTrust Bank account credentials depending on the amount of money in the bank accounts.

For instance, bank balances that fell in the range of $250,000-$500,000 cost for $229.99, while low-balance bank accounts were sold for $9.99, for balances of about $100-$500.

In addition to that, IcyEagle made life easier for his customers by selling them a 6-page tutorial on how to withdraw the money out of the SunTrust Bank accounts.

The tutorial IcyEagle sold to his Alpha Bay clients consist of sections on background checks, routing numbers, bitcoins, and other tips.

There were several other listings posted on Alpha Bay Market by IcyEagle that were not related to the SunTrust Bank. He also sold hacked Amazon gift balances.

IcyEagle sold hacked Amazon gift balances for around one-tenth of the total balance.
IcyEagle sold hacked Amazon gift balances for around one-tenth of the total balance.

Other accounts for sale include email logins, customer reward program logins, dating site logins, and logins for different financial services among others.

Coincidentally, almost at the same time of his arrest, the police were also given a heads up about IcyEagle’s involvement in trafficking narcotic substances. This was a tip from the US Postal Inspectors to the local police.

The police raided IcyEagle’s home in Minnesota and actually found a variety of drugs at the Alpha Bay vendor’s place.

It was after this drug-related arrest that the Federal Bureau of Investigations began tracking his activities on the darknet market.

In a recent press release, the Special Agent in Charge of FBI Atlanta, J. Britt Johnson, commented on the issue and noted that the FBI department is fully aware that cyber crime and cyber criminals like Aaron Glende, also known as IcyEagle, were becoming a persistent increasing problem for American citizens.

Agent Johnson, however, assured the public that the IcyEagle investigation and his arrest was a clear indication that the FBI was working closely with other law enforcement agencies, will track, identify and arrest these cybercriminals regardless of how deep in the digital underground they reside.

In conclusion, Aaron James Glende was found guilty of having used the Alpha Bay darknet market to source for clients and sell information containing different personal credentials of innocent people.

The court sentenced Aaron James Glende, alias, “IcyEagle” to four years and two months in prison.

AlphaBay Upgrading Their Server, Downtime Expected


AlphaBay has been encountering temporary downtime that has affected many users; most of them are experiencing 504 timeout errors upon trying to log in.

Furthermore, during peak hours the server is usually slow and backend also seems to be struggling.

As this problem persists, AlphaBay is optimizing its scripts with the hope of improving performance and downtime is expected for a few hours.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

Server Upgrade

AlphaBay Market is experiencing downtime due to server upgrade.
AlphaBay Market is experiencing downtime due to server upgrade.

Nevertheless, the community forum will remain open as they conduct server upgrade given that it uses a different backend.

The site admin is requesting for patience from members of the public as they continue looking for solutions and performing upgrades.

Some users claim that AlphaBay is probably trying to migrate servers without notifying them beforehand.

But there are those who are adamant that this isn’t the case as AlphaBay would require a huge amount of data to back up the existing files, which include seller profiles, feedback, user messages, wallets, vendor feedback, images and so on.

It’s also possible that they will try imaging the bitcoin server but this is unsafe since all transactions made may be lost in an instant.

Shutting down the site is necessary to image it, as the image might be corrupted during the downloading process.

New features added by Alphabay
New features added by Alphabay

Moreover, even after uploading all necessary images, AlphaBay site admins will still need to reconfigure source codes for new servers, as well as upgrade database, security and “load balancing” of servers.

The entire procedure can take several hours to complete and activate, which is probably why AB is currently experiencing some moments of downtime.

Over the years, AlphaBay has been adding new features that other markets have not yet adopted.

These include FE Vendor’s remediary wallet for preventing fraud, tumbling withdrawals, Vendor stats and so on.

Considering that they’ve been in business for the longest period of time, AlphaBay has a very clear intention of keeping the market running for many years to come.

They are not about to take it down for good partly because the site is being hosted from a “comfortable point where they aren’t worried about the authorities.”

