David Trail pleaded guilty at Edinburgh Sheriff Court to supplying diazepam and hacking credit card details.
The 26-year-old’s conviction comes 18 months after his Polwarth flat was raided in a co-ordinated strike involving law enforcement officials from the United States, Germany and Britain.
Prosecutors said Trail had created Topix2, a now-closed site likened to a criminal version of eBay on the “dark web” – a network of underground websites used for illicit deals.
Police Scotland found customised keyboards plus credit card details, including security codes, that he had stolen from his former employer, Scotweb, when they searched his flat in Watson Crescent on November 6, 2014.
Detective Inspector Brian Stuart, of the Cybercrime Unit, said: “Following information from colleagues in FBI, Germany’s West Hessen Police and the UK’s National Crime Agency, Police Scotland identified David Trail and his operation and ownership of a hidden website designed to enable its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement.
“His targeting of a previous employer, overcoming their security, almost had a devastating effect on the company’s ability to remain in business.
“There is no doubt that the early intervention of law enforcement prevented Trail from peddling drugs in his serious and organised criminal enterprise. New and traditional policing techniques assisted in bringing Trail to justice.”
He added: “The conviction of Trail should serve as a reminder to those wishing to involve themselves in criminal enterprises on the internet that there is no hiding place.”
The investigation began in August 2014 when the FBI handed over a range of IP addresses linked to a range of sites on the dark web, used to buy anything from children to the services of a hitman.
A narcotics squad in Hesse identified Trail as the ultimate controller of a website hosted in Germany.
Detective Sergeant Martin McKay, who led the investigation, said: “Not only did he use the website to deal drugs but he invited others to use the platform to deal controlled drugs. He also stole over 450,000 credit card details from his previous employer.
“They were fined £10,000 because of their security failure, but it wasn’t their fault because it was overcome by the same person who created that security. They also had to pay £7000 to another company to come in and put their security system back on.
“He was a unique individual but he made silly mistakes. And we have our own answer to David Trail [in the Cybercrime Unit] who is on a par with David, if not better. He didn’t like being told what his mistakes are. His biggest slip-up was that, financially, he didn’t know how to cover his tracks.”
This is the first time someone has been convicted in Scotland under section two of the Computer Misuse Act – unauthorised access with intent to commit or facilitate commission of further offences. Trail will be sentenced next month.
Ross Ulbricht, the creator and chief operator of the dark website Silk Road, was given two life sentences in the US in 2015.