CRTC Takes Out A Dark Web Marketplace Called Canadian HeadQuarters ….. For Now

In all the Spotify related news, I forgot to do a post on the CRTC taking out Canadian HeadQuarters. This was a Dark Web marketplace and the four people behind it have been slapped with fines:

Before shutting down, CanadianHQ was one of the largest Dark Web marketplaces in the world and significantly contributed to harmful cyber activity in Canada. It specialized in the sale of goods and services, including spamming services, phishing kits, stolen credentials and access to compromised computers, which were used by purchasers to engage in a variety of malicious activities.

The CRTC’s investigation focused on four individuals who allegedly sent emails mimicking well-known brands in order to obtain personal data including credit card numbers, banking credentials and other sensitive information. The following individuals have been issued penalties for sending commercial electronic messages without consent in violation of Canada’s anti-spam legislation (CASL):

  • Chris Tyrone Dracos (a.k.a. Poseidon) – $150,000
  • Marc Anthony Younes (a.k.a CASHOUT00 and Masteratm) – $50,000
  • Souial Amarak (a.k.a Wealtyman and Supreme) – $50,000
  • Moustapha Sabir (a.k.a La3sa) – $50,000

As the creator and administrator of the marketplace, a higher penalty is being issued to Mr. Dracos for allegedly aiding in the commission of numerous violations of CASL by the platform’s vendors and customers.

As part of this investigation, a number of other vendors have been identified and enforcement actions will be taken against them in the near future.

That’s great. But experts say that this may be a short term victory:

“Like Silk Road and more recently the White House marketplace takedown, it’s probable that another Canadian-specific marketplace for illicit goods will likely re-appear,” Ryan Westman, manager of threat intelligence team at eSentire, said in an interview.

“Individuals who are harvesting personally identifiable information to sell for the purposes of fraud will have to find a new marketplaces to do business … As long as there’s demand there’s going to be individuals who are interested in fulfilling it.”

To get another perspective, I reached out to Darktrace’s David Masson and here’s what he said:

Despite occasional news items about the arrests and, even rarer, the convictions of cyber-attackers, most people would be forgiven for thinking that bad actors almost always get away with it. It can be challenging to find those responsible and hold them accountable, thanks to the anonymity of the internet and a host of sophisticated applications designed to cloak offenders’ identities. 

In terms of getting an arrest and a subsequent legal trial, knowing “who done it” is not the same as being able to prove it in a Court of Law. It is also difficult to prove what was done. While it may be clear that attackers stole money or identities, how it happened and who is to blame can be more challenging to prove with evidence. Nevertheless, legal mitigations can still occur with more creativity and bigger thinking.

With the above in mind, we should congratulate the Canadian Radio-Television and Telecommunications Commission (CRTC) for recently issuing penalties to four individuals in Canada for their involvement in the Dark Web marketplace Canadian HeadQuarters (also known as CanadianHQ). According to a CRTC statement, “The CRTC’s investigation focused on four individuals who allegedly sent emails mimicking well-known brands to obtain personal data including credit card numbers, banking credentials and other sensitive information.” 

In actuality, the CRTC issued the penalties “for sending commercial electronic messages without consent in violation of Canada’s anti-spam legislation (CASL).” We should remember, it was an inability to pay his taxes that took down Al Capone, not his other much more malicious activities. Still a result nonetheless, but both secured via more nuanced means.

It will be interesting to see how long it takes for this operation to reappear on the Dark Web. Because in my view, fines are great. But jail time would have been better. But given how hard these crimes are to prosecute, I’ll take anything that I can get in terms of punishing those behind these operations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: