Monday, May 23, 2022

CRTC action leads to closing of dark web marketplace selling goods and services to cyber criminals

A dark web marketplace that specialized in Canadian targets has been shut down following action by this country’s telecom regulator, which also announced penalties to four people totaling $300,000 for violating Canada’s anti-spam law.

The Canadian Radio-Television and Telecommunications Commission (CRTC) said today that it has taken the action against the marketplace called the Canadian HeadQuarters (also known as CanadianHQ). The regulator said the marketplace, which the CRTC said was one of the largest on the dark web, was taken offline following the execution of warrants by CRTC staff.

In a statement this afternoon (see below) the regulator clarified that the site was closed by its administrator.

Screen shot from the CanadianHQ criminal goods web site
Screen shot of a stolen Wells Fargo customer’s credit card advertised on the Canadian HeadQuarters site. Image from a Terbium Labs report in 2020

It specialized in the sale of goods and services to crooks, including spamming services, phishing kits, stolen credentials and access to compromised computers. Among other things the marketplace sold logos of well-known Canadian companies like banks that crooks could use in their spam campaigns, copies of drivers’ licences, and cheques resembling Canadian Emergency Response Benefit (CERB) cheques distributed by Ottawa for COVID-19 relief that could be used for fraud.

Mathieu Lavoie, CEO of Montreal data risk protection provider Flare Systems, who notified the regulator about the site after discovering it early in 2018, said in an interview the Canadian HQ stopped running last year.

Asked for clarification, the CRTC said the CanadianHQ was shuttered during the course of its investigation. “The CRTC continued its investigation, which led to the result announced today (i.e., the issuance of Notices of Violation with penalties).”

Notices of violation of the Canadian Anti Spam Law (CASL) were served today in Canada and  went to

–Chris Tyrone Dracos (known allegedly online as Poseidon), $150,000 for allegedly being the creator and administrator of the marketplace;

–Marc Anthony Younes (allegedly known online as CASHOUT00 and Masteratm), $50,000;

–Souial Amarak (allegedly known online as Wealtyman and Supreme), $50,000;

–Moustapha Sabir (allegedly known online as La3sa), $50,000.

The CRTC added that as part of this investigation, a number of other unnamed internet vendors who sold on the marketplace have been identified, and enforcement actions will be taken against them in the near future.

The CanadianHQ was a considerable operation. According to Lavoie, it had more than 105,000 unique listings over the course of its existence. Just over 450 vendors were active on the platform, he added.

Privacy lawyer Barry Sookman of the McCarthy Tetrault law firm noted the four people named were only serviced notices of allegedly violating CASL, which they can still contest.

“It’s not clear whether there could still be criminal charges,” he added, noting the CRTC credited the RCMP in part with helping its investigation. “It’s not clear why the CRTC led the investigation,” he said, although the allegation that there was the use of malicious email, which would give the regulator jurisdiction for those activities.

He also noted the CRTC statement didn’t say the regulator got an injunction to close CanadianHQ. Instead, the press release says “the marketplace was taken offline following the execution of warrants by CRTC staff.” Under CASL the regulator can only get a warrant to get information from an organization for an investigation. It must go to court to get an injunction.

“It sounds to me that after individuals received a warrant they realized the CRTC was investigating … and maybe they realized that the RCMP would also get information from the investigation and they could be liable to criminal charges” so they shut the site.

Asked for clarification the CRTC said “the website was taken down following the execution of the warrants. We are unable to speak to the administrator’s rationale for closing the site.”

The RCMP refused to comment on its role.

Lavoie called the Canadian HQ “fairly big” as dark web marketplaces go. “It was probably in the top 10 of illicit markets.” It sold drugs as well as cyber-crime-related products, he said. “It was the biggest market targeting Canadians.

“Some Canadians are being drawn into malicious cyber activity, lured by the potential for easy money and social recognition among their peers,” Steven Harroun, the CRTC’s chief compliance and enforcement officer, said in a statement. “This case shows that anonymity is not absolute online and there are real-world consequences when engaging in these activities.”

CASL prohibits companies from sending commercial electronic messages (spam) without consent, altering transmission data in electronic messages without consent, and installing a computer program on another person’s computer system without consent.

In 2020 Terbium Labs (now part of Deloitte) issued a report that called The Canadian Headquarters on of the three top major multi-good marketplaces on the dark web, along with Empire Market and White House Market. (Other criminal marketplaces specialize in, for example, credit cards or stolen credentials.)

In an interview at the time Tyler Carbone, Terbium’s chief strategy officer, said “it’s difficult if not impossible to confirm it is actually hosted in Canada,” or whether the owners were based here. “What we do know is it focuses specifically on goods targeting Canadian companies on the [stolen] data and services side,” as well as drugs that can be shipped to Canadians.

Those listing goods for sale on the CanadianHQ are either based in Canada or want to sell to those interested in the products here, he added.

Brett Callow, a British-Columbia-based threat analyst at Emsisoft, called the closing of the marketplace “a win for the good guys, and that’s something which we’re seeing more and more often. In the past, cybercrime was all reward with near-zero risk — the effective rate of prosecution was previously estimated at only 0.05 per cent. But that’s changing. Every takedown, disruption, seizure and arrest alters the risk-reward ratio and creates a disincentive as individuals can no longer assume that cybercrimes will be unpunished. Additionally, takedowns of marketplaces such as the Canadian HeadQuarters make it harder for other cybercriminals to operate.
“While we’re still a very long way from eliminating cybercrime, we’re certainly scoring far more points than we did in the past.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.