The “dark web” sounds mysterious and dangerous. The dark web is described as a set of pages on the internet that cannot be indexed by search engines, further can not be viewed in a standard web browser, and typically require specialized software or network configurations in order to access. These pages commonly use encryption to provide anonymity for users.
There are marketplaces on the dark web where individuals buy and sell illicit goods and services.
One of the largest dark web marketplaces in the world was the Canadian Headquarters (or Canadian HQ). This site sold spamming services, phishing kits, stolen credentials, and access to compromised computers that were used by users to engage in various malicious activities.
The investigation was initiated from 2020 to 2021. The marketplace was taken offline after the CRTC executed the warrants.
The CRTC’s investigation alleged that 4 individuals sent emails mimicking well-known brands in order to gather sensitive personal information such as credit card numbers and banking credentials. Such phishing messages are sent without consent in violation of Section 6(1)(a) of Canada’s Anti-Spam Law (CASL).
The CRTC reported that Notices of Violation were issued against the following individuals:
Chris Tyrone Dracos (a.k.a. Poseidon)
Marc Anthony Younes (a.k.a CASHOUT00 and Masteratm)
Souial Amarak (a.k.a Wealtyman and Supreme)
Moustapha Sabir (a.k.a La3sa)
The higher penalty of $150,000 was given to Mr. Dracos who is alleged to be the creator and administrator of the Canadian HQ marketplace and therefore is alleged to have committed numerous violations of CASL. The others involved were each issued penalties of $50,000.
A few months later Mr. Dracos was charged with two counts of unauthorized use of a computer, and possession of a device to obtain unauthorized use of computers – both violations of the Criminal Code of Canada.
Steven Harroun, Chief Compliance and Enforcement Officer, CRTC was quoted as saying that “Canadian Headquarters was one of the most complex cases our team has tackled since CASL came into force.” He extended thanks for assistance and cooperation to the cyber-security firm Flare Systems, the Sûreté du Québec, and the RCMP’s National Division.
The CRTC has identified a number of other vendors through this investigation and reports that additional enforcement actions will be taken against them in due course.