News

How DarkNet Market Admins & Vendors Got Caught

On this article I will discuss how previous vendors, buyers and even darknet markets admin were caught and arrested. There are many lessons to be learned from those cases in order to aviod getting caught.

1.) Cthulhu (Admin on Silk Road 2.0)

Thomas White (Cthulhu), 24 (At the time of his arrest) was a hidden service developer and administrator of silk road 2.0.

Thomas White attracted to underaged boys and his personal life revolved around grooming these boys. He setup a GTAV roleplay server and coaxed young boys in with offers of high staff positions.

I don’t know how many boys he ended up abusing but he got caught when he asked a boy for indecent images in return for money. That boy then went and told the staff on the server, who then told the police.

Police raided Thomas’ flat and found the evidence of his dark web career and also 500 indecent images of children. He was sentenced to five years and four months, which isn’t that much to be honest. Big *oof*, little *ouch*.

Lesson to be learnt from this is obvious.

2.) SayNoToCustoms [aka. kakashisan](Vendor on Alphabay + Dream)

Matthew Witters (SayNoToCustoms) was a Vendor on Alphabay Market and Dream Market who sold only Fentanyl and Xanax. Some people on this forum might have knew him or have bought product from him. But, don’t fear, you’re probably fine. His downfall wasn’t the fault of his own, but of someone else (speculated to be his suppliers).

Matthew Witters from Seattle was caught after “his contact information and dark web nicknames were found in houses linked to drug trafficking in California and Oklahoma”.

It’s suspected these people were his suppliers and had got into a bit of trouble with law enforcement. Anyway, they didn’t take responsibity properly when it came to their clients information. No encrpyted drive, just a peice of paper with Matthews information on.

This is one of those stories where it’s at no fault of the person themselves. He got caught because of other peoples stupidity. Data retention is important and those who keep data “just because” are a massive risk. Especially those who write sensitive information on paper! Unlucky.

Matthew had a safe deposit box he leased, police found “$165,000 in cash, a Glock handgun, suspected controlled substances, and mailing labels”. So he was doing pretty well for himself, it’s a shame someone tripped him up.

Lesson learnt. Be careful who you do business with.

3.) LulzSec (Hacking group)

LulzSec was a infamous black-hat hacking group responsible for the attack on Bethesda Game Studios (which they stole 200,000 accounts), also the Sony attack that downed PSN, and many other attacks.

The LulzSec leader was called Sabu (or his real name Hector Xavier Monsegur). Sabu was actually found out and his real identity was publicised by rival enemy hacker group TeaMp0isoN way before he was found by law enforcement. TeaMp0isoN’s identification of Sabu was later shown to be accurate – I don’t know how they found it out but it probably gave the feds a lead which led to sabus capture.

Sabu was under survailence (probably because of TeaMp0isoN) and his internet access was being monitored. He normally used Tor when connection to a IRC, but he wasn’t consistent. Because of that one time he didn’t use Tor to connect to the IRC the FBI found him out, and this was the start of the down fall for the whole of Lulzsec.

After Sabu was caught he started to collaborate with law enforcement. For some of the members in Lulzsec he only knew off bits of information. With the user sup_g for example, Sabu didn’t know his real identity but he knew random things about his life. He knew he was arrested at a certain point, he knew he was involved with some political groups. With all this information the police did some ‘guess who’ forensics, as the more data-points you have the more you can narrow the suspect pool down.

When police corrolated the times sup_g was one they were able to get an approximate area of where he might live and combined all the other data sup_g was found out to be Jeremy Hammond.

You can learn so many lessons from the Lulzsec story. Number one; don’t make enemies, number two; always use Tor, and three; don’t leak random information.

4.) Paul Le Roux (Crime Boss)

I personally think this guy created Bitcoin, but that story is for another day (he had a passport with the name soloshi, and his arrest coinsides with Satoshi’s dissappearance, among other things!). Anyway.

Paul Le Roux is probably by far one of the most far-reaching criminal bosses to have ever lived. He started out illegally selling perscription medicine in the US (fueling the the opoid epidemic), he funded militas in Somalia, and even had teams of hitmen running around south asia.

Le Roux wasn’t around long enough to see the popularity of Tor blow up, but he did use VPNs, encrypted drives, and a temporary email system.

