/d/OpSec icon

/d/OpSec

15,203 subscribers

Discussion about OpSec, Threat Models, Protection, Assessment and Countermeasures.

Ways Law Enforcement Busts Dark Web Users (Pinned post)

by /u/Cannablys · 164 votes · 3 years ago

Sourced from /r/DNMBusts

Users of the dark web are protected by a veil of technological anonymity. This has given majority of the users a sense of security and belief that they are beyond the reach of law enforcement officer. This has been proven to be wrong in a large number of instances where users have been busted by these officers.

The Postal System

Even after the sophisticated technology to guarantee users anonymity, the dark web market vendors depend on the postal system or ordinary couriers to deliver their products such as drugs.

Even after taking a lot of care to ensure that the products are not seized by the custom authorities, law enforcement officers may investigate where the package is being sent to or where it is being sent from.

In other cases the post offices provide a good surveillance opportunity for the Feds.

A perfect example is of Chukwuemeka Okparaeke who was a Fentanyl dealer in the Alphabay dark web marketplace. According to a filing by the US department of Justice (DOJ), Okparaeke was seen at several post offices in Midtown New York. He was also fond of buying priority delivery stamps in bulk and to add to all this, the postal staff had viewed his driving license. His biggest mistake however was depositing large numbers of packages at US post offices while wearing latex gloves. This caught attention of the postal staff.

Law enforcement was already interested in that area as a source of fentanyl analogs and as such an approach by a postal inspector was seriously taken. The officers placed an order with fentmaster at Alphabay and were able to arrest Okparaeke after successfully being able to tie him to the fentanyl he sent them.

On his arrest his phone was found to have the private internet access VPN app, Orbot TOR proxy app and a bitcoin app. He also had not cleared his browsing history and was thus easily tied to the drug dealing activities.

Delivery of products through the post office continues to pose a big challenge for a majority of vendors in the dark web markets.

Digging Through Seized Data

An arrest of a vendor or seizure of a marketplace can provide a large amount of data in which investigators find leads they then can use to bust other dark web users.

Through Operation onymous, which was an international law enforcement operation targeting dark web markets and other services operating on the TOR network, marketplaces such as Silk Road 2.0, Hydra and Cloud 9 were seized and shut down.

The operation provided information that led to up to 17 arrests in different countries. One of the arrests made during the operation was of a Durham couple who were operating as cannabis shop on Silk Road 2.0.

Users of the dark web markets may leave digital footprints in open forums or public documents that eventually disclose their identities to investigators.

Ross Ulbricht the creator of the original Silk Road marketplace had his identity revealed by a special agent with the Criminal investigation Unit of the Internal Revenue Service (IRS) Gary Alford, who after googling the onion address of Silk Road on the normal internet, found an advertisement made by Ulbricht on a famous bitcoin forum bitcoin.org under the username altoid in a bid to attract more customers onto the Silk Road. A post from several months later on the same forum showed the personal email of Ulbricht in the text of the post, a later search on his email confirmed that he had set up an account on bitcoin.org under his personal email address.

Availability of his personal information highly contributed to his arrest and conviction resulting in a life sentence without parole.

A simple google search took down Ross Ulbricht who was a major player in the development of all dark web markets.

Undercover Operations

Due to availability of tools that provide users with anonymity, it is impossible to really know who is at the other end of a conversation. Law enforcement have taken advantage of these anonymity tools and posed as vendors, buyers or even administrators of marketplaces without the knowledge of other users. This has enabled them to bring down marketplaces while also busting the administrators, vendors and buyers.

Dutch Law enforcement took control of Hansa on June 20 this year after arresting two of its administrators in Germany. They secretly ran the site while monitoring activities of the users. They were able to obtain addresses and identities of a majority of the users.

The undercover operation led to arrest of a number of Hansa users. In the Netherlands the law enforcement arrested a 28 years old man for allegedly selling cannabis both domestically and internationally through the Hansa site using Quality weeds as his vendor name.

Other arrests attributed to the undercover operation by the Dutch authorities at Hansa has been made in other countries such as Australia by the Australian Federal Police (AFP).

Hacking

Authorities have tried to circumvent TOR by attacking the endpoint which is usually the computers being used by the individuals visiting the dark web sites. Hacking could be the most effective way of identifying users since once it is successful, a large number of computers can be unmasked and the IP addresses of the users can be disclosed.

Back in February 2015, the FBI seized a dark web child pornography site Playpen in an operation called Operation pacifier and ran the site from a government facility in Virginia for two weeks. During this time the agency deployed a hacking tool they called Network Investigative Technique (NIT). The tool was used to expose IP addresses of those accessing the site on the assumption that they were either trying to distribute or access child pornography.

Using the NIT the FBI were able to obtain over a thousand users of playpen users based in the US.

The hacking operation resulted into arrests of more than 135 people in 18 states in the US over child pornography cases.

Comments (190)
/u/HugeDildo666 · 63 votes · 3 years ago · Link

URL bar: about:config

search: java

Disable Javascript.enabled :true

Will become: Javascript.enabled : false (disabled)

/u/thebaye · 3 votes · 3 years ago · Link

Thank you, this helped me

/u/futuritytaste · 3 votes · 2 years ago · Link

Thank you, i've been toggling noscript everytime I used tor for the past 4 years. Never knew it was that simple, but I guess you could say that for a lot of things here on the dw.

