Open Letter to the Dark Web

Sitting in Federal Prison, I have had time to reflect on everything that led to my targeting, investigation, indictment, and ultimately my capture. As the years go by you get really good at it in fact. In my case, I`ve made the study of the above a life`s work to produce the content of this site and my books. Which is why it kills me to watch otherwise intelligent guys go down in flames repeatedly for basic failures of Operational Security (OpSec). You guys aren`t taking your craft seriously, and you should be, because the governments of the world sure as hell are, which makes it a life and death scenario for those on the receiving end of their wrath.
Pay attention kids, if you are a 20-something year old young man that`s telling himself he`s going to get rich running a dark web market place, you need to think about a few things. First, I respect the libertarian idea of being able to buy drugs online. Obviously drug prohibition has failed in the United States even worse that alcohol prohibition did before. The war on drugs is a joke. We know that. Personally I have no use for any chemicals that don`t make me bigger, stronger, faster, or smarter, but to each their own. This isn`t about how we feel about drugs. That`s irrelevant. The problem is that the US has a multi-billion dollar budget to wage their silly drug war. They hand out life sentences every single day for drug conspiracies with no evidence, and no opposition to their forced plea agreements.
When a guy asks you if you know anyone that can sell him drugs, and you say that you can`t but maybe he should ask Joe, Bob, Jose, or Martha, you`ve joined a drug conspiracy. However much money and/or drugs changes hands later, you can be charged for. The Menes Rea requirement of US Federal Criminal Law is history; that`s to say you can be found guilty of a crime in spite of the fact that you didn`t know you were committing one, and that little fact won`t reduce your sentence.
When you run a dark web site, you effectively meet the rather flaky requirements for a federal conspiracy in the US. Even if you aren`t in the US, once the US has you vectored, then your name goes into the system, and you’re at the mercy of the Mutual Law Enforcement Treaty (MLAT), and Extradition Laws of every country you visit in the future.
So I`m perfectly clear, if you run a marketplace, by the law of the police state, you`re legally responsible for everything bought and sold in that marketplace. And yes, that`s like charging FedEx or UPS for possession of drugs that pass through their system, but that takes us to selective prosecution and the favoritism shown to large corporations, and that takes us to lobbying, and the real problems with the US government that`s bought and paid for by big business, but that`s a rant for another time. But hey, why worry, you`ll never get caught because TOR and VPNs protect you, right? No, not so much.
Listen kids, TOR and VPNs help, but if that`s your only security then you are playing a game of attrition, and it`s only a matter of time before your door gets kicked in at 4:AM. If you haven`t read the details of what Snowden leaked about the NSA`s capabilities, then you are engaged in a very self-destructive level of willful blindness.
The US Government has optical taps into backbone long-haul fiber. That means if your packets touch a US network, or any of the 5-Eyes, then they can analyze the traffic. The NSA also manages a large number of TOR exit nodes via discount servers rented from commercial service providers under their library of shell companies. If you run an ISP, pull up the billing info for any exit node you find in your network, and take a look at the company. Good luck with that. They can and do compare exit node traffic to ISP entry traffic from the long-haul taps, and they do share that data with Homeland (i.e. FBI, ATF, DEA, and etc.).
This means that at 3:AM they can create a database of everyone on every ISP using TOR, and compare that data, by packet-size and time-stamp, to their exit node traffic. And thus vector any target they like. Ponder that.
The solution is simple. If you are running a marketplace from your dorm room, home, or office: STOP! If you are going to do it, know that you have to take it seriously, and get with the program. It can be done, and those of us involved with organized crime and what the feds like to refer to as Advanced Persistent Threats, know how to do it. But blind optimism and faith in 3rd party tech isn`t a security solution, it`s a recipe for eventual incarceration, or worse. They are handing out decade long sentences people. It`s not a hobby. It`s not beer money. It`s a federal crime in a police state that has a run-away justice system with Draconian sentencing.
This isn`t intended to be a how-to, or an all-inclusive essay on OpSec, but here`s some food for thought. What if you used multiple SOCKS5 proxy chains to countries other than the 5-Eyes (US, Canada, UK, Australia, New Zealand). Maybe a Linux VPS with a cron job to shred (not just delete) log files every 5 minutes, using the “touch” command to replace the log files with blank copies so logging doesn`t error out. You could change these VPS out every 3 to 4 weeks, less time that it takes an MLAT to work. And grep your actual IP every so often to make sure it doesn`t appear anywhere on the server. Disabling all the logging on the proxy server once you get it 100%. Of course you`d want to set the proxy on some obscure point, and never put your actual IP in a white-list on the box. A real operator would probably post access to the proxy on a black hat blog once he was done with it so it would log some traffic that isn`t you, increasing the size and computational difficulty of that haystack of packets. You could even rent the boxes with a tumbled BitCoin child-key, or a cash-purchased gift card. Then you can run TOR or VPNs to the dark web introduction servers with a little real security on the front-end. I`d even invest in some long-range WiFi gear. Why use your own ISP at all?
Sure, all this is a pain in the ass, but that`s the minimum necessary security between you and a lengthy federal prison sentence. Just understand, hacking is one thing, but the moment you become involved with the drug trade in any way, your opposition can then engage the budgets of another billion dollar funded branch of Homeland, DEA. Fortunately, they aren`t handing out life sentences for hacking just yet. I mean I only got a 30 year sentence myself. Either way, take it seriously and pay attention to OpSec. It`s not easy money, and it`s not a game. Otherwise you are just rolling the dice, and not a fancy duo-deca-hedron where you have 1/20 chance either. That`s your call, but take it from me, prison sucks, and the police state isn`t fucking around. They place zero value on civil rights, personal freedom, or privacy. They`ll be more than happy to end your life as you know it when you get vectored. You’re just a row in a database of a big criminal justice machine at that point. And if anyone told you US Federal Prisons are in any way luxurious, Club Fed it`s not. All the prisons are over-crowded, under-funded, and all in violation of UN Human Rights guidelines. So, be good, or be good at it.

Leave a Reply

Your email address will not be published. Required fields are marked *