For those who’ve been trading on darknet markets like AlphaBay, such downtimes are quite normal and it has happened even on other sites for an entire week.

But when the site finally comes back, it loads faster and functions much better than before.

As for marketplace users, they should be appreciative that admins usually take lots of time to create a convenient place for trading, and practice even more patience while waiting for people to actually use it.

It takes hard work, good timing, persistence and innovation.

Nevertheless, some people still think it would have been more appropriate if AlphaBay told them of the downtime ahead of time, so that they could prepare for the inconveniences caused.

Update: AlphaBay is back online.

Former Australian Cop Accused of Selling Fake Police IDs on AlphaBay

The Australian Federal Police arrested one Mr. James Gorris, 44, at his residence in Castlemaine on 22nd November, 2016.

The former Australian police officer was charged with manufacturing and selling fake police ID cards. He allegedly used an online platform on dark web, Alpha Bay, to conduct his trade.

Gorris sold fake Victorian IDs and Federal Police IDs. Other than that, the suspect was also accused of selling Borderforce, Aviation and Maritime Security passes.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

Former Australian Cop Accused of Selling Fake Police IDs on AlphaBay
Former Australian Cop Accused of Selling Fake Police IDs on AlphaBay

On Alpha Bay darknet market, Gorris used the alias “piratedeadpool” to sell police agency ID in exchange for bitcoins.

During his arraignment in Bendigo Magistrates Court, Detective Senior Constable Pye from the E-crime squad (an investigative unit that deals with online crimes), says that they set a trap for this “piratedeadpool” user who fell for it.

Undercover investigators pretended to be clients and transacted with the accused. This evidence was presented before Magistrate Murphy at the Bendigo Magistrates’ Court.

During the first transaction which happened last July 6, the undercover police agents confirmed to have bought Victorian Police identification cards and Federal Police IDs worth $4,800 and they paid online for the merchandise in bitcoin currency.

The second transaction between the undercover agents and the Alpha Bay dealer saw them acquire aviation and maritime security IDs; these will allow user access to Australia’s airports and ports.

Then, on the next transaction on the darknet market, the agents bought an Australian Federal Police wallet, a badge, and ID. Purchases were delivered through the Australian Post Express parcel.

On Alpha Bay, “piratedeadpool” even bluffed and told the clients, who in this case were the undercover agents, that using the fake IDs he could steal items at will from police stations including drugs, guns and ammunition, and evidence.

The former Australian police accused of selling fake police IDs on AlphaBay in exchange for bitcoins, awaits his fate in court.
The former Australian police accused of selling fake police IDs on AlphaBay in exchange for bitcoins, awaits his fate in court.

During the raid at Gorris’ place in Castlemaine, Constable Pye said they did not find any guns or drugs. This he said meant that the darknet vendor was only bluffing to lure more clients.

However, he said they found other merchandise, like badges, wallets, blank ID cards, card printers which confirmed that he did the manufacturing of the fake IDs.

The defense lawyer, Mr. Peter Baker, said his client really had no other criminal intentions or motives. He only used Alpha Bay for financial gains.

This was in response to the prosecution which said that Gorris’ dealings were illegal and dangerous as the fake IDs could be used to enter police stations and obtain firearms, bypass airport security or even make potential terrorist plots possible.

This would endanger the lives of thousands of people.

According to Detective Senior Constable Pye, they commenced an investigation on the Alpha Bay vendor five months prior to his arrest.

He said that attention was drawn to the dark web market website during their routine check of the site.

Alpha Bay, they discovered was an online site made anonymous with encryption and routing.

The Bendigo Magistrates’ Court charged him with four counts of manufacturing, supplying and distribution of assorted government badges.

The magistrate denied him bail as they feared that Gorris might try to abscond trial and flee the country, considering his expertise in forging identification documents.

The defense counsel quickly dismissed this claim as speculative.

However, during the trial, Magistrate Murphy commented and said that the possibility of the fake police identification cards could fall into the wrong hands was “frightening.”

He further noted that Gorris, being an ex-police officer, should have known better and the consequences of such actions he termed as dubious and reckless. The magistrate said that it posed a real threat to the public at large.

Gorris was remanded in custody until his next trial scheduled for the 15th of February, 2017. He would make an appearance once again before the Bendigo Magistrates’ Court.

Black Friday Sales On AlphaBay Market

Black Friday is the one time of the year when massive price drops lead millions of shoppers to flock various online and physical outlets to take advantage of the annual discounts on a wide range of products.

Websites crash and shops are often destroyed in the resulting melee as shoppers struggle to buy as many things as possible before the one-day period is over.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

The AlphaBay Market and a host of other DNMs participated in the recently concluded Black Friday sales event where drugs were listed at discounted prices.
The AlphaBay Market and a host of other DNMs participated in the recently concluded Black Friday sales event where drugs were listed at discounted prices.

Traditionally reserved to mainstream online and physical shops, it is a rarity to see dark web marketplaces such as AlphaBay partaking in the tradition.

However, this year’s event was marked by significant discounts from various dark web markets, including AlphaBay as DNM customers were treated to huge discounts on drugs and other illicit items.

AlphaBay Vendors Offered Deals on Narcotics

Vocativ reported several discounts on various hard drugs, most popular of all being the $2 LSD tablets offered by drug vendors on AlphaBay Market and other DNMs, with the top priority being given to customers who purchased in bulks of ten or more pills.

The offer stated that these customers would receive refunds and quick delivery times on their orders.

To sweeten the deal, the LSD vendor was offering to provide ten free testing strips to the buyer who would want to send their order for testing at the Energy Control facility in Barcelona.

The philanthropic discounts went on AlphaBay Market where an AlphaBay drug vendor was offering massive discounts on the synthetic opiate fentanyl.

For users who were interested, $750 could get them around 2,500mg of the drug with no limit on how many purchases could be made.

The AlphaBay vendor was, however, attention-shy, owing his hesitance to the fact that fentanyl is highly illicit and very dangerous.

He was also quick to post a disclaimer, saying that he was not planning on selling his product to people who were not well versed with the use of the drug and the potential risks involved in consuming it.

He planned on setting the distinction by asking his potential buyers the potency of fentanyl when compared to heroin.

Fentanyl is a controversial drug, and its presence among the Black Friday deals will do little to prevent the abuse of the lethal drug.

Despite the AlphaBay vendor’s seemingly cautious measures, there is no guarantee that the drug will not just as easily fall into the wrong hands.

Marijuana Makes an Appearance in Black Friday Discounts

Marijuana Businesses Embrace Black Friday and the Holidays

Marijuana, one of the most popular drugs purchased on the darknet markets, was not absent in the latest spate of discounted products this year.

In the spirit of Black Friday, one drug vendor was reportedly offering an ounce of medical-grade marijuana popularly known as Gorilla Glue #4 for $100.

Being one of the most potent strains of marijuana, this particular drug is known to have the strongest euphoric effects and is a commonly sought after treatment for people suffering from intense pain, insomnia and stress.

The award-winning strain of marijuana won first place in the hybrid category at the 2015 World Cannabis Cup.

Cuban Cigars Also on Offer on AlphaBay Market

On the less illicit products that were on sale in AlphaBay Market on Black Friday, a brand of Cuban cigars referred to as the Churchill cigars were also put on sale at discounted prices by an AlphaBay Market drug vendor.

Considered the largest Cuban cigars, the Romeo y Julieta brand is a really sought after brand of cigars, especially since the lack of a steady relationship between the USA and Cuba has effectively led to the banning of such products.

The AlphaBay Market vendor sought to cash in on the Black Friday rush by offering packs of the popular cigar at really good prices, giving cigar enthusiasts something else to be thankful for this year.

Black Friday Tradition Carries On

Bargain hunters will certainly keep a keener eye on AlphaBay Market and other darknet markets next year to capitalize on the massive sale discounts, which will definitely be turned up a notch given the success of this year’s event.

As far as the illicit drug trade goes, events such as these normalize it to a point where markets like AlphaBay Market seem more commercial than the underground criminal hubs they are often portrayed to be.

Whether this will peak the attention of the law enforcement agencies, even more, we are yet to find out.

AlphaBay Users Are Getting 502 Error

AlphaBay darknet market users are complaining that the site has developed loading issues; each time they try to access it a 502 error comes up.

The AlphaBay is returning a message that processing gateway met an internal error during access and thus cannot serve any request.

Further requesting visitors to refresh the page or try their luck much later.
AlphaBay could be upgrading their system, meaning that this is just a temporary error that might soon go away.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

AlphaBay users have raised concern about a 502 error message that’s affecting the site’s ability to load.
AlphaBay users have raised concern about a 502 error message that’s affecting the site’s ability to load.

The user of AlphaBay have been trying to enter the site all through the previous weekend, but only getting a 502 error every time they try to do so.

To make matters even more complicated, connection plug has not working for certain people. However, not all AlphaBay users are taking it in a bad way since some are optimistic that it could be something to do with the Thanksgiving holiday and its related promos.

They are urging those who are dissatisfied to practice a little bit more patience since such technical hitches happen, but it doesn’t mean AlphaBay is about to close all operations.

Moreover, there are users who say that they’ve logged on just fine, and maybe others can try using one of the available mirrors to see if they will get similar results.

502 bad gateway error
502 bad gateway error

For those encountering problems on the darknet market, it would be wise to withdraw coins as soon as possible for safety reasons.

Anything can happen and it is good to be prepared. Some AlphaBay users are raising concerns that the site was working just fine moments earlier, but as soon as they placed some coins in it the darknet portal started giving errors.

Such are the reasons why it is important to withdraw any remaining balance before it gets too late.

Nevertheless, for those who keep getting the error message, there seems to be no immediate solution.

Hackers Selling Access To a Huge IoT Botnet

Although it seems like it is a relatively new aspect of information technology, The Internet of Things (IoT) has been around in for many years now, albeit it’s under different names.

As the ability to connect and remotely manage a number of networked automated devices through the internet becomes more pervasive, key security issues about IoT are becoming more apparent.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

Hackers are advertising access to hacked IoT devices that could be used to take down websites.
Hackers are advertising access to hacked IoT devices that could be used to take down websites.

Recent events in the span of one week have once again put the security concerns of IoT devices on the spotlight.

According to a report documented by Forbes, black hat underground hackers are currently selling a large number of hacked IoT devices through the Alpha Bay Market.

These IoT devices are similar to the ones used for the Distributed Denial of Service (DDOS), this is the attack carried out on Friday 21st October that brought down sizeable parts of the internet.

Hundreds of thousands, if not millions of IoT devices were compromised by a malware called Mirai which was subsequently recruited into the botnet.

This malware scans the internet for IoT devices such as security cameras, routers, and DVRs with factory-default security measures then it will be use to unleash junk traffic on a targeted online service.

Its source code was released by its creators near the end of September.

This means that it is currently possible for nearly anyone with coding skills to orchestrate a similar attack.

Black hat underground hackers are currently selling a large number of hacked IoT devices through the Alpha Bay Market. || Screenshot from the forum where hackers are selling the botnet

This botnet being sold on Alpha Bay Market was effectively employed to target the Dyn domain name service (DNS).

The hacked devices sent requests to the Dyn DNS service that would essentially cause key websites including Amazon, Twitter, Netflix, Reddit, GitHub, and PayPal to be unavailable to a large majority of internet users in the US.

Many of the IoT devices that were part of Friday’s attack were DVRs and cameras that;s being manufactured by Hangzhou Xiongmai Technology, a Chinese electronics company.

The fact that the hackers are openly selling this IoT botnet through the Alpha Bay Market, this should definitely be a cause of worry.