/u/pyrophilia · 1 votes · 2 years ago · Link

Thanks, this helped me as well.

/u/ForgetfulGazelle · 1 votes · 2 years ago · Link

on tails use this to auto disable java script every time worked for me https://old.reddit.com/r/tails/comments/9gtm8h/java_in_39/e66x44r/

/u/WhatIzThis0 · 3 votes · 2 years ago · Link

Also disable webgl, and put your tor settings to SAFEST.

/u/magiccontraceptive · 0 votes · 2 years ago · Link

where do i change these settings?

/u/montreal555 · 1 votes · 1 year ago · Link

There is a settings part for Security issues > just google it and you will find it.

/u/goochmon · 1 votes · 1 year ago · Link

why cant i use google on tails?

/u/hyland · 3 votes · 1 year ago · Link

Google uses Java script. And will know you are using a TOR exit node.

/u/goochmon · 1 votes · 1 year ago · Link

ty for reply.. would i be safe googling "illegal" shit on my burner laptop with a vpn on home wifi?

/u/hyland · 1 votes · 1 year ago · Link

First, you shouldn't be using "GOOGLE" . Also, I really suggest you read the "DMB". It has a lot of useful (safe) tips.

/u/goochmon · 1 votes · 1 year ago · Link

ok what should i use? ty btw

/u/SmartWater · 2 votes · 1 year ago · Link

DuckDuckGo is good. I've even found that Yandex (Russian Google, basically) isn't bad. They have an english version, yandex.eu . Both work fine for me with javascript disabled and browser set on the highest security level.

/u/jeepskiier · 2 votes · 5 months ago · Link

What do you think of Ahmia.fi?

/u/some-body-else · 1 votes · 1 month ago · Link

you can even watch YT with this link https://www.youtube.com/html5

/u/ndQT5Q26 · 1 votes · 6 months ago · Link

a vpn hides your traffic from the internet company and no one else. it is not security. never do anything on vpn that you would not do without & assume vpn traffic is public

/u/silentsound · 1 votes · 6 months ago · Link

VPN hides your traffic from the internet company and your actual ip address from the sites you connect to. Especially with javascript disabled. It also hides your traffic from the public or home router (unless it is ON your router) and anybody who happens to be sniffing your wifi traffic, or trying to access it anywhere between your computer and your VPN server.

It hides pretty much all metadata from your ISP (except for amount of data sent/received, speed of transmission, the ip address of the VPN server, and the dates/times you are connected), especially when not using encrypted communications (http web browsing, ftp, p2p/bittorrent, etc) while also blocking info about your identity and location from the sites you visit if your VPN and OpSec are any good.

If you have a GOOD VPN, you can assume your traffic all the way up to the VPN server that you connect to is private, and if you use https, ssh, sftp (not actually sure this is all that secure these days since everybody seems to recommend ssh instead), or Tor it's safe even after leaving your VPN's server too.

VPN's can be excellent for your safety and anonymity. You just gotta know what you are doing and make sure you're using a good VPN, that's all.

/u/[deleted] · 1 votes · 11 months ago · Link

Google blocks requests made from a tor node...

/u/[deleted] · 2 votes · 2 months ago · Link

There are ways around this, one i found useful is dorking for a site vuln to SQLi (coz it's easy) and uploading a proxy to it which you can then access google through Tor. Download the proxy here: https://github.com/emersion/phproxy, and see it here: https://web.archive.org/web/20210922235255/mounstar.com/proxy.php. However on the normal user side google is hit and miss so switch through 'new tor circuits' might yield a working google session. However the v3 onion address for DDG should be used over google: https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion

/u/LeadByDragon · 1 votes · 2 years ago · Link

Thanks good to know, i always thought the safest privacy setting took care of this

/u/[deleted] · 1 votes · 2 years ago · Link

Fuck thank you

/u/McDrugersun · 1 votes · 2 years ago · Link

Hello I done this from my handheld and it's saying Javascript.enabled:false.. Thts correct.?

/u/Oaron · 1 votes · 11 months ago · Link

Yes, it is.

/u/ladsjfljsafdlj · 1 votes · 2 years ago · Link

Why is java so insecure and what information can it leak?

/u/turtlebyte · 10 votes · 2 years ago · Link

Javascript is a user-side programming language meaning that it executes programs on the user's computer that the website author wrote. It's what makes the web so pretty and interactive. This can be as simple as changing the appearance of a visual element, or running a cryptominer in the background. If the browser implements javascript incorrectly or there's a vulnerability discovered, a webpage could potentially obtain information from other areas of your computer memory.

Enabling javascript allows for the websites you visit to run possibly malicious code on your computer. Browsers try their best to contain each website's code and not allow leaks, but there will always be holes.

/u/ladsjfljsafdlj · 1 votes · 2 years ago · Link

Ah now I see. Thank you.

/u/haileystackzzz · 1 votes · 2 years ago · Link

hey i was trying to disable it but it wont let me change it to false this post was also made 2 years ago so m not sure if it will still work

/u/PostcardFromPablo · 1 votes · 2 years ago · Link

Double click it, or right click and toggle.

/u/pharms · 1 votes · 2 years ago · Link

mines is automatically on false is that correct ? it shouldnt be set as true?

