Introduction:

Recently, Net Forums, a well-known hacker community run by individuals who have friendships with members of the five families, was taken down after our CFO, Alameen Karim Merali, obtained authorization from the site owner to access the administrative panel and its resources. With more than 2,350 visitors each day, the forum gained traction earlier than anticipated.

Later, Alameen revealed that the owner was a very dangerous individual working with threat actors connected to the cybercriminal notorious for running the Alphabay Dark Web Marketplace under the nickname DeSnake. It is commonly known that he is buddies with another cybercriminal who goes by the nickname Aterny, who will be discussed about in more detail in the article’s investigative portion.

DeSnake has been active for some time, even after the federal government seized defacto operations and identified the owner as none other than himself. At the time, the government had no idea that he was now cruising online cybercrime forums and collaborating with groups of cybercriminals from all over the world, even after he had made billions of dollars by scamming people out of their money after founding Alpha02.

DeSnake, who currently goes by the pseudonyms impotent, pulpo, astounding and ransomedvc while running the blackforums hacker forum—a forum that netforums sought to collaborate with—exposed himself as the operator of the Genesis drug marketplace, which the FBI confiscated as part of Operation Cookie Monster.

Even so, we can only assume for the time being that DeSnake is a government agent and works for the government because we have never seen someone escape from this many mistakes before and we have deanonymized DeSnake’s identity and submitted it to the authorities (we even know he is Canadian). As a result, DeSnake cannot be arrested for the numerous crimes he has committed because he is most likely a CIA agent. Since defacto operations by the authorities have been seized, information regarding the investigation of DeSnake was approved for release and is not TDL-RED (i.e., approved for public release by the government and not part of an ongoing federal investigation or clandestine). For this reason, it is presented here.

I would like to thank Security Researcher Pavel Maxim Kravkenko for releasing the information that was provided to you regarding DeSnake and Federal Agent Remmy from CISA for enabling us to conduct the investigation and determine who desnake is thanks to his top secret security clearance. This Medium article has additional information about Markus, also known as desnake. He is exactly what we have called the “digital Pablo Escobar.”

Investigation process:

The forum’s owner, who operates under multiple aliases including trial, federal, and swatside, has also been discovered thanks to forensic work done by Alameen, which has made him a suspect in multiple crimes while he’s based in the UK. According to the Federal Bureau of Investigation’s Public Service Announcement, the groups connected to the forum owner are part of a group that is on an international government watchlist.

The owner of the hacking forum was unaware of Alameen’s capabilities and the permissions he was given to access the website and obtain information, even though their bitcoin wallets were discovered and traced, their database was compromised, and their forum source code was compromised. Aterny, a 13-year-old boy who belongs to the threat actor group that operates within the five families that developed the forum, was well-versed in these matters.

Alameen investigated and discovered that there was more information in the database than he would have thought to report to the police. Passwords encrypted with argon2, forum postings, erased data, email addresses, user and administrator logs, suspects’ IP addresses, and more were found.

The authorities received all of the data and information that belonged to the cybercriminals, and Alameen even filed reports with the FBI, MI6, and other intelligence and investigative government agencies. The report includes every piece of evidence needed for the authorities to launch an inquiry, including chat exports and the export of cryptocurrency wallets. Details about the report are not available to the public due to the sensitive information as it contains passwords to servers, usernames to servers, access codes to cryptocurrency wallets, and much more.

Aterny hasn’t been online for more than a month, so we assumed he may have been arrested or fled when we decided to look up his Telegram profile a few months after the report was handed in. As of right now, all we can presume is that this culprit fled after being reported:

Security researcher Pavel Maxim Kravkenko’s GitHub page was updated with information on the forum, including Chat exports, source code, databases, and everything else (except from a copy of the FBI report form, which is private). My CFO, Alameen, then forked the information to his GitHub.

Conclusion:

The aforementioned works serve as only illustrations of what Dark Horse Security Inc. is capable of accomplishing, as well as a warning to cybercriminals that they will be apprehended wherever they may be. We know of mistakes that can lead to their detection, therefore we will track them down and bring them to justice.