Security firm RSA first got wind of the sale of the IoT botnet in early October.

F-Secure would later confirm that the underground platform being used to advertise the botnet was the dark web Alpha Bay Market on the Tor network.

While DDoS attacks have been the pain point for the internet since its inception, the direction that recent attacks are taking is concerning.

The IoT botnet being advertised on Alpha Bay Market is said to be capable of generating 1tbps of traffic.

For comparison purposes, the recently record worst DDoS attack generated a little over 1 tbps of traffic.

That attack was carried out earlier this month on OVH, a French hosting service provider.

According to the aforementioned Forbes report, 50,000 bots are going for $4,600 while 100,000 bots are $ 7,500.

The seller’s post was located in the Alpha Bay Market and it revealed that the botnet was created using the Mirai Malware.

Since IoT devices are available in bulk.

There remains the possibility of more botnets being created in the near future.

Whatever the case maybe, this is bound to revamp the debate on the proper implementation of internet security.

As it has currently been pointed out that security regarding IoT devices can be improved by both the IoT device manufacturers and the end users.

Security Firm, Flashpoint stated that one of the problems with many IoT devices is vulnerability via the Telnet and SSH communication services.

These are command line interface is based on text that enable remote connection to the device.

On the other hand it can be accessed through command prompt that enables attackers to determine usernames and passwords.

According to Hangzhou Xiongmai Technology, this feature was turned off in September 2015.

The IoT devices breach was still possible in part due to end users still running the firmware developed before the company released the patches to prevent such attacks.

This is something that black hat hackers who operates on dark net platforms including Alpha Bay Market are well aware of.

An internet scan was conducted on October 6th which reveals that a large number of IoT devices were still running under the vulnerable firmware.

The websites that were affected by last Friday’s DDoS attack could have been avoided had they implemented more internet security measures.

Although they can be difficult to mitigate, enlisting the services of secondary back DNS providers could have made it difficult for the Alpha Bay Market hackers.

Until an industry security association is formulated and the proper standards on the security of IoT devices are widely adopted, they still remain dangerous considering that it’s still on sale, and it could be sold to anyone in the Alpha Bay Market.

Temporary Downtime on AlphaBay Market

Alpha Bay Market had been offline for the last few days sending some people into panic mode. After having problems logging in, one trader got a message from the Darknet Market saying that the problem would last only for just 5 minutes. Despite this assurance, the downtime exceeded its allotted duration making some individuals question whether AB was actually planning an exit scam.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

AlphaBay Market recently experienced a temporary downtime

Nevertheless, some traders were more optimistic, they were asking the complainants to be more patient because Alpha Bay market was probably doing a simple maintenance job. But then again, the timing was really inconvenient for most people. In addition to that, it emerged that some parts of the Dark Web site are occasionally experiencing issues with connectivity. In such cases, it was necessary to switch to another approved Darknet Market link in order to resolve the problem.

For other users, it seems that the PGP code is not working, that is why it’s difficult for vendors to open new accounts on Alpha Bay. Similarly, other users complained of not being able to process their orders, despite meeting all the necessary pre-requisites. This made it difficult for vendors to process orders and keep track on their orders that had already been shipped out. Sending direct messages to traders via Dark Web is not working as well.

Alpha Bay market users are complaining that the site is experiencing temporary downtimes; some have even mentioned that they may be planning an exit scam.

The PGP code was becoming a headache for most users because they are encountering failure. This includes those who tried using it in opening new accounts. The issue was far worse for those seeking to join Alpha Bay for the first time. Nevertheless, there were those who proposed using TAILS software as the preferred built-in version for Alpha Bay. But still, others warned that it was impossible for this to work, especially for those who were opening accounts for the first time. In short, they advised that users should do more online research about the temporary downtime in order to get a better understanding of what’s happening.

Oasis Gone Offline – AlphaBay Conducted Software Upgrade for Monero

Owing to the recent disappearance of Oasis in what is speculated to be an exit scam, Monero’s journey to the top has been abruptly cut short, and the cryptocurrency just might have to go back to the drawing board.

