A little OpSec

So, here's a bit of advice from a casual user's point of view, let's set up a DarkNet situation to buy us some drugs.

You now have to do a bit of a risk analysis. Ask yourself the following question: do I care being caught using a computer device with an international link to purchase scheduled substances that might potentially cross borders?

(A) You don't, fair enough. What will happen if you get a 60x1mg pack of Xanax or some painkillers in your jurisdiction? After all, it's not like you hadn't bought more quantity over the past ten years using a credit card or Western Union on shady Indian sites. These transactions aren't going away, so you might as well assume that TPTB have you on file.

Look up your local laws, and if you feel comfortable, simply go to https://www.torproject.org/projects/torbrowser.html.en

Download the browser pack. It will essentially allow you to access the .onion markets and services that fuel the underground economy.

You're all set. Go to the drug marketplace that is to your liking.

(B) If you do, however, feel like breaking with the clearnet tradition of purchasing drugs on the Internet, you have to get paranoid. By which I mean:

  1. Buy an external WiFi card (PCMCIA or whatever interface your laptop uses; oh yes, you will need a laptop, so buy or repurpose one if you don't have one already). Use a local service such as Craigslist; pay cash.

  2. Download and burn a Tails CD/DVD: https://tails.boum.org. You will not be booting your laptop for this exercise outside of Tails.

  3. Buy two USB sticks. Pick them up in the discount bin at your local Big Box, pay cash.

  4. Go to an open area with no WiFi coverage and boot your laptop with Tails. Turn off the internal Wifi.

  5. Format the two USB sticks you bought.

  6. Use the included GnuPG software to create a 4k key, save it to your first USB stick. Copy the private key to your second USB stick. Put USB stick #2 in a safe place--banks have convenient boxes for that kind of stuff. If you don't want to deal with bank box, just stash the key outside of your property: remember, search warrants are usually pretty wide-ranging.

  7. Go to a place with free WiFi (your local McDonald's would do; the smaller the venue, the better: don't show up at an airport or train station). Some lamer's broken WiFi AP is the best. Switch around, don't hang around the same place, don't hang onto a broken AP, find another one.

  8. Boot your laptop with the Tails CD/DVD (remember, that's what you have to do; boot it natively and you're back to (A)).

  9. Make sure your network comms are going over the card you bought in (B.1).

  10. Go to your favorite .onion marketplace and do what you need to do. Use the GPG keys to communicate with your seller. Add the seller's key to your public ring for the duration of the deal only. Remove the key from the keyring once the deal is done. This is not the kind of business where you want to keep a paper trail, so your counterparts' keys should not remain in your public ring.

  11. That's it. Simple OpSec. Just remember: fuck up any of the steps above and you're back to (A).


Comments


[7 Points] None:

You left out how to buy bitcoins entirely. Arguably the most important part.


[3 Points] dopelessfopefiend:

Remove the key from the keyring once the deal is done. This is not the kind of business where you want to keep a paper trail, so your counterparts’ keys should not remain in your public ring.

This is the only hole in my operation which I thought was flawless. I have portablepgp on a USB key with my keyring full and intact. Removing now.

Thanks


[3 Points] arbitrarysquid:

that's pretty much it.


[3 Points] BlackBroker:

Can I ask why its necessary to use an external WiFi card? If its for MAC address reasons, TAILS has an option to spoof your MAC address for you.


[3 Points] thenine9:

The weakest point of DNM OPSEC isn't so much the operating system but rather receiving and storing Schedule I substances.


[2 Points] NiceCoolSmellyVagina:

How does one use TAILS at a McDonalds or Starbucks? Someone who is me tried to do that and it straight up would not connect. Would you have to open Unsafe Browsing (i.e. clearnet browser) to connect to the WiFi via that page that webpage that you need to click a button on or whatever?