/u/dgirl · 1 votes · 1 year ago · Link

That might be Tor update, they set false it to default now. That's my theory.

/u/Ronaldzblack · 1 votes · 2 years ago · Link

Thanks

/u/9ineinchnails · 1 votes · 1 year ago · Link

Thanks man

/u/G4slime · 1 votes · 2 months ago · Link

How do I enable it on android

/u/mhjuxo69 · 2 votes · 1 month ago · Link

You follow the DNB and use tails not your phone

/u/DNricksanchez · 36 votes · 3 years ago · Link

well im all for throwing child porn mental nutcases in jail for life imo but let us just buy and sell drugs in peace!!!!!!!!!!!!!!!!!!!

/u/thedearpsychonaut · 17 votes · 3 years ago · Link

yeah, it is fucked up there are pedos who get less time than people for dealing drugs. Especially if you are a big level dealer you will often get punishment more harshly than someone who has hurt children. It is partially laziness on the part of law enforcement as well. its fucking easy to arrest someone for possession of drugs but way more difficult to bust someone for hurting children.

If you use something like Qubes with the anon-whonix virtual machine you could have prevented the deanonymizing malware that was spread to the Playpen users. They were discovered because the malware was able to see their real ip address and phone home. With Whonix especially inside of a virtual machine in its own internal network it is less likely that this type of attack could have managed to deanonymize you.

/u/T4shl4n · 1 votes · 2 years ago · Link

any way of implementing this via FONA chip?

/u/MIsabotaj89 · 1 votes · 1 year ago · Link

Thank God most Chomo's die in prison from intense rape and then murder because they diddle and kidnap children.....thank God

/u/policecameraaction · -1 votes · 3 years ago · Link

That's not the case at all.

Drug dealers do see the light of day again.

A lot of the PlayPen scum got life or 90+ years

/u/sickTightLip · 5 votes · 3 years ago · Link

I hope this is true but i agree the drug sentencing needs to be laxed and sexual offenses sentencing increased across the board... college hacker gets more time Than the rapist he exposed was a news story not long ago

/u/efoam · 4 votes · 2 years ago · Link

I find it hard to believe they got 90+ years when THE CREATOR of playpen got 30 years

silkroad creator - lilfe sentence PLUS 40 years WITH NO PAROLE

/u/General100 · 1 votes · 2 years ago · Link

The was unbelievably HARSH. But he was the first of his kind and an example needed to be made.

/u/thedragyn · 2 votes · 2 years ago · Link

I thought discrimination was illegal...

/u/0b1sh1n0b1 · 1 votes · 2 years ago · Link

DPR sold drugs, and sometimes guns. He kept the conversation civil, an on staff doctor interested in harm reduction. He was very much interested in making sure everyone had a good time and got what they wanted. Very much stuck to the consenting adults enjoying themselves ethos. In the end no one was involved with Silk Road or did drugs they weren't explicitly their to buy or sell.

A lot of this pedo shit are just nasty people. They can't even say they "make love" to kids as sick as that'd be. They trade in shit like 'hurtcore" and other flat out abuse and torture...Of children. Children who weren't involved at all with the site. Shit was done to them for content for this "playpen". Not as children could consent anyways, but there wasn't even a pretense of that.

/u/supcap · 0 votes · 1 year ago · Link

silk road wasn't just a drug market though--chances are if it didn't have ads for hitmen and other such super shady listings it might not have been cracked down on quite as hard.

/u/[deleted] · 1 votes · 1 year ago · Link

And if Ross had not tried to get people killed with the assistance of HA (imposed by LE) he probably would have received a lighter sentence even though he was not convicted of this.

/u/isjhduhflrn · 2 votes · 6 months ago · Link

same with running a fucking multimillionaire business on a latop that he used the labrary wifi for....Oh Ross. I wish he'd have known what we now know, but damn I'd like to just thank him, he kinda got this whole thing started (not saying other peeps were maybe doing similar, ut silkroad was revolutionary as a concept)

/u/isjhduhflrn · 2 votes · 6 months ago · Link

and wasn't DPR told that (the guy who has been fictionally killed) would spill the beans on everyone if he didn't pay? That's similar to a US slogan "we do not pay terrorists" - they just kill them. Better yet, prison slavery. But yeah I get it, don't try to kill people, govt or anyone else. Just don't. Even fent is baad news bears for any market now

/u/thedearpsychonaut · 1 votes · 3 years ago · Link

https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack/

/u/thedearpsychonaut · 1 votes · 3 years ago · Link

The case could be reopened I suppose, but for now the case against this pedo was dropped because the FBI did not want to reveal their technique to the court in order to avoid jeopardizing a future investigation. This pedo is literally walking free right now as far as I know while people rot for nonviolent drug offences. if someone has an update to this story I would love to see it so that I dont completely lose faith in our criminal justice system hunting actual criminals. lol

/u/Ross_Pirates_Dread · 7 votes · 2 years ago · Link

so that I dont completely lose faith in our criminal justice system

Yea I lost my faith as soon as I was old enough to understand how the system worked.

/u/foxymethoxy · 1 votes · 1 year ago · Link

old post but this thinking bothers me; it's very short-term.

Sourcing > hits. All sourcing is highest classification. Data is scrubbed to make it look like the source is unknown. When you see pictures of chatlogs without a big TS over it, it's bullshit

You could burn a source and then not be able to find five more suspects. Do you burn the one source and lose five more, or let one go to potentially get more? CP is assuming it's not the actual exploiter, but for instance, you catch one of Epstein's associates and giving the source tips off Epstein to the security flaw? That flaw is now useless, and you have to spend a bunch more money to find a new one.

It's always money.

/u/filmnoir · 1 votes · 3 months ago · Link

They couldn't have got the IP address by unpicking the route (undoing the 'onion' layer by layer), so it must have been some javascript that issued a separate HTTP request, exposing their IP address to the server.

Right?

So if the pedos had javascript disabled they would've been right.

/u/RoseXanBars · 1 votes · 2 years ago · Link

Good hope they put them in gen pop

/u/LilPeepsLastXan · 3 votes · 2 years ago · Link

Hillary Clinton gets to run for president while Ross spends his life in prison.

-_-

/u/DNricksanchez · 2 votes · 3 years ago · Link

/u/thedearpsychonaut "If you use something like Qubes with the anon-whonix virtual machine you could have "

If i ever actually look into vending i might look into this thanks!

/u/NdzADmo · 2 votes · 3 years ago · Link

Qubes is absolutely the best (using it right now). Just make sure you use it on the right hardware!

/u/sickTightLip · 2 votes · 3 years ago · Link

If it would support common WiFi drivers i would use it exclusively

/u/Ethiopiop · 1 votes · 2 years ago · Link

It does have the same drivers that Fedora has. Its support for hardware comes from what's in your sys-net template distribution. That's Fedora by default.

/u/Onionshop · 1 votes · 3 years ago · Link

I've heard that a lot recently. Just wondering: how is Qubes better than Tails?

For Qubes to work you need to manually install Whonix? And it gains access to your harddrives so you'd have to remove them. Which is also recommended for Tails. But in Tails you can not access your harddrives.

/u/NdzADmo · 3 votes · 3 years ago · Link

It depends on your threat model. Single use darknet purchase? Tails from a coffee shop. Regular general purpose, secure laptop/ desktop? Qubes from home.

/u/outtatime · 2 votes · 3 years ago · Link

Tails is better at protecting against physical, in-person attacks on your computer since it is amnesic and doesn't write anything to the hard drive. Qubes/whonix is better at protecting against internet attacks, as it highly compartmentalized through virtualization.

/u/Shroomtastic · 6 votes · 3 years ago · Link

Tails is annoying to use. I have a photoelectric sensor installed at my door, that opens a relay and turns off power to all computers. LE won't get my LUKS password.. DDR3 and up hold data only for 3-4 seconds without power, so no successful cold boot attack on my machines.

/u/u-dont-exist-dot-com · 6 votes · 2 years ago · Link

But LE just read your post and now they'll break in thru your window. Oh well you tried..

/u/frontstage · 3 votes · 2 years ago · Link

No you'll just go to jail until you hand over your LUKS key...............

/u/dgirl · 1 votes · 1 year ago · Link

Yeah that's why dummy is important, people!

I'm not gonna tell it to LE

/u/oldtimer2 · 1 votes · 3 years ago · Link

Interesting very interesting. Care to share more about how you set this up? I would like to also set something like this up.

/u/boodycut · 1 votes · 2 years ago · Link

I would love more info on running qubes if you could be so kind...currently still on tails..where do i start?

/u/DNricksanchez · 1 votes · 3 years ago · Link

/u/blackm00se thanks will loook into it youre da bomb ;)

/u/RoseXanBars · 1 votes · 2 years ago · Link

Yes exactly this should be a child porn operation more than drug operation

Fuck fentanyl too tho

/u/blackm00se · 0 votes · 3 years ago · Link

/u/DNricksanchez trust me, Qubes is the shit. Just use a VM with whatever decent OS you want, but it also depends what you wanna do. If you want to sell shit, whonix or tails is your shit. if you wanna card, you might wanna try Windows 7.

/u/dexmuth12 · 1 votes · 2 years ago · Link

Why specifically win7 and not win10? I could include proxies in win10 as well but what's the reason behind win7?

/u/throwsmeways · 0 votes · 3 years ago · Link

windows 7 and proxies! they are very safe!

/u/Inferno · 6 votes · 3 years ago · Link

OK credit where credit is due

Basics of OPSEC (tips, numbered) Has really good LE points and is a good know-How on the subject

Thanks for /u/2happytimes2 for that list

Edit* Fixed link

/u/Inferno · 3 votes · 3 years ago · Link

/u/MJA20WithA3

LUL

will fix

/u/MJA20WithA3 · 2 votes · 3 years ago · Link

Did you link the correct thing?

/u/mushcanada · 5 votes · 2 years ago · Link

Can't say as I feel sorry for the Playpen motherfuckers

/u/DoctorPhawkes · 4 votes · 2 years ago · Link

"His biggest mistake however was depositing large numbers of packages at US post offices while wearing latex gloves. This caught attention of the postal staff."

I've never laughed this hard at a dread post before. Was this dude tweaking or something, for fucks sake lmao.

/u/foxymethoxy · 1 votes · 1 year ago · Link

yeah wtf

sounds like nothing else really mattered.

/u/PolarisLabora · 1 votes · 5 days ago · Link

thats a fucking dead giveaway

/u/poboy420 · 4 votes · 1 year ago · Link

Some folks need to chime in on some recent busts on DN Live and fill in the noobs on what they did that everyone can learn from. Opsec is the key to keeping a good thing up and running so if y'all know some new more up to date tips and tricks, let it be heard. Please & Thank ya!!

/u/deathfromabov3626 · 3 votes · 3 years ago · Link

Not changing your fucking shipping locations and methods especially if your well known is a problem your pack gets pulled and they will triangulate your drops pretty easily and profile your customers too for additional evidence

/u/TheFBI · 3 votes · 2 years ago · Link

snitch

/u/GreenDragon78 · 3 votes · 2 years ago · Link

You could just cut your hands off to avoid fingerprints.

/u/deepak84 · 2 votes · 1 year ago · Link

remember to put condoms over your nubs so you dont leave a dna trace

/u/CyberCivilDisobedience · 2 votes · 2 years ago · Link

With Regards to OP's first paragraph:

The Chukwuemeka Okparaeke bust. Its clear that he made some glaring mistakes. He also got lucky for a long time based on the fact that he operated without being suspected, reported, investigated and arrested immediately...

The way he went about actually posting the packs of fent was flawed, but you must at some point acquire the stamps/postage and send it. Walking into a USPO is pretty inevitable if youre sending priorty/Express/International. If you only use First class you can buy stamps without raising suspicions and drop them in blue boxes but then you risk non-tracked packs and customers disputing non-arrival without the ability to prove to mods/admins on the MPs that it was infact sent.

So what is the best way to acquire priority or Express postage and get it into the mailstream en route to customers destination, without sacrificing anonimity & plausible deniability?!

Buying postage online still requires accounts with emails, names, phone#, and sensitive info that could Doxx you. So buying from a website is not a valid option which leaves only walking into a PO to post your packs in person....any advice on this aspect?...

/u/DeeMoliTion · 1 votes · 2 years ago · Link

[/b] VISA SERVE. THEY'RE READY TO USE WITHOUT REGISTERING AND IMMEDIATELY. SEARCH YOUR AREA FOR USPS KIOSK. TRY TO DISGUISE OR SEND A FRIEND TO THE KIOSK. PARK YOUR CAR ANONYMOUSLY AND WALK ON PROPERTY. ONLY LOAD ENOUGH FOR 5 STAMPS. USE EM ONLY ONE TIME. THE PRINTED STAMPS GOT A SCANNER..SO LOAD UP TO REDUCE EXPOSURE. USE SECLUDED BLUE BOX (NO CAMERAS IN SIGHT)

Ima new DMT vendor (with the only GODZILLA SZ CRYSTALZ )bout to pop off on Empire (1-2DAYZ)and WSM when they get their shit together and fix the BTC link for new vendors

/u/DeeMoliTion · 2 votes · 2 years ago · Link

Plus you can get a walmart smartphone burner. leave your phone in the car with some bullshit excuse of how you don't have one. Buy (cash)an Android smartphone and data plan ($60-$80 for decent to unlimited data AND phone included)use the phone in the electronic department to call and set it up using fake name. Use their other phone to call the new phone to make sure its working. Use the new phone to set up a new anonymous gmail account ( text verify and also in the same name as you used when you called to set up the new phone) You need this so you can download apps from the Playstore. You can get a VPN (outside the 14 eyes anyone??)using cash to buy the Visa Serve card IF you're that paranoid and will be bringing this phone near your other phone/car/house or anywhere else that the gps may log. Download Bitpay and create an account with this same name (text verify and trust me this is the fastest and best for privacy i've found UNFORTUNATELY and despite wanting to throw a fiery brick through their window..story for another day - BUT SERIOUSLY, I ran into multiple opsec issues with every other wallet suggested from every noob discussion board for weeks literally! Find a BTC atm (text verify)- RESEARCH THE COMPANY FIRST it took me 4 places to find one that didn't jepordize my opsec but sad to report for the random guy I had now created. I was put on the spot and had to enter a home address - so I just looked up the fake name/est birth date range and found my victim...fuck I hope he's straight for his sake - whatever happens was meant to! Scan the receive BTC code and show it to the BTC ATM.....New anonymous phone number; new anonymous gmail account; new anonymous bitpay account; new anonymous BTC; I feel like I cantaking a bow now haha. If anyone can find holes in this please inform me otherwise I'll leave it posted for maybe a week then prolly get paranoid if not sooner and delete

/u/DeeMoliTion · 1 votes · 2 years ago · Link

Can anyone see possible opsec issues with the TMobile alcatel wifi hotspot for on the go laptop use instead of pub wifi? Considering if the device and several months on unlimited data plan were paid upfront with cash and without having an account at TMobile?

/u/SayYoToDrugs · 1 votes · 11 months ago · Link

"So buying from a website is not a valid option which leaves only walking into a PO to post your packs in person....any advice on this aspect?"

But almost all vendors are buying from a website. It works for vendors if they're super careful but it never works for buyers. All of those sites generate labels with markings that can be traced. LE poses as buyer and receives a package with those label markings, then later looks for similar labels in the system. You might ask "isn't is the vendors LE really wants?" Yes, but they'll be happy to go after a buyer if any type of quantity is involved.

/u/foodbitch · -1 votes · 2 years ago · Link

Pay somebody cash to go pick postage up for you.