The Oasis Market was the first darknet market to accept Monero as a method of payment before AlphaBay Market eventually integrated the cryptocurrency, leading to a steady rise in its value.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

Temporary Downtime of MyMonero Wallet

monero e-wallet is temporary down

MyMonero, the web wallet for Monero, became unresponsive for a few days, and users reportedly were unable to withdraw funds.

The wallet which is run by XMR developer FluffyPony remained unresponsive as theories concerning the alleged exit scam became the topic of discussion on Reddit forums.

Premeditated Exit Scam

A Reddit user HolladsHerbs speculated that Oasis’s move to integrate Monero as a method of payment was self-serving seeing as they only wanted to pump up the value of the cryptocurrency in order to make a bigger profit when they made off with everyone’s money.

Oasis was allegedly running a Pump&Dump™ game where they bought large amounts of Monero shortly before they went offline.

Compared to the 150 bitcoins that were on the website at the time it went offline, the value of the Monero currency that went missing with the site’s disappearance possibly was much more.

AlphaBay Market Downtime Due to Software Upgrade

AlphaBay Market users were subjected to a scare shortly after the exit of Oasis when Monero services on the marketplace became unresponsive.

According to threads posted on Reddit, several users could not withdraw funds and efforts to get in touch with support proved futile.

AlphaBay later responded saying that they had solved the issue and that the unresponsiveness in the Monero transactions was due to an ongoing software upgrade.

Monero’s rise to recognition has been directly attributed to the AlphaBay Market integration of the cryptocurrency.

Monero’s Vulnerabilities Have Cost it Half Its Market Price

monero is attacked
monero is attacked

MyMonero has been the victim of repeated attacks which have resulted in the theft of millions of dollars worth of digital currency this year alone.

As it stands, it is still not clear whether the security vulnerabilities stem from the wallet itself or compromised user machines.

MyMonero.co, a fake site, pointed out that the vulnerabilities were present in the wallet itself although the XMR developer, FluffyPony, had nothing to do with it.

To the AlphaBay Market users, Monero provided financial anonymity over all other aspects, and this was a major reason why the digital currency took root so fast in the marketplace.

The privacy-oriented currency’s focus on providing anonymity over all other aspects was, however, the beginning of its decline. This and the fact that Monero only had one operational web wallet gradually led to a bubble which eventually popped, leaving XMR’s initial price down by about 50%.

The fall of Oasis has had a heavy negative impact on Monero’s progress as it has effectively cut off half of its ties to the dark web and wiped off most of progress the cryptocurrency had made towards achieving the same recognition as Bitcoin.

Nevertheless, it is touted that individuals with intricate knowledge on currency speculation will retain more or less the same standing towards the XMR despite the recent turn of events which have led to a significant drop in the price of Monero.

AlphaBay under Suspicion

Bloggers warned users to keep away from AlphaBay for a while especially after the short radio silence. Users are finding the “technical issues” pretext hard to bite and believe that AlphaBay Market may have been up to something.


Some of the speculations suggest that AlphaBay Market may have been compromised by law enforcement and is now in the process of trying to take down unsuspecting users before they catch on.

Personally, I wouldn’t pay much attention to these “bloggers.” They are just looking for headlines and click bait. Just make sure you take precautions to hide your identity.

Monero Deemed Untrustworthy

On the topic of Monero, the consensus is that AlphaBay Market users should stick to the tried and tested Bitcoin and leave the highly vulnerable Monero to sort out its issues first.

The repeated failure of the MyMonero wallet has led to its portrayal as nothing but an elaborate scam whose main selling point takes advantage of Bitcoin’s biggest weakness.

The fact that users do not generate the private keys to their transactions or even have access to the blockchains for verification has been used to paint Monero as a risky venture that dark web market users should generally avoid.