Everything started to fall apart for Le Roux when he angered too many people and made too many dumb decisions. Firstly, he angered the DEA and the company name he used to illegally infiltrate the US drugs market was named after him. The DEA had been on his tail for a long time, they were just trying to get enough proof to arrest him.

Paul Le Roux wasn’t the best person, he was cocky, cheap, and a bit weird. When he wasn’t beating the shit out of prostitutes he was being paranoid. Le Roux killed his right hand man; Dave Smith and after that everything came falling down. His men started to become paranoid that Le Roux would have them killed and they started to become informants. One of the informants set up a meeting, and Le Roux being cocky verbally leaked most of everything out to an undercover officer.

When he was arrested, he started to comply immediately (Simular to Lulzsec Sabu) and turned on all of his old employees. He signed a plea deal and is expected to have the time he spent being a snitch as ‘time served’.

Lessons to learn. Don’t be overly paranoid, don’t name something after yourself, and don’t stretch yourself too thin with criminal endevors.

5.) Hieu Minh Ngo (Hacker)

Hieu Minh Ngo was a Vietnamese hacker who in 2015 was charged with hacking into United States businesses’ computers and selling personal information. He ran multiple hacking forums on the dark web, I don’t know what ones though.

He was actually a university Student studying english and had no background in hacking. But that didn’t stop him from hacking his school’s network which allowed him to expose payment card data.

If you look at a lot of these hackers they don’t have a background in software security. Thomas White from Silk Road 2.0 for instance, did Accounting at university and then dropped out.

Hieu Minh Ngo hacked and stole information and indentities of 200 million people and made upwards of $1.9 million (from what the department of justice could find).

His down fall was caused when he lost his head, and became gulible. An undercover agent lured him to Guam for a business deal and as soon as he landed he was arrested. Of course it looks bad in hindsight, I couldn’t tell you what was going through his head.

Lesson to learn. Trust no one. I’m sure we have all fallen for a scam or two, but this was a major *oof*.

6.) Eldo Kim (Harvard Bomb Threat Maker)

Eldo Kim was a sophomore at Hardvard university and wanted to despirately get out of taking his final exams. His idea to get out of it, send a bomb thread to Harvard student news and some officials.

Eldo used Tor on campus and used Guerrilla Mail to send the threats to the people. Guerrilla Mail puts an `X-Originating-IP` property within the header on their emails.

This was quite unlucky for Eldo as all Tor nodes are publicly known. Someone was able to look at the originating IP in the header to see that it was a Tor node. And then from there the university looked at who was using Tor at that specific time on university campus.

Eldo was the only person at that time using Tor.

When police went to question him, he immediately admitted to creating to bomb threats to get out of his final exam. If he had kept quiet it’s quite possible he may have gotten away with it.

Lessons to be learnt. When faced with the law, don’t immediately admit to doing something. If youre on campus hide your Tor usage. And revise so you don’t have to resort to making bomb threats to get out of exams.

7.) Stephen Allwine (Hitman Client)

I think anyone who has been on the dark web has seen hitman sites, pretty much most, if not all of them are scams.

One of the most prominant and well known hitman sites on the dark web had to be Besa Mafia run by someone with the alias Yura. A “48 hours” investigation went into detail about Besa Mafia and the downfall and leak of all paid contacts of what is still suspected to be a scam site.

Besa Mafia was hacked by a white hat hacker (Chris Monteiro) living in London. He had gotten full access to Besa Mafias database and all of its messages. Chris tried multiple times to tell the police about the contacts but some law enforcement were not bothered, he then contacted CBS and they investigated.

The owner of Besa Mafia; Yura in the documentary, by his actions, is shown to be panicked and paranoid. His actions are never consistent, at first he threatens vigilante investigators, then he says he was “trying to stop contact killings from happening”. Yura was never found (but he did comply on some matters).

One of the people who hired Besa Mafia to kill was an IT expert called Stephen Allwine. Stephen was a strong conservative catholic and was having an affiar with his wife on the website Ashley Madison.

He used the username “dogdaygod” to order a hit against his wife (Amy Allwine) saying “I need this bitch dead”. Stephen paid the besa mafia site over $12,000 dollars to have his wife killed.

