This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Sunday, November 19, 2017

UK Government to Spy on Users by Asking Messaging Apps to Weaken Encryption

Last week, British Prime Minister Theresa May received harsh criticisms from experts for her proposal to regulate the internet and essentially weaken encryption of messaging applications such as Whatsapp and Telegram.

In a response to a terror attack that occurred in London, May stated that the act of terror can be attributed to the existence of “safe spaces” on the web such as the dark web and encrypted messaging platforms that criminals are using to distribute data and communicate with one another.

May also placed the blame on major internet service providers and internet companies that are responsible for offering encrypted services and privacy-focused solutions to users. She strongly emphasized that unregulated and private areas of the web are triggering more terrorist attacks within the UK.

However, analysts at prominent cyber security firms and mainstream media outlets such as Wired have stated that weakening of encryption is not a practical solution under any circumstances. Firstly, an attack on encryption could jeopardize global financial systems and banking that could inflict severe financial damages onto major financial service providers. Other sectors such as travel and health care could also be affected by the lack of encryption.

More importantly, the idea that the “good guys” can see, surveil and control the “bad guys” is flawed as a whole because it is difficult to justify what is considered good and bad. For instance, if internet service providers and app developers are forced by the government to build backdoors to allow law enforcement agencies to surveil on users, the surveillance on the public and billions of internet users can’t be justified.

The US government’s plan to request travelers to forfeit passwords, social media account data, email information and data stored in personal devices such as laptops was criticized by experts and data analysts for the identical reason. It is an attack on the privacy of people in general and the idea that the complete removal of privacy would discourage and decrease terrorist attacks is invalid.

More importantly, Colin Clarke, a counterterrorism expert at RAND, said in an interview that the internet is oversold in terms of radicalization. Although the internet and its encrypted areas such as the dark web are used by criminals and terrorists to communicate, the majority of conversations are settled offline.

Michael Kenney of the University of Pittsburgh stated:

Traditionally the way [UK extremist group] Al-Muhajiroun have worked is that most of their radicalization has occurred offline.”

Therefore, May’s plan on requesting encryption service providers and messaging applications such as Whatsapp and Telegram to install backdoors in order to surveil hundreds of millions of mobile users would likely do more harm than good. It will place the privacy of millions of British mobile users under jeopardy.

Essentially, May’s strategy is to implement backdoors on messaging applications to enable law enforcement agencies including the MI5, the United Kingdom’s domestic counter-intelligence and security agency, to surveil on potential suspects.

However, cyber security expert Jennifer Arcuri stated that the implementation of backdoors would leave messaging apps vulnerable to hacking attacks and grant access to others apart from the MI5. In fact, it is possible that terror attacks can be carried out by hackers that exploit the encryption vulnerability or backdoor on messaging apps if they are built upon the request of the government.

Still, discussions on implementing backdoors on messing applications are being pursued, mostly because Westminster terrorist Khalid Masood utilized Whatsapp almost immediately before carrying out the horrific attack that led to the deaths of multiple British citizens.

DEMI KESELAMATAN KITA

Five National Guard Members Charged for Bitcoin Fraud

Recently returned and unsealed indictments accused Five National Guard guardsmen for Bitcoin, credit card, or access device fraud. All four defendants used Bitcoin to purchase stolen debit and credit cards from the internet. Then, according to the indictment, the men encoded blank cards with the stolen ones and made fraudulent purchases at Army and Air Force Exchange Service (AAFES) stores on military bases.

One indictment named three men from the District of Columbia Army National Guard: Derrick K. Shelton, James C. Stewart, and Quentin T. Stewart. Another indictment named Vincent Anthony Grant, another guardsmen from the D.C. Army National Guard, for involvement in two different cases for the same crimes. And the last indictment from a separate case named Jamal Alexander Moody for the same or similar crimes; he already pleaded guilty to several crimes and is preparing for a sentence hearing.

The Shelton Stewart indictment accused Shelton, J. Steward, Q. Stewart—and their co-conspirator, Moody—of several types of fraud. They bought stolen credit and debit card numbers from the internet using Bitcoin. According to the indictment, the group targeted members of federal credit union accounts with addresses near or in Maryland. They purchased magnetic stripe encoders, along with encoding software, to write the stolen card numbers to blank credit or debit cards.

With the newly encoded cards, the group purchased items from AAFES stores on army bases and elsewhere. They then either sold the goods or kept them for personal use. This activity occurred between July 2014 and May 2015.

The Grant indictment accused Grant, Moody, and others of operating a similar scheme to the one above. Both bought Bitcoin online to buy stolen credit card numbers. They encoded and used the stolen card numbers between July 2014 and April 2015.

From an earlier indictment and trial, Moody pleaded guilty to access device fraud and aggravated identity theft. He purchased another magnetic stripe encoder and re-encoded credit cards in the same manner. He encoded more than 100 cards with stolen card numbers from July 2014 to April 2015.

Shelton, J. Stewart and Q. Stewart face a maximum sentence of 20 years in prison for conspiring to commit wire fraud. And a minimum of two years in prison for aggravated identity theft. Grant faces a maximum sentence of seven years in prison for device fraud conspiracy and a minimum of two years for aggravated identity theft.

Moody awaits sentencing for the access device fraud and aggravated identity theft charges. A maximum of 15 years in prison can be imposed for access device fraud and a mandatory two years comes with the aggravated identity theft charge.

DEMI KESELAMATAN KITA

Only 3% of Counterfeit Euros in France from Darknet Markets

France, despite a drastic decline in counterfeit use throughout Europe, still sees a significant number of counterfeiting crimes. Very few of the counterfeit noted in circulation originated from within France, as well. Yet, out of all the countries in Europe, France is first on the list of countries most affected by counterfeit currency. The director of the anti-counterfeiting detailed the current situation in France, along with the reasoning behind the increased counterfeit numbers when compared to other countries in the reason.

Fabien Lang, the head of the Central Office for the Suppression of Counterfeiting (OCRFM) said that several 2016 changes had influenced the overall decline in numbers. Starting in 2017, countries had reported an average of a 35 percent decrease in counterfeit use. One of the main reasons for this decrease, Lang said, was a change made by the European Central Bank. The bank introduced new Euro notes: a €20 banknote and a €50 banknote. The notes incorporated new security features that increased the level of skill needed to reproduce the notes.

And another main reason, the Central Office director said, was that throughout 2016, Italian law enforcement dismantled numerous counterfeiting outfits. Many of which operated from Naples, and by coincidence, many of the cells were associated with the Napoli Group. And, at the time, the Napoli Group printed the majority of the counterfeits in circulation.

The majority of banknotes had come from locations controlled by the Camorra. But, as with the Napoli Group, no counterfeiting operation was linked to organized crime that extended beyond counterfeiting itself. Yet, for France, the majority of the seized banknotes had originated from Italy.

For France, though, darknet counterfeit sales made up very little of the total seized. As low as three percent. The number rides well below the European average of “darknet counterfeits,” However on average in Europe, 10 percent of seized counterfeit money originates from the darknet. There are hotspots across the world, though. For instance, specific towns in Germany during 2016, but despite an increase in talent and availability of counterfeiting material, the total number seized remains low.

At the peak in France, darknet counterfeits, for lack of a better term, amounted to less than 30,000 of the total counterfeits seized. Lang said French authorities had caught 100 counterfeiters (no distinction between buyers and sellers) in 2017 alone. He noted that the anonymous nature of the darknet transactions made the job more difficult—but at less than three percent of the total nodes in circulating—the darknet is far less of a concern than Italian traffickers. One notable distinction between darknet counterfeits and others could be seen in the quality. The counterfeit notes ordered from darknet vendors were of a poor quality whereas the Italian counterfeiters had even fooled banks with denominations that had never existed.

The darknet counterfeits in France usually come from the Netherlands, according to the director. And naturally, with 73 percent of the notes coming from Italy via traditional methods, the darknet is not a major concern in France—as far as counterfeit currency goes.

DEMI KESELAMATAN KITA

Teen Bought Fake Euros From the Darknet, Police Reveal

In early November, German law enforcement concluded an investigation into a multi-month spree of counterfeit euro use spread throughout several towns in Mecklenburg-Vorpommern’s Lake District. After collecting evidence and descriptions from shopkeepers and salespersons, the Criminal Investigation Department in one of the impacted towns identified a 19-year-old suspect in Strasburg. Police raided the teenager’s house and found “extensive evidence” that the suspect had purchased large numbers of fake euros from a darknet vendor and then spent the notes at unsuspecting shops in the region.

The widespread use of counterfeit currency is nothing new to German authorities. In late 2016, Germany suffered from a major influx of counterfeit euro notes. The majority of the notes—if authorities told the truth at press conferences and strategy meetings—had arrived in Germany through various darknet market vendors. Several so called “printshops” for producing the counterfeit notes surfaced between 2016 and 2017, but the much larger sources of notes came from international crime syndicates focused on counterfeit currency production. DeepDotWeb covered news on one syndicate that, at one point, controlled 90% of the counterfeit euro trade: the infamous “Napoli Group.” German fraudsters, even before the darknet, relied on Napoli Group notes. As counterfeit euro demand increased, Germany became one syndicate’s most profitable markets.

During a press event in early 2017, a spokesperson for the Landeskriminalamt (LKA) announced a projected decline in counterfeit use in Germany by the end of the year. This, according to the LKA, would happen thanks to the growing detection rate of fake notes by shop owners and bank employees. According to a Bloomberg report, the use of counterfeit currency during the first six months of had increased by 8 percent. Despite the increased number of counterfeit notes in circulation, there was some success in the LKA’s campaign against counterfeit currency. It increased the victim’s ability to spot the fakes, and thanks to increased public education and printouts on counterfeit cash, police ultimately found and arrested the 19-year-old fraudster.

The LKA began interviewing shopkeepers—especially when the shopkeeper noticed the note before depositing it at the bank—in order to construct a profile of the suspect. After a “meticulous” investigation, the LKA had discovered that one person had travelled to the majority of the stores affected.

The Neubrandenburg prosecutor issued an arrest warrant for a 19-year-old in Strasburg. German law enforcement then raided the teenager’s property and found evidence pertaining to the counterfeiting crime. In addition to counterfeit euro notes, the police reported finding evidence that connected the suspect to counterfeit use throughout the region. They also discovered that the counterfeit notes had come from a darknet vendor. In a statement, the prosecutor said that the investigation was “just beginning.” The evaluation of the evidence seized, combined with the discovery that the counterfeits had originated from a darknet marketplace, and led the police to believe that the case required further investigation.

DEMI KESELAMATAN KITA

Netherlands Police Bust Darknet Trafficking Group

In 2015, law enforcement in the Netherlands arrested three suspects in connection with a cannabis growing operation in the province of Friesland. More than two years later, Friesland detectives completed an investigation that led to to the arrest of the same three suspects for operating a massive darknet ecstasy and marijuana trafficking operation. Over 150 police officers raided 10 houses and businesses in Sneek. During the raids, the Netherlands police seized bitcoin, euros, 13 cars, and seven buildings, among other various pieces of evidence.

The trio first aroused suspicion in March 2015 when police had discovered their growhouse in Sneek. During a followup financial investigation, the investigators discovered that the men had amassed more than $400,000 in the form of Bitcoin. Later on, after the investigation had seemingly hit a quiet spell, evidence arose that implicated one of the suspects in the trafficking of various “hard drugs.” Police raided his house, arrested him, and seized more than 65,000 ecstasy pills. An official statement announced that police knew the suspects had received payment for their ecstasy and marijuana in bitcoin.

This led to yet another investigation into the group and a suspected drug trafficking and money laundering organization. The arrests in late October and early November came from an investigation that began in January 2017.

By October, undercover officers had unveiled much of this secretive drug trafficking organization that had distributed drugs both internationally through the darknet and locally, on occasion. A local transaction led to the ultimate downfall. Undercover officers and one of the drug traffickers arranged a large ecstasy deal on the darknet. The police wanted 15,000 pills. Although the deal was arranged on the darknet, the cops met and paid the vendor in an apartment in the Netherlands. There, they bought 15,000 pills, but instead of arresting the dealer, the police let the dealer go free.

Police spokesman Sylvia Sanders said that they frequently go after darknet vendors and arrest the vendor after completing an investigation into the vendor’s internet activity. “Usually, we immediately pick up the suspect, but in this case we have not consciously chosen that,” Sanders says. “We wanted to get the big boss.”

And only days later, Netherlands police caught “the big boss.” A total of 150 police officers raided homes and searched a commercial garage in Sneek. Officers arrested the first two suspects—a 31-year-old and a 33-year-old—by the mid-afternoon. The officers caught a 32-year-old suspect later that afternoon. According to a report from Netherlands police, the suspects had kept very few drugs at the locations searched by police. Officers discovered 50 grams of a “white powder.”

Authorities seized 13 vehicles that belonged to the three suspects arrested that day. They also seized 150,000 euros and seven buildings under the name of the 33-year-old’s brother. The suspects have been charged with drug trafficking and money laundering, both on a large scale. The investigation is ongoing and the police expect many more arrests as the case unfolds.

DEMI KESELAMATAN KITA

Thursday, November 16, 2017

Austrian Ketamine Trafficker Sentenced to Probation

After his September arrest for drug trafficking, a 22-year-old ketamine dealer received a light sentence of probation and mandatory drug therapy sessions. On October 30, the Vienna District Court heard how a Burgenland native had financed his own “addiction” to marijuana through drug distribution. One of his family members, the man said, had told him that he could “make some money” by ordering ketamine from a darknet vendor and reselling it to friends and acquaintances.

For several months, the 22-year-old had arranged for the delivery of 320 grams of ketamine to his address in Burgenland, the prosecutor said. Police in Austria had monitored the defendant’s activities and phone calls in a so-called “intensive” investigation. During the investigation, the Austrian police investigators discovered the country of origin of the packages. Unsurprisingly, authorities pursued the buyer and not the vendor. They found that the man had connected with a darknet vendor who shipped their products from the Netherlands. The Netherlands and Austria have somewhat of a history when it comes to combatting drug trafficking.

The prosecutor neglected to detail, at the sentence hearing, why and how the 22-year-old became a suspect. In many cases, especially those involving packages from high-profile countries like the Netherlands, customs officers or postal inspectors will intercept a package or flag an address. In several Austrian cases previously covered by DeepDotWeb, the German Federal Criminal Police Office alerted Austrian authorities after customs officers in Frankfurt, Germany, noticed suspicious packages headed towards Austria. This case had an element often missing in similar cases: the buyer of the majority of defendant’s ketamine was a 17-year-old who resold at parties in Burgenland.

And information from the prosecution indicated that Austrian authorities had identified the 17-year-old buyer, given that they revealed his age during the hearing. In many cases heard at the Vienna District Court, the court would hear how customs in Austria or Germany flagged the package. In this case, though, the prosecution only spoke of the 22-year-old’s customers, specifically the party-going reseller. If any customer of the minor had spoken to the police, investigators undoubtedly followed the trail of evidence back to the newly-convicted defendant.