Hacked AlphaBay User’s Account Led to the Discovery of Philadelphia Ransomware

A security researcher from Emsisoft, Fabian Wosar, recently revealed that he had discovered a new decrypter that could unlock files closed by the Philadelphia ransomware. This malware is relatively new and was developed by the same person who created the Stampado ransomware.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

How the Philadelphia Ransomware Encrypts a Victim's Files.
How the Philadelphia Ransomware Encrypts a Victim’s Files.

Like many other ransomware software currently in circulation on the dark web, Philadelphia targets encrypted files and removable drives based on a list of sanctioned files extensions, before finally uploading its ransom message.

Wosar had earlier released another free decryption tool for Stampado, but since the two programs are related with both being coded in AutoIT scripting language, he was able to unravel Philadelphia’s method of operation and create a fully functional decrypter before it could cause any damage.

Hacked Alpha Bay Market account – discovery of Philadelphia

A hacked Alpha Bay Market account had earlier led to the discovery of Philadelphia; news about its existence first came to light on September 7th, when an online user called Arslan0708 posted a chat message between a possible hacker, SkrillGuide2015, and Philadelphia’s developer known as The Rainmaker.

Arslan0708 says that he cracked a machine owned by an Alpha Bay Market user, and was able to remotely access a Jabber/XMPP chat between the two parties.

Online Darknet Market AlphaBay Beefs Up Online Security Protocols
Online Darknet Market AlphaBay Beefs Up Online Security Protocols

Since this activity was illegal, the individual refused to reveal any further details, but his hacking of the Alpha Bay Market account unraveled the upcoming ransomware threat which later turned out to be Philadelphia.

During the conversation on the Alpha Bay Market, The Rainmaker was discussing a new ransomware file he had just finished creating and was now selling it for $400.

Previously, he had sold the first ransomware, Stampado, at a much lower rate of $39.

The ransomware makes use of a new C&C communications system; it works through bridges or proxies that report back to the main server.

Nevertheless, founder of Bleeping Computer and malware analyst, Lawrence Abrams, identified certain problems with Philadelphia’s implementation of the Bridges system.

He says that unless the bridges are stored on anonymous networks such as Tor, they are likely to be discovered and brought down pretty quick.

However, since these bridges are hardwired inside the Philadelphia system code and cannot be retrieved automatically, if these servers are disabled then it leaves victims in a bad situation of inability to pay the ransom and decrypt their files.

Another feature that’s worth highlighting about this ransomware is the existence of a “Mercy” button; hackers can use it to decrypt the victim’s files without first requiring a ransom.

Recently, security researchers discovered an email spam that was delivering an overdue payment message from Brazil’s Finance Ministry; it was infected with Philadelphia.

You can identify a Philadelphia ransomware by the long random names found on their encrypted files and .locked extensions.

The ransomware requests for only 0.3 BTC from the victims, which is around $210.

Beware that Philadelphia can delete a certain number of files from infected computers, particularly if the victim delays on paying the ransom.

Once a machine has been infected, the victim should decide quickly whether they want to pay the ransom or download Fabian Wosar’s decrypter.

If they take too much time before decrypting, a huge portion of their files will go missing.

Philadelphia operates differently from other ransomware; however, its operations rely mostly on bridges which have the capacity to infiltrated shared networks.

It’s a PHP script that makes use of its own database, no MySQL. They can store the user’s keys, verify payments and even show the victim’s data on the headquarters server safely.

They can also be hosted on all types of servers, including those that have been hacked, shared hosting networks, dedicated and VPS servers amongst others.

To infect an unsuspecting victim, the hacker who buys a Philadelphia license for $400 must first install PHP scripts for the bridges found on their attack sites.

Additionally, they need to put up Philadelphia Headquarters program onto their machine. This control panel allows them to access every bridge on their network, which ultimately gathers random information about the victims and also records encryption key.

Nevertheless, the ransomware claims that it innovates over other crypto-malware samples already in existence, by auto-detecting when victims are making bitcoin payments.

