CRTC investigation targets Dark Web marketplace vendors and administrator
The CRTC’s Chief Compliance and Enforcement Officer today announced penalties totalling $300,000 to four Canadians for their involvement in the Dark Web marketplace Canadian HeadQuarters (also known as CanadianHQ). The marketplace was taken offline following the execution of warrants by CRTC staff.
Before shutting down, CanadianHQ was one of the largest Dark Web marketplaces in the world and significantly contributed to harmful cyber activity in Canada. It specialized in the sale of goods and services, including spamming services, phishing kits, stolen credentials and access to compromised computers, which were used by purchasers to engage in a variety of malicious activities.
The CRTC’s investigation focused on four individuals who allegedly sent emails mimicking well-known brands in order to obtain personal data including credit card numbers, banking credentials and other sensitive information. The following individuals have been issued penalties for sending commercial electronic messages without consent in violation of Canada’s anti-spam legislation (CASL):
- Chris Tyrone Dracos (a.k.a. Poseidon) – $150,000
- Marc Anthony Younes (a.k.a CASHOUT00 and Masteratm) – $50,000
- Souial Amarak (a.k.a Wealtyman and Supreme) – $50,000
- Moustapha Sabir (a.k.a La3sa) – $50,000
As the creator and administrator of the marketplace, a higher penalty is being issued to Mr. Dracos for allegedly aiding in the commission of numerous violations of CASL by the platform’s vendors and customers.
As part of this investigation, a number of other vendors have been identified and enforcement actions will be taken against them in the near future.
Canadians are encouraged to report spam, phishing, and suspicious practices to the Spam Reporting Centre.
“Some Canadians are being drawn into malicious cyber activity, lured by the potential for easy money and social recognition among their peers. This case shows that anonymity is not absolute online and there are real-world consequences when engaging in these activities.
Canadian Headquarters was one of the most complex cases our team has tackled since CASL came into force. I would like to thank the cyber-security firm Flare Systems, the Sûreté du Québec and the RCMP’s National Division for their invaluable assistance. Our team is committed to investigating CASL non-compliance on all fronts.”
– Steven Harroun, Chief Compliance and Enforcement Officer, CRTC
As part of this investigation, Notices of Violation (NoV) were issued to four Canadians with penalties totalling over $300,000.
Several warrants were executed in the greater Montreal area through 2020 and 2021 during this investigation.
The Dark Web is a set of pages on the Web that cannot be indexed by search engines, are not viewable in a standard Web browser, require specific means (such as specialized software or network configuration) in order to access, and use encryption to provide anonymity and privacy for users.
Dark Web marketplaces are online marketplaces where people can buy and sell illicit goods and services under the protection of anonymity.
Phishing is an attack where a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information.
CASL protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. It also aims to help businesses stay competitive in a global and digital marketplace.
Since CASL came into force, the CRTC’s enforcement efforts have resulted in penalties of more than $1.4 million. This amount includes penalties totalling approximately $805,000, as well as $668,000 paid as part of negotiated undertakings.
Payments resulting from the CRTC’s investigations are made to the Receiver General for Canada.
The Chief Compliance and Enforcement Officer issues Notices of Violation and accompanying penalties where there are reasonable grounds to believe that a violation has taken place. Alleged violators have 30 days to pay the penalty or challenge the notices and penalties before the Commission.
The CRTC promotes and enforces compliance with sections of CASL, which prohibit companies from sending commercial electronic messages (spam) without consent, altering transmission data in electronic messages without consent, and installing a computer program on another person’s computer system without consent, among other things.
The CRTC is committed to protecting Canadians and is continuing to enhance its monitoring to ensure that all entities follow CASL.
Information collected by the Spam Reporting Centre is used by the CRTC, the Competition Bureau and the Office of the Privacy Commissioner to enforce CASL.