/u/RelatableCyclotron · 2 votes · 2 years ago · Link

Yes so when they get arrested they will just say it was that guy

/u/DreadIrateRobertz · 1 votes · 2 years ago · Link

What do you suggest?

/u/einstein2 · 2 votes · 2 years ago · Link

visit po and use cash and never get more than one hundred dollars worth at a time. Visit several po's if needed but careful to not visit same ones to often make sure you only repeat once a month or whatever you feel isnt looking bad. I dont see anyting wrong with a friend getting them for you every now and then but i wouldnt make it the method. It seems with dnet operatins you dont want to be predictable and prob dont want to keep the same schedule ie logging onto dmkts same time every day, dropping packs same time everyday etc. Try to do things at diff times. If you must use a po to drop packs park blocks away not on camera and go in drop packs in collection bins and leave. In other words have your labels and postage done dont get in line and do it at po. In this case I would also have a legit legal piece of mail large enough to obstruct camera views of other packages. try toblock them from camera view using large legit envelope mail so its not so clear to cameras what packs were under the legit ones. Also if using blueboxes in public same tactic is smart so if someone can place you at the box you have legit legal mail in it that you can admit to. If other packs are forensically straight then burden beyon reasonable doubt may help but a legit piece of mail justifies you being at the box. just some ideas.

/u/fuckwaddd · 1 votes · 2 years ago · Link

not necessarily, real criminals know the pentalties for tellin

/u/mushcanada · 2 votes · 2 years ago · Link

Yeah, resist the urge to wear latex gloves dropping off packages.

/u/4444 · 3 votes · 2 years ago · Link

Put a drop of superglue on each of your finger tips.

/u/DonutHole · 1 votes · 7 months ago · Link

would this actually work?

/u/sigg · 2 votes · 2 years ago · Link

Wear some gloves made of leather, silk, or cotton instead.

/u/CookingWithGlass · 2 votes · 2 years ago · Link

Hold up, a fent vendor was operating from mobile? That is wild. No surprise he got caught.

What do you think the most common mistake in opsec would be that gets people jammed up?

/u/MrWhiteHat · 3 votes · 2 years ago · Link

Thinking that working on Windows and Android With VPNs makes you inevitable "anonymous Haxor". Using Services like Facebook Google Microsoft Docs & Reddit on same Tor IP that you use to do some hokey shit. Not Encrypting the drives. Bragging on social media How you "ball" and how youre the "dope dealer" and the list goes on and on.

/u/Kangdonkeyballz · 1 votes · 2 years ago · Link

I'm always suprised to learn how many actual retards there are that do these kinds of things lmao, like grow a fuckin brainstem dude

/u/MrWhiteHat · 2 votes · 2 years ago · Link

The reaches of Authorities go wayy beyound these basic notes. Especially in last 5 years, Feds of different nations have built a spider web of traps over millions of websites. That web may include fake vendor account with high trust ratings & even malicious Exit Nodes [Probably use a VPN in the first place]

/u/FullMetalHerbalist · 1 votes · 2 years ago · Link

Fake rated or too good to be true deals on VPN's are always a red flag. Even better, replace your VPN service every 3-6 months. Better VPN's usually allow payment by crypto too. Use that or PP Visa.

/u/AZERTY · 2 votes · 2 years ago · Link

Some VPN providers also take gift cards. Pay cash for GC, no fee like the mastercard GCs have.

Probably best to sit on the GC for a bit to make sure if they trace the GC to a store there's no CCTV to pull.

/u/McDrugersun · 2 votes · 2 years ago · Link

Is using android to surf the dark web doable? I mean I use tor, orbot, I switch identitys often. Use VPN mode through orbit use bridges if need be. Have pgp don't give out my personal unencrypted. I'm a late bloomer on this drk web shit. So I'm learning but losing crypto to scammers is the only hard way of learning things is as far as I wann get. Meaning I don't want my life lesson of being shitty at opsec being taught to me by metal brackets at the gray bar motel.. Pls advice would be greatly appreciated

/u/sleevey · 2 votes · 2 years ago · Link

I understanding asking questions is important, but resaerching is important. Smart phone use is very insecure.

/u/McDrugersun · 1 votes · 2 years ago · Link

I get it with the smart phone not being idea, however I personally don't use any social media whatsoever, have Java disabled through out my phone http everything, and wipe data e erhtine I logout out of tor, also u don't use tor to browse any websites except the dnm

/u/[deleted] · 1 votes · 2 years ago · Link

if this is your personal phone, absolutely not. /post/9eb7d61cecc593f1c1aa

a burner phone? still too many risks. /post/731b0187bd2919f64bf9

a phone in which you *physically* disconnected mobile access, camera, mic, rooted and installed stock Android, then secured with Orbot and never accessed any site or app that can link personally to you? maybe.

there's so much background communication going on between phone (firmware, native apps, installed apps) and the mobile towers that phone just isn't secure. Orbot, Signal, Wickr help, but i just wouldn't use a phone for anything more than brief, circumspect communication.

