Category Archives: Darknet

“Dark Web Criminal Mastermind Kingpin Puppet Master…” Middle Class White Kids

Alexandre Cazes (no a.k.a. yet that I am aware of, but I guess in bad taste a.k.a dead) and Ross Ulbricht, a.k.a Dread Pirate Roberts have clearly got a number of things in common.

Even though Mr. Cazes has only had a couple of weeks of the media spotlight, we know an awful lot about him, mostly from people who did not know him.

One of the things that these men have in common are meaningless labels. These men are – according to the Alphabet Agencies’s and the Main Stream Media – “dark net drug lords”, “criminal mastermind’s”, “kingpin’s”.

You too can make up your own throwaway and meaningless tag for the sake of variety. Everyone is at it, so why not you too. The most recent Gothamesque label that I have read is that Cazes was a “deep web puppet master”.

It all reads like a particularly bad penny dreadful.

We do not have to worry about prejudicing the Cazes trial and we can dispense with using words like “allegedly”. Because he is dead.

That is the second thing that the two men have in common. Cazes won’t be getting a trial, and neither did Ulbricht. No, Ulbricht did not get a trial and do not try to tell me that he did.

Ulbricht got to make a defence – overnight after the Court disallowed the entirety of his prepared defence – in the impossibly biased and corralled environment that was imposed on him.

Guilty or innocent everyone is meant to be entitled to a fair trial. But, not really. Anymore. Trial by media is much better and such a useful tool when trying to get a defendant to cop a plea.

Like refusing Ulbricht a witness list prior to the trial on the basis that he might have them killed. And that on the basis that the original indictment contained a baseless “murder for hire” allegation which was never pursued. It’s called manufacturing your own reality.

Cazes is dead by way of apparent suicide in a Thai jail. Two things that never raise an eyebrow when they appear in the same sentence are “war crimes and Nazis” and “suicide and Thai jail”.

But what does raise my unwieldy eyebrows is that after the “incredibly sophisticated takedown” of Cazes, in the words of those who performed the “takedown” #self-praise, is that these same guys who are so adept at “incredibly sophisticated” activities could not stay in that groove and keep the guy alive long enough to have him extradited.

Probably best (for them) considering the judicial aftermath of the Ulbricht trial. Everyone likes a neat bundle. Especially when dubiously legal and borderline activities like hacking sovereign nations, or breaching international law are key tools of your “sophisticated” activities.

Just like people have been removed from the reality of the source of their food, their power, their light, now too it seems that one can run an eye-wateringly successful drug empire without ever needing to meet a drug dealer.

A laptop, bitcoins, a couple of offshore accounts, and growing up on the mean streets of a well funded, middle class upbringing full of loving parents, and college educations is all that one needs, apparently.

Also key to these successful enterprises is a manifesto. One must also have a manifesto. No need for a gun, or rudeness. Guns and rudeness are passé in the cyber drug world.

From law enforcements perspective it also helps, and without fear of contradiction or oxymoron, if your “incredibly sophisticated takedown” has an “incredibly unsophisticated” end. Such as this in the Cazes case …

“His assets were listed in a spreadsheet on his unencrypted laptop, which authorities, including the Royal Thai Police, the FBI and the DEA, found when they raided his primary residence in Thailand on July 5. They also discovered he was logged into the AlphaBay website as the site administrator and they were able to find passwords for AlphaBay servers, and then seized information and cryptocurrencies from those servers.”

Here are some striking similarities between these two “criminal masterminds” that do not sit well with the labels:

  1. Ulbricht – “hotmail” email address in the header files / welcome messages at the outset which personally identified him;
  2. Cazes – “gmail” email address in the header files / welcome messages at the outset which personally identified him;
  3. Ulbricht – “logged in an as the site administrator (Silk Road)” at the “Glen Park branch of the San Francisco Public Library” when arrested;
  4. Cazes – “logged in an as the site administrator (AlphaBay)” at home when arrested;
  5. Ulbricht – all the passwords for “Silk Road” on his laptop, unencrypted; (need to fact check this more)
  6. Cazes – all the passwords for “AlphaBay” on his laptop, unencrypted;
  7. Ulbricht – all the cryptocurrency details on his laptop;
  8. Cazes – all the cryptocurrency details on his laptop;

I guess the new batch of dark net Lex Luthor’s should add to the drug empire “creation myth” to-do list:

  1. Do not forget to remove my personal details from the header files;
  2. Do not forget to remove my personal details from the welcome messages;
  3. Encrypt my laptop, just a little bit;
  4. Look over my shoulder regularly, but most importantly
  5. Get Mom and Dad to pay for “Dark Net Mastermind for Middle Class White Kids” classes;

OR

The FBI, the CIA (illegally operating in domestic criminal cases (DPR)), and the DEA should vary the script that they provide to the media after these “incredibly sophisticated takedowns” with their very unsophisticated but incredibly convenient endings.

ENDS

“Where’s the Money?” as Orphaned AlphaBay Users Have Hansa Identity Crisis

There are many things that confuse me about this story despite spending days trying to unravel it. There are many unanswered questions that I have and there are many elements of the “story” that do not make sense to me. I have decided to write them down and see if someone more astute than I am can help me out.

Petra Haandrikman 

On the 17th July 2017, Brian Krebs published Exclusive: Dutch Cops on AlphaBay ‘Refugees’ on the Krebs On Security blog. Mr. Krebs had interviewed Petra Haandrikman, team leader of the Dutch police unit that “infiltrated” HANSA. 

Ms. Haandrikman’s LinkedIn bio reads as follows:

“Experienced Chief Inspector with a demonstrated history of working in the law enforcement industry. Skilled in Crisis Management, Coaching, Public Safety, Government, and Law Enforcement. Strong quality assurance professional graduated from OvD-P (engeland).” [sic]

Ms. Haandrikman does not appear to hold any specific IT or Computer related qualifications but that does not matter to me. You can read her interview with Mr. Krebs for yourself.

What does Ms. Haandrikman call what she did, for between 50 and 100 days, with HANSA?

Is it called surveillance, is it undercover work, is it entrapment, a combination, or is it criminal enterprise, or is it something else?

The official line is that it was the final part of an undercover operation in which the Dutch authorities seized control of the illegal market place in mid to late June following the arrest of two HANSA site admins from Siegen, NorthRhine-Westphalia in Germany.

Did they fulfil or allow the fulfilment of “orders”?

I cannot really find a definitive statement on what they actually did do? Wilbert Paulissen, Head of National Investigation of the Dutch National Police said “these servers and their corresponding infrastructure were seized and an exact copy of the market place was transferred to Dutch servers. Buyers and sellers could still access the darknet site, but without realizing the police and the public prosecution service in the Netherlands had seized control of Hansa.”

Do Ms. Haandrikman and her colleagues, in an effort to “erode confidence” in the criminal community with respect to dark markets, accept that they were active facilitators / actors in the community for between 50 and 100 days? 

As the US Drug Enforcement Agency was closing down AlphaBay, The Dutch National Police were operating HANSA. Mr. Paulissen explained : “The core is that we as the police and the justice department succeeded in taking over the complete website and have total control of Hansa.”. 

The joined up operation was structured so that orphaned AlphaBay users would find a new home at HANSA. The double-whammy of uncertainty that recently orphaned AlphaBay users would feel when they discovered that their new parent HANSA was an impostor would apparently cause large parts of the criminal underworld to have an existential crisis and would result in dark markets going quiet.

What are the actual figures we are talking about in terms of EUROs accounted for by transactions on HANSA from the date that it fell under the complete control of the Dutch authorities?

“Since the end of June, the High Tech Crime Team and the Darkweb Team of the police and the Public Prosecution Service have gained insight into large numbers of sellers and buyers, who traded chiefly in hard drugs. The usernames and passwords were intercepted. On average, 1,000 orders per day were placed in response to almost 40,000 advertisements. Last year, Hansa Market had 1,765 different sellers. Since the authorities seized control of Hansa Market there have been more than 50,000 transactions, mainly involving soft drugs and hard drugs.”

During the period that the Dutch authorities operated HANSA “Accounts with a total of more than 1,000 bitcoins, representing a value of some two million euros, were seized. The bitcoins were transferred to an account of the Public Prosecution Service.”

But an alternative analysis of the figures suggests that orders of potentially up to EUR€50 million could have been placed / fulfilled during the period that HANSA became fully compromised by the Dutch.

Summary

  1. How much money / assets were actually seized by the Dutch authorities and in what form – Bitcoins, contraband … – and where are they now?
  2. The exclusive operation by the Dutch authorities of HANSA after they seized the infrastructure following the arrests in Germany was the last part of the operation. But was it the last part of an undercover operation or was it the exclusive running of a criminal network, without the assistance of externals, by a law enforcement agency?
  3. During that period did a law enforcement agency in complete control of a criminal network explicitly allow and facilitate criminal activity?

Answers on a postcard.

References & Other Related Articles

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

Feds Seize AlphaBay and Hansa Markets in Major Dark-Web Bust

Darknet Takedown Authorities Shutter Online Criminal Market AlphaBay

MASSIVE BLOW TO CRIMINAL DARK WEB ACTIVITIES AFTER GLOBALLY COORDINATED OPERATION

The Biggest Darknet Market on the Deep Web Has Been Shut Down By International Authorities

Alphabay shutdown: Bad boys, bad boys, what you gonna do? Not use your Hotmail… …or the Feds will get you ♪

ENDS

 

Love False Positives – The Day The Bank Said I Bought A Heavy Machine Gun Online

On the 15th November 2013 I made a wire transfer using Permanent TSB Open24. Open24 is an online banking service. For those of you who do not know, Permanent TSB is a retail bank that operates in the Republic of Ireland.

Worthy of note is that retail banking in the Republic is characterised by spectacular systems malfunctionsoutages, IT meltdowns and downright thievery.

But that’s ok because the government of Ireland loves banks and they can really do or not do (as is often the case) what they like – without fear of sanction. Oh, and when they lose their shirts gambling with their customers money then the Irish tax payer gets to pay for it. But I digress.

When Kids Try To Be Adults

I first became aware of my international arms purchasing activities when I received a phone call on my cell phone from a private number. I answered and was greeted by a what sounded like a teenage girl who informed me that an intermediary bank, used by Permanent TSB for payments to South East Asia, had sent an email to the bank requesting information about an international payment that I had made a few days previously.

Before describing the contents of the email, the clearly worried banker (worried because she was talking to an international arms dealer who buys his weapons over the open internet (who needs the Dark Web)), stated that I had bought a heavy machine gun and that I had asked that it be mailed to the address of one of our corporate apartments in Dublin, Ireland. As you do.

The intermediary bank was CitiBank in Frankfurt she informed me. They had contacted the Treasury Department and they in turn were dealing directly with the beneficiary bank in Singapore who were the first to flag the transaction.

The email read:

REDACTED REDACTED REDACTED REDACTED REDACTED 

The beneficiary Bank sent the below SWIFT message to our treasury department via CitiBank:

WE HAVE BEEN INFORMED THAT THE BENEFICIARY BANK IS UNABLE TO APPLY THIS PAYMENT AND STATES:

  1. PLEASE CONTACT REMITTER TO OBTAIN BELOW.
    1. WHAT DOES TMG REFER TO PER F70?
    2. WHAT DOES IT STAND FOR?
    3. WHAT IS ITS FULL FORM?
    4. IF IT REFERS TO AN ORGANIZATION, PLS OBTAIN THE FOLLOWING:
      1. FULL NAME.
      2. FULL PHYSICAL ADDRESS AND COUNTRY OF LOCATION.

I trust the above is in order.

Kind Regards,

REDACTED REDACTED

She informed me that the Bank could not facilitate international arms purchases and that law enforcement had been informed including the local police station to the bank branch from which my transaction emanated, the Organised Crime Unit, and of course Security & Intelligence. The latter is the central point of contact for An Garda Síochána with all external agencies – both law enforcement and security/intelligence – with regard to international cooperation in the fight against terrorism and organised crime.

The Very Boring Reality

The transfer that caused this international “counter-terrorism / counter organised crime” flurry of activity between one local bank, two international banks and law enforcement in three countries was made by me to an organisation called SERVCORP.

SERVCORP is a company in SINGAPORE that provide a telephone answering service for my company TMG Corporate Services. The actual mandate for the transfer had been set up months previously by Permanent TSB themselves at the request of TMG Corporate Services Accounts Department. The same payment had been made on several previous occasions.

The transfer they said was for the purchase of an automatic weapon namely a BROWNING M2 Machine Gun TMG F70.

And how had they come to this conclusion? Well, simply because the reference on the payment was TMGF70. The reference was TMGF70 because that was the reference used by SERVCORP on the invoice that they had issued for that months services.

“TMG” being an acronym for The Mediator Group and F70 some internal reference for SERVCORP.

The Browning M2

The Browning M2 is a chain-fed, air-cooled heavy machine gun (TMG) in caliber 12.70 x 99 mm NATO , produced by the American manufacturer Browning at the end of World War II. The rifle has a maximum range of 7,500 meters and an effective range of 1,800 meters and can use different types of ammunition: full sharp, armor, armor fire and tracer.

Here I am proudly modelling a “Ma Deuce” I managed to buy in the duty free shop at Heathrow Airport.

Ma Deuce

Bargain Hunter

What was even more impressive about my purchase was that I acquired this impressive weapon for SGD$70 or EUR€45.25 at todays spot rate on XE.COM.

ENDS

 

So You Want To Be A Digital Ghost – Introduction

This series of posts are provided as a guide to the private citizen who holds concerns regarding their information security and the protection of their data from unauthorized access from state and non-state actors.

This information is not intended for use for any other purpose in particular to access the deep web or dark net to conduct illegal transactions or engage in illegal activities.

Caveat

The implementation of these guides are intended for legal use and not to facilitate acts of criminality – these guides are for those of us who seek to protect our privacy in the belief that in a democracy every law abiding individual is entitled to a private life.

Caveat on the Caveat 

These posts are not intended to be Blackhat however like any hints and tips on any subject they can be used the wrong way.

If you are the type of person who feels the need to use internet to hire a hit-man to shoot your dog, buy poor viagra substitutes online or trade bomb making tips with your jihadi buddies then these guides are just as effective but …..

You also leave non-digital footprints and the forums which you may intend to visit, using the anonymity tools and tips described herein, are no doubt compromised and riddled with honeypots and lurking super secret squirrels and in those we trust.

Getting What You Want 

Some readers looking for answers / hacks / links / shortcuts will be aware of elements of the content of these posts and to avoid frustration a section at the top of each new post will call out what subject is being discussed in that post and what sub categories it contains – for example:

POST: Internet Censorship Software & Workarounds
Sub-Categories: Blue Coat Systems; SmartFilter; Fortinet; Websense; Netsweeper; Making Invisible Spyware Footprints Visible; Keyloggers; Malware Detection; Man in the Middle; TSCM; 

You will then be able to jump to the section you are interested in – or wholly ignore the post – or patiently wait for your section of interest. This series will run for twelve months with three posts per week so thats 156 pearls of wisdom riddled, real life expertise indispensable posts for you.

A complete contents and navigation guide will be included in the next post with the subject of each post, sub-categories, a clickable link and an intended publication date.

Subscribe to New Posts

To be notified as each post is published please subscribe to the blog – over there on the right – yes over there in the right column at the top where it says “Follow by Email”.

No new content, no email for you – ever – and we won’t sell your email details to the NSA either and we are subpoena proof too so we can’t be forced to either.

END.