After nine months he got frustrated that the hit was not being carried out and attempted to kill her himself. He sent his own wife emails telling her to commit suicide saying things like “if you want to protect your kids you would kill yourself”.

That didn’t work so Stephen Allwine drugged her and shot her in the head and attempted to make it look like a suicide.

Her body was not in the right position for a suicide (the gun was on-top in the middle of her arm, nowhere near her hand) and an autopsy found a large amount of Scopalamine was found in her system. Stephen had about a dozen computers, police searched everyone. Police found a bitcoin address on his laptop linking him to Besa Mafia and evidence found he shopped for Scopalamine on the dark web.

This is one of those stories wrapped up quick by police, and there was definately room for improvement (not that I condone killing someone).

Stephen Allwine was sentenced to life in prison.

Lessons. Don’t be gullible. Encrypt everything. Think things through better ( not a murderer but all murders have autopsies, and people who commit suicide don’t juggle with the gun afterwards ). And don’t use a dozen computers.

8.) Ross William Ulbricht [aka. Dread Pirate Roberts](Founder of Silk Road)

???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Ross Ulbricht is a story that I am sure everyone is familiar with, I’d hope to think at least 90% of the people on the dark web know who he is. For those who don’t know, he ran the fist dark web drug market place (Silk Road) and set the standards for copycats and wannabes.

Silk Road saw a massive $1.2 billion in exchanges and was a total monopoly, no other market stood a chance.

Law enforcement initially passed off investigators who were looking for the earliest references of the Silk Road. Investigations were made easier as Ross commonly reused usernames and had bad OPSEC. One investigator was actually ignored and had actually found Ross Ulbrichts email, his findings were found to be more useful further down the line.

The earliest reference found was found on a website called the Shroomery (forum for mushroom based phycodelics) in January 2011 in a post by a user named ‘Altoid’. That username was also on a website called BitcoinTalk where he talked about Silk Road and also asked for IT advice. In one post asking for IT advice Altoid asked “interested parties to contact rossulbricht at gmail dot com”. Dumb in hindsight, right?

He also asked a question on stack overflow asking “how can I connect to a Tor hidden service using curl in php”. He asked this question under the username ‘Ross Ulbricht’ but quickly changed it to ‘Frosty’.

He also talked too much on Silk Road. He kepted talking about his philosophy and economic ideas. Which made it easier for law enforcement to ensure it was him with the use of ‘guess who’ forensics where you can cut down a suspect pool by the more things you know.

With time corrolation they could figure out that Ross’s replies on Silk Road will probably put him within the Pacific time zone.

The FBI actually got inside of the Silk Road servers ( potentially Silk Road staff turn informant ) and saw someone was connecting to Silk Road from a internet Cafe. FBI found SSH keys which ended with “[email protected]”.

FBI started to track Ulbrich and setup a sting operation in a library. Two undercover officers pretended to have a argument, and while Ross entered his password into his computer the police pounced on him. Leaving him logged in and his computer unencrypted.

There are way more places where he went wrong. Like ordering multiple fake IDs at the same time getting caught and telling the police “anyone could have gone on silk road and ordered that”, or saying to room mates his name is Josh. There were so many slip ups, but I’d waste time talking about all of them.

What can we learn. Don’t reuse usernames. And be careful when marketing a hidden service. Keep the real life accounts totally seperate. Don’t talk to much about beliefs. Don’t order multiple fake ID’s at the same time. And there are probably a couple more.

Ross Ulbricht was the first of many, and it was unlucky he had so many trip ups. But from when he was around there was not as many case studies of OPSEC trip ups.


10.) Alexandre Cazes (Co-founder of Alphabay)

Alexandre Cazes, 25 at the time of his arrest was the co-founder of Alphabay (a dark web marketplace). There is quite a lot of information on his arrest, but not a great amount on how he was caught. But I’ve been able to strap everything together what I found.

Randomly, I have seen one story that a dick picture was the cause of his capture ( I couldn’t find any evidence of this, might be partly true, I don’t know, hope it is ). But from what I found out it wasn’t that crazy, but this is what I found.

Lets talk about Alexandre Cazes, he was Canadian and was a “goody goody” and high achiever throughout his life. His father said that he had never been in trouble and he had never touched drugs. Alexandre ran an computer repair shop, and used this as a front.