YouTube /watch?v=VFns39RXPrU

/u/stillslingin · 2 votes · 2 years ago · Link

tails should have this disabled default instaed of noobs not knowing to do this everytime booting up

(i used to be that guy)

/u/slappywhite · 2 votes · 2 years ago · Link

Don't use USPS apps on your phone, dont check pack deliveries on your phone period. Once you've set up Informed Delivery, configure it to send text messages for packages. Mute the conversation and let it push all the updates to you via SMS. This will keep a longer history than the ID page or app. You have plausible deniability because you get updates on ALL your amazon shit. Let them PUSH the data to you, don't PULL it.

Don't use your phone to check on deliveries.

Don't use your phone for anything DNM related.

Don't hit the tracking info for the same pack.

They track your IP and # of hits and will use this against you. TRUST ME, I KNOW.

/u/Socialist · 1 votes · 2 years ago · Link

Amazon ships with UPS, a private company that is allowed to check all your mail as far as they please. It's a completely different service to the USPS. Please inform yourself comrade

/u/slappywhite · 1 votes · 2 years ago · Link

Not sure where you're from comrade, but Amazon ships 80% of my shit via USPS. I wish it were different, because aorund here UPS is the most unreliable shipper imaginable.

/u/Socialist · 1 votes · 2 years ago · Link

Ah. I live in a major city, so I was just speaking based on personal experience. Sorry for the rude tone.

/u/foxymethoxy · 1 votes · 1 year ago · Link

I check informed delivery so much. How can you say that you aren't checking it for, you know, everything else?

Not all places ship via amazon's delivery system. Sometimes it goes into USPS, but I buy lots of stuff from ebay, etsy, other stores, etc etc. They can't tell one prio box from another. I usually have no idea what box is which even :\

no one cares about your tracking info just never ask for it from a vendor unless it's contesting

/u/funktioningadct · 1 votes · 7 months ago · Link

My fucking god, I had NO idea. Ive been checking ID since the moment I ordered stuff. Not doing it thru my phone or laptop ever again moving forward. Thanks for this

/u/Pointer · 2 votes · 1 year ago · Link

To add on your highlights i would say :

1.Going undercover.This can be a highly effective tactic where the undercover agents penetrate the wider dark web organizations.In a way ,law enforcement have taken advantage of the protections offered by Tor to blend in with everyone's else-on the dark web,you never really know who is on the other end of a conversation .

.

2.Open Source Information .Even if criminal"s business exists primarily on the dark web ,they might have left digital bread crumbs -in forum posts or public documents that lead to investigators to the suspect"s identity .

3.Following The Money .Dark web market places typically use the pseudo- anonymous currency bitcoin,for all transactions the idea being that transactions can be carried out with no link to the buyer or sellers real identity .Homeland Security Investigations (HSI),part of the Department of Homeland Security however has set up dedicated task force for tracking down those who launder their proceeds with bitcoin and other cryptocurrencies.

/u/a100percentAss · 1 votes · 3 years ago · Link

So are Tor users still susceptible to the same Network Investigative Technique used in operation pacifier?

/u/NdzADmo · 2 votes · 3 years ago · Link

From what I read of it, it was a bug in an outdated version of Firefox. Tor users are supposed to keep their browsers up to date. After the Tor Project fixed the bug, the FBI managed to de-anonymize those users running outdated versions of the Tor Browser Bundle. Really 135 seems low to me. I'm glad pedo's went to jail but at the same time, it is kind of a fucked up way to get them arrested. The same thing could be used on people just trying to safely buy drugs, for instance. Precedent is everything. The users arrested should have been arrested but allowing the FBI's use of the NIT by the courts in the future, in my view, was a mistake. Part of me wants to say "kudos to the FBI", but also "this has serious implications for internet privacy in the future".

/u/sickTightLip · 1 votes · 3 years ago · Link

Didn't they have to gain access to the server in order to implement the nit ...? Had playpen servers never been siezed the users would have been still anonymous... ? Its good to think of the market as run by le anyhow to make sure your covered but we generally hope markets are run by not the police... this is why I'm suspicious of new markets and have more faith in dreams track record... fud is fud until someone's in the news

/u/Quasar · 1 votes · 3 years ago · Link

No mention of correlation attacks? That's one of the biggest ways TOR users get busted

/u/AZERTY · 2 votes · 2 years ago · Link

Tor doesn't claim to protect against a global passive adversary.

As a practical matter, I'd either do your business on public wifi or snarfed wifi accessed via an antenna.

(Ex: maybe a neighbor has a weak WPA2 key, or you can set up an antenna to get access to a nearby business that most couldn't reach from your place).

Browse JS off, use a secure OS, and even if they punch through and get an IP, all they get is some library, coffee shop etc.

Change up your location often and you should be gold, they can't sit on some spot for months and even if they do they probably don't know what you look like.

/u/policecameraaction · 1 votes · 3 years ago · Link

Correlation attacks are extremely extremely low.

You need to be watching traffic going into the network (guard) and out (exit) or the guard and webserver.

As .onion sites don't use exit nodes, the malicious party has to get lucky for 2 of the 6 relays, and even then with the amount of traffic going through them, it's hard to pin point a user.

This is why they hack the user rather than intercepting traffic.

/u/Quasar · 1 votes · 3 years ago · Link

Ah right, didn't think about the relays

/u/jinx69 · 1 votes · 3 years ago · Link

Depending on the country, isps (the bigger ones) are supposed to implement methods of targeting customers connecting to TOR, if you use your home\work Internet access, connect to tor and immediately do something that raises alerts (fake bomb email or something worse) it greatly narrows down the list of possible suspects. If a tor site shows the timestamps of messages or logins, it creates some additional vector of correlation.

