Guide: Preventing & Dealing With Compromised Identity

Posted by: Doug Roberts

September 24, 2014

2 Comments</span> </p>

When interacting on the dark net, your anonymity is one of your most prized possessions. Most people go to great lengths to ensure that this anonymity is preserved, and rightfully so. The last thing you want when dealing with potentially illicit substances on the internet is for your identity to be compromised. This can happen in a number of different ways, and this article will discuss a few methods of mitigating a potential blow back from having your identity compromised.

Always keep in mind that regardless of how safe you think you are being, there is a good chance that someone can still identify you, and you may never know. Whether or not that person will care that you are ordering a small amount of cannabis is another discussion.

For maximum anonymity, you should not be accessing the dark net from a Windows machine or even from your home address for that matter. You should, at the very least, use a laptop to run TAILS on a live USB with Javascript disabled (see the exploitation and take down of Freedom Hosting). It would also be wise to keep your residence free from any illicit substances when expecting an order.

So how exactly can your identity be compromised, and what steps can you take to mitigate damage?

1. Cracked Tor or PGP

In one classified NSA Snowden leak titled “Tor Stinks,” the agency claims, “We will never be able to de-anonymize all Tor users all the time, but with manual analysis we can de-anonymize a very small fraction of Tor users.”

Never is a strong word, and misinformation is a real tactic used often, so take this with a grain of salt.

It is unknown whether the NSA can crack Tor, but it would be wise to assume that they can. They may have the ability to know that you are using Tor, which sites you are visiting, and what you type into plain text fields, but as long as you encrypt all of your communications with PGP, they won’t have much else on you.

Unless they can crack high-bit PGP keys, which is also unknown, but unlikely. And if they could, they would guard that knowledge extremely close so that the public would never know. But, considering the number of extremely smart mathematicians and cryptographers outside of the NSA who are researching this possibility, we would almost certainly hear about a vulnerability if it existed.

If the NSA can crack both Tor and PGP, it’s unlikely that someone ordering recreational amounts of illicit substances will be of interest. This scenario shouldn’t worry you too much, and there is not much you can do short of not using Tor and PGP.

Do be aware that the NSA has stated that it can store intercepted encrypted data indefinitely until they have the ability to decipher it.

Another possibility is that your private PGP key was accidentally leaked or stolen, which is a very bad scenario. Assume that your password has been brute force cracked and that all of your messages have been read. If the password is a strong combination of random characters, you are probably still safe, but it may be best to assume the worst and act accordingly. If you have a key revocation certificate, upload it to one of the public key servers, and generate new keys.

2. Dark net vendor bust.

Perhaps the most common scenario in which your identity could be compromised is when a dark net market vendor is busted. A good vendor will destroy all customer information as soon as the package is sent out, but it seems like some vendors keep permanent records for the purpose of having leverage if they ever get busted.

While it’s unlikely that authorities will spend the time and money to come after someone who ordered recreational amounts from a busted vendor, you should prepare for the worst, especially if you ordered bulk amounts.

LE does not have enough cause to arrest you, or even search your house, simply because a vendor has your address on file. For all they know, the vendor could be lying, or you could have been setup by someone trying to ruin your reputation.

Depending on the circumstances, such as quantity and frequency of your orders, LE could decide to begin monitoring your mail, or even visit your house, hoping for an opportunity to present itself that allows them to enter your residence to further investigate.

After placing an order, you should always keep tabs on your vendor by browsing the dark net market forum and related subreddits. If you find out your vendor has been busted, stop accessing dark net markets from your home, clean your abode of all incriminating evidence, and encrypt the hard drive that you used to order from the dark net on – or better yet, securely erase it and/or destroy it. Darik’s Boot and Nuke (DBAN) is a highly recommended program that will wipe all incriminating evidence from your drive.

Next, obtain a lawyer if you don’t already have one (which you should). When you first obtain a lawyer, consider paying a retainer fee up front, because if your home is searched, your money is subject to being confiscated on the grounds that it could be associated with a crime.