Alexandre Cazes was the co-founder, possibly the main founder of Alphabay.

Alpha bay was (at 2017) the dark webs biggest anonymous online marketplace of illegal goods. It was way larger than the origional Silk Road ever was. Alphabay held over 369,000 listings for illegal drugs, chemicals and stolen items ( Whereas Silk Road only ever had 14,000 listings ).

The downfall of Alexandre Cazes was down to a email being found during an early phase of Alphabays operations. When Alphabay started in 2014 the welcome email and the email for password resets were from the email “[email protected]”.

Investigators found out that the email had an account talking about viruses on tech forums, was linked to a computer repair business in Canada and was also the email for a LinkedIn profile. Alexandre Cazes LinkedIn profile! Big *oof*.

Alexandre Cazes was living in a large villa in Phuket, Thailand at the time of his arrest. He had so much and lost it, he was in the process of spending €2.4 million ($3.5m) in Cyprus in order to get a citizenship there. He had a net worth of $23 milllion, a Lamborghini, Porsche, bank accounts in Thailand, Liechtenstein and Switzerland. He was wealthy and successfull, and it’s sad how unlucky of a slip up he had.

On the 5th of July 2017 multiple law enforcement agencies executed a plan to arrest Alexandre Cazes. On that day an “artificial system failure” was created on the Alphabay site when Canadian police raided EBX Technologies (where the physical servers of Alphabay were). Alexandre Cazes then went to perform adminstrative reboot, supposedly this took some time and left some server data unencrypted. Alexandre Cazes left his laptop in his bedroom to complete the reboot and at that percise time Thai police, FBI and DEA raided his Phuket villa.

His laptop was open and data viewable by law enforcement and police could see unencrypted information and personal data mapping out all of his global assets, links to Alphabay, and wallets.

Alexandre was indicted on 16 criminal counts, including racketeering, narcotics conspiracy and money laundering and he knew he was going to be extradited. He sadly commit suicide seven days after his arrest.

We can strongly speculate that Alexandre was using his email for automation while testing but accidently left it in when the site went live. Lesson we can learn from that is to avoid using anything personal when testing, and to ensure you don’t leave anything sensitive in.

Another lesson is keep everything seperate. Don’t mix your real identity with your dark web one.

11.) Adam Bunger (Gun Runner and Vendor of other illegal items)

We have probably all seen weapons being sold on the dark web. I have personally always wondered if they are real, I always assumed that the independent shops are scams. I personally trust marketplaces more (not that I have ever bought a gun, or plan on buying one).

Black Market Reloaded was a marketplace which sold illegal drugs, e-books, weapons, collectables, chemicals, software, and counterfiets. Most notably for this story the marketplace allowed vendors to sell pistols, sub machine guns, and other weapons.

In 2013 Adam Bunger was a Vendor on Black Market Reloaded. He was doing pretty well for himself and sending weapons to people in countries like the United Kindgom, Australia and Sweden. He was doing 100 total sales per month. He is also suspected to have sold stolen credit cards, stolen identities, hacked Paypal accounts, fake IDs, marijuana, mushrooms, and silver bullion with another account. Still to this day law enforcement have not been able to prove whether he had a second account. He was suspected to have worked with a crime partner (who has never been caught).

Bunger ran an account on Black Market Reloaded (BMR) called Grass4Cash, and is also suspected of running a second account called demonfifa. One of his most popular items he sold was a Modelo Super 9mm pistol, this was what he was most known for. He also sold Uzi’s and other items.

It all went wrong for him when a pistol shipped to Australia was intercepted. The gun was consealed unsucessfully within a broken Xbox which was intercepted within austrailian customs. The customer who ordered the item was questioned by the Autrailian police and the heat was turned up for poor Adam Bunger. The customer told the police how he ordered it from Black Market Reloaded and how he ordered it from Grass4Cash.

Police started to trace the package back. They traced it back far enough to a postal clerk in Bowling Green, Kentucky. The postal clerk identified Bunger as the person who sent the package and police began to monitor mail traffic. Two additional illegal firearm shipments to Sweden and the United Kingdom were intercepted from the same post office (at least one of them containing a Uzi).

Credit card records linked Bunger to the mailings and multiple mail clerks picked out his photo from a selection when asked to identify him.

Bunger at this point was arrested.

