Ways Law Enforcement Busts Dark Web Users : OpSec | Torhoo darknet markets

URL bar: about:config
search: java
Disable Javascript.enabled :true
Will become: Javascript.enabled : false (disabled)

well im all for throwing child porn mental nutcases in jail for life imo but let us just buy and sell drugs in peace!!!!!!!!!!!!!!!!!!!

OK credit where credit is due

⚠️Basics of OPSEC (tips, numbered)⚠️ Has really good LE points and is a good know-How on the subject
Thanks for /u/2happytimes2 for that list

Edit* Fixed link

Can't say as I feel sorry for the Playpen motherfuckers

"His biggest mistake however was depositing large numbers of packages at US post offices while wearing latex gloves. This caught attention of the postal staff."
I've never laughed this hard at a dread post before. Was this dude tweaking or something, for fucks sake lmao.

Some folks need to chime in on some recent busts on DN Live and fill in the noobs on what they did that everyone can learn from. Opsec is the key to keeping a good thing up and running so if y'all know some new more up to date tips and tricks, let it be heard. Please & Thank ya!!

Not changing your fucking shipping locations and methods especially if your well known is a problem your pack gets pulled and they will triangulate your drops pretty easily and profile your customers too for additional evidence

snitch

You could just cut your hands off to avoid fingerprints.

With Regards to OP's first paragraph:

The Chukwuemeka Okparaeke bust. Its clear that he made some glaring mistakes. He also got lucky for a long time based on the fact that he operated without being suspected, reported, investigated and arrested immediately...

The way he went about actually posting the packs of fent was flawed, but you must at some point acquire the stamps/postage and send it. Walking into a USPO is pretty inevitable if youre sending priorty/Express/International. If you only use First class you can buy stamps without raising suspicions and drop them in blue boxes but then you risk non-tracked packs and customers disputing non-arrival without the ability to prove to mods/admins on the MPs that it was infact sent.

So what is the best way to acquire priority or Express postage and get it into the mailstream en route to customers destination, without sacrificing anonimity & plausible deniability?!

Buying postage online still requires accounts with emails, names, phone#, and sensitive info that could Doxx you. So buying from a website is not a valid option which leaves only walking into a PO to post your packs in person....any advice on this aspect?...

Yeah, resist the urge to wear latex gloves dropping off packages.

Hold up, a fent vendor was operating from mobile? That is wild. No surprise he got caught.

What do you think the most common mistake in opsec would be that gets people jammed up?

The reaches of Authorities go wayy beyound these basic notes. Especially in last 5 years, Feds of different nations have built a spider web of traps over millions of websites. That web may include fake vendor account with high trust ratings & even malicious Exit Nodes [Probably use a VPN in the first place]

Is using android to surf the dark web doable? I mean I use tor, orbot, I switch identitys often. Use VPN mode through orbit use bridges if need be. Have pgp don't give out my personal unencrypted. I'm a late bloomer on this drk web shit. So I'm learning but losing crypto to scammers is the only hard way of learning things is as far as I wann get. Meaning I don't want my life lesson of being shitty at opsec being taught to me by metal brackets at the gray bar motel.. Pls advice would be greatly appreciated

tails should have this disabled default instaed of noobs not knowing to do this everytime booting up

(i used to be that guy)

Don't use USPS apps on your phone, dont check pack deliveries on your phone period. Once you've set up Informed Delivery, configure it to send text messages for packages. Mute the conversation and let it push all the updates to you via SMS. This will keep a longer history than the ID page or app. You have plausible deniability because you get updates on ALL your amazon shit. Let them PUSH the data to you, don't PULL it.

Don't use your phone to check on deliveries.
Don't use your phone for anything DNM related.
Don't hit the tracking info for the same pack.
They track your IP and # of hits and will use this against you. TRUST ME, I KNOW.

I've read at least one article where they caught the vendor because of the sheer number of packages coming through that region of the Postal System (no doubt all looking similar). Then they started an investigation and one thing led to another... busted

That's why I think people should limit the amount of business they do if they become big-time vendors. A "big fish" is always going to get caught sooner or later, just due to the volume of mail, chances their customers getting caught and working with LE, etc.. Better to be a small or medium fish and keep it that way.

To add on your highlights i would say :
1.Going undercover.This can be a highly effective tactic where the undercover agents penetrate the wider dark web organizations.In a way ,law enforcement have taken advantage of the protections offered by Tor to blend in with everyone's else-on the dark web,you never really know who is on the other end of a conversation .
.
2.Open Source Information .Even if criminal"s business exists primarily on the dark web ,they might have left digital bread crumbs -in forum posts or public documents that lead to investigators to the suspect"s identity .

3.Following The Money .Dark web market places typically use the pseudo- anonymous currency bitcoin,for all transactions the idea being that transactions can be carried out with no link to the buyer or sellers real identity .Homeland Security Investigations (HSI),part of the Department of Homeland Security however has set up dedicated task force for tracking down those who launder their proceeds with bitcoin and other cryptocurrencies.

It's good when they catch pedos, why wouldn't they concentrate on them and leave us alone?

So are Tor users still susceptible to the same Network Investigative Technique used in operation pacifier?

No mention of correlation attacks? That's one of the biggest ways TOR users get busted

absolutely very useful

You forgot doing through your garbage

Great information, also a lot of the common themes I've read in the bast about people getting caught was they completely forgot about their OPSEC. They ended up shitting where the slept so to speak. More often than not a lot of the arrest were made due to the target using his DN username on some clearnet website 10 years ago. What it comes down to is complacency.

Do you think LE can track transactions from a seized market to electrum and then from electrum to the bank (bitcoin provider) ?

Great read

Thanks for post have not fully read it yet but will wen i have some extra time thanks

So there is really a risk in the shipping methods. How come most still get thru?

"The tool was used to expose IP addresses of those accessing the site on the assumption that they were either trying to distribute or access child pornography."

Leaving the morality of child porn aside, what actual proof did they have other than having user's IPs?
If they were using Tails for example, they wouldnt have any proof of them actually browsing through the site. For example, someone else could have been using their WiFi (cracking it, etc).
Also, how exactly did they obtain their IPs? Shouldnt Tor mask them? Or is it because they enabled java temporarily to view/download media?

Thanks for the input

I suppose the moral is, nothing is 100% secure,100% of the time.
Always be paranoid.

Is there a better way to send priority then buying stamps?

great info thanks

Amazon delivery hiring a bunch of drivers. Feels like good opportunity to infiltrate

Firefox plugins
1. NoScript - fine grain control of what is blocked for what sites
2. FoxyProxy - Proxy Switcher, fine grain control of what sites get what proxies
3. User Agent Switcher - If you aren't running Tor Browser, set your useragent to TOR Browser

optional - greasemonkey for hacking appearance of sites client side.

Disable web RTC. Make sure flash and web-java are uninstalled. Both are obsolete and chances are you don't need them anymore.

Good Info!! Create more awareness

does Opsec record suspicious bitcoin addresses? And how do they find/collect them?

Why Tor browser is still legal then.

I appreciate you postin, it is a good collection of relevant examples and concepts.
Just want to suggest adding SEing and psychology under the hacking section. There was an intriguing case (maybe fentmaster or etiking?) where they used a phrase- "hiya" -to pinpoint the area so a smaller radar.

Thanks again for your post

Keep digging settings and options - otherwise you're done.

Great information even for a seasoned user of the darknet.

I think we need to really uodate this post seeing all recent events that have happened!

open dashboard on ublock origin and check boxes for block javascript-remote fonts-webrtc

thank you for posting this
it is a huge help

very good Articel....THX

Good post.

I'm seeing a lot of people recommend using Qubes and whoonix for solid Opsec. Would that have similar protection as running tor on an Oracle Virtual Machine? And this might sound really noobish, but does layering another VPN like Mullvad with Tor do anything?

Does anyone know if this is all still pretty much up to date? Wondering if there has been any recent techniques they've discovered etc that we should be worried about. I'm assuming just being a lowly buyer I am safe so long as I follow the bible and the wonderful information posted here but you know what they say about assuming...

URL bar: about:config
search: java
Disable Javascript.enabled :true
Will become: Javascript.enabled : false (disabled)

Above is just just one thing. If you don't want to get caught always use KeyScrambler for windows i suggest https://www.qfxsoftware.com/ for linux users you can do this yourself

Drop iptables rules

their are tones of things to do according to your distro anyway stay safe ;)

Can someone mention if it's likely that personal users get caught?