Do not use the same address to order from the dark net for at least a few months, if ever again. If you’re really curious as to whether your address is being monitored, send a test package (free of illicit material) and examine it for evidence of being opened, resealed or prodded.

3. You placed an order with undercover LE

It’s fairly well documented that LE have, or at some point have had, vendor accounts on dark net markets. From the Secret Service selling fake Ids to Russians for five years before making a bust, to Curtis Green arranging for a kilo of cocaine to be delivered to an undercover DEA agent.

Prior to placing an order, one should preform thorough research on the vendor. Search vendor review threads, search relevant subreddits, and even do a Google search for the vendor name.

If the only information you have provided to the undercover agent is your name and address, you should expect a controlled delivery and/or search. They still shouldn’t have enough evidence against you to bring charges, so a successful controlled delivery, or a search that turns up related information, is essential to their case. This is one reason why it is important to keep your residence and computer free of any incriminating evidence while you are waiting for an order.

If you are the target of a controlled delivery and asked to sign for a package, no matter what the mail delivery person says, do not, under any circumstances, sign for the package. Consider saying the following: “I didn’t order a package and I won’t sign for packages that I didn’t order.”

If LE managed to obtain a search warrant for your house and show up at your door asking to come in, there are a few things you can do. First consider asking to see the warrant. Look it over and make sure it is indeed legitimate, and call the court to verify if necessary. Tell LE that you would like your lawyer immediately. If you have the right to remain silent, invoke that right by saying, “I am invoking my constitutional right to remain silent.” Do not say anything else, no matter how convincing LE may be, without a lawyer present.

Some have recommended that you should act scared, anxious and confused – like you have no idea what is going on and are scared for your life. If LE continues to press you, consider telling them that they are scaring you and you would like your lawyer, because you don’t know what this is about.

4. Your package is compromised en route

It’s possible, but unlikely, that LE attempts a controlled delivery.

Instead, you will most likely receive a love letter, or simply not receive your package. If your package is seized en route, authorities have been known to send a letter to your address informing you of the seizure. This obviously means that authorities know that someone shipped something illegal to your address and name, and your name and address are now likely flagged and permanently stored in a database somewhere.

They probably don’t have enough evidence to pursue criminal charges any further and you likely won’t hear anything from LE. But to be safe, you should still take precautionary measures — clean your house, encrypt your hard drives and immediately cease all dark net market activities.

Never again have anything shipped to the address that received the love letter; consider it indefinitely compromised. It would be wise to avoid having anything from the dark net shipped to your name at any address in that city, for at least a few months. This means not having packages with your name on it sent to friends or relatives who live in the same city.

5. Clear net activity is linked to your dark net activities.

This includes using similar usernames on dark and clear nets. Your dark net usernames should be random and have no association to you or your interests, and it would be wise to use a different username for each market.

This was a huge mistake made by supposed Silk Road founder Ross Ulbricht, who was careless in using information on the clear net that could be linked to his involvement with Silk Road, including use of similar usernames.

If you are a person of interest, LE will attempt to subpoena all forms of clear net communication in their attempts to connect your clear net and dark net activity. This included phone records, social media accounts, clear net forum posts, etc. They can even check bank accounts. But you should assume that everything you type on the clear net is already readable by the Feds without them needing a subpoena.

Do not talk about your dark net involvement to anyone – not your girlfriend/wife, not your best friend/family – no one. The only mouth you can control is your own, and your girlfriend, wife, or best friend may not have the same security standards as you do.

Facebook and other social platforms even monitor chats for criminal activity, and notify LE when it’s detected. Most of this, by itself, will probably be seen as circumstantial, but if enough circumstantial evidence is gathered, you could be served a warrant.

Also, be conscious of what you post on the dark net market forums, as LE could potentially connect similar interests, typing patterns or punctuation styles. It’s been recommended to turn off the dark net market forum setting that shows people when you were last online.

If you have previously discussed your dark net activities on the clear net, or if there are any clear net/dark net connections, you may as well consider yourself compromised. With nearly all clear net activity monitored, stored or cached permanently, there isn’t much you can do to fix this mistake. If you ever raise suspicions, LE will find this connection and use it against you.

6. You’re infected by malicious software

The chances of malicous software infecting your computer can be drastically reduced if you operate from a dedicated dark net laptop which you never download anything to and never access personal e-mail or social media from. To prevent Javascript exploits, browse with Javascript turned off.

Consider purchasing a small laptop which you use solely for your hidden activities. Even then, be wary of how you go about purchasing this laptop, as the NSA reportedly has the ability to intercept laptops and install malicious software directly into the hardware. If something malicious is installed in your hardware, which may be impossible to detect, there isn’t much you can do.

So what should you do if you became infected? You most likely won’t know until it’s too late, and most anti-virus software is useless against more sophisticated attacks. The attackers could know everything about you, including all of your passwords and the contents of your PGP messages, and you won’t know anything about them (whether they are regular hackers looking for a payout or government agents).

If you want to ensure that you have eliminated the immediate threat, stop using the infected computer. Formatting the hard drive will eliminate most threats, but the most sophisticated malware can be immune to formatting and remain on the computer. Your best bet is to trash your old computer, buy a new one and change the passwords to the accounts that you still have access to. Next, delete all of your accounts.

Because you probably don’t know what specific information the attacker has on you, you should assume that your identity and address are compromised.

Summary

• When expecting a package, ensure that your residence is free of all illegal items. Bury it in a remote field or leave it with a friend temporarily. If possible, avoid sending a package to your residence. Try to send it to a location that isn’t associated with your name.
• When you receive your package, do not open it. Instead, immediately write “return to sender” on the outside and set it aside for at least a day. LE may have identified you as expecting a delivery, and there are reports of LE waiting an hour or so after delivery before approaching the residence with a search warrant. Many claim that by writing “return to sender” on the unopened package, you increase your chances of getting off on whatever charges may be brought against you.
• Always double check that the dark net market address seen in the address bar is the official address of your market. Write down your favorite addresses, or check the market’s subreddit. Don’t rely on Hidden Wiki for a link to your preferred market as the Hidden Wiki operators have been known to participate in phishing attempts in the past. If you were the target of a phishing attack, it’s likely that your password has already been changed and your account balance has been emptied, but as long as all of your messages were PGP encrypted, the attacker shouldn’t know much about you.
• Check your hardware. There is no point to Tor, PGP, or any of this if the laptop you are using has already been compromised by the NSA or FBI. Study the model, and do a thorough search. If done right, you will only need do this once. If done incorrectly, you could end up in jail.
• Hacking into your computer is not the only way LE can compromise your identity. The way you write, and your interests can be used to connect your clearnet self to your deep web self. It is very important for your deep web self to be totally random and disconnected from your clearnet self. Don’t use the usernames. Don’t express your love for golf or for libertarian authors.
• While being a part of the deep web, it is important to proceed with extreme caution and suspicion. It is good idea to always be on the lookout for signs that your identity has been compromised. In case you did miss something; change accounts, passwords, and even laptops regularly.
• It cannot be understated how important staying silent while dealing with the cops. Denying or admitting anything will be really bad for your chances of freedom. It is not like you are going to talk the cops out of arresting or suspecting you, so it is pretty pointless. It is best to wait until you can talk with a lawyer and go from there.
• If you are using a Vendor, you need to trust they aren’t going to screw you over. It is a good idea to do a lot of research about the vendors before using them. It is also, a good idea to test the vendor with small orders until you rust him enough for larger orders. The reviews, forums, and subreddits can be a great source of information.
• The most important thing to remember, in the case of the deep web, it is better to do it right, or don’t do it at all. A slip in beginning can hunt you for the rest of your days. Do it right, and you won’t have to worry.

Updated: 2014-09-24