Bunger was going to be thrown into more heat as members of the marketplace started to gossip, as his account went offline users with loose lips started to spread gossip. Multiple Black Market Reloaded sources, including customers, vendors, and staff, said that Bunger is almost certainly behind Grass4Cash and demonfifa. Once the rumors got going a serious a war ensued as moderators frantically tried to remove any evidence that would give the police leads. They began deleting comments that linked Bunger, Grass4Cash, and demonfifa together. One user stupidly said:“It best we all STFU before they get more shit on him.” – lereyjenkins

These messages definately did not help Bungers case, but I personally can’t see how well the prosecution utilised the loose lipped users. Bungers lawyer did say that the speculation and rumors that the two accounts are connected are not concrete enough to incriminate him.

Bunger has faced up to 15 years in jail. He recently has been release on a $25,000 unsecured bond under his mother’s custody. Bunger is forbidden from accessing the Internet while out on bail.

What can we learn from this. A little bit, number one don’t have a personal relationship with your mailman – and use a mailbox if possible as then you can be more stealthy. Also, don’t pay by card on shipments, pay cash (or I think you can use multiple USPS stamps, maybe, I don’t know, I don’t ship anything). And, don’t talk too much, don’t get other people into trouble.

Loose lips, sink ships

In all honesty, Adam Bunger did pretty well. His capture was not as stupid as many others shown in these posts, but it was very unlucky and tragic for him. After his arrest and the users getting him into trouble, his username became more ironic. Grass4Cash.


12.) Hansa Market (Dark Web Marketplace)

Hansa Market was a massive Dark Web Market which was controlled by Dutch law enforcement (LE) which saw a massive flood of users after the AlphaBay takedown in 2017, only to be takendown shortly after.

The downfall of Hansa started with their development servers being found by security researchers. Their development server is what they used to test new features they were attempting to integrated into the market. Their actual marketplace was protected by Tor, however their development site was exposed online and this was how they were able to get the IP address of the server. The researchers told Dutch police, who then demanded access to the server. They found it was directly tied to the Tor site. Instead of taking the marketplace down they installed monitoring equipment. They made images of the server drives which held transactions, history, and all conversations.

Police began looking through the data they had harvested with their monitoring tools and the data on the images they took. They found a smoking gun. They discovered that the two administrators had left behind IRC chat logs. Those chat logs contained their full names and even a home address. Dutch police notified German police who began to monitor them.

The two admins had previously run a pirate e-book site, which they were already under investigation for.

At this point the feds were about to pull the plug on Alphabay, the biggest Dark Web Marketplace and had notified the Dutch Police. The Dutch Police knew that the feds taking down Alphabay would lead to a influx of refugees, which they planned to benefit from. With that a plan was made. The Germans would arrest the admins for their e-book piracy site, and the Dutch would continue to run Hansa, which would be ‘the’ biggest honey pot on the dark web.

The plan went off to a rocky start, as the admins suspected something and moved their servers to Lithuania. They possibly saw evidence of Dutch police making copies of all the data and got spooked. Police were able to find the new servers by tracing the bitcoin the admins had used to pay for server rental. The Dutch Police could access the servers in Lithuania without issues because of the mutual legal assistance treaty, and so the plan continued.

German police raided the two admins and arrested them (with computers unencrypted somehow). The arrested admins gave the credentials to their Tox’s which they used to talk to mods. And their logins to the actual market was already known, because all passwords were stored in plain-text. Everyones password were stored as plain text, which meant people who reused usernames and passwords were under heightened risk.

Dutch Police took over the position of the admins. No user or moderator would appear to suspect anything. They installed more survialence tools onto the site and even modified the feature encrypting messages with PGP to send messages to be recorded to a server before encrypted server-side (so the Dutch could see all the messages). This caught out many buyers sharing their addresses. They even faked a server glitch which removed all images, forcing sellers to upload them again. The feature removing meta data was booby trapped and the Dutch were able to get the location of more than 50 dealers. And finally, they tricked users into downloading and running a home beacon (sixty four sellers fell for this trap). The home beacon was just a excel spreadsheet which made a request to a server showing law enforcement their real IP.

During this time thousands of users were flocking from Alphabay which had been taken down from the feds.

After the Dutch had their fun they took down the site and started to work through the 10,000 home addresses they had collected. They seized 1,200 bitcoins from Hansa, which today is worth $23,287,248.

What can we learn from this. Don’t trust a website to remove image metadata or to encrypt your messages for you. If you run a hidden service do not store passwords in plain text. Don’t trust any file. Don’t share your home address. Avoid the Dutch.

13.) Jason William Siesser (Poison Shop Customer)

This scam poison shop sells every poison from tetrodotoxin and dimethylmercury, to night shade and arsenic. And, ludicrously, polonium 210 (yes, the radioactive isotope only available to nation states who have nuclear fission capabilities, well known assassination weapon for russian dissidents, that one).

A gulible man; 45 year old Jason William Siesser of Columbia, Missouri attempted twice to buy poison online. He attempted to buy Dimethylmercury from an undercover agent.

Let me tell you, this poison is horrible, in one case a professor got it on her latex glove, it got through her glove and absorbed into her skin within minutes. This is a poison where once the symptoms show, it’s too late. Within 39 days her mercury levels spiked. Three months after the incident the professor suffered from abdominal discomfort, weight loss as well as neurological symptoms (loss of balance, slurred speech). Within four months of it getting through her glove, she fell into a vegitative state (she died within a year). Her dosage was expected to be around 0.1ml.

One of her former students said that “Her husband saw tears rolling down her face. I asked if she was in pain. The doctors said it didn’t appear that her brain could even register pain.”0.1ml of Dimethylmercury will kill someone if they don’t get medical aid soon enough, and is extremely dangerous! Jason Siesser bought two ten ml units of dimethylmercury (enough to kill 200 people). As he ordered them the under cover police sent dummy substances which Siesser believed was dimethylmercury.

He was raided and arrested, thankfully, I don’t know what he was planning but it would’ve been horrible. Dimethylmercury in your water supply can kill a town. On searching his house police found:

  • The dummy dimethylmercury as well as the packaging the police sent
  • Two boxes containing 10 grams of cadmium arsenide
  • Approximately 100 grams of cadmium metal
  • Aproximately 500 ml of hydrochloric acid

Siesser is to serve at least five years in federal prison without parole.

14.) Benjamin Sagnelli (Marketplace Customer)

Benjamin Sagnelli in April 2018 was hosting a house party and wanted some party drugs for the event. He ordered 200 MDMA tablets from a undisclosed dark web marketplace. The package was sent from the Netherlands and intercepted at customs. Two months later an envelope which contained LSD sheets was intercepted on route to Sagnelli, the amount of LSD within the envelope was enough to show intent to supply. All of the packages were addressed to Sagnelli with name.

Ben’s things were searched by police, within his car police found simular envelopes. And when police requested Sagnelli to unlock his phone, he did it. Within his phone police found “numerous text messages pertaining to the importation and trafficking of drugs”. As well as the onion browser and evidence Sagnelli bought $7k worth of bitcoin from a local trader.

At the time of his arrest Ben was working at a Cafe. When taken to caught he pleaded guilty to two counts of importing marketable quantities of drugs. The court labeled him as “immature”. The justice took into account his age and matureness and spared Sagnelli time in custody. The justice told Sagnelli he “dodged a bullet”, because ‘pretty much every other person on earth’ who had committed the same crimes were not afforded that sort of leniency.

The judge sentenced Sagnelli to two years in jail, but ordered that the term be served in the community by way of an intensive correction order.

Lessons, don’t underestimate customs, don’t use your real name, and have a bit of OPSEC.

13.) Shiny Flakes (Dark Web Vendor)

Shiny Flakes (real name Maximilian S,) was a vendor who was the main influence in the creation of the amazing netflix series; “How to Sell Drugs Online (Fast)”.

The 20 year-old (at time of arrest) Maximilian S, of Gohlis, Germany, ran a massive vendor account and shop called Shink Flakes which dealt over 914kg of drugs worldwide! He sold pretty much anything (execept heroin); MDMA, speed, coke, LSD, weed (and more) were all items on sale from him.

Shiny operated from within a bedroom of his family apartment in Leipzig where he lived in with his mother and his stepfather. He stored hundreds of kilograms of product on the shelves of his bedroom, where he also kept his digital scales and vacuum sealing machines. He kept multiple drives and cash within his bedroom, away from his parents.

When sending the narcotics he had sold from his shop or from a dark web marketplace Shiny would weigh, vacuum seal, package and use stamps. He’d use a specific burner phone to get a taxi from his families apartment to his local postal station he always used. He had over a dozen burner phones which were speculated to be used for each a specific purpose.

He sourced large amount of nacrotics online. When it come to getting the narcotics he would sometimes meet a 51 year-old drug runner outside his apartment to exchange kilograms of drugs, or he would order it to his postal station and use a specific burner phone to get a taxi to his local postal station he commonly used as a pick-up point.

So where did he go wrong? An investigation from Vice questioned police who replied that he went wrong in two main areas (there are probably more mistakes, but these are the ones the police publicised). Number one, since he was using stamps at some point he made a mistake and had incorrectly used insufficient postage on one of his parcels, which was opened later on. Number two, he got a taxi (with a burner phone for that specific purpose) to and from his house to a specifc postal station, he never switched up the postal station he used, he always used the same one.

Once police got a sniff of him, and enough information fell their way, police were able to access the CCTV from within the postal station, and then find out that he had taken a taxi – that taxi also had cameras inside. Shiny was under survaliance for a while, but the police investigation expanded as it unexpectly crossed into the drug runner.

The law enforcement organised a raid when the two were together. At the time of the police encrochment, Shiny knew what was going on, ran upstairs back into his appartment and starts attempting to destroy his multiple hard drives. He destroyed them all, but one! And the one that he failed to destroy, later incriminated him even more giving the prosecution more firepower.

On police search of his bedroom they found 48,000 euros in cash, 320 kilos of different narcotics, the burner phones, and all his equipment.

Shiny was a big fish, his business continuously grew and allegedly hit 4.1 million euros in revenue per year as of February 2015.

Shiny got six years and six months in prison (the prosecution was aiming for a year longer). His sentence arrangements were very lenient (an unusual) as he had “to sleep in jail but still possessed the freedom to travel around during the day” – this arrangement is weird, but allowed him to show up at the production offices when “How to Sell Drugs Online (Fast)” was being shot. Don’t know why, but a lot of the stories I do, and it always seems like the sentence isn’t that much.

Lesson to learn, don’t be predictable, change stuff up, and think hard about personal common practice, don’t have too many drives.

38 thoughts on “How DarkNet Market Admins & Vendors Got Caught

  1. 5 fucking years? That’s all for being a child predator? Meanwhile peple who do drugs safer than alcohol and cigs are jailed for much longer. Nice. Totally fair

    1. If you’re talking about Thomas White I didn’t understand it much either. He wasn’t just a pedophile, he was the admin for Silk Road 2.0 as well. I guess he could just afford amazing lawyers.

      He was quite rich. He was a major donator in loads of gaming communities and paid £12k in cash for renting a luxury flat.

      1. If you really want to see the difference a good lawyer makes in a huge case, check out the sentences given to people busted in “Operation WebTryp” a number of years ago. A large number of American RC vendors got busted at the same time. 3-4 of them used the same lawyer and got around 5 years in jail. One of the less known ones name PondMan did not and got 20 years!

  2. Thanks for taking the time to research and post this. I love reading history about this stuff. You should also do a quick bit about Alexander Vinnik. He was recently sentenced to 5 years I think in relation to BTC-E exchange. Not sure if you were around during those days. That was the SR1 era. BMR hadn’t voluntarily shut down yet. and Mt. Gox was operating and was a developing story at the time.

  3. Thank you for this article especially for one, revealing reason: wast majority of successful attacks on the DN users isn’t cyber-related. It correlates with the clearnet status quo, where also most of attacks on normal clearnet operations are related to HUMINT penetration.

    Therefore strengthening cyber related parts of the OpSec is fine, but without proper training and deeper understanding of other aspects of the Counterintelligence setup, like HUMINT defense, one will eventually be compromised, in case the adversary will decide to deploy enough resources persistently.

    This is, in my opinion, the biggest lesson learned.

  4. Great article, Paul Le Roux was the most interesting criminal mastermind. A young coder who made his own encryption tool that couldn’t be cracked by the NSA (E4M) which still this day is used on TrueCrypt where many users are still using. And then he sets the first steps into first ‘clearnet’ darkweb of the online pharmacy business.

    I could say, one of the interested criminal mastermind who is around.

      1. there is a book written about this criminal mastermind called ‘ The Mastermind by Evan Ratliff’. Also there is a small documentary of him available on Youtube as well. Search Paul Le roux, it gives a short summarize about him.

        1. The book is amazing, it’s my most listened to book on audible. Would strongly recommend to pretty much anyone!

    1. By FAR Paul Le Roux is my favorite from your list. Although I’m really not convinced he came up with Bitcoin but he did do some incredible stuff from behind a laptop(and occasionally behind a gun).

      Hieu Minh Ngo is an interesting story as well, one I had no heard of previously. It does seem stupid to us but when someone is trying to make a deal with you that could make you millions I suppose you throw some of your caution out the window and only see $$$$.

      The Harvard guy, well I’m sure he’s learned his lesson of ADMIT NOTHING DENY EVERYTHING.

    2. There is a great book about Paul Le Roux called The Mastermind by Evan Ratliff. If anyone is interested to learn more about him, it is truly a very wild story.

  5. Good article man, I’ve watched the both the how they got caught videos and they’ve got great info for everyone. If you haven’t seen it I’d definitely recommend!

      1. not by the same guy, however there’s 3 in total they’ve done with the same idea of explaining how they got caught.

  6. Great article, you know your stuff BUT the Opiate crisis is not down to one dodgy guy.
    Its due to over prescribing Opiate pills, Fentanyl etc.
    To say this guy was the biggest EVER is a reach at best.
    Now if you had said Pfizer then YES, THATS the biggest gangster!
    Props none the less.

  7. solid article except i would recommend against using a vpn or a bridge while using tor. may seem counterintuitive but it actualy makes your opsec worse, not better. not really trying to take the time to explain why but just search for something like “should i use vpn with tor or tails”

    1. Well, in that specific story a bridge or a VPN would have protected him, as the only reason he was caught was because the campus saw he was using Tor.

      But, I agree, recommending a VPN is not always the best idea (I’ve removed the VPN lesson from that story). I understand the debate around it, and questions on whether a VPN is more trustworthy than Tor. There are definately instances where a VPN will save people (like Eldo Kim), but as advice it is not consistantly successful in every aspect.

      1. agreed, it seems it would have helped here, but i just think it’s not good for people who aren’t absolute experts at this stuff to think that using a vpn makes tor safer

  8. caught sabu with a 0 day, then he gave out tainted files to the 9, or 7, or 13, or 11? depends on your resource.

    where are you avunit

  9. once upon a time a serial killer took a stone(which has some algae on it) from a river side and killed most of his victim but guess how the scientist caught that guy?

    By getting the sample of the algae we can determine from where the algae matches the exact location of it’s formation which let them to the river side where the stone was initially picked from.

    Now all they have to do is wait and observe when the killer come to pick the stone and they finally caught him..

    His days was over just like that 😀
    It’s all about science xd

  10. possible 0day used on ross servers, and a very serious allocation of attempting to…of all things, hire a hitman to kill either an admin or a vendor with more info than ross wanted. idk if its true and people have called it a black sheep. but money, power, and methamphetamines makes a guy do crazy things

    1. Ross did actually attempt to hire a hitman on a rouge vendor, but he fell for a scam. There is a very good youtube video about it where some scammer pretended to be the ‘Hells Angels’ and if I remember correctly scams Ross out of $300,000. Thank you for reading the post. 😉

      1. And when the fake hitman calls Ross and tells him that the target always is together with 2-3 roommates and then asks him if they (HA) shall kill the whole bunch, after a brief considering the situation Ross agrees. Kill the whole bunch. BTW it was not a rogue vendor, but a rogue employee.

        1. I think we may both be right , but I think we are thinking about two separate events.

          I am aware that an employee turned informant had a hit staged against him with the help of LE.

          And there was also the story about FriendlyChemist who faked his own account being hacked, then pretended to be the ‘hells angels’ and scammed Ross into giving him hit money to have everything dealt with

          1. so the real truth, may be that all these stressed out methed up college kids turned nuts on each other…

Leave a Reply

Your email address will not be published. Required fields are marked *

DarknetOnions is now DarknetOne! We hope you enjoy our content.
OK
This is default text for notification bar