/u/[deleted] · 0 votes · 2 years ago · Link

This is why you use a VPN.

/u/NdzADmo · 1 votes · 3 years ago · Link

Extremely low for now. We are rapidly approaching the era of the global adversary, the era of total surveillance. In the next few decades cryptographic tools will have to become far more complex and innovative if privacy is to survive. Tor as it exists today could not survive a global adversary or decryption via a quantum computer.

/u/DonutHole · 1 votes · 7 months ago · Link

Quantum computers exist today. You really think LE doesn't have access to them?

/u/upsgang · 1 votes · 2 years ago · Link

absolutely very useful

/u/RelatableCyclotron · 1 votes · 2 years ago · Link

You forgot doing through your garbage

/u/sigg · 2 votes · 2 years ago · Link

They may go through your garbage when they search your house. So it's a good idea to get rid of evidence somewhere else.

/u/RelatableCyclotron · 1 votes · 2 years ago · Link

Also Garbage is only public property once it is put out to the street.

/u/B31b82b13 · 1 votes · 2 years ago · Link

Great information, also a lot of the common themes I've read in the bast about people getting caught was they completely forgot about their OPSEC. They ended up shitting where the slept so to speak. More often than not a lot of the arrest were made due to the target using his DN username on some clearnet website 10 years ago. What it comes down to is complacency.

/u/sigg · 1 votes · 2 years ago · Link

You should always create new user names for every site you use.

/u/zntmj2019 · 1 votes · 2 years ago · Link

Do you think LE can track transactions from a seized market to electrum and then from electrum to the bank (bitcoin provider) ?

/u/sigg · 2 votes · 2 years ago · Link

Definitely. All bitcoin transactions are public. If they know the wallet of the market, it's trivial to see where the money went. Especially if it's the same amount being forwarded. You always need to launder your coins. A bitcoin tumbler is good, buying a different crypto currency like monero is better.

/u/einstein2 · 2 votes · 2 years ago · Link

i just read that the usps inspectors were able to deanynomize admins of wsm by following the btc and it was tumbled or mixed as well but they were able to follow it. Im thinking tumblers arent that safe or protective and that btc should be turned into monero and then back to btc. Tumbling before buying monero prob cant hurt. Splitting up the total into smaller diff size amounts and sending them to diff addresses (same wallet is prob ok but dont repeat same addresses more than once). Just saying tumbling doesnt seem to protect the user

/u/[deleted] · 4 votes · 2 years ago · Link

here's where i am lost. if the original method is to tumble, then you say it doesnt work. new method, use monero & tumbler, why bother with tumbler if it will take $ and it can be identified???

/u/CookingWithGlass · 1 votes · 2 years ago · Link

Depends. If you sent your coins from coinbase to electrum, and then electrum to a DNM, they can almost certainly figure it out and I doubt coinbase would stick its neck out for you.

If possible, get btc through other means, without any connection to your bank.

/u/racewarjohnny · 1 votes · 2 years ago · Link

what other means are there to get BTC?

should i transfer btc from my wallet to another wallet?

/u/sigg · 1 votes · 2 years ago · Link

Splitting up the amount and transferring it through another wallet is a start.

/u/einstein2 · 1 votes · 2 years ago · Link

Read about wsm admin busts. The usps inspectors were able to track btc of admins even after tumbling. Seems if you cant do complex btc maneuvers to obfuscate then utilize btc to monero then back to btc. If you vend and your product u sell is bought in real world for cash then maybe use your btc to buy weed or something and put a trusted friend on consignment. Dont even need to profit greatly off the shit the real profit is converting to cash anonymously. Of course its not ideal to have to source products with your btc and sell those products in real world to get cash but btc cash out is a tough obstacle for vendors who need cash. If you are lucky enough to reup in btc and sell for btc you have no worries. Cash out is tricky and putting a trusted friend on consignment with a pound of weed will turn that btc to cash to fuel your vending product. Its all about creativity and analziing every angle.

/u/psychthedoor · 1 votes · 2 years ago · Link

Great read

/u/gate · 1 votes · 2 years ago · Link

Thanks for post have not fully read it yet but will wen i have some extra time thanks

/u/Superjerry420 · 1 votes · 2 years ago · Link

So there is really a risk in the shipping methods. How come most still get thru?

/u/paranoidandroid · 1 votes · 2 years ago · Link

"The tool was used to expose IP addresses of those accessing the site on the assumption that they were either trying to distribute or access child pornography."

Leaving the morality of child porn aside, what actual proof did they have other than having user's IPs?

If they were using Tails for example, they wouldnt have any proof of them actually browsing through the site. For example, someone else could have been using their WiFi (cracking it, etc).

Also, how exactly did they obtain their IPs? Shouldnt Tor mask them? Or is it because they enabled java temporarily to view/download media?

/u/dj1n · 1 votes · 2 years ago · Link

Thanks for the input

I suppose the moral is, nothing is 100% secure,100% of the time.

Always be paranoid.

/u/miked · 1 votes · 2 years ago · Link

Is there a better way to send priority then buying stamps?

/u/labourallude · 1 votes · 2 years ago · Link

great info thanks