Since my previous post [https://www.reddit.com/r/DarkNetMarkets/comments/5ephb0/summary_of_6_vendor_busts_what_they_did_wrong/] was well received by the community here I decided to do a second part. Unfortunately this post is not as elaborate as the first one because I already summarized the most interesting and most documented ones in the first part. Nevertheless it is worth reading if you are a vendor or just a curious buyer.
Before I start with the summaries I want to mention three points that came up during my research:
Never use business addresses as return addresses. After reading through many cases I noticed that law enforcement only got involved into them because businesses received mail containing drugs [that they obviously did not send] and alerted them. Vendors that got investigated and eventually busted because of that are: Italian Mafia Brussels, Dr. Xanax, Evilution [just to name a few]. Although the business return address might make the packages less suspicious and more likely to get through customs it will backfire much harder when it gets returned to the alleged sender. Since the business is legit and does not want to get into trouble, the employees will always report the returned packages.
Never trust anyone. The sentence gets thrown around a lot but it is worth repeating because if you are committing a crime with someone else, this person will always be a security risk and if law enforcement puts him under enough pressure he will sooner or later snitch on you. A dnm related example: XanaxKing's friend of 15 years became the most valuable informant in his case. Therefore your goal should be to involve as little people as possible in your operation and do not give them more information than you have to [the less they know the less the can tell law enforcement].
Quantik posted some information about the Dr. Xanax case some time ago and included a link to an audio recording where law enforcement explained in court how they busted Dr. Xanax. Although I have the link [https://infotomb.com/i2iba], infotomb is offline since quite some time now. Therefore I want to ask the community here if anyone downloaded it or summarized the content of it.
Now as promised the summaries:
In order to provide a safer dnm experience for everyone I will post a summary of 4 busts which contain things that the vendors did wrong and gave law enforcement and advantage and things that they did right which disrupted the investigations.
Bust #1: Dr. Xanax
sources:
https://www.deepdotweb.com/2015/10/23/quantikxanax-releases-intel-from-drxanax-bust/
https://www.deepdotweb.com/2015/10/13/dnm-vendor-dr-xanax-busted/
notes:
used a supplement shop which contacted local law enforcement because of the returned packages they received
with the tracking of the packages that got returned law enforcement got a video of the guy who posted it
postal workers were asked to look out for this guy -> when someone recognized him he asked another postal employee to check the car ID
law enforcement then seized all the packages over the next 9 days, followed him, bugged his car, and found the remaining infrastructure
he only used 17 different post offices to drop off the packages [thanks to /u/CoXan for the tip]
Bust #2: ErKran
discussion link:
https://www.reddit.com/r/DarkNetMarkets/comments/4t47d2/swedens_biggest_vendor_busted/
sources:
https://www.deepdotweb.com/2016/07/21/swedens-largest-darknet-vendor-busted-authorities/
notes:
sourced his products in bulk and internationally -> customs seized one of the packages and investigation started because of the large amount
investigation revealed many other packages addressed to non-existent companies in his town, he picked them up there
most used addressed were put under surveillance -> quick arrest
he carried a handgun, cash and some drugs while picking up the package
he probably talked and revealed another member of his group who gave away the warehouse that served as the vendor headquarter
computers revealed that the group was vending on dnms and how many transactions they made; would not be the case if they used tails
one of the guys had a stash [apparently a small pump house] in the forest which was found by school kids -> teacher informed police but they could not find a suspect at the time -> police now has a suspect in that case because of the ErKran bust
Bust #3: Evilution
sources:
https://web.archive.org/web/20161027134259/http://kw.knack.be/west-vlaanderen/nieuws/criminaliteit/twintiger-uit-torhout-dealde-wereldwijd-synthetische-drugs-via-de-onderwereld-van-het-internet/article-normal-239819.html [google translator not working for the URL, copy the text manually and paste it into the google translator]
notes:
at least six packages got returned to sender because of insufficient postage
he always used the same return address [a local computer shop], owner of the shop naturally contacted the police -> investigation started
police analyzed the returned packages -> discovered fingerprints -> vendor was already arrested previously -> law enforcement got a name to the prints
vendor had 4000 bitcoins at the time of the bust, he received most of them through legal programming jobs but now it is difficult to determine which bitcoins originated from drug dealing -> do not mix legal bitcoins with illegal obtained ones
Bust #4: HollandOnline
discussion link:
https://www.reddit.com/r/AgMarketplace/comments/2ywpkv/vendor_busted/
archived version with some of the deleted comments: https://web.archive.org/web/20150314112159/http://www.reddit.com/r/AgMarketplace/comments/2ywpkv/vendor_busted
sources:
https://www.deepdotweb.com/2015/03/12/dutch-vendor-bust-hollandonline/
https://web.archive.org/web/20160325231658/https://www.om.nl/actueel/nieuwsberichten/@88570/aanhoudingen/ [google translator not working for the URL, copy the text manually and paste it into the google translator]
notes:
random police officer witnessed a suspicious transaction where someone moved transported goods from the trunk of one car to another -> got arrested
the arrested man was already on law enforcement's radar because he was suspected to operate, amongst others, the vendor account HollandOnline
sold on Silk Road 1, 2 and Agora under the same alias -> vendor already was heavily on law enforcement's radar
bitcoins seized -> bad opsec setup
another group member was only 20 years old at the time of the bust -> missing life experience and online fame led to operating under the same alias and ultimately his arrest
That is it for now, if you know other busts that could provide useful information or additions to the summarized ones please leave a comment here.
One last shameless self-promotion: I developed an Addon for Firefox [also compatible with the Tor browser] which lets you view selfposts of NSFW subs [like this one] without having to enable JavaScript. The source code is of course publicly available, so check it out if you want to boost your opsec: https://www.reddit.com/r/DarkNetMarkets/comments/5ek0lm/a_present_for_the_lurkers_on_here/
4000 bitcoins??? That is 3 million right