AlphaBay Also Offers Attraction Tickets and Luxury Goods

Developments in Information Technology (IT) have definitely led to unprecedented changes in the way business is conducted over the last two decades.

While the internet has resulted in great improvements in commerce, it has also brought with it some negative aspects.

One key area is the ever growing influence being exerted by online black marketplaces on the so-called dark web.

==> Click here for the AlphaBay Guide and AlphaBay URL <==

AlphaBay also has a huge selection of physical luxury goods.

Darknet sites are well-known to be complacent in real-world crime including vending drugs, weapons, pornography, and counterfeit items.

These and other reasons have forced academics, policy makers, and law enforcement agencies to reassess the effects of IT on societal issues today.

However, it is important to note that darknet vendors do not exclusively deal in explicitly illegal items as most people think. A considerable number of them including AlphaBay also market supposedly legal goods and services.

The typical items on sale on any reputable dark web marketplace include drugs, weapons, stolen personal data such as credit card information, and other non-legit wares sold under the cover of anonymity provided by the numerous online cloaking methods.

A dinner reservation is the last thing you would expect when browsing through AlphaBay.

The elaborately listed reservation included screenshot and a fluent description that gave the prospective buyer a peek into the luxurious experience offered at a 5-star establishment in London known as The Shard.

The reservations which were originally priced at 110 Euros were going for only $50.

In another separate but similarly peculiar listing, another vendor was advertising the sale of Disneyland and Hollywood’s Universal Studios tickets.

Despite the lightly detailed listing, over 20 people have apparently made purchases from the vendor since October 2015.

The string of luxury packages was seemingly endless as another listing advertised a flight and hotel package for the meager price of $500, of which 17 buyers were all too willing to cash in on.

Not many had been aware of this seemingly softer side of the darknet markets, although AlphaBay is a prime example of how the practice has been going on longer than most of us know.


AlphaBay is what one would consider a classic marketplace-type website.

AlphaBay was launched officially on the 22nd of December 2014.

Since then, it has grown steadily to become one of the most popular and largest darknet markets today.

AlphaBay operates on the Tor network and employs Bitcoin as the major currency.

Commenters say that the site’s popularity may be a result of AlphaBay’s up-to-date new features category. AlphaBay is constantly upgrading and diversifying their listings.

Recent online reviews and user data suggests that people are actually taking advantage of these listings.

Going by the publicly posted sales records, it looks like the voucher for the London hotel already found a buyer.

Also included on listings on AlphaBay are a collection of luxury goods including Burberry and other designer handbags, Fitbits and, Seiko watches.


Although some of these items offered on darknet sites like AlphaBay are not often associated with underground markets, internet users should not assume that they were obtained lawfully or are authentic products.

AlphaBay has been known to list stolen credit card information.

As such, it is definitely possible that some of the luxury items featured on the listing were obtained through carding.

Carding is purchasing goods and services through stolen credit cards.

Several vendors on AlphaBay have explicitly indicated that the attraction tickets on the listings were carded.

Therefore, depending on the source of specific vendors, there is no conclusive guarantee that the buyers actually get original luxury items.

Even in the cases where they do, there is still a chance that the items delivered to them are stolen or invalid goods.

For instance, Disneyland got wind of the E-tickets being listed on AlphaBay and implemented extra security measures effectively canceling unauthentic ones.

The exact means by which vendors acquire such items is obviously difficult to ascertain.

The current evidence from forum conversations and anecdotes suggests that they either source from offline dealers or use other darknet markets to buy these goods in bulk.

The vendors then resell it in small more profitable quantities.

The dark web has always been a hot-button issue, and these recent reports of diversification of goods and services will definitely not sit well with those strongly against these corners of the internet.

Anonymity Newsletter

By signing up to the Anonymity Newsletter you will receive invaluable information about how to remain anonymous online to hide your Deep Web activities. You will also receive the latest news on what is happening on the Darknet Marketplaces and Deep web as well as great resources to use on your journey through the Darknet.

You have Successfully Subscribed!