Silk Road forums
Discussion => Shipping => Topic started by: antigrid on July 16, 2012, 07:36 am
-
I have done a lot of reading on here and elsewhere, and have gotten some experience from placing orders of my own now, and I am trying to figure out where in the order process LE might be trying to exploit a vulnerability. If that is indeed what they are doing. But I am going to give an example scenario of someone placing an order and then address some of my questions / concerns (I think this is the best way to show my current understanding and my concerns ):
For all intents and purposes I am doing this from the vendor side, because more then likely they are not targeting buyers.
So I am a new vendor and I place my listing up for 1 gram of high purity mali (I think that's how its spelled). A buyer places an order, uses my public PGP key to send me their address. I logon, get the encrypted message, download it securely, take it to another machine not connected to the internet and decrypt the address. I print out a label for the address, stick it on, along with a fake return address. The customer ordered priority shipping so I am using a flat rate priority envelope I already picked up from a post office. I use rubbing alcohol to clean the envelope of fingerprints, package it up, and put on the pre-paid postage sticker for an the flat rate envelope plus delivery Conf # that I purchased from an automated postage center. I then drop the envelope in any blue mail box or outgoing mail slit in the area where I put the return address. I don't give the customer the DCN/tracking unless there are issues for security reasons. Hopefully all goes well and package received.
Did I miss anything here? Would I be leaving myself open anywhere in this process? One of my concerns would be the purchase of prepaid posting, whether for express or priority packages. First, can all postage , DCN, etc be purchased at these automated centers?
Second, would the postage be traceable back to that specific automated center (would be using cash)? If so, are there cameras on those APCs? Obviously it is unlikely that they would go as far as to check a camera at an APC unless the person is always using the same one, but it is worth asking, I am trying to uncover any vulnerabilities that I might not be aware of.
Another major uncertainty I have is how/where to drop the package/ mail it from. Is it normal for people to drop of prepaid priority envelopes in those blue boxes? Do you think the mailmen even give them a second look if they see a new address / return address that they have never seen a package mailed from before? What is the best way to go about coordinating the return address I put with the location it is dropped. Is it ok to use a fake name on the return address or just use initials?
Next comes the original reason for this thread; do you think LE frequently places orders on SR in order to try and track down the vendor? If so, what would be the main piece of information they could gain from this that would make it worthwhile for them? Are there any countermeasures? With this in mind, is it safe to send each customer the express tracking # / DCN or is it a weak point that could be exploited?
Do you think LE is even attempting to bust any vendors (unless they also happen to be the owners of SR like farmville)? If so do you think they place orders from all vendors or just large ones? One thing I do know is that the sole purpose of every DEA investigation is to tie as many assets to the "activity" that they can so that when they drop the hammer they can seize everything. "stopping the crime" is hardly even a secondary goal.
I know I went on here and asked a lot of questions, please answer what you can and so the info can be put to good use.
-
Some thoughts on your post:
Forensics. Fingerprints arn't the only thing they'd be looking for in a package if they were serious. Hair and possibly other DNA evidence might be there. Watch for that. Also, white powdered surgeon gloves STILL LEAVE FINGERPRINTS especially on tape. Use yellow dishwasing gloves instead
Lables comming from printers: Color ink and color laser jet printers leave a fingerprint on each page that's printed. usually its in yellow, very small in one corner of the page. Take a look at this: https://www.eff.org/issues/printers
Do I think LE try to make orders from venders looking to build a case? Yes, absolutely. I think mostly the DEA would be doing it. They have a huge budget and spending a few thousand dollars to try to collect forensic evidence really isn't too much for them. Remember - time is on their side. They can order many times and it only takes one slip up for some one to get busted.
Of course you also should take into consideration if the vender actually has their prints in the system. If they dont have their prints in the system they might be a little better off than some one who does.
Just my 2 cents. Stay safe
-
- APC have small camera lookint at u look close - behind dark square bottom left of screen on certain model, maybe other place on other models
- postage printed at the APC easily tracked back to machine in barcode- then date time pay and pic easily gotten.
- APC always in place with primary camera coverage
use dcn with apc and u give them all steps.
-
OK, wow, based on what both of you have said everything I have read thus far on these forums etc about shipping, postage, etc is dead wrong. Obviously people aren't going to post their exact methods but I would have hoped someone would have stepped in and made it clear that the information is wrong and dangerous. What is the safe way to go about the following:
- Getting packaging materials (envelopes / boxes)
- Getting DCNs
- Purchasing prepaid postage
- Finding drop locations
- Cleaning the materials (envelopes)
What are a few key things I could do differently in the scenario I mentioned that would make it a lot harder to track me? Where else can I look / ask for more accurate info on shipping etc?
Obviously I can purchase postage etc on SR itself , but besides doing that,how can I protect myself with resources I have locally?
-
OK, wow, based on what both of you have said everything I have read thus far on these forums etc about shipping, postage, etc is dead wrong. Obviously people aren't going to post their exact methods but I would have hoped someone would have stepped in and made it clear that the information is wrong and dangerous. What is the safe way to go about the following:
- Getting packaging materials (envelopes / boxes)
- Getting DCNs
- Purchasing prepaid postage
- Finding drop locations
- Cleaning the materials (envelopes)
What are a few key things I could do differently in the scenario I mentioned that would make it a lot harder to track me? Where else can I look / ask for more accurate info on shipping etc?
Obviously I can purchase postage etc on SR itself , but besides doing that,how can I protect myself with resources I have locally?
Materials: Mom&Pop type stores.
DCNs: Walk into a post-office, grab a stack and slip it into your pocket, walk out. Gloves optional but suggested.
Postage: Mom&Pop stores. Alternatively, stamps from the grocery store.
Drop Locations: Google maps, I guess?
Cleaning materials: Don't fuck up in the first place. Pretend you're working in a quarantine.
-
basically what he said ^^ and mostly COMMON SENSE. when your in this game, this is no childs game this serious shit. u shld be able to think all of these problems through. put some thought into, the answers arent that difficult.
and you don't have to 'clean' what you don't get 'dirty' to begin with....