The recent takedown of dark web marketplace AlphaBay represented a major success for law enforcement agencies in the U.S. and around the world. AlphaBay regularly sold not only illegal drugs and firearms, but also malware tools and stolen personally identifiable information (PII), enabling a variety of cybercriminal activity.
While the takedown has undoubtedly helped stifle the abilities and reach of cybercriminals, experts caution that its effect on mitigating the overall level of cyberthreat faced by corporations and law firms alike, while significant, will likely be temporary at best.
According to the Department of Justice (DOJ) , prior to its takedown, AlphaBay had "over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools."
It is likely that some of these "stolen and fraudulent identification documents" may have come from those in the legal industry. Email addresses connected to various law firms have been discovered by cybersecurity company Protorion Systems on the dark web, though most were connected with logins used for third-party accounts, such as Dropbox, and not law firm systems themselves.
Still, the risk of having such third-party login information exposed means hackers have a potential way into a law firm employee's devices and digital life and, by extension, the law firm systems to which they have access.
Shutting down marketplaces like Alphabay, therefore, effectively mitigates the risk of personal account information getting into the hands of cybercriminals and helps authorities identify and prosecute those who are trading such information in the first place.
But the impact of taking down cybercriminals and their malware is likely to be temporary, given the frequency at which these tools and cyberattackers pop up. Like music privacy or trying to keep up with new forms of data, fighting cybercrime online can be a perennial game of "whack-a-mole."
Alphabay itself, for instance, is a relatively new marketplace, launched in late 2014 only weeks after the takedown of the then-largest dark web marketplace, Silk Road .
Marcus Christian, partner at Mayer Brown and former executive assistant U.S. attorney at the U.S. Attorney's Office for the Southern District of Florida, said shutting down Alphabay "is just one piece in an overall very large law enforcement puzzle" and not a definitive blow against cybercriminals.
"There will still be marketplaces that are available as long as individuals and criminal organizations believe that they can make profits," he said, adding that many believe that, once one market is down, "there will be another bigger and 'better' one to soon surface."
Christian compared such marketplace takedowns to the war on drugs, noting that "we've been taking down marketplaces in the physical world for narcotics for a long time, but [drug crimes] still happen."
Still, Christian argued that going after marketplaces is not an exercise in futility. "I think law enforcement would be quick to tell you it's important and from a business perspective not to have actors out there who can just steal data, steal IP, and steal proprietary information from corporations with impunity," he said.
Mark Krotoski, partner at Morgan Lewis who previously served as federal prosecutor at the DOJ for over 20 years, agreed. He noted that, while the takedowns "won't discourage everyone, and those who are seeking to engage in [cybercriminal] activity will try and find new marketplaces," it does to make cybercrime a less appealing profession. "There is a general deterrence impact because it does discourage some who might be contemplating this activity," he explained.
And more to the point, he added, takedowns of dark web marketplaces give law enforcement valuable information to take down some of the biggest players in the cybercrime world.
"Law enforcement officials, if they are able to undercover [those who execute] transactions, may be able to identify some cybercrime individuals who either have history of being involved in this activity," Krotoski said.
Indeed, these leads can turn into significant prosecutions. In July 2017, for example, the FBI was able to arrest Mark Vartanyan, a Russian national the agency called "a key resource" for the cyber underworld . Among other things, Vartanyan was the mastermind behind a particular nefarious banking Trojan known as Citadel.