Last week’s revelation that Canada’s telecom regulator had pushed the dark web marketplace called Canadian HeadQuarters offline may have temporarily hurt those selling stolen credentials and malware. But a Canadian-based cybersecurity firm predicts another will take its place.
“Like Silk Road and more recently the White House marketplace takedown, it’s probable that another Canadian-specific marketplace for illicit goods will likely re-appear,” Ryan Westman, manager of threat intelligence team at eSentire, said in an interview.
“Individuals who are harvesting personally identifiable information to sell for the purposes of fraud will have to find a new marketplaces to do business … As long as there’s demand there’s going to be individuals who are interested in fulfilling it.”
The operators of the White House marketplace said they were retiring in October, 2021. Silk Road was closed in 2013 when the FBI arrested its founder. Silk Road 2.0 sprang up a month later but was shut down in 2014.
As Montreal-based threat intelligence firm Flare Systems pointed out in a February blog, darkweb marketplaces that disappear are soon replaced by others. For example, postings at the White House rose after German police took down the DarkMarket operation.
The CanadianHQ was a marketplace where crooks could buy and sell many types of goods, including drugs, but it specialized in Canadian-related materials – everything from copies of logos of Canadian banks to stolen Canadian credit card numbers to full identity kits of Canadians, which would include birth dates, social insurance numbers and enough other personal information for creating fraudulent IDs.
Westman said sellers were also peddling access to empty bank accounts in Canadian financial institutions. These accounts, which would be opened by a crook, could then be used for money laundering.
Last week the Canadian Television and Telecommunications Commission (CRTC) said the marketplace closed after it served warrants on four people under Canada’s antispam law. That law gives authorities the right to examine any computer and its data, and to remove any equipment for examination. One of the four was allegedly the site’s administrator. The site was quietly closed last June. The CRTC said the administrator apparently made that decision.
Neither the CRTC nor experts ITWorldCanada spoke to could put a dollar figure on how much money had flowed through the CanadianHQ. Elizabeth Clarke, eSentire’s director of public relations, did note that two of the people who posted items for sale with the same online usernames cited by the CRTC had excellent ratings by purchasers. “They clearly didn’t scam other threat actors.”
eSentire said a person who allegedly used an online pseudonym cited by the CRTC had posted 641 times to the CanadianHQ since 2019. The majority of this person’s advertisements and comments focused on selling and monetizing stolen credit cards issued by Canadian banks. Another person with a username cited by the CRTC had posted over 1,000 times on the site since 2000. Those posts focused on the sale and monetization of stolen credit card credentials, selling full identity kits [called Fullz] used for identity theft, and “how to” manuals on committing identity fraud.
One question is why criminal charges weren’t laid. Instead the CRTC worked through the Canadian Anti-spam Law, known as CASL. Legal experts agree isn’t easy to get enough evidence for a charge in computer crimes. The FBI arrested Silk Road operator Ross Ulbricht as he was running the marketplace on his laptop in a public library. He was sentenced to a double life sentence plus forty years without the possibility of parole and was ordered to pay over $180-million (USD) in fines.
Another question is where the servers running the CanadianHQ were based. Neither the CRTC nor the RCMP said the servers were seized.
While most criminal activity targets the U.S., the world’s biggest economy, crooks don’t overlook Canada. For example, in 2016 a speaker at the SecTor conference in Toronto noted that an unnamed person had earlier that year offered to sell a batch of over 70,000 Canadian credit card numbers. The expert didn’t say which marketplace the cards were being offered on.
Canadian police have been credited by Interpol and Europol with helping world-wide efforts in closing criminal marketplaces and botnets. For example, last November it was revealed that the RCMP and Calgary Police identified computer infrastructure in several countries, including Canada, that was being used by ransomware suspects. That led to the arrest of several people in Europe and the U.S.