Home » Uncategorized » 28.8.17 Dark Web and Cybercrime Roundup
Click Here To Hide Tor

28.8.17 Dark Web and Cybercrime Roundup

Timeline: Feds Bust Massive Alphabay Vendor “HumboldtFarms”

Federal agents took down one of the largest drug trafficking organizations on the darknet, HumboldtFarms. Homeland Security Investigations—alongside local police in California and the United States Postal Inspection Service—brought down six suspects closely connected to the Alphabay vendor HumboldtFarms. “HumboldtFarmsDTO” sold marijuana on some of the late marketplaces and eventually became one of the biggest vendors on the Alphabay market. The six suspects, along with known and unknown co-defendants, managed to ship 78,000 orders on Alphabay alone.buydrugsonline.png

Before HumboldtFarms, the man defendant, William James Farber, operated another vendor account known as “PureFireMeds.” PureFireMeds or PFM had set up shop on the original Silk Road before law enforcement took the market down. Even though PureFireMeds never sent customers bags of sand instead of cannabis cookies, marketplace users connected the account to HumboldtFarms.

ctotgi-ueaaucbq-jpeg-1.jpeg

After a Reddit user suggested a possible connection between the two accounts, the federal investigation really took off. The post encouraged a federal agent to go digging. Thanks to an interesting bust in Cambridge, combined with messages from the seized Silk Road server, agents established a connection between PFM and HumboldtFarms. PFM had used his real name in a message on the Silk Road, so connecting name and location to HumboldtFarms—according to the Criminal Complaint—was not difficult. (Treating this as though the complaint contained no parallel construction).

The defendants:

  • Dropped off packages at the same time, following the same paths;
  • Used unique stamps and unusual shipping methods;
  • Purchased stamps in $2,000-$3,000 quantities;
  • Friended each other on Facebook;
  • Had pictures together on Instagram;
  • Sold branded cannabis vaporizers that matched their “real life” company called @justdabble;
  • Grew plants in a warehouse that pulled more energy than the average Costco;
  • Identified themselves to the gate attendendant of a gated community where the DTO packaged drugs.

That list continues. Read the full timeline and Criminal Complaint on DeepDotWeb

Operation Tiger: 13 Arrested And Facing Drug Charges In New Zealand

In an operation that some compared to Operation Hyperion, law enforcement in New Zealand arrested 13 suspects in connection with darknet drug trafficking. Incidentally, Operation Tiger began in the wake of Hyperion. Operation Hyperion, although generally considered a “knock-and-talk,” led to the deanonymization of 300 suspects in New Zealand. Very few received anything more than a knock at the door and a few questions regarding darknet activity. While this is significant when compared to the United States’s role in the international operation, the figures are surprisingly low.

Operation Tiger resulted in, as of New Zealand police’s mid-August press release, another 13 arrests. Still low for an operation that lasted roughly six months. The case both confused and interested investigators, one newspaper reported after speaking with a case-agent. Some of the suspects had just completed grade-school and some were “out of school” only because they had dropped out. They number of “young people” who ordered “hardcore drugs from overseas” was something previously unseen by law enforcement.

word-image-16.jpeg

According to Customs Intelligence Manager, Wei-Jiat Tan:

Buyers may think small quantities of drugs don’t matter and Customs won’t do anything, but every seizure helps us and our partners build the intelligence picture, so it’s not a matter of if they are caught, it’s when. Even if drugs are bought under the guise of the dark web’s anonymity, it is not difficult to link packages to people.Customs and Police are actively targeting opportunists that use the dark net, and investigations such as Operation Tiger shows how small seizures are resulting in greater drug supply disruption in the communities.”

Throughout the course of the operation, police seized “MDMA, Cannabis, Methamphetamine, LSD, GBL, Cocaine and Amphetamine worth a combined total street value of more than $500,000.” In addition, they seized more than $200,000 in cash and a firearm. DeepDotWeb.