Philipp Wolm, the defense attorney, said the defendant’s drug of choice was marijuana. In order to pay for his habit, Wolm said, the man turned to drug distribution. “Somebody told me that I can make some money out of it,” the 22-year-old said. “Since this was a family member, I would not like to say anything about it,” he added. Judge Andreas Hautz asked if the ketamine sales had “paid off.” They had not, according to the defendant. He said that he had learned from his mistakes and planned to start a new life with his girlfriend once the court released him.

Judge Andreas Hautz sentenced the man to three years under court supervision and mandatory drug therapy or rehab sessions.

DEMI KESELAMATAN KITA

Dark Web and Cybercrime Roundup

A nine-month investigation into two international drug dealers by the Australian Federal Police (AFP) and Australian Border Force (ABF) reached a tipping point this month, according to a press release from the AFP. A 27-year-old Merna man his 26-year-old partner from Kew had allegedly imported hundreds of kilograms of various drugs into the Melbourne area.

According to the AFP’s press release, the ABF had stopped almost 16 kilograms of MDMA from entering the Australian mail stream. The dealers had enough of an impact on Australia’s drug market that the AFP’s named the investigation in their honor. Not every drug dealer gets caught in a “named operation.”

When law enforcement officers finally found the two men behind the large-scale drug importation, the AFP made their move. They raided three properties owned by the suspected drug traffickers. Australian police, during the house raids, seized a Lamborghini Gallardo; cash; drug trafficking paraphernalia; a single kilogram of meth, ketamine, and marijuana; several testosterone vials; 700 grams of cocaine; a whopping 10 kilograms of MDMA; and 16 liters of 1,4 butanediol (BD). DeepDotWeb

Finnish Police Quietly Seize a Darknet Imageboard

Finland’s National Bureau of Investigation and Customs recently seized a Finnish hidden service that was not Valhalla. The Finnish authorities brought down an illegal imageboard called Sipulikanava or the “Onion Channel” in English. For those unaware of what an imageboard is: think of 4chan. Sipulikanava functioned like any other imageboard/forum. As with the now defunct Deutschland im Deep Web forum, Sipulikanava’s darknet presence brought trouble for members who had no intentions of using the site illegally.

Although the site’s owner had created Sipulikanava in 2014, the police investigation into the imageboard only lasted between October 9 and October 29. The arrests—dozens of them—had taken place between mid-October until early November. Although some users had uploaded illegal child abuse content, Finnish law enforcement wanted the site’s users for various drug crimes. One incident, in particular, had especially angered the police.

In early 2017, site users had arranged an amphetamine deal that ended poorly. It ended in armed robbery that required police intervention. From that point onwards, the police voiced their concerns about Sipulikanava. Customs said that darknet activities from the site had “brutally” impacted real world events. On November 1, Finnish law enforcement agencies replaced the site’s content with a “this site has been seized” landing page. DeepDotWeb

TradeRoute Dirty Laundry

Former TradeRoute moderator Sam Culper made a surprise appearance on Reddit this week. In previous darknet exit scams, mods—who generally knew nothing of the exit scam—stuck around for a single “goodbye” post before logging out of the marketplace’s Reddit mod account. Culper, too, had stopped using his official Reddit account aptly named /r/SamCulperTR. That changed with a recent Reddit post. He logged in and told the readers of the darknet market subreddit that he was hurt by the TradeRoute admin’s decision to exit scam.

He explained that he had never performed the duties of an admin and had always been a moderator. “I enjoyed helping [customers] with their support tickets,” he said. Culper wrote that he had been hired two months before the exit scam actually happened. “I assume most of you understand that the actual admins are not gonna tell some support guy that they are about to exit scam,” Culper began. He explained that the market staff had hired him and then promoted him three times before the exit scam. He went from making $8,000 per month to making $8,000 per week to making $14,000 per week.

Culper wrote:

“Each Friday I would get 14k. As soon as this stopped it was a clear sign that they would not return. I believe the MAIN admins set me up. They promoted me 3 times within 1 month which is why they started giving me 14k a month. Making it look like I was one of the real admins.”

He closed by claiming he had no ties to the former admins and he was just like any other subreddit user. Historically, mods have had no involvement in exist scams. History is on Culper’s side. Reddit

Bitcoin Money Laundering Lands Six in Court

In a Netherlands court, six men—allegedly in mysteriously unrelated cases—face up to three years in prison laundering several hundred thousand dollars in Bitcoin. The prosecution knew the money had originated from previous drug trafficking ventures. None of the men had given halfway passable excuses for how they had come across the money. However, because the prosecution hear not gathered evidence on any drug trafficking crimes, the men only face drug possession and money laundering charges. DeepDotWeb

MDMA. The Ventura County Sheriff’s Interagency Pharmaceutical Crimes Unit teamed up with another department’s Narcotics Unit to build the case against the Los Angeles and Ventura County drug dealer named Ryan Tallmadge.Detectives pulled Tallmadge over at a traffic stop and searched his car. They found 15 grams of MDMA and almost 2,000 alprazolam pills. The detectives carried Tallmadge to Ventura County Sheriff’s East County Jail for possession with intent to sell and possession with intent to sell a designated controlled substance.

DEMI KESELAMATAN KITA

Dealer Busted After Buying Counterfeit Euros on the Darknet

In the town of Brilon in North Rhine-Westphalia, Germany, the Federal Criminal Police Office raided a 20-year-old who had ordered counterfeit money on the darknet. To the Federal Criminal Police Office’s (BKA) surprise, they could not find any counterfeit banknotes on the 20-year-old’s property, despite their own intelligence that indicated otherwise. Instead, the BKA found a cache of drugs “in no small amount.” The investigation then shifted; instead of what would have been a relatively standard counterfeit money arrest, the BKA began investigating the young Briloner for drug trafficking.

The indictment still accused him of ordering counterfeit Euro notes, however. From September until the 20-year-old’s early November arrest, the BKA had raided 11 different apartments throughout the federal states. The operation, according to the most recent release, resulted in the search of 40 suspects and the confiscation of 1,400 fake 50-euro banknotes.

Austrian authorities, in the early months of 2017, set the investigation in motion during an investigation of their own. They busted a counterfeiting ring that sold their fake notes on the darknet. The group of counterfeiters had both produced and sold the fake banknotes, not unlike the infamous Napoli Group. Austrian law enforcement then began working with German authorities on the second stage of the investigation. The counterfeit Euro vendors, along with a significant number of lazy or careless darknet drug vendors, had kept transaction records for buyers of their counterfeit notes.

The case then unfolded almost identical to any other darknet drug case where the vendor kept a list of his or her customers and authorities used that list to track down buyers even years later. Shiny Flakes kept a color-coded list of orders that included information on the buyer, the address, and the order details. German police raided Flakes two years ago, but his color-coded list that ensured customer jail time lived on, contributing to arrests as recent as August 2017. Alphabay fentanyl vendor PeterTheGreat kept a list that recently led to the arrest of the “father and son vendor duo” in the United States. There is no shortage of evidence to demonstrate the damage caused by simple logbooks and spreadsheets.

Although the BKA raided the majority of the fake Euro buyers in September, some suspects, including the 20-year-old from Brilon, took longer to track down. Eventually investigators discovered that DHL had delivered the notes and with tracking information from DHL, the BKA easily discovered where the man lived.

Prosecutor Thomas Poggel said that the BKA had found at least one kilogram of marijuana, an unspecified number of ecstasy pills, and 800 grams of amphetamine. The 20-year-old now faces charges connected to large-scale narcotics trade, possession of illegal substances, and receiving counterfeit money. Law enforcement officers knew he had ordered and received the money, they simply had no idea how the money had disappeared. Poggel added that German authorities hope to work with their Austrian partners to track down the 20-year-old’s buyers. This case, the prosecutor said, will require a “very time-consuming investigation.”

DEMI KESELAMATAN KITA

Man Caught With 85 Pot Plants After Ordering Cocaine on the Darknet

According to a press release from the Police Headquarters in Lower Bavaria, Deggendorf investigators received word that a man living in Zwiesel had ordered cocaine from the darknet. At request of the Deggendorf prosecutor, officers arrived at the suspect’s apartment after the cocaine would have arrived, only to find 85 cannabis plants at various stages of growth and large amounts of dried marijuana clippings and dried buds. One third of the plants, the press release revealed, had already started blooming and could have been harvested.

This case marks the second time that German police investigated and/or raided a suspect for one crime, only to find that they had investigated the wrong crime. In one case, only days apart from the arrest of the marijuana grower, police suspected that a 20-year-old in North Rhine-Westphalia, Germany, had ordered a number of fake Euro notes from a darknet vendor in Spring 2017. After months of investigation, the BKA finally identified and raided the man for possession of counterfeit Euros. The police faced one problem: when they searched the 20-year-old’s apartment, they failed to locate any counterfeit notes. They did, however, find a large-scale drug trafficking operation.

The BKA locked up the North Rhine-Westphalia suspect on charges linked to drug possession, distribution, and receiving counterfeit currency. In Zwiesel, the so-called “marijuana cultivator” fared similarly. Despite the fact that the police had not located any cocaine or any proof that it had actually arrived at the suspect’s house, the prosecutor confirmed that the charges connected to marijuana cultivation and cocaine possession.

According to the police, not only did the suspect successfully grow a massive number of cannabis plants, but he did so in two separate grow rooms. The two facilities contained a combined total of 85 plants, but only one third had reached a level of maturity the police called “ready to be harvested.” The suspect had more than 250 grams of dried marijuana clippings from an earlier harvest. Inside the suspect’s apartment, police officers also found 15 grams of dried buds.

Despite not using cocaine, German news outlet Focus.de wrote, the prosecutor still charged the suspect for ordering cocaine from a darknet marketplace. In the case of the 20-year-old investigated for buying counterfeit euros, police investigators seized the suspect’s computers during an apartment raid. They planned to find the evidence needed for the counterfeit charge on the computers. The Lower Bavarian Police Headquarters, in their press release, made no mention of seized computers or additional evidence to further the prosecution’s case.

In addition to the cocaine charge, the “cannabis cultivator” received charges that reflected his crime of growing marijuana. As of the most recent press release from the Bavarian police, the public remains in the dark as to whether or not all 85 plants were intended for personal consumption or if they were meant for distribution. The prosecutor charged him with “several breaches of the Narcotics Act.”

DEMI KESELAMATAN KITA

Chinese Hacker Group Is Back With Corporate Espionage Campaigns Targeting Western Organizations

Keyboy, a Chinese hacking group has reemerged with a new campaign of malware attack techniques, this time targeting numerous organizations in Western nations. The advanced persistent group has been operating out of China since 2013 and had previously targeted individuals and organizations in countries in Southeast Asia including Taiwan, Tibet, and the Philippines.

The new corporate espionage campaign by Keyboy, through their specialized malware alongside phishing emails, helps them spy, as well as steal from targets.

Now over the years, Chinese hackers were dubbed the most careless and noisiest in the cybercrime world. They have worldwide recognition stemming from their ruthless behavior of hacking anything they lay their hands on and making security systems look average. Also, they do not care about covering their tracks with little regard to stealth.

But with recent attacks, it seems they have been more careful and well organized, putting up sophisticated strategies to go after their choice of targets.

Instead of kicking down the front door, Chinese hacker groups have started to pick locks and operate in the shadows.

Tom Hegel, Senior Threat Researcher at 401TRG, speaking after the hack of the CCleaner app which is believed to have been carried out by a Chinese APT codenamed Axiom, stated that “there was indeed a decrease in activity of Chinese APTs following the pact.”

“They became more strategic and operate with improved tactics since then,” he added. “They were once very noisy with little care for operational security. These days it’s more strategically controlled.”

The last known activity by the hacker group, Keyboy came between August and October 2016, when they targeted the Tibetan parliament. Reports suggest that the hacker group went on ghost mode after that. However, they seem to be back with their sights set on corporations in the Western nations.

According to reports, Keyboy has created spy malware which enables them to perform malicious activities on infected computers secretly. The malware has numerous capabilities of which some include taking screenshots, equipped with keylogging features, and also can stroll through and download files of victims, gather extended system information about the machine and also shutting down infected systems.

Reports from researchers at a prominent security firm suggest that Keyboy hackers are in possession of a new payload and after analyzing it, found out that, it incorporates new techniques capable of replacing legitimate Windows binaries with a copy of the malware. The malware disables Windows File Protection which then enables the hackers to perform their malicious activities under the radar.

Synonymous to many espionage campaigns, this begins with emails and a malicious document and in the case analyzed by the security researchers, the bait here was a Microsoft Word document with the name “Q4 Work Plan.docx”.

The bait uses the DDE (Dynamic Data Exchange) protocol to locate and download a remote payload instead of delivering malicious macros or an exploit.

The attack is planned to prompt victims to update the malicious Word document delivered by the phishing email and once the victims fall for it and click on the update option, a malware dropper is served up and the malware eventually installed into the targets’ PC.

When the process is done running with the malware being installed, the initial DLL is deleted without any trace of the malicious fake and once the malware also disables Windows File Protection and its notification pop ups, system administrators won’t immediately notice that a legitimate DLL has been replaced.

The hackers are then at liberty to execute espionage campaigns they wish to once they gain access to the target system.

Researchers have stated that it is still unclear what type of organizations that the hacker group is now targeting with its latest campaign. There is still no clear indications as to if the hacker group is a state-backed organization or if they are just part of another cybercrime group.

Reports state that Keyboy has a “medium level of technical and operational know-how”.

Although Keyboy in their previous campaign targeted organizations in Southeast Asia, it has now turned their attention to conducting corporate espionage on organizations in the West and this may indicate a possible expansion of operations.

The term APT (advanced persistent threat), initially meant Asia-Pacific Threat, mainly because of the onslaught of Chinese hacks at the start of the 2000s, but is now used to describe hacker groups believed to be operating at orders and also under the protection of local governments.


DEMI KESELAMATAN KITA

Signal Releases New Standalone Desktop Client

In a blog post published on Halloween, Open Whisper Systems, the developers of the free and open source Signal encrypted communications app, announced that they had released a new standalone desktop version of their app for Linux, Mac OS X, and Microsoft Windows. Signal is largely used on mobile devices, however the release of the new Signal Desktop app is not the first time that Open Whisper Systems made their powerful end-to-end encrypted communications app available to people who use desktop and laptop computers. Prior to the launch of the new standalone Signal desktop app Open Whisper Systems enabled people to login and use their Signal account on their computer by downloading an app for Google Chrome and other Chromium based web browsers. The Chrome app, called Signal Private Messenger in the Chrome Web Store, is now considered to be deprecated. The catalyst for ending development of the Signal Chrome App and instead turning it into a standalone app was Google’s announcement last year that they were going to phase out all Chrome apps over a two year period. To help transition to the new Signal Desktop, users are able to import data that has been exported from the Signal Chrome app.