Also are there sort of signs to tell if a vendor is LE undercover?
As a new buyer, Ive been really only using those who have a good amount of reviews on the market AND dread..

for hiding IP there is a old hack who can still be use
1. take a burner phone and registrate the SIM using fake ID (phone registration with fake ID based on a real person or something close or even take a psd photoshop template and make your copy of ID card as you need)
2. Use the 3G/4G to access internet through your cellphone with a USB cable and of course pay the communication via prepaid card in cash on your local retaillers

I think if there is no ISp moder/routeur only a burner phone control by a anon SIM there never get your IP because using 4G

Is it possible and still safe to do this guyzz today?
This idea was from a friend who does it 15 years ago already

Honestly I feel that there should be a way for individuals that use this forum to verify themselves before they can even access this subdread. The cops are constantly reading stuff on all platforms. I really appreciate this advice from /u/Cannablys. I think that the intuition of each user is probably their best weapon against law enforcement. Below are some pysch. tips to better suit yourself if you are speaking to an undercover cop.
1. Look at all their comments and posts before speaking with them. (Generally you can weigh cops out by looking at context of each post.)
A. Are they asking more questions than providing answers.
B. Are they seeming to be too informative.
C. When you communicate with them do they immediatley ask you to connect on a less annonymous forum such as( telegram, wickr,)
D. Do they respond immediatley after you pm them or respond to them. Look at the time incriments between comments. A good rule of thumb is if they have a habit of responding your messages withing 2-3 minutes time consistently this is a good indication that they have nothing better to do or that they are trying to get as much info out of you.
2. If you move to another platform (such as; wikr, telegram, ex)
A. Again watch their response times to your converation.
B. Ask them questions( not too specific but general questions about what they do and what their goal on the dw is)
C. Common Questions they may ask are... Bro I can text you-it is safe I am using an untraceable number(they want your cell for location purposes) They will ask questions that seem like they are too ignorant.... Do you know any vendors that sell... Do you know how I could buy this... Do you use cashapp... Offering to video chat withing 4-5 hours of linking up with you...Asking specifics about a certain vendor...Offering to give help and offering a less secure mode of comz.
3.If you suspect that you are talking to a cop
A. Immediatley make sure that you are 100% sure.
B. Look at your opsec. If you are communicating via mobile apps like tell and wickr make sure that your vpn is active and that your personal info is turned off. I know that tele gives you an option to remove your phone number from veiwability. You should have that diasabled anyway. You should also be using a burner number when using telegram. DO NOT USE YOUR PERSONAL NUMBER. TELEGRAM CAN BE ACCESSED BY AUTHORITIES IF THEY GET THE RIGHT CONNECTIONS.
C. Block and delete them if you are sure and make sure to get their alias and usernames. Let people in the community know. If they disapper on all forums under that alias then your inclination was correct. They have been busted and they know they can't use that alias to spy on people.

Below is a renstated example of a conversation that I had with an undercover cop: VIA TELEGRAM
He tried to use an alias that he knew I would respond to...


Him: Hey who is this?
Me: My alias begins with C and yours starts with A if you can confirm both we can chat
Him: Hold on man
Me: You should know without thinking if you are who you say you are
Him: Bro I am really busy man just a second
Me: You reached out first
Him: Text me bro I got a new number (he provides, I run it and it is showing to be attached to lapd)-fucking idiot he is
Me: Nope you didn't
Him: We have everyone kid: you are next we know who you are
Me: LMAO if you were serious you wouldn't be waisting the time texting me trying to get info
(I blocked him asap and purged the account and phone to be safe.)
Best of luck yall.

I found this awesome site which has over 100 opsec tips on it, i really learned a lot and it opened my mind, it also lists best operating systems for anonymity and other anonymity services i find it really good, so i decided to share it here. Only - side is, that it uses some js for its theme, but i found no tracking at all, not even tracking fonts, it safe to use.

LINKS:
-----------------------------------------------------------------------------------------------------------------------------------
clearweb: https://cybertoolbank.cc/
-----------------------------------------------------------------------------------------------------------------------------------

usual moral of the story: no matter how amazing the technology is, the human factor will always pose a security threat.

Thank you,so informative.

Thank you .But you shouldn't be using "GOOGLE"

Thanks so helpful

thanks for the tip it was very helpful

the pedos got what was coming to them

This is very helpful! Any thoughts on financial transactions?

THank you for the wealth of knowledge. Both refresher courses and knewly obtained. Was wondering what the hell the best way to turn cash into usable crypy without having to sit down an teach every degenerate under the sun about crypto, I havnt gotten to the point of cashing out. Im sure I will take a hit but I'm worried about making it that long. Fcked up in the bengeiining for like 2 monthss. haveebeen much more on top of it lately but stil not enought coin coming in to operate at full capacity.

Thanks in advances if any1 wishes to pm me on this one as to not spill the beans feeel free.

Thanks for your time, Always stay safe.

-T

ps.dont have some massive conglomerate running. nowhere close but u know how they do. follow the money trap a small fish casr en back out to catch a 50lbs striper

props for the well made list, i would probably not spend time on this because of my shitty attention span so +1 for you.