Deep Web & Law Enforcement: From a Buyer Perspective, Part 1
Posted by: Allen Hoffmann, JD
December 14, 2014
This is the first in a series of articles on the advantages to purchasing on the dark web, and suggestions, case studies and examples of ways in which individuals can and have get themselves caught, or, on the other side of the coin, minimize intelligence development against themselves, head off the commencement of an investigation, deal with law enforcement should they show up, and ultimately, if all else fails, minimize the chances of taking the rap.
Why buy on the dark web?
There are a great many reasons to go shopping on the deep web; maybe you can’t, for whatever reason, buy what you want in your country or get it at a reasonable price. Be it quality MDMA, a passport in somebody else’s name, or a pistol, if you lack access to the buying infrastructure or criminal contacts requisite to acquiring these items in your day to day life (and unless you’re a full time or part time criminal, no matter how tough you think you are, you probably do), you can often find someone to sell it, either because they can buy the goods freely in their country, or because they are possessed of that network.
Be it a large organization where everyone wears suits and gold chains, or the equivalent of the local hookup for weed standing on the corner trying not to be too conspicuous, your vendor may be a rank amateur or seasoned, organized professional when it comes to illicit sales, but there’s a good chance that if you’ve got what the market commands for a product, someone will sell you what you want – they might be in the same city, or they might be on the other side of the world.
Maybe it’s not so much that you’re new at nefarious trade or lack the contacts; perhaps, after a long layoff, you want to get back to hitting a bit of nose candy on the weekend when you have your new job. It could be that you’ve heard a story that your local connect is cooperating with the police. Perhaps you have a heroin habit, but the foresight not to want to expose yourself to arrest by going out and buying it hand to hand on the street in amongst a high intensity trafficking area.
Whether you’re paying a premium to reduce your risks or buying hard to find items to which you just wouldn’t otherwise have access, what you are counting on is that first, the transaction will go through cleanly, second, you’ll get what you paid for, and, finally, you won’t come to the notice of any hostile law enforcement types.
Being a smart buyer is pretty simple. Learn about BTC enough that you can acquire it without having to use a bank wire, preferably paying for it in cash. If you can avoid doing the ordering from your own computer, do so, and set up an email account or ‘burner’ cell phone for buying activities. The reasons for that will become clearer later – it’s all a part of leaving as small of a persistent footprint as possible.
Learn how to pay cash for your BTC, and keep it secure. This is a central tenet of what you need to think about early, before you start your first foray into dark markets – the evidence you leave today may not cause you trouble today, or next week, but what happens if you go from (almost completely) uninteresting dark market buyer to professional vendor, or someone who LE wants to leverage? ALWAYS plan for the worst case scenario – if you leave no evidence now, there’s no evidence for LE to find today, tomorrow or in the future.
If you can avoid it, stay off your own computer when doing BTC transactions or accessing dark markets, and become very good friends with your Flash drive – these things erase more easily (or burn via blowtorch) due the smaller storage and physical size. Also, on a related note, it’s a great deal easier to hit the inner components of a thumb drive with the blue flame of a pocket blow torch than trying to rip out a laptop or PC tower hard drive should you need to sanitize data in a hurry.
Know your vendor’s product as intimately as possible, and research them to the extent you can; check multiple markets for feedback and forum postings. When you’ve honed your list of sellers down to what you need, at the price you want, with the reviews to back it up, here’s the part where getting ripped or not becomes a primary concern, though one which is easily handled. Until you have the goods in your hands, DON’T RELEASE ESCROW. This covers both issues one and two above. Unless 1, the seller’s stats are excellent, 2, you can afford to lose that money you release if they rip you off or get taken down just as you have paid them, and 3, the buyer demands the early release, this is a rule you should NEVER break. You can’t get ripped off unless you, one way or another, are tricked, conned or cajoled into releasing your funds.
So, is 5-0 out to arrest you for buying who knows what in the dark, shadowy playground of markets you can find on TOR? Next time, we’ll meet two hypothetical characters; Paul the idiot, and Matt the intelligent buyer, from whom you, the novice (or even experienced) buyer, can probably learn a thing or two.
LE’s interest is not primarily you – Meet Paul the idiot.
Everything that can be done wrong, Paul does. Having just discovered the magical world of places like Silk Road, Paul organizes wires from his bank account to buy some of this magical BTC, and he enjoys buying drugs he’d only ever read about, and having it show up at his house, in some hokey fake name (and he signs for it in that name), with all the ease of buying on eBay. He never gives a thought to encryption or data protection, as both are too much work. When orders don’t show, especially orders from overseas, he orders more goods, because it probably just got lost. Paul doesn’t mind talking on the phone or via his personal email about his stealthy exploits. Paul’s pretty slick, right?
Should one of Paul’s packages be caught in transit, one of Paul’s friends talks too loud in a bar about his recent purchases (and perhaps, local sales), or any number of other things go wrong, Paul has served up all the evidence that LE needs to secure a warrant (and later, a conviction) on a plate. Bank records confirming the purchases of BTC. A computer which will yield damaging evidentiary material, or if they want to monitor his internet usage for a while, access to his user accounts, with details of those from whom he has bought products before. Tracking numbers can then be used to start identifying the regions in which vendors operate, and the intelligence machine of LE continues to click and whir and sometimes, just sometimes, help LE catch people – there’ll be more on that in later articles. Thank you for your efforts, Paul.
Depending on your ego and predisposition to paranoia, you may be concerned that there are police sitting across the street with a shotgun mic right now, recording your keystrokes in an effort to capture your password, or employing some Intel agency level tech attempting to intercept TEMPEST emissions (magnetic ‘clicks’ of your keyboard) from your laptop and attempting to prove that it is, indeed, you who logs in to some questionable dark net market portal with an impossibly inappropriate username, or you may not even have turned your mind to it and exist in the blissful belief that the police just don’t care about you at all.
Here comes a reality check for you, either way; unless something drops into law enforcement’s lap, you have come up in the course of another investigation, or they think that you’re a solid way to make a case against a supplier, you are of very limited interest or utility. Should you care? Yes, you should. The realities of failing to guard your security are serious if things go wrong. But generally, the police are not interested in you as a buyer on the dark web. It’s unlikely, if you have the sophistication to be going about engaging in commerce via TOR, that you are the kind of highly visible criminal at the bottom end of the chain, typically driven by desperation, that police concern themselves with; you are not visible out on the street, you are not a menace to the public, sticking your sawed off in the face of some soccer mom to carjack her, or mugging young women, or doing house burglaries. You are not a supplier who acts as a magnet to these people in a specific geographic area, either. You are, for the most part, invisible; not a stat that shows up in some LE briefing that needs to be managed.
But what happens if your goods get caught in transit? Have your protected yourself? What happens if the police are REALLY interested in stopping the flow of the goods they caught?
Case study – Gun buyer in Australia.
In 2013, an Australian dark net buyer’s cheap pistol, hidden inside a broken game console coming from the U.S. caught local and foreign investigators’ interests. The Australians were severely embarrassed by a huge number of Glocks making their way into the country from Europe in recent years without Customs ever looking at any of the packages, and have a zero tolerance attitude to firearms considering the country’s restrictive legislative regime. In the US, this gun came from a second hand purchase that wouldn’t have been more than a couple of hundred USD; no major criminal organization here, but the investigation which followed was worthy of one. Detected by their Customs agency, the find was referred to the Australian Federal Police (the equivalent of the FBI) who spoke to the US’s BATFE, who set in train an investigation which eventually exposed the seller as a bumbling amateur from Kentucky paying his girlfriend’s college tuition, whose Bitcoin related postings on a major financial media website in his own name did not help his initial protestations of innocence.
He wasn’t just selling to this buyer; another Australian buyer and a couple of buyers in Europe were also prosecuted thanks to BATFE’s investigative efforts. The vendor caught a federal prison sentence in August, 2014. The first buyer, apparently a normal guy who wanted to buy a gun the authorities would not know about (who had about as much forensic awareness as our friend Paul), in a country where street prices on modern semi-automatic pistols start at 3,500 USD if you listen to the media, co-operated with the state police, who raided him in conjunction with the Customs agency, completely and utterly unprepared for a raid, named the seller and the marketplace, then continued to correspond with the seller to bait him further, and quietly pleaded guilty to a federal charge and a state charge. He avoided jail time, but still took the rap.
Next time – want to avoid taking the rap? Be like Matt.
Updated: 2014-12-14