As DeepDotWeb concluded in a review of secure messaging apps from last year, Signal is an excellent choice for users who want to protect the content of their communications. Signal makes using effective encryption so simple that anyone who can use a phone can use Signal. Signal’s source code has been independently audited, and even NSA whistleblower Edward Snowden encourages people to use it. Early last month after a gag order was lifted, Signal was able to reveal that they were subpoenaed by a federal grand jury, which was requesting information on two Signal users. The company proved they do not store data on users, other than the date that a user registers with Signal and the last date they used Signal.

Both the new Signal Desktop app and the earlier Signal Chrome app required users to first create a Signal account by using a phone number that they have access to for verification purposes. The Android version of the mobile Signal app can be found on the Google Play Store, and the version for Apple’s iOS can be found on the iPhone’s App Store. Alternatively, Android users can download the app from Signal’s website and then verify that the APK file signing certificate matches the SHA256 fingerprint on the website, however Open Whisper Systems tells users that the safest and easiest way to install Signal on Android is to obtain it from the Google Play Store. Because all of the source code to all versions of Signals apps are free and open source, users are also free to build Signal from the source code. Signal makes their source code available through their repository on GitHub. To verify a phone number and register it as your Signal number, the mobile Signal app can either send you an SMS text message with a verification code, or it can make an automated phone call and read the verification code to you. Verification by phone call enables a user to create an account using the number of a landline.

To download Open Whisper Systems new standalone Signal Desktop app, go to https://signal.org/download/ and download the version of Signal Desktop that is compatible with your operating system. If you are serious about ensuring your privacy and security, and seeing as you are reading this you probably are, you might want to make sure you encrypt the drive or directory that you store and run Signal Desktop from, or alternatively store and run the app from within an encrypted container using software such as VeraCrypt. By encrypting you are making it difficult, if not very impractical, to get access to the app data and conversations. The Android version of Signal includes the ability to enable a lock screen on the app that requires a password to see the messages. Curiously this feature is absent from the iOS version of Signal, but the developers argue that it isn’t a big deal because iPhone’s are encrypted and use a password protected lock screen by default, whereas in many versions of Android, encryption is not enabled by default. The Signal Desktop app, like the iOS app, does not include the ability to enable a password protected lock screen. So it is important to make sure your operating system has a password protected lock screen enabled to further protect the content of your communications on Signal Desktop.

To add your Signal account to your computer open the Signal Desktop app, then at the same time open the mobile Signal app, tap on the button at the top right that displays 3 vertical dots, and then tap on Settings, tap on Linked Devices which you’ll find near the bottom of the screen, and finally tap on the + symbol at the bottom right of the screen. You can now link your account to your computer by pointing your mobile device’s camera at the QR code that is being displayed by Signal Desktop on the computer’s screen.

Sign
DEMI KESELAMATAN KITA

Sunday, November 5, 2017

Three German Darknet Dealers Sentenced to Probation

On October 18, a Saarland court passed down unusually mild sentences to three so-called “darknet dealers.” The men had distributed mushrooms, LSD, heroin, and amphetamine for several months before their arrest, the police said. After authorities intercepted packages addressed to one of the three dealers, they raided the suspect’s apartment and struck gold: the feathers had maintained whiteboards with active deals, customer names, and payment statuses.

Although the board contributed nothing to the arrest of all three dealers, their “carefully managed business” directly impacted the case and subsequent sentencing. The incriminating whiteboards led to quick confessions from the men, given the combined weight of the evidence collected by law enforcement.

The case moved from arrest to sentencing in a matter of weeks. In the time between hearings, authorities released very little information. An ongoing investigation that first reached the press in August, along with the inherent investigation into the trio’s customers more than likely impacted the case’s sensitivity. In August, elsewhere in Germany, police had uncovered a darknet drug trafficking group and numerous local customers. The investigation, an official spokesperson announced, had really taken off after German police intercepted a package of drugs from the darknet earlier that month.

At the time of the announcement, law enforcement had already learned that the drug trafficking group consisted of three suspects. Kriminalpolizei in a nearby city had previously found that a darknet dealer lived—or sold, at least—from somewhere within the region. But identification of the men did not occur until after police in Saarland intercepted a package headed towards Wadgassen.

One of the defendants, a 31-year-old named Patrik C., had ordered the package. And then several more. In total, the intercepted drugs weighed several kilograms, but officials never released a precise figure. Police then raided an apartment in Wadgassen that belonged to all three suspects. There, they found the whiteboards (and other drug-related evidence, including drugs).

The oldest defendant, Patrik C., controlled and managed the orders. The other two, 25-year-old Philip B. and 23-year-old Yannik K. played unspecified roles in the conspiracy. Like in the Shiny Flakes case, the records identified buyers and incriminated the dealers. In addition to the nicknames of buyers, the men had written down information that directly linked some customers. This includes real names and addresses.

In the final hearing, the presiding judge sentenced Patrik C. and Philip B. to two years probation and fined them both $6,800. Yannik K. received a softer punishment than his older partners: 19 months on probation and a $3,500 fine.
DEMI KESELAMATAN KITA

Thursday, November 2, 2017

French Dealers Busted After Drug Package Interception

French law enforcement completed the third wave of arrests connected to an ongoing drug trafficking investigation. In Spring 2017, La Poste intercepted packages of drugs that led to the discovery of a drug trafficking network in Gap, a commune in Hautes-Alpes, France. Within the first few months of the investigation, French police forces tracked the packages from a darknet vendor to the first group of drug traffickers, setting off the sequence of events that set the third wave in motion.

According to laprovence.com, the Research Brigade of the Gap Gendarmerie arrested one dozen suspects within six months of the investigation. The majority of the suspects were roughly 20-years-old, but one suspect had been a minor at the time of his arrest. The suspects from the third wave of arrests—not unlike those in the prior waves of arrests—had distributed cocaine, ecstasy, amphetamines, and marijuana for several months. After ordering drugs in bulk from darknet vendors, the dealers moved their product through the Hautes-Alpes department.

The number of total suspects remains somewhat unclear. Between Spring 2017 and Summer 2017, authorities arrested between nine and 12 suspects. Three of those suspects were held in pre-trial detention. Court officials kept the remainder of the suspects free, but held them under judicial supervision.

Between one and three people landed in custody following the execution of the third wave of arrests. Several news outlets refer to a single suspect, but one local news channel—with sources allegedly close to the investigation—referred to the occurrence of several arrests. One source wrote of the eight arrests before the third wave and 10 arrests after the third wave.

Regardless of the number of suspects that French police took into custody during the most recent raid, the case changed very little. The arrests linked back to the original La Poste seizure in April 2017. The suspects sold in the Hautes-Alpes department and mainly in the Gap commune, but had branched out to surrounding areas.

Authorities discovered LSD in the most recent indecent, but otherwise, the dealer(s) had purchased the same drugs as before and likely from the same darknet vendor. In a statement, the Prosecutor revealed that the investigation into the darknet vendor and drug distribution network was an ongoing investigation. Only nine out of the total number of suspects had been charged at the time of the announcement.

“The operating procedures, the nature and quantity of the products and the places of resale will not be the subject of any communication from the public prosecutor’s office until the investigations have been concluded in order to preserve the investigations,” the Prosecutor said in the statement to the press. He added that “some elements circulated in the press on this subject are erroneous,” possibly referring to the wild variation in the number of arrests.
DEMI KESELAMATAN KITA

Xanax Dealer Sold to “Vulnerable Young Women,” Judge Revealed

District Judge Barney McElholm granted anonymity to a 34-year-old darknet drug buyer. According to the court, the Derry area man ordered drugs from the darknet and had resold them near to where he lived. Numerous factors contributed to the judge’s decision to keep the case under wraps, one of which was that the dealer’s life could be in danger since he deliberately targeted “vulnerable young women” as his preferred clientèle.

The man’s charges date back to 2007. Back then, according to the prosecutor, police began to suspect the man for selling drugs and fraudulently supplying “chipped boxes capable of accessing satellite TV.” In addition to the drug charges, the TV-related activities led to several fraud charges. He faces possession and distribution charges connected to the marijuana, cocaine, and alprazolam.

A Royal Mail employee intercepted a package from England, addressed to the 34-year-old suspect, that had contained 500 Xanax pills. The police received warrants for the man’s property and the property of a suspected female accomplice. And the subsequent raid(s) proved as useful as police could have hoped.

Officers found a mobile phone, a tablet, drug paraphernalia, and various pieces of drug packaging material. The man refused to give investigators the PINs required to access the devices, but the police were able to pull data from the devices without the PIN. According to an officer’s testimony, the tablet contained evidence that the suspect had an “extensive knowledge of the Dark Web, computer programs and technology.”

The interesting information came from the man’s Facebook messages. He allegedly arranged his deals through Facebook and kept the messages. An officer said that many of the messages were to young women who used drugs. The suspect offered drugs in trade for a woman’s company. One of the officers who had viewed the messages explained that they were of a romantic or sexual nature.

“Love you junior, want to make a stack of money together?” he asked of a young woman who had just lost her mother if she wanted to work with him to sell Xanax and other drugs. He spoke with some of his female clients about keeping their personal relationship and business relationship completely compartmentalized.

Since the arrest, the 34-year-old received several death threats, according to the officer who saw the Facebook messages. The officer reported that he could not verify if the threats were anything more than verbal threats, but acknowledged that the threats existed and that keeping the suspect’s name from the media would be in the court’s best interest, along with the interest of the suspect.
DEMI KESELAMATAN KITA

Man Abused His Stepdaughter, Shared Pictures on Darknet Forums

In Traunstein, Germany, a judge at the Traunstein District Court sentenced a 28-year-old man for child abuse and spreading pictures and videos of the abuse on the darknet. Judge Klaus Weidmann found the defendant guilty of 29 counts of the sexual abuse of children, possession of child pornography, and production of child pornography. The judge ordered a prison sentence of seven years and nine months. In addition, the defendant must pay the victim, his stepdaughter, 45,000 euros. The stepdaughter will also receive payment for any further damages that could be attributed to the sexual abuse.

German police caught the man in January 2017 after he had uploaded pictures on the darknet that contained identifying information. The BKA had gathered ample evidence on the man. One of the most damning indicators of the (former) stepfather’s guilt came from the pictures he had uploaded on the darknet; he had uploaded pictures that had his own face in them. In January, they had asked the public for help in ensuring the suspect’s capture. The search then ended soon after it had started.

The public never knew why the search had ended, given that the police never revealed that they had captured the man in the photographs. The outcome of the search mattered very little, in light of later developments. The prosecution had obtained a confession from the defendant. Not a full confession, the court believed, but more than enough for the guilty conviction. Investigators suspected that 20 or more cases of child abuse by the 28-year-old existed. The prosecution wanted to avoid pursuing cases where the victim would have to appear in court or provide a statement to the police.

In addition to a full confession of his abusive relationship with his ex-wife’s ten-year-old daughter, the man kept evidence of the abuse at his home. When investigators searched the house in January 2017, they found evidence that he had uploaded pictures and videos to his friends on Skype and to forums on the darknet. The abusive relationship began when the girl was only seven-years-old, according to photographic evidence found on the darknet and on electronic storage devices.

He argued that he and his step-daughter had a “good” relationship. He said that they had wanted to get married. The girl’s mother—the former wife of the defendant—had divorced the defendant in 2016. According to the court, she had grown suspicious. The 28-year-old told the court that the girl had been “like a girlfriend” to him and that everyone knew of their good relationship. His ex-wife, he said, had grown jealous and told him to “get a room.” Police questioned her, but she seemingly knew nothing of the child abuse. The defendant had also uploaded pictures and videos of his ex-wife to darknet forums, investigators found.

In a statement to the police, the ten-year-old girl said “I’m so afraid, I never want to go to him again.” The prosecution wanted to keep him away from the victim for a long time. His crimes were “above average,” they said. To keep the girl safe, the prosecution pushed for a prison sentence of almost 18 years. The defense pushed the narrative that the defendant had changed and had prepared for therapy, as long as he could get the ordeal behind him. At most, the lawyer for the defense said, a prison sentence of five years would be appropriate.

Judge Weidmann opted for seven years and nine months, along with the monetary stipulation. “In the worst case, the defendant could meet the child again in a few years,” the judge said.
DEMI KESELAMATAN KITA

Starting Your Black-Market Business in The Digital Era

In this day and age, businesses have leveraged the power of the internet to expand their businesses significantly. With corporate giants such as Amazon and eBay, there is no question to whether it works – it’s 2017, and nearly everybody owns at least a smartphone and a computer. But it’s not only your conventional businesses that have leveraged the insane power of the internet.

Such opportunity has arisen for drug dealers and black-market dealers to sell their goods on the deep web. Doing so allows for such entrepreneurs to do business while remaining as anonymous as possible. This is made possible thanks to the Tor Network and cryptocurrencies such as Bitcoin and Monero which are much harder to trace by law enforcement than fiat money (USD, GBP, EUR).

While I’m not telling you that it is a good idea to do illegal business on the deep web, if you want to do it we know you’ll do it anyway, so here’s my guide on getting started with your Black-Market Business in The Digital Era.

    Just because you’re selling illegal products doesn’t mean that everything business wise doesn’t apply. Start off by finding your USP (Unique Selling Point) – what is it that makes you better than any other vendor? You might source high quality products or have great customer support. You get the idea. Now it’s also a good time to come up with a vendor name – think long term – don’t come up with anything you’ll regret later. Make it clear and memorable. Also, be unique. If you have a similar name to somebody else nobody will find you when they search for you.

    Now it’s time to decide how you are going to sell. You’ve obviously determined that it’ll be via the deep web, but do you want to sell on a marketplace or on your own eCommerce site? If you’re starting out, I’d recommend just creating a vendor account on a market place. That way it is easier for you to build up reviews and make yourself a good reputation as a seller. You’ll also find it much easier to get visitors to your profile and listing, in which equals more money.
   
 Find a reliable marketplace that suites your needs, use this market list to help you! If you decided to sell on your own site, well then, you’ll either need to find someone to code and host it for you, or use a deep web eCommerce platform in which can sometimes be found. Despite this, it’s up to you whether to decide if you trust a 3rd party to log you and your client’s personal information.

    I’ll assume you know what you are selling, otherwise you wouldn’t have went looking for a guide. Using other Darknet Market listings to help you, come up with a small list of product to start selling. Research suitable titles, descriptions and prices.

    Make your listings stand out. Use a good camera in a room with good lighting to take quality pictures of what you’re selling. This along with a good profile description and product description will help a buyer choose you over another vendor.

    OPSEC – Operational Security. Whatever you do, don’t link anything on the Deep Web to your identity. Usernames, events, times and friends… should never be mentioned on the deep web or anywhere linked to your vendor account. Make sure you learn how to use PGP Encryption and put it on your profile so that customers can securely contact you. It’s also a very good idea to install the Tails OS onto a USB stick to use as a secure operating system. Use it for anything related to your black hat business – anything happens, pull It out and discard of the USB Stick. Easy.

    Now that you are raking in ‘thousands of dollars’ worth of Bitcoin and Monero, you’ll want to withdraw it. Do this often so that you don’t risk losing any of your funds due to bugs or market scams. Withdraw your coins and tumble them with a reputable site such as Helix Light by Grams. If you don’t do this, when you go to sell your coins, there will be a trail from the person who bought it off you, all the way to your vendor account (in theory).

That’s it for now. Hopefully this gave you a good idea on how to go about starting your own black-market business, or maybe it just gave you further insights into the black-market trade. If you want anything in particular discussed in detail in a future post, be sure to leave a comment. Stay safe. ☺s

DEMI KESELAMATAN KITA

MDMA Vendor Duo Sentenced to Six Years in Prison

Two 23-year-old men, according to the prosecution in a Netherlands court, sold “dozens of pounds” of MDMA on darknet markets in eight months alone. Despite their best claims to pretend they had distributed health supplements, both men left the courtroom with six year prison sentences.

The suspects, Thijs V. from Houten and Mike W. from Muiden, sold various (and numerous) types of drugs. Powder MDMA and ecstasy pills contributed to the majority of their sales, the public prosecutor said. Drug shipments found their way across the country with the drugs themselves hidden inside something inconspicuous and normal. And their drugs had reached across the majority of the globe.

In eight months, the pair of darknet vendors had sold $470,000 worth of drugs. Many of those drugs passed through mail inspection points while inside food containers and greeting cards. Neither tactic is brand new, but any means, but still notable enough to receive a mention in the courtroom.

Police arrested the men in February 2017. Inside the car, the officers found MDMA stashed inside food-related items. This triggered a house search where investigators uncovered more drugs, money, and evidence to prove the men had sold drugs in the darknet.

The food containers—peanut butter jars, for instance—may have contributed to the argument given by the defense: that they both believed they had been selling food and health supplements. They claimed they had sold $470,000 in health supplements in only eight months. In exchange for Bitcoin. And, furthermore, they sold the alleged supplements on the darknet.

Willem Jan Ausma, V’s lawyer told the press that his client “thought they were selling food supplements. He did not know anything about drugs.” W’s lawyer did not want to make a statement.

Telegram and WhatsApp chat logs gave away the men’s secret, though. They directly contradicted the argument that, instead of knowingly selling drugs in the darknet, they had been knowingly selling peanut butter. According to the prosecution, investigators discovered the men’s online activities after catching them with drugs in their vehicle. Neither defendant had a criminal history or background, and both attended the University of Amsterdam.

The lawyers asked the court to suspend the case itself, given their clients were young and in school. Their young ages worked to their advantage once the sentencing stage began. The prosecution pushed for a prison sentence that lasted longer than six years. He wanted seven years.

But because they were young and free of any criminal background, the judge sentenced them both to six years in prison. The court pushed for a forfeiture of the money earned online, but in August, the financial investigation had not completed. V. had also caught money laundering charges, but they were not mentioned during sentencing.

DEMI KESELAMATAN KITA

Dream Vendor “CzechoSlovakFarm” Busted in Slovakia

Trenciansky Police, according to a post on the Slovak Police Force’s Facebook page, caught a 24-year-old marijuana vendor. The suspect, Juraj (equivalent to George in English), had distributed a significant quantity of marijuana through unknown darknet markets. At his house, police found almost 10 kilograms of dried cannabis and 25 seedlings.

After a several month investigation, Slovak authorities traced the darknet venture back to the 24-year-old. More than one news agency reached out to the authorities for further information on the investigation, but they chose not to reveal anything that could have been considered sensitive. They were able to trace Bitcoin payments to the vendor, but without great accuracy. From September 2016 until his arrest, he grew marijuana from the family house in Northwest Trenčín. The police revealed, on Facebook, that he had grown plants from the apartment in South Trenčín from June 2016.

Juraj grew cannabis in both his home and an apartment nearby. According to information gathered by police, the 24-year-old shipped the drug from his house. Through the darknet, police said, Juraj shipped marijuana to Hungary, France, Germany, Italy, the United Kingdom, Turkey, Bosnia, and Herzegovina. The police knew how he packaged the marijuana in a certain type of envelope and that he shipped the envelopes through branches of Slovak Post.

The vendor, while law enforcement made no official comment, fits the profile for the Dream, Valhalla, and (former) Alphabay vendor known as “CzechoSlovakFarm.” CzechoSlovakFarm sold (seemingly exclusively) various strains of premium marijuana. He shipped it from the same region, according to his vendor profile on Valhalla. He shipped to the countries listed by the police. He wrote that buyers in Slovakia, Austria, the Czech Republic would receive their packages in 2-5 days. Buyers in Germany, Poland, Spain, Hungary, and the United Kingdom would take as long as seven days.

CzechoSlovakFarm has not been active on his vendor accounts. On Valhalla, his profile says “Last signed in: more than week ago.” Granted, nobody uses Valhalla. His customers, including those that placed orders within days of the arrest, reported that they had not heard anything from the vendor. One user wrote that he had placed an order with CzechoSlovakFarm on Dream Market. The vendor marked the order as accepted on October 10, but had not shipped anything.

Local news sources reported that Juraj, a student, did not “complain about his financial security.” This deduction seemingly came from the value of the marijuana in Juraj’s possession, rather than his previous earnings. They reported that the suspect had grown enough marijuana to total $117,900. This number assumes he sold grams online for close to $12 per gram. That estimate is likely close to accurate, given his 50 gram listings—on Dream Market—break down to roughly $10 per gram. Authorities made no official statement on the vendor’s previous earnings (other than the fact that customers bought marijuana with Bitcoin).

DEMI KESELAMATAN KITA

Vendor Admits Selling 1,100 Grams of Heroin on Alphabay

On December 15, 2016, federal grand jury in Fresno, California, returned an indictment against an Alphabay vendor for fentanyl, heroin, and methamphetamine distribution. The vendor, Emil Vladimirov Babadjov, 32, had appeared in court the day before the indictment. The police picked him up following a criminal complaint that accused him of being the Alphabay vendor “Blime-Sub” and “BTH-Overdose.” Roughly 10 months later, on October 16, Babadjov pleaded guilty to the distribution of controlled substances.

The investigation that led to Babadjov’s arrest began in September and ended in early December, making it one of the shortest darknet investigations in 2016. DEA Special Agent John T. Rabaut, an Organized Crime Drug Enforcement Task Force (OCDETF) member, initiated the investigation. The Blime-Sub case was part of a much larger investigation that targeted heroin and fentanyl dealers on darknet marketplaces.

Agent Rabut found vendor feedback and forum posts that indicated the same person operated Blime-Sub and BTH-Overdose. He further deduced that the vendor sold from the West Coast, and specifically from San Francisco. This deduction, he explained, also came from an analysis of reviews and messages on websites discussing the darknet (and apparently vendor shipping details). Rabut wrote that the PGP key on BTH-Overdose’s profile belonged to “babadjov@gmail[dot]com.”

The agent then searched the Gmail address and found a Facebook account under the name “Lime Vojdabab.” Next, he added, “the reverse order of these letters spells out Emil Babajov.” Even the U.S. Attorney’s Office pointed out the somewhat humorous connection between the defendant’s first name, “Emil B” and the first half of one of the vendor usernames, “Blime.” (Emil B, reversed, is Blime.)

With assistance from the United States Postal Inspection Service, Rabut prepared a controlled purchase. He placed an order for three grams of heroin. US Postal Inspector Jessica Burger alerted the agent after the package had arrived and the taskforce began an analysis of the package and substance within. Inspector Burger examined the Postage Validation Imprinter (PVI) label and identified the time, date, and location that Babadjov had purchased the postage used on the package. She identified the location as a self-service kiosk (SSK) only 0.7 miles from Babadjov’s last known address.

When Babadjov purchased the postage, the SSK took a picture. (SSKs take pictures of every customer.) Inspector Burger pulled the picture taken by the SSK when Babadjov had bought postage and the picture matched Babadjov’s social media and drivers license pictures.

A laboratory tested the contents of the heroin package from Blime-Sub. In November, the lab reported that the substance—a powder—had tested positive for heroin. But, to Rabut’s surprise, the lab noted that “most of the powder was actually fentanyl.” A forensic examination of the package revealed that the sender had left fingerprints on the packaging that matched Babadjov’s prints. (Rabut “reviewed law enforcement records,” indicating that US authorities had already obtained Babadjov’s prints at a previous encounter.) Federal authorities had gathered enough evidence for an arrest.

Babadjov pleaded guilty to distributing more than 1,100 grams of heroin, 510 grams of meth, and 66 grams of fentanyl on Alphabay. Authorities made no mention of the Dream or Valhalla accounts under the vendor’s usernames.
DEMI KESELAMATAN KITA

Vendor Admits Selling 1,100 Grams of Heroin on Alphabay

On December 15, 2016, federal grand jury in Fresno, California, returned an indictment against an Alphabay vendor for fentanyl, heroin, and methamphetamine distribution. The vendor, Emil Vladimirov Babadjov, 32, had appeared in court the day before the indictment. The police picked him up following a criminal complaint that accused him of being the Alphabay vendor “Blime-Sub” and “BTH-Overdose.” Roughly 10 months later, on October 16, Babadjov pleaded guilty to the distribution of controlled substances.

The investigation that led to Babadjov’s arrest began in September and ended in early December, making it one of the shortest darknet investigations in 2016. DEA Special Agent John T. Rabaut, an Organized Crime Drug Enforcement Task Force (OCDETF) member, initiated the investigation. The Blime-Sub case was part of a much larger investigation that targeted heroin and fentanyl dealers on darknet marketplaces.

Agent Rabut found vendor feedback and forum posts that indicated the same person operated Blime-Sub and BTH-Overdose. He further deduced that the vendor sold from the West Coast, and specifically from San Francisco. This deduction, he explained, also came from an analysis of reviews and messages on websites discussing the darknet (and apparently vendor shipping details). Rabut wrote that the PGP key on BTH-Overdose’s profile belonged to “babadjov@gmail[dot]com.”

The agent then searched the Gmail address and found a Facebook account under the name “Lime Vojdabab.” Next, he added, “the reverse order of these letters spells out Emil Babajov.” Even the U.S. Attorney’s Office pointed out the somewhat humorous connection between the defendant’s first name, “Emil B” and the first half of one of the vendor usernames, “Blime.” (Emil B, reversed, is Blime.)

With assistance from the United States Postal Inspection Service, Rabut prepared a controlled purchase. He placed an order for three grams of heroin. US Postal Inspector Jessica Burger alerted the agent after the package had arrived and the taskforce began an analysis of the package and substance within. Inspector Burger examined the Postage Validation Imprinter (PVI) label and identified the time, date, and location that Babadjov had purchased the postage used on the package. She identified the location as a self-service kiosk (SSK) only 0.7 miles from Babadjov’s last known address.

When Babadjov purchased the postage, the SSK took a picture. (SSKs take pictures of every customer.) Inspector Burger pulled the picture taken by the SSK when Babadjov had bought postage and the picture matched Babadjov’s social media and drivers license pictures.

A laboratory tested the contents of the heroin package from Blime-Sub. In November, the lab reported that the substance—a powder—had tested positive for heroin. But, to Rabut’s surprise, the lab noted that “most of the powder was actually fentanyl.” A forensic examination of the package revealed that the sender had left fingerprints on the packaging that matched Babadjov’s prints. (Rabut “reviewed law enforcement records,” indicating that US authorities had already obtained Babadjov’s prints at a previous encounter.) Federal authorities had gathered enough evidence for an arrest.

Babadjov pleaded guilty to distributing more than 1,100 grams of heroin, 510 grams of meth, and 66 grams of fentanyl on Alphabay. Authorities made no mention of the Dream or Valhalla accounts under the vendor’s usernames.
DEMI KESELAMATAN KITA

Vendor Admits Selling 1,100 Grams of Heroin on Alphabay

On December 15, 2016, federal grand jury in Fresno, California, returned an indictment against an Alphabay vendor for fentanyl, heroin, and methamphetamine distribution. The vendor, Emil Vladimirov Babadjov, 32, had appeared in court the day before the indictment. The police picked him up following a criminal complaint that accused him of being the Alphabay vendor “Blime-Sub” and “BTH-Overdose.” Roughly 10 months later, on October 16, Babadjov pleaded guilty to the distribution of controlled substances.

The investigation that led to Babadjov’s arrest began in September and ended in early December, making it one of the shortest darknet investigations in 2016. DEA Special Agent John T. Rabaut, an Organized Crime Drug Enforcement Task Force (OCDETF) member, initiated the investigation. The Blime-Sub case was part of a much larger investigation that targeted heroin and fentanyl dealers on darknet marketplaces.

Agent Rabut found vendor feedback and forum posts that indicated the same person operated Blime-Sub and BTH-Overdose. He further deduced that the vendor sold from the West Coast, and specifically from San Francisco. This deduction, he explained, also came from an analysis of reviews and messages on websites discussing the darknet (and apparently vendor shipping details). Rabut wrote that the PGP key on BTH-Overdose’s profile belonged to “babadjov@gmail[dot]com.”

The agent then searched the Gmail address and found a Facebook account under the name “Lime Vojdabab.” Next, he added, “the reverse order of these letters spells out Emil Babajov.” Even the U.S. Attorney’s Office pointed out the somewhat humorous connection between the defendant’s first name, “Emil B” and the first half of one of the vendor usernames, “Blime.” (Emil B, reversed, is Blime.)

With assistance from the United States Postal Inspection Service, Rabut prepared a controlled purchase. He placed an order for three grams of heroin. US Postal Inspector Jessica Burger alerted the agent after the package had arrived and the taskforce began an analysis of the package and substance within. Inspector Burger examined the Postage Validation Imprinter (PVI) label and identified the time, date, and location that Babadjov had purchased the postage used on the package. She identified the location as a self-service kiosk (SSK) only 0.7 miles from Babadjov’s last known address.

When Babadjov purchased the postage, the SSK took a picture. (SSKs take pictures of every customer.) Inspector Burger pulled the picture taken by the SSK when Babadjov had bought postage and the picture matched Babadjov’s social media and drivers license pictures.

A laboratory tested the contents of the heroin package from Blime-Sub. In November, the lab reported that the substance—a powder—had tested positive for heroin. But, to Rabut’s surprise, the lab noted that “most of the powder was actually fentanyl.” A forensic examination of the package revealed that the sender had left fingerprints on the packaging that matched Babadjov’s prints. (Rabut “reviewed law enforcement records,” indicating that US authorities had already obtained Babadjov’s prints at a previous encounter.) Federal authorities had gathered enough evidence for an arrest.

Babadjov pleaded guilty to distributing more than 1,100 grams of heroin, 510 grams of meth, and 66 grams of fentanyl on Alphabay. Authorities made no mention of the Dream or Valhalla accounts under the vendor’s usernames.
DEMI KESELAMATAN KITA