The role of VPNs in bringing down one of the darknet’s biggest marketplaces

Dark net

Until recently, the Wall Street Market (WSM) was one of the biggest and most active darknet marketplaces. If you wanted to buy drugs, fence stolen goods, and trade hacked data, WSM was one of the places to go.

But, no more. A joint operation by European and US law enforcement has shut down the site and the three men accused of running it have all been detailed. They were German citizens Tibo Lousee, Jonathan Kalla and Klaus-Martin Frost and the tale of how they were caught is a cautionary tale to VPN users everywhere.

How authorities got the men behind WSM

Authorities on both sides of the Atlantic had been investigating WSM since 2017 and were continuing to gather evidence. But, on 16th April, the three administrators behind the site attempted an exit scam forcing authorities to make their move.

An exit scam is when a site’s administrators try to remove all of the cryptocurrency linked to a site, shut the site down, and seek to launder the money. The men behind WSM are widely thought to have done this successfully with another successful darknet marketplace known as German Market Plaza.

What is interesting about the account of how law enforcement got their men is that two of the three administrators were caught as a result of their VPNs. All men made every effort to anonymise their activity by using VPNs.

None of the VPN providers have been named in the complaint filed by the US Department of Justice. But the men were not caught as a result of VPNs handing over data but rather everyday circumstances which could happen to any VPN users connecting to any provider.

How WSM admins were caught in part by VPN-related data         

Klaus-Martin Frost was caught in part because he suffered from an unstable VPN connection. His VPN would sometimes drop out but he continued to access the WSM administrator pages thereby linking his real IP Address to the site.

Frost was using an anonymous mobile dongle, but authorities were able to identify the dongle being used at his home and work address. When arrested, he was found in possession of the dongle.

That and other circumstantial evidence such as similarities in login details used by Frost and one of the administrators was enough to link him to the site.

The story with Jonathan Kalla was rather different. His VPN connection did not drop out. But that VPN did collect metadata about their users which law enforcement was able to get hold of.

Their investigations were able to prove that an IP Address linked to Kalla’s home address and registered in the name of his mother, was accessing that VPN within very similar time frames to which a user of that VPN was accessing the WSM administrator pages.

Kalla later admitted to authorities that he was an administrator of the site.

The VPN evidence used against Kalla was only circumstantial too. But it serves to illustrate why VPNs who try and shrug off the importance of collecting this type of data are doing their users a disservice.

Metadata alone did not show Kalla accessing the WSM administrative pages. But by looking at this data, authorities were able to show a compelling pattern of internet usage that strongly linked him to the site.

The privacy lessons to learn from the fall of WSM

Few law-abiding citizens will mourn the demise of the Wall Street Marketplace. While most of us were unaware of its existence, it hovered in the dark web helping hackers, drug dealers, and other criminals to profit from the misery and misfortune of others.

But the story of how its administrators were undone is a cautionary tale that highlights two very important but often overlooked privacy features of a VPN.

User privacy is of fundamental importance to most VPN users. Yet, many VPNs still collect a whole host of user data that can incriminate their users. This is highlighted by the story of Jonathan Kalla.

Our strong advice to all VPN users who value their online privacy is to choose a VPN that collects absolutely no user data whatsoever. The likes of ExpressVPN and NordVPN are a good place to start here.

Then there is the risk of your VPN connection cutting out and exposing your true IP Address, as happened to Klaus-Martin Frost.

The truth is that this can happen to any VPN so we cannot recommend any one provider as being better than another in this instance.

But almost all premium VPNs have a tool called a kill switch which is designed to protect you if this happens. A kill switch will cut your internet connection if your VPN link drops out and so stop your true IP Address from being transmitted.

Some VPNs will enable a kill switch by default but many don’t. If you truly value your online privacy, it is well worth taking a few moments to check your kill switch is enabled before you go online.

No doubt, Klaus-Martin Frost will be wishing he had done precisely that, while he lies back tonight in whatever jail cell he is currently being held in.

David Spencer

Author: David Spencer

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.