15 Years in Prison for Darknet Heroin Supplier

Pierre Burnett, Jr., aka “Doe,” the owner of a club in Indiana, will spend 15 years in prison for conspiracy to distribute heroin and cocaine, heroin and cocaine distribution, and money laundering. Burnett supplied the drugs to both darknet vendors and local drug dealer. The club owner, despite serving as a supplier for numerous dealers, effectively landed in the crossfire of USPIS investigations into former Silk Road vendors in Indiana.

In reality, the investigation started with one target, Lee Gray, a former Black Bank and Silk Road vendor under the name “SupremeSmoke.” Law enforcement caught him through undercover purchases on the newer marketplaces and traced his Bitcoin transactions to exchanges and then to bank accounts under numerous names. They traced money transfers back to the owner of a club called “Tantrum.” Tantrum, now “Epic Ultra Lounge,” belonged to Burnett.

burnett2-jpeg-1.jpeg

While investigating Burnett, law enforcement discovered that he had distributed 37 pounds of heroin and 55 pounds of cocaine during his spree as a distributor.. He had purchased the drugs from contacts in Mexico. Couriers brought the drugs to Burnett and returned to Mexico with “bags of cash.” DeepDotWeb

TradeRoute Market Admin Denies Verified Hack

The /r/darknetmarkets resident hacker claimed that they had hacked TradeRoute market. In /u/HugBunter’s Reddit post, the hacker said that they had retrieved sensitive server information. Additionally, the hacker had a shell “placed on their server executing phpinfo returning information on their back-end Apache server,” according to the Reddit post. The subreddit divided; some called the hack fake; some said it was just a software bug but nothing serious; and some congratulated the “pentester.” The TradeRoute admin responded with a PGP signed message, an excerpt of that is as follows:

The servers haven’t been compromised in any way, this guy is just seeking some attention. We have talked to him through a support ticket and he repeatedly failed to provide any proofs, if his claims were true he would be able to (at least) provide the version of PHP we use, but he couldn’t. So the hack is completely false.

0vRfXUC.jpg

About the deface page, it simply can’t be done the way he says. HugBunter’s claims are that he did create an HTML file of his own inside the public folder of our server and it was accessible from outside by any user. This is completelly impossible becuase our server is configured to only parse a few specific files and it has always been like this. So placing a random HTML file inside the server folder is not enough, he would need to escalate privileges to change the server’s configuration, and he didn’t do that, as he clearly states in his reddit post.

Also he claims that we did remove the HTML file and his PHP shell. But we didn’t do this as there wasn’t any of them in our servers.”

And, a reminder that the market actually did get hacked only days before and a hacker made off with a sizeable profit:

Yes, that was a vulnerability, an user found an intricate way to steal funds from us and he used multiple vendor account and those listings to steal. He went away with around 100k$, we’ll take this as a loss. We already released the patch and moved on.

The damage that can be done by robberies in TR is very limited as our hot wallet is very small, rest assured that 95% of the funds are always safely stored in cold wallets. Also multisignature or security escrow transactions are totally safe, this only could affect the normal escrow balance.”

Pennsylvania Grand Jury Indicts an Alphabay Carfentanil Vendor

A grand jury in the Western District of Pennsylvania indicted a Florida man on a host of drug related charges. According to Acting United States Attorney Soo C. Song, the vendor—a St. Petersburg resident named Robert M. Gilner—sold methamphetamine, carfentanil, and ecstasy under the username “Gman19635.” Gilner had distributed drugs on Alphabay, Song said. The connection to Pennsylvania remains hazy and no positive trade route has been established as of his arrest and extradition to Pennsylvania.

Gman.PNG

The Acting Attorney said Gilner had conspired with other in the Western District of Pennsylvania (and elsewhere) to commit the drug crimes. The four-count indictment accused Gilner of conspiracy to distribute 400 or more grams of fentanyl and an unknown amount of carfentanil. Additionally, the indictment alleged that Gilner had conspired to distribute distribution quantities of methamphetamine, ecstasy, and of course, carfentanil.

“The law provides for a maximum total sentence of not less than 10 years and up to life in prison, a fine of $13,000,000, or both,” the United States Attorney’s Office announced. DeepDotWeb.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *