[http://ia801506.us.archive.org/27/items/gov.uscourts.nysd.422824/gov.
uscourts.nysd.422824.232.8.pdf /
http://antilop.cc/sr/exhibits/DX_C_le_counterintel_file.pdf ;
converted using http://www.onlineocr.net, hand-edited to correct OCR
errors, sectionize, and some commentary.]
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 1 of 17]
EXHIBIT 8:
/home/frosty/backup/project_references/le_counter_intel.txt
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 2 of 17]
[beginning of East India Traitor section]
from East India Traitor on forum:
Well this obviously isn't private but i'll share jediknight is your
attacker. I realize this will be treated like bullshit
as most other info that gets relayed to you, but he is the script
writer over at atlantis and brags of his assualt on
your psuedo-revolution. I realize you support free market but even at
the cost of attacks on your marketplace, you
may say yes in public but i know this not to be true in your pirate
head. Be sure to read my sig if this helps you
otherwise
I want nothing more than for this to continue for as long as
possible...soon the other markets will decentralize your
profits and
vendors and you can retire...please do not let the dea follow your
btc trails as they did in the past watchin your btc pile
grow
daily until it was obvious who the owner of the mtgox account was...i
know this is a non issue now but im just saying,
they have
a quarter million dollar bounty on your head for info and have been
here since May 2011.
Attacker
SR Forum Profile:
http://dkn255hz262ypmii.onion/index.php?action=profile;u=51427
---
Long story short I just did 6 months federal time in a DRAP program
for SR related crimes,
currently living in halfway house very little time to get up to the
local library to talk.
DEA visited/visits me twice a month...asks me shit, then they brag
about their shit.
Such as the mt gox bullshit a couple months ago, asking if SR members
would go for
paid informant work, I sent them on wild goose chases just enough to
get them to
come share with me more than they could get from me. I in no way
snitched out anyone,
they are currently trying to get into your staff forum mods esp...i
suggest they change usernames every month start
posts counts back at zero.
I suggest you relocate outside usa...if not already, they are foaming
at the mouth which branch of the LE gets credit for
your arrest.
blah blah got to run...last person in library have an 7:30pm curfew.
---
yeah it's more detailed
also covered that jediknight info was from an unlogged set of chat
sessions so i dont have
links but the atlantis crew runs on the same server as the Silk Road
IRC so to make a fake username and buddy up to
them is no problem...the younger and smarter they are the more they
brag. There's definately more details on the visits
from the different visited me...esp trying to track down ovdb vendors
and admin.
Please if there's something you have questions about ask and i will
tell you what I know...they are pretty forthcoming
and brag like any other ego driven personality. Like I said Im still
on parole in a halfway house and visit a library to
get
this back to you so my dedication to this is obviously a great risk
to my freedom again except there is no way ill get a
light 6 months federal
Residential Drug Abuse Program my second strike. So please understand
I need this info I bring back to you and
convey to
be Ultra Top Secret. Burned After Reading scenario.
---
Wow i never expected that.
Well let's start with the most important issue and I dont expect you
to answer this to me but think,
"Who knows your real name in relation to Silk Road?" Admin from OVDB?
Eneylsion or Envious or any of those
guys?
What about people from the Bitcoin forums?
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 3 of 17]
"Do you have the servers in your name or a staff members name?"
Hopefully these servers are spread out
internationally.
Again these are rhetorical questions? I dont wanna know the answers
just stuff for you to protect yourself.
Again the BTC block chain is definitely being watched for large
transfers or deposit to same address which I assume
was solved long ago.
They know you have multiple btc tumblers and that you dont keep but
around 1/3 of SR's btc balance on any given
site.
Remember the agent that i spoke with that had been on the
investigation started in late april 2011...i asked him and he
told me.
The postal inspector asked me shit like why do i think you tell
everyone to use USPS instead of private couriers and I
told him
and he was pissed and wanted to know how I knew that. Then he wanted
the postal workers that use SR in the forums
real names..like I have a clue to that.
They expect shit that is unrealistic but I do know there's
compromised vendor accounts and looking for the highest up
vendors to interrogate.
They are paerticularly hung up on Limetless...they asked me about my
money laundring and I of course said I have no
idea how to do that cause admitting that gets you 15 years.
They seem to think Limetless laundrers for you, probably cause he has
spoken about laundring in the forum opening
countless times.
This isnt just a US investigation they ARE collaborating with other
governments and international packages can be
opened without a warrant. They simply have to have an address
on a postal list and it can be opened as part of the homeland
security initative.
Sorry this is all I can cover today, I've go to spilt to get to a
meeting at the halfway house...idk if i can hit the library
on Friday but they let me go to there on Saturdays to "study law".
I'm trying to get some community service out of the way with the
library as well so ill have more time here.
Thank you again and I'll be in touch very soon.
:)
---
ok not sure where we left off.
Let me explain my situation a little more.
See I still have contact with these agents, not in person anymore but
by phone.
So guess who I talked to yesterday.
They are focusing on the forum and your admin and mods.
In particular Libertas and Samesamebutdifferent who is in my opinion
your weakest link.
They dont really know anything about Libertas except he helps on the
marketplace with coding...they have his tormail.
Idk what that does for them but they have ssbd's as well.
So i advise you to have them erase their emails and change tormail
accounts or better yet not use tormail.
The way they got their tormail mail addresses is by importing their
pgp ley and it was on there.
I have a feeling they think Libertas is scout...idk for sure but they
have been asking about those three for months.
If by monday you can have them all start new usernames it is in your
best interest as well as the community at large.
So you can see I have them in the perfect spot to play spy for Silk
Road with the DEA.
Does this interest you?
Let's see what else...they believe that admin fromovdb is your chief
code writer or at least the very least works on
your staff.
They have envious' return address in montana some how.
They seem to think he might have some connection with you pre SR
days...not sure why.
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 4 of 17]
Several agents question me on a fairly regular basis and are all
doing different cases and sharing the info from
interrogations.
I know there are things Pm not remembering at this very moment but
when they do come to me I shall relay them to
you.
If there is anything in particular you want to know if Ive heard
about ask.
These guys vary in intelligence quite a bit from person to
person...one cant use encryption another has been in the
forum since it was on the orignal market.
They asked me if I knew anyone that bought shrooms from you and that
if they had a return address for you...like that
is even remotelty possible to come up with.
They are looking for every little think said in the forum about
personal habits or the mods/admin..you.
Yesterday they told be they believed their was at least 2 ppl using
the DPR username or more, which makes sense to
me.
One for the forum bs and one for the marketplace.
Is this the type of stuff you are interested in?
---
As far as I know dont know anything about the shroom sales except you
sold them sometime in the first month or
couple months.
Mt Gox I was given anything but generalities...such as a huge amount
of btc in one account that blew up in the matter
of weeks, I'm thinking
they said around the time of the original gawker article...the public
invite article.
They seem to be under pressure to get someone of great impoertance
toshow a win for the USA on this situation.
And from what i gathered from the dea they were [issed they couldnt
login during the dos attacks, so that says they
had nothing to do wirth it, like i said anyway
jediknight was in chat bragging about how he had implemented escrow
on atlantis in a 24 hour period and that he had
plans to divert members from Silk road to Atlantis.
It wouldnt hurt i suspect to have someone look into logging chat on
the atlantis channel that ios also non the SR IRC.
---
O just as i was about to sign out i remembered they asked me if
Graham Greene was possibly a moderator or Admin.
I remember graham from before the arrest but ive been out of the loop
for a couple of months so I really have no
idea how much
he got involved in the forum...I know he was one of the more
outspoken members that had the best interests of the
community in mind
but i told them i didnt know that name.
---
can you give me links to where he is bragging?
what do you know about an mtgox account?
the DEA has a $250k bounty on me? how do you know?
[These 4 questions seem to be DPR->East India Traitor, not EIT's
replies to DPR's unlogged side of the conversation]
=======
Cause i just did 6 months federal time for your revolution and they
bragged about their doings too much upon
interrogations.
They would visit me twice a month trying to get info from me..i would
lead them on wild goose chases.
Just enough to get more out of them than they me.
They asked about offering the average member this bounty, how many
would flip on you ,
they assumed 80% of the members would flip on you, but i know much
better your following than them.
I also know that your current members dont have jack on you...but
they are trying to talk to nelson you remember
nelson right
from database days. He's still locked up.
I will also warn you that your staff is currently being targeted if
not already a compromised one. Specifically the forum
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 5 of 17]
members.
They followed an mtgox account that was in excess of some outrageous
number of bitcoins, an account that should
have had enough
bitcoin to be it's own exchange. They did not release the account
username but they are very much obtaining info in
manner
possible. I'm trying to warn you. The DEA, ICE, POSTAL INSPECTOR,
NSI,FBI,CIA,NSA are itching to get credit
for your arrest.
I advise you to relocate yourself from the US and before that have
your complete staff change usernames at least once
a month and no rolling over posts.
As far as jediknight i do not log chats so I cant link you to
anything but that doesnt change the fact.
Like I said I just got back out and am on parole...so to clear up the
info i have on jediknight it is at least 6 months old.
But he was your denial of service instigator before the members
started dos themselves and he and the atlantis crew
are your troublemakers
as Im sure you've come to the conclusion yourself. I know without the
exact quotes this is meaningless to you but at
least I tried to make you
aware of the issues you are currently being annoyed with...and could
even become your fall from grace.
Please delete all info as it is for your safety not mine. I want
nothing from you and I am not trying to throw psyops at
you. I've not always liked the way you ran the community
but I'm no traitor. I respect your progress on this frontier but I
worry about your future. Along with the members
futures.
If you don't believe me and wanna live in denial go ahead one day you
will look back and wished you'd looked further
in the rabbit hole.
[end of East India Traitor section]
[commentary: East India Traitor seems unlikely to be legitimate. His
claims conflict badly with the Ulbricht trial exhibits, known
SR1-related busts, the DEA internal timeline, and the later DEA agent
Carl Force's briefing. Specifically: there is no known $250k bounty
on DPR (and Force implies there would have been no money for a bounty
even if they had wanted one); the earliest investigations stem from
*after* April 2011, prompted by Schumer's grandstanding, and only
really heated up in January 2012; he seems to imply that the SR1
hedging account was seized by LE when the best current guess is
hackers or insiders; it's not clear there was any meaningful tracking
of large blockchain movements like EIT claims; OVDB/Envious do not
appear in any other documents and the connection seems to've been
completely ignored in the investigation; EIT focuses on the
then-rumored mushroom sales by DPR but neither Force nor any other LE
sources mention the mushrooms until after Ulbricht was arrested and
his laptop harvested; EIT claims LE thought DPR was 2 people, but
Force specifically and emphatically says that they thought the
opposite; EIT claims LE was going after a Mtgox account when they
weren't; and EIT's general account about LE 'bragging' about all this
to him seems improbable. All in all, EIT seems highly questionable
and may have been either paid or living out a fantasy or trolling or
something.]
---
[beginning of Mr Wonderful/emailgate section]
scout's tormail where he is talking to mrwonderful:
username: scoutsr
password: b311am0n
Symm's tormail talking to mrwonderful:
symmetry2
bjBTrmPzUBhmN3uH
scout, forum
username: scout
pass: nlNlaGKUb1r6sqYY
[end of Mr Wonderful/emailgate section]
[beginning of Hetu section]
StExo has discovered that Dr David Decary-Hetu is planning to do
research on SR for canadian LE
Address: Montreal, Canada
http://ca.linkedin.com/pub/david-d%C3V0A9cary-h%C3%A9tu/41/298/702
http://jrc.sagepub.com/content/early/2011/09/20/0022427811420876
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 6 of 17]
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2119235
E-mail: david.decary-hetu@umontreal.ca
[see also: Ormsby was apparently told about this accusation
http://allthingsvice.com/2015/04/02/special-agent-force-alpacino-and-m
e/ - by StExo, an apparently incorrigible publicity hound?]
[ending of Hetu section]
[beginning of Carl Force/DEA double-agent/informant "alpacino"
briefing for money; this seems to be his initial briefing for the
upfront payment, and not include the weekly updates he then gave DPR.
For additional background on Force & Bridges, see the complaint
http://www.justice.gov/sites/default/files/opa/press-releases/attachme
nts/2015/03/30/criminal_complaint_force.pdf and the related filings &
exhibits in the Ulbricht trial.
The alpacino leak is mentioned in Ulbricht's journal entries:
"06/05/2013 - 09/11/2013 / Haven't been logging. Tried counter intel
on DEA's 'mr wonderful' but led nowhere. tormail was busted by dea
and all messages confiscated. 'alpacino' from DEA has been leaking
info to me. Helped me help a vendor avoid being busted." (For the
specific vendor saved, see later.)
So these emails, through Tormail, probably took place 2013-06-05
until Tormail was shut down as part of Freedom Hosting on 2013-08-04.]
correspondence with alpacino:
silkpirate@tormail.org
This is for YOU only.
Try this (and I'll explain later why). Message your staff/moderators
individually and ask "So, feeling wonderful lately?"
and then ask "Anything you want to tell me?" Make sure to use the
word "wonderful".
Theres an ongoing effort to engage and coerce your staff into giving
up some access/insight/internal communications.
Last I hear there IS headway on that. The key points are potential
greed or intimidation. I believe it was someone @
DHS or CBP who wanted to own it, but ultimately its a DEA gig with a
few cooks in the kitchen. Will absolutely
request you not ever let on about this, and I'm sure you know how to
run your team (and what level of trust to repose),
but just know that absolutely there's an ongoing dialogue there with
a "mr wonderful". Shocking, huh? Be smart about
that.
Know that some of your vendors have been approached for (and have
provided for money) buyer information (the idea
is to purchase buyer information, which gets dumped and collated into
excel). Vendors that get banned are approached
via the email addresses they provide on their pages "in the event SR
is down, contact here..". Just recently a New York
based pill guy sold his entire customer list to what he thought was
atlantis. Can find out his handle so you can poke
around old private messages if need be. Several uses for databases of
buyer information..
Am certain there are not many techies involved. Due to the
unconventional nature of this network and technology, not
much use for full time "geeks" being sourced & assigned anything more
then standard workload. Unless there's some
specific technical question/explanation needed
There are a few different working "profiles" on you (can probably get
into detail later on how thats culled). The most
popular is that you're East Coast , live with family, have either
quit your office job or primarily do consulting/contract
work from home. Theres other stuff I'd rather not get into, but rest
assured anything worthwhile/concrete usually
makes the rounds as gossip, and there's no real gossip. If that makes
any sense..
There are really tons of useful nuggets that I do have to offer. And
what my birdie doesn't know, he can probably find
out, but no guarantees on timeframe. Due to the nature of keeping
everything properly 'insulated', birdie has to fetch
information with proper care. Also please realize the risk I run (and
have run)..
Anything you want to ask?
---
I don't mind you talking my ear off asking questions.. there's a
decent amount in my head, and fairly regular amount of
chatter that makes it rounds to my ears. But as said, weekends are
not optimum for me to poke my nose around as you
can imagine the nature of this stuff (despite me being pretty
insulated).. being casually brought up with the birdie(s) in
anything other then a casual environment could trigger a disastrous
chain of events for me. Evenings and weekends are
probably when I can be more responsive.
1) That I struggled with myself, and anticipated. Well, I suppose you
have no solid way of knowing. But ponder this -
I have NO intention of asking YOU anything what so ever. There is not
a single thing I have any intention or need to
ask you. If this was a play to extract information/data out of you,
it would be futile as there is not a single thing I want
to know. If you dig around your staffs correspondence (unless already
deleted) you will notice I'm right on the money
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 7 of 17]
about "mr wonderful".I would not be privy to such if I was Joe Blow
from nowhere. I can also tell you that one of
your guys claimed he's been "recycled". That is the *exact* word. I
am not sure if thats some internal term or it means
he/she was in a different role and put into another one. I can assume
it means a moderator or administrator was shifted
from a previous role to a similar role. If that term "recycled" means
anything to you, then that should at least speak to
my legtimacy. Again, you do not have to acknowledge you know what
that means. If it makes sense to you, then so be
it, and if it doesn't then I can poke around more. I'm confident if
you re-examine your staffs behavior and
correspondence, it should verify my solid info. I'm not psychic, I'm
not on your staff, therefore&
2)If you can come up with a method to verify I'm not, I am open to it
as long as I'm able to protect myself to the
fullest. I'm hesitant to touch any data, but I can (and do) commit
things to memory.
There would be no gain in feeding you false information or lying to
you. It would not benefit you in any way and you
would realize your time is being wasted and that would be all she
wrote. I think you are intelligent enough to parse
bullshit from fact. Feeding false information would be the goal of
someone intent on disrupting your activities or
hoodwinking you. Again, something you would probably be able to
verify - maybe half a year ago a guy from podunk
Virginia contacted local and was crying about being blackmailed for
his personal information by 'anonymous
criminals' (Phil something). Middle aged guy who ran a travel agency.
Even down to that level pops up on the radar
nearby to where the birdie hangs out. Did not take long to assemble
the backstory (small time recreational buyer just
got blackmailed if you want to call it that by a crooked vendor) and
dismiss as utterly irrelevant. I'm sure old private
messages or communications can be examined to verify that instance.
How on *earth* would I be privy to that? And to know hard details?
These things make the rounds, believe me. I
would only provide you with things that could be of utility.
3) In short I admire you and what you've created, I don't think for a
minute that helping you out time to time would
hurt anyone (might sound hypocritical but it's not), and personal
gain.
I don't think you've done anything that warrants resources of the
state being delegated to interfere. I call a spade a
spade, and JTFs/reports/operational/mindset are all a crock. I don't
see anything wrong in what goes on here, and in
another less boring life I'd probably have wished I could have been
apart of it. Granted I'm technically on the other
'side' on paper (indirectly), but that's a means to eat. I'm not
Snowden by any stretch, but I admire that. I've always
tossed around the idea that how cool would it be if someone like the
birdie would hook you up here and there, but the
horror of getting utterly fucked and have my freedom taken would kill
any such thoughts. But as I've said.. without
being arrogant I know I'm relatively insulated enough by virtue of
NOT being that close anymore. I'm a fly on the wall
in the grand scheme of things. And more importantly, personal gain.
If you're in a position to potentially augment your
means & income, wouldn't you? I make a decent living, but I also have
responsibilities and material desires. My
conscience is clear because I don't feel I'm harming a single living
creature. I don't come for free, so theres that
motivation.
Worst case scenario I can provide you with insight and philosophy.
Best case I can provide you with solid action-
items that would unequivically give you a competitive edge.
I'm not trying to sell my utility to you, I'm pretty sure thats a no
brainer. But I do think I can deliver..
---
I think that works. Initial+ weekly. I'm not entirely sure myself on
what's fair or not fair.
Initial retainer.. I don't know, 5k too much or is 8k too much? I'll
let you decide.
Weekly do you want to do 500? Obviously some weeks there will be
nothing major other then chatter, and other weeks
there might be extremely useful intel. I think we can just leave it
at 500/weekly.
I made an account on your main site: "albertpacino".
Another thing, what I'm doing, despite all precautions (I've thought
out all scenarios) could possibly ruin mine and my
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 8 of 17]
family's life if ever discovered. I implore that never utter a word
to a soul, a partner, a significant other, even God (if
you're religious). I know you take security seriously, and you've
demonstrated that, so I know you know where I'm
coming from..
And if either of us ever wants to cease communication, then that
should be an option and understood as a logistical
decision, with no hard feelings.
Let's operate under your terms, and I will get to work tonight on
writing up as much as I can RE you'r questions, then
you can dissect and pick my brain with followups, then I respond etc.
I just have to be careful to walk a fine line that won't identify me
or my location, but I've made a decision and I'm
fairly confident in my abilities to satisfy your purposes and cover
my ass too.
The only condition I have is that nothing I ever say be used in a
manner that can harm anyones safety. Even if actual
information is provided for some purposes (a vendor name or
location), I would hope that nobody's safety is ever
seriously jeopardized. Could not live with that. What you do with
information (if involves threatening or anything) is
your business, but nobody can actually be harmed.
I don't think you operate that way anyways..
I do have to run to dinner, so will get you get a comprehensive
writeup later tonight.
And I do respect what SR stands for. In another life I'd have loved
to be part of it. Maybe this is one way to live that
fantasy out.
---
I know that Eileen [Ormsby] has a publishing deal and is writing a
book around SR, and has had extensive dialogue with
everyone from buyers to new vendors to old hats. She claims that she
has your blessing and at some point will be (or
has) interviewing you of sorts. Also you've made reference to a book
or memoir at some point. No matter what, I will
make a gentleman's request that a word of this isn't spoken in this
lifetime. I've taken many risks and gambles in my
life and mostly have been lucky.. but the magnitude of what I'm
doing, if uncovered, could put my family in harms
way and/or devastate them and no money in the world could justify
that. So that's that.
(Some stuff might jump allover the place as it comes to me, so
apologies if theres more stream-of-thought and less
organization)
Byt virtue of the professional capacity of a birdie I know, I
have/had access and in-office/out of office knowledge of
local, state and federal initiatives that deal with work tasked to
monitor, report on, and coordinate interagency
initiatives dealing with
1) Domestic movement of narcotics
2) Movement of narcotics traffic through land/sea/air borders
3) Cyber crime (extortion, child porn, domestic terrorism, credit
card fraud, SPAM, password trafficking, counterfeiting of currency,
computer intrusion, etc)
4) Financial crimes related to narcotics
trafficking/distribution,/profit laundering
Prominent on the radar is Silk Road (amongst other known sites/actors
on TOR) and since late 2011 there's been a
lackluster yet interagency effort to monitor, disrupt, infiltrate
and/or penetrate operations.
The office of the DAAG (Deputy Assistant Attorney General) Computer
Crime (at time Jason Weinstein) was the
principal in spearheading. This is after Sen. Schumer & party created
a hoo-ha. Weinsteins office jumped to take
charge and assume oversight.
Under the auspices of the NCIJTF (National Cyber Investigative Joint
Task Force which is DOJ), the following fed
agencies have a presence when it comes to SR (Stateside)
1) DEA
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 9 of 17]
2) FBI
3) DHS
4) ICE
5) USPIS
6) ATF
7) CBP
That should NOT worry you, because by "presence" I only mean their
are active agents and officer level involvement
from who's resources are pooled and budgets are shared. On a limb
I'll say this, everything having to do with Silk
Road (like any other open set of investigations) is on shared drives
that almost all can read+write, and there is a shared
public Outlook folder where all emails/correspondence pertaining to
SR are routed. Everybody (and I mean everybody)
from entry level up to the heavens have "read" access. Additionally,
people talk a LOT. Loose lips is an
understatement and the level of immaturity and juvenile attitude is
staggering. There is no such thing as "confidential",
and this is a culture where people are numb. You must understand that
part of why I'm so confident (in my ability to
maintain this relationship) is that nothing is treated as sacred and
there are probably 100 people like me who could
offer the same level of access. Analysts do collate data and prepare
summarizations/status sheets and CC the requisite
list/group.. and majority of the time nothing happens. Little to none
replies/discussion. This is not SR specific, but
does include SR. For example reports related to CP sites/forums or
BMR often get the same treatment.. ambivalence.
Here is something that will bring a smile to your face.. it is just
not in the budgets to aggressively dedicate resources to
SR. The way the budgets are allocated are almost certainly political
in nature, and the lions share goes to War on
Terrorism or "real world" drug activity. That's the cold hard truth.
That's not to say that there are no zealots who do
have a harden for SR related activity, but that is more focused on
suspected real world trafficking. Ironically enough,
guys at USPIS do not care in the least about SR. Yes you read that
right. They're broke and have no concept of tech
savvy.. and frankly, they are not interested. DEA guys often initiate
most chatter having to do with SR, yet follow up
is minimum and they are too bogged down in pending investigations of
subjects whom they have the ability to surveil
and/or who's circle they can infiltrate by way of CI's (conf
informants).. none of which is possible when dealing with a
beast that is virtually immune to real world surveillance. It's not a
question of getting warrants to ISPs.. its a question
of who/where to begin looking. They're stuck.
At the analyst level, SR forums and the main site are
crawled/monitored. Not more then 4 people are tasked with just
crawling and mining the forums main site in an observational
capacity. These 4 people are also tasked with crawling
and mining many other websites and forums on TOR and clear net. So
while everything is printed, you can
guesstimate the scrutinity level is not extraordinary. That's not to
say that others do not actively surf the forums and
maintain both buyer and vendor accounts on the main site, they do.
But at any given time, there are not more then a
handful of people overseeing a crawl. When something deemed highly
interesting or important pops up, they will CC
the SR mailing list with a description and screenshot with their
thoughts. Otherwise, there is a weekly status sheet that
gets dumped with the most relevant/interesting/useful occurrences on
the forum along with a summary on
value/suggested "action items". Everything you post (along with the
time stamps) is copied. You are referred to as
DPR across the board. Often there is nothing interesting, and if
there is there is it would be a bullet point such as
"Vendor XYZ (who deals in ABC..) said his packaging methods consist
of 123" etc. This is so they seem like they're
doing their job as often there is nothing interesting at all taking
place on the forum side. When moderators quote you,
that is often the bulk of what gets bullet pointed "DPR has
instructed us to do such and such".
Now, there have and continue to be attempts to compromise staff
accounts (on the forum and main side) by the normal
methods of password guessing, but AFAIK none have been successful.
There have been successful instances of
cloning lookalike accounts which have all been shut down on your
side. Of significant focus is attempts to impersonate
you and your moderators on not only SR mainsite/forum, but on other
TOR sites such as BMR or Atlantis to see if any
prior correspondences can be restarted. Nothing there either.
A 'profile' is an outline of a user that contains key
points/occurences/assesment regarding their activities. There is not
one on every single vendor, but there are on the high volume ones.
The goal is to have all user profiles searchable
offsite. In vendor profiles are return addresess/packaging
method/pictures of the package & contents, replication of
their vendor page text, and any other relevant data.
Your profile (no idea who authored) has you as extremely intelligent
with a background in IT, between 35 and 55,
living on the East Coast, working from home in a
contractor/consulting arrangement and living with family. An
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 10 of 17]
assessment like this would be based on your speech, patterns (such as
when you log on, when you go idle on the
forums), personality,expressed interests, ideology, unique mannerisms
(for example your use of the word "ya" instead
of "you" sometimes. As in "I'll tell ya" or "would ya believe" .. etc
off the top of my head). The assumption is that you
are conscious to actively remain off any kind of radar, do not take
any drugs, do not live extravagantly.
If you have any partners (I'm not talking about staff), you most
certainly are the assumed shot caller and are as
anonymous to them as you are to everyone else. Contrary to rumors,
it's not stated or assumed that you are not the
original brainchild of SR or have ever not been the same person. You
are the same you that started the site and have
never relinquished ownership. Whether it's all you or you've farmed
out responsibilities, it's unclear if the servers are
all located in your physical possession or spread out. It's pretty
much agreed that you have never been a vendor on the
site or tied to any vendor IRL.
You're essentially a ghost. And since you are not a vendor, there is
no tangible way to engage you in any
compromising scenario. There have been attempts to approach you (can
assume under the guise of journalists or
researchers) to probably build a repertoire and study your speech, to
later on analyze and compare if by some fluke
there are any suspected leads on who you are IRL. As of now, I can
say with utmost surety there are absolutely none
whatsoever. You are as anonymous as you were 1 year ago. There HAVE
been concentrated efforts to DoS/DdoS the
site and forum to assess your response time and technical acumen. I'm
not too savvy regarding this, but on a horizontal
scope there have been/are attempts to run exit notes [exit nodes] and
track traffic across TOR. To what end this has been aimed at
SR would be something I would need to poke around about.
Since the assumption is that security of the servers and high level
system are handled solely by you, you are
overworked and delegate lower level duties to your staff. There is a
fixation on some how penetrating or
compromising your moderators into giving access. The philosophy is
that you are less stoic with your team and interact
with them in a more informal fashion, which would provide insight
into where you are located geographically and
your habits (which could be identifiers). The Mr Wonderful operation
(if you want to call it that) is still in progress
and revolves around bribing or threatening your team into providing
access to a staff account. The benefit would be to
not only get closer to you, but to be in a position of trust in the
community which could potentially net high volume
vendors. A few of your staff have absolutely been in touch with Mr.W
and most likely have carried on correspondence
with them off-site. Mr. W is being actively maintained by DEA.
Nothing major has come from this AFAIK, but tidbits
have made the rounds such as there is fear of you and you have or had
asked for personal information in the past in
order to appoint members of staff. Also that you have "recycled"
staff, which is taken to mean that either Cirrus is
Scout (who has communicated with Mr W) and Liberatas could be Nomad
Bloodbath. SSBD has also communicated
with Mr.W. To what extent exactly the nature of their correspondences
are, I do not know. I could find out, but it
would not be immediate as it has to be handled with tact. If there
was a successful breach of any staff account, it
would be known and I would tell you. There has not been. Moderators
are seen as loyal but weak, susceptible to
intimidation and/or bribery. If their anonymity is ever compromised,
they would turn. SSBD is assumed to be in the
UK, where as Cirrus is assumed to be Midwest Stateside. Inigo UK,
Liberatas States.
Assumption is that you also have employees on the main site who are
completely unknown who handle maintenance
and upkeep. No geographic assumption on any of them. AFA your
relationship with vendors it is a rule of thumb that
you do not have any special relationship with high volume vendors
over other vendors. No vendor is assumed or
perceived to be close to you. They will keep trying to open open
lines of communication with you under various
guises, even as vendors yet the likelihood of you befriending any
vendor (real or agent) is nil. Locating you or the
servers, although would be a major coup, seems all but impossible so
the focus is aimed at netting vendors.
The high-vol vendor operations such as (to just name a few) Nod,
NorCalKing, RxKing are all under scrutiny. They've
all been purchased from multiple times and general geographic
location is assembled. For example it would be known
that the Nod operation is NY, NCK is in California, RxK is Southwest
US etc. There are also ongoing attempts to
befriend the 'biggish' vendors through private message/forum
pm/privnote/pgp and take correspondence off-site. This
is where off-site deals and 'partnerships' would get cooked up and
layers of anonymity be peeled away, leading to
more detailed profiles.
No high volume US vendor has been surveilled. On a state level,
several suspected major vendors have been
surveilled, yet none have been touched as that won't happen till a
multi-jurisdiction plan to move on several vendors
simultaneously in a grand slam display is logistically possible let
alone greenlit. AFAIK, something of that magnitude
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 11 of 17]
would not be possible currently. There have been one-off prosecutions
on county and state levels. What happens is that
a vendor that has confidently profiled/ascertained to be originating
packages out of a certain jurisdiction, that
information is shared down to local/state to put eyeballs on. A lot
of that was happening in the beginning, but now
there's more of a "hands off" approach. They'd want to sweep the
maximum amount of vendors at once. Having the
Sheriff of Mayberry hit one based on JTF Intel is just not the
culture/mindset. Nearly all efforts are conducted out of
Jersey and Los Angeles.
All LE case reports (from county-level upwards) are indexed by a
Lexus-nexus type database and can be searched for
keywords. When they hit, they will hit several big vendors at once.
They will parade them in front of the media and
give the impression that the entire SR infrastructure was brought
down (a la Farmers Market). Barring any unforeseen
circumstances, there is nothing cooking at that level currently.
Something of that magnitude would be seen coming
well in advance and chatter would ramp up. There has never been
heightened activity of that level in my birdie's time
being a fly on the wall.
Posing as vendors - yes. That has happened. Although, DOJ attorneys
will never ever allow drugs to 'walk' en masse.
Especially after scandals such as Fast and Furious where the guns
were allowed to walk.. they simply can not
introduce narcotics into circulation. Vendor accounts have been
bought to gain access to that side of the site and
Vendor Roundtable and to establish longterm credibility, but any
"purchases" would be absolutely fake and bought by
their own accounts to build credible stats. Pm sure on state level
there have been targeted vendor-posed operations to
net bulk buyers, but those are highly controlled and short term. I
have not heard of any of the top of my head. That
does NOT mean that is not currently happening or will not happen in
the future, but any significant bust would have
made waves.
Vendors HAVE been approached off-site (most list their tormails on
their pages) for customer information. This has
been bought. Then collected and dumped. It has mostly been vendors
who have vanished/been banned/ or slowed
down. They're deemed to be the most vulnerable. This is not pursued
as much due to a poor ROI. Most vendors/former
vendors have not entertained such advances and those who have have
demanded funds that simply are not available
even in the discretitionary account(s). Like any other government
effort/agency/JTF, funds are near impossible to get
approved & released. Even undercover buys require paperwork and
approval. There is no joint kitty of BTC available
to make purchases from every vendor. It would take 2-3 days to get
funds released for anything, and approvals are not
that easy to obtain AFAIK. And in any case in this scenario,
verifying information would be a nightmare. No
guarantee that they would not just copy and paste names from the
phonebook or use a name generating site. No real
benefit other then to identify potential bulk buyers who would resell
IRL (and this information would get kicked down
to state/local).
Right now, there is a "watch and see" enviroment. I don't want to say
that idea is to turn a blind eye by any means.. but
until they swoop in to hit several vendors at once, there is no big
fish in the cross hairs. The servers are a mystery, as is
the leadership. Going after buyers would do absolutely nothing and
not justify the budgets. Going after vendors one at
a time also won't sit well as those get kicked down the food chain.
Going after several vendors at once will be the play,
bet on that. That will require compromising and turning CI's in each
vendor's operation or periphery, which is not
easy. Also, sustaining a DDoS against SR will not be the play either,
I know this for a fact. Let me put it simple terms.
You're winning. They just don't know how to tackle this beast
effectively.
In all honesty I've had a very long day.. I'm kind of pooped right
now. I'll have to call it a night. I know you'll have
questions and I'll have answers and so on/so forth. Will hit the bed
as I'll have probably have a fresher mind in the
morning. Let's call it a night for right now.
---
I can only imagine. And usually the weakest link is the human
element. We are all human, and all the precautions in
the world don't mean a hill of beans if a slip up is made IRL. I
don't want to give you a false sense of security, but you
have done a thorough job of flying under the radar.
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 12 of 17]
One thing to be cognizant of, there's a lean on the domestic BTC
exchanges to cooperate. There have been informal
discussions in the last few months to develop working relationship
with Coinbase (I know for a fact). After DHS hit
Gox, even the boogeyman of a FinCEN violation is enough to mortify
any of the btc guys. Anyone moving large sums
of BTC will be open to scrutiny. I reference Coinbase because I know
there was a series of meetings with Compliance
at Coinbase. That can only mean one thing& BUT, that does not mean
that the full on arm twisting by Treasury is
going to be utilized to track black market vendors. They're more
concerned (and justify) their desire for access due to
terrorism. Most of the black market economy is essentially low
hanging fruit in comparison to terror funding. But if
OC activity is disrupted and theres political mileage for DoJ, the
wide dragnet serves a multi faceted purpose.
1)
a) BMR is on the radar and that is ATF's baby. Politics plays a
significant role in prioritization of which agency gets to
own which investigations. The climate is aggressive when it comes to
weapons trafficking and with the gun control hot
potato has guaranteed virtually a carte blanche to ATF. And they have
deep pockets as well. Because tor based
weapons traffickers are almost always running guns IRL, there is
synergy between federal and state. Federal approves
staggering sums of money for surveillance,undercover and CI's. I
don't want to say BMR is "infiltrated", but there are
a lot of compromised accounts and there have been a few quiet busts.
Nearly every bust has resulted in cooperation. I
am not sure what the long play is, but as long as this current
administration is in power the gunrunners will always be
hard targets. They are intimidated with the threat of tangible
charges (interstate trafficking, conspiracy, organized
crime, distribution) and they ALL cooperate. The general consensus is
that weapons dealers are not sophisticated and
have a lot of IRL visibility, so they are ALWAYS on the radar.
"backopy" from BMR is also of significant interest because the
operating assumption is that he maintains a healthy
relationship with BMR vendors privately. This would have come from
multiple compromised/cooperative vendors
sharing their correspondence. He's thought to be a 1 man operation
who's around the Las Vegas area. As to where the
servers are is an unknown. The administrative structure of BMR is
loosely unknown. But he's been a direct POC for
cooperators and nothing I've seen or heard suggests that there are
any hard leads on his location or identity. I do know
that BMR/backopy is seen as a ragtag operation.
"East Coast Trade" from BMR has been discussed as a potential major
middleman based on buys that have been made.
This would stem from primarily quality of product and similarity to
product that was interdicted at the street level.
b)HardCandy/Jailbaits are notably on the radar as they've been
publicized in the media. Although these sites (and
dozens other CP directories/forums) are on a permanent back burner
when it comes to federal muscle. The consensus is
that the hosting, content and major trafficking is foreign, so
efforts should be coordinated under Interpol's umbrella.
This is low priority.
c) HackBB and TCF are prominent and actively surveilled. Have not
heard of any significant operations that have
netted any majors, but there have been some successful
prosecutions/interagency wins. HackBB especially is
monitored closely. There is another counterfeit site whose name
escapes me now, but there was a major sting that
happened in Boston last winter which was a result of efforts focused
on it. Paypal was involved and was very
accommodating to SS in handing over logs.
d) Atlantis is too new to be taken seriously yet. It is not a
honeypot.. it is for real. But it is being monitored and buys
have been conducted. They're still figuring out where it stands and
if it is fly-by-night or making a play to enroach into
SR's territory. It is too early to tell and there is not significant
traffic enough to justify re-allocation of resources.
2) Essentially yes. I have 'Read' permissions and can view docs.
3) Yes, a lot of people including my birdie are CC'd and have access
to that email folder.
4) Both. Automated scripts primarily, and manually to a lesser
extent. There have also been external (civilian) efforts
to smart-crawl the site in a research capacity.
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 13 of 17]
5) No. There has never been any names, concrete geography, or
associations. Something like that would be a big deal,
and not the kind of thing that would be able to be kept mum even if
it was field-level. You are too "big of a fish" for it
to be able to remain on the field. That is not to say that if the
full resources of the state are at their disposal that they
wouldn't be able to close in. But THAT is never going to happen. You
aren't Bin laden, and there is not much political
mileage in justifying millions in someone that is not physically
trafficking in anything. You are operating a continued
criminal enterprise and violating a host of laws.. sure, but you
aren't moving drugs. You are not packaging and
trafficking drugs. The irony is that although this is your show, the
cast is more important to target. That is not to say
that you shouldn't take precautions and your security very seriously.
This entire Snowden fiasco has shed some light on
what kind of impressive technology is at their disposal. Anybody can
be surveilled at any point and wide enough
parameters can be set to pickup on even the slightest unique
identifier.. but again I can't stress enough, it's not in the
budgets. If the spooks ever wanted to find you, that could happen..
but they do not and will not. There are no hard or
soft leads on you, and I can swear on my children to that. If there
ever were, I'd know about it.. and as per our
arrangement, you would. But if you continue your SOP's in regards to
security, you are a ghost.
It is believed that you are the same you since the beginning, and
that ownership/administration has never changed
hands. But you can sleep knowing that you are as known today as you
were 2 years ago.. unknown. The door will not
be kicked in just like that. There will be a flurry of activity for
weeks and months beforehand.. a flurry that no birdie
would be able to not notice.
Don't take that to mean you shouldn't have several outs and exits,
which I'm sure you do. This is not my place to say
this, but if I can venture some advice. Walk away from this one day.
You've done something remarkable that will go
down in the history books. But you are human, and humans are prone to
mistakes. Any kind of mistake in your
position would be catastrophic.
6) Yes. I can poke around more, but in short - yes. What the end-goal
was, I'm not sure. What they assessed, I'm not
sure. But further attempts on the integrity of the site will be
executed, be sure of that. Although I can tell you, that
won't be a long term play. It can't be sustained forever.
[#6 is presumably a reply to DPR1 asking "what were those DoS attacks
on SR1 trying to assess?"]
7) Not AFAIK. I can poke around and get back on this. But does not
ring any alarms in my head. I vaguely recall
some back and forth about a paper that was published, but I don't
recall anything coming of it. This would be
something on the tech side. I will circle back with you on this.
[Is #7 that a question about the hidden-service guard-based
de-anonymization attacks?]
8) Some, yes. Off the top of my head - I know that "Costco" is a West
Coast operation and theres some fair certainty
that it's an Asian gang deal. There is an immigration element and
tied to IRL dealing. I'm not sure what the wait is, but
there's some play that probably involves state/local.
"Marlostansfield" is NYC, and the guy has a lengthy record and has
been a CI in the past.
"Godofall" is NYC and they're Dominicans who are street
level/wholesalers.
"DaRuthless1" has been surveilled by local in Queens and has a prior
for distribution oxy.
"UndergroundSyndicate" I know was assumed to have been made, but
there was some snafu with that and bickering
state level.
I know there were a few California based pot guys who were being
surveilled, I can circle back on vendor information.
There is a vendor in Dade County, FL that was surveilled, grabbed and
turned but the focus was on his IRL connects to
coke wholesalers, not on mail.
[Marlostanfield, Godofall, and DaRuthless1 seem to have disappeared
before or during the fall of SR1 and no busts are known to be
associated; UnderGroundSyndicate was busted as part of the SuperTrips
case; the CA and FL mentions are too vague to judge. Ulbricht in his
journal credits Force's info with saving at least one vendor,
although it's unclear which.
It's noteworthy that someone contacted Eileen Ormsby in December 2013
(http://allthingsvice.com/2015/04/02/special-agent-force-alpacino-and-
me/), referring to Force's info and telling Ormsby to "ask M___ how
DPR knew stuff that helped him not get busted. He won't know how, but
he will know what you are talking about"; Marlostanfield is the only
vendor named in the entire file whose name begins with "M" and if he
had already run afoul of the law many times, he would be quick to
disappear upon being warned, although Ormsby denies that M was
Marlostanfield, saying it was someone else and better known
(https://www.reddit.com/r/DarkNetMarkets/comments/336p83/the_force_bri
efing_le_dnm_investigative_methods/cqi3v2t) so possibly this M was
discussed in later messages from Force.]
I can poke around in regards to more on this topic.
I'm sorry if I said anything that makes you unhappy.. I would not lie
to you about anything, I would not gain anything
from withholding, rather you'd lose your utility for me and obviously
that's counter to me even reaching out.
Please understand that it's obviously possible that I'm not privy to
EVERYTHING that goes on. I work in a 9-5
environment and I'm nowhere near the field (and I'd never be). If
there's something that you're 99.9% sure of is in
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 14 of 17]
DPR's profile then you'd know better. If I don't know about it or
have not heard/seen it, then that's a limitation of what
I'm privy too. And I apologize for that sincerely, but I have no
control over that.
As for #6, I can stress again that I'm not a technical person. From
everything I've heard, it was the guys behind the
DDoS. Thats the water cooler buzz so to speak. I said I have no idea
what the goal was, if any. It's not my place to
venture any opinions, but if someone else claimed to take
responsibility then either they wanted to jump on the
bandwagon, or they could have been trying to engage you and solicit
some response. I am simply not consulted on
operations.. I don't know any other way to put it. I'm a cog, not
anything more.
I can stand by the profile of you that I provided. If there is more
then I do not doubt it in the least, but it must be
pegged as need-to-know.
RE your scenarios - I reached out to you for, as I said, personal
gain. There is no card being played.. believe me I'm
not in the game. To placate you into a false sense of security.. but
then ask for compensation? That doesn't make sense.
I see what you're saying, and I don't blame you, but if that scenario
had any merit, why would I "compromise" the
Wonderful deal? Do you see what I'm saying?
Scenario 2 is one that I'm whole heartedly (well, heavy heartedly)
willing to accept. I do concede that I'm not an agent,
I'm not operational, I'm not field. I'm a worker bee and I do feel
I'm useful.. and I'm willing to prove it (while also
covering my own ass). But if you feel I'm not as useful as you had
hoped.. I'm pretty damned sorry and I can accept
that?
I'm open to whatever you suggest..
---
Well now you have me thinking too.
It's one of two things:
Out of an abundance of caution. There could purposely be bogus OR
outdated profiling (left over from a legacy
report). Knowing theres various agency crosstalk (and curious
eyeballs), the thinking can be to keep sensitive
information off the shared drives for fear of someone going into
business for themselves. The nature of btc and for can
tempt anyone to come to you (as I have) with something you'd
presumptively write a blank check to get your hands on.
Leaks happen all the time.. but generally they're to the press, not
the subject. Could be a safeguard. Or, could simply
be because your sources might be closer to the field and have first
hand knowledge of updated working data.
The DDoS would certainly be NCIJTF/FBI. There would not need to be
any full time geeks tasked with attacking or
penetrating SR and nothing else. Could only be 2 ways:
1)They would assign a group internally, fast track the assignment
approval, provide an objective and get briefed on any
developments. This isn't open ended and there has to be some
goal/metrics to be reported on in a specified timeframe.
2) Farmed out to a contractor. A lot security specialists are
contracted out by the FBI. This is a bit murkier as they
operate on their own guidelines and are just asked to deliver with
minimum oversight.
But they have limited resources at their disposal unlike employees.
This is something I can dig around and find out if it was internal or
outsourced. I can also find out if theres a set group
that's been delegated specifically to SR. Would also be able to
ascertain which office they'd be out of. Most
importantly I can try to see what (if anything) has been the yield
and what the priority level is. If I start getting too
technical with my poking around that might raise a flag.. so it's a
balancing act for me. But I can get you something
RE: past IT based attacks on your infrastructure.
---
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 15 of 17]
I will, that is something I can do that might shed some light on the
attack(s). Engaging you/intake of your response is
attempted by every means. This is my opinion, but even if it was
legitimate extortion does not rule out a contractor(s)
sourced by LE. Anybody can see dollar symbols and see a financial
opportunity even if they've been tasked by feds.
Now, if it was in-house then yes, demanding payment to ceasefire
would be bizarre as there would be too much
oversight on the operation and if you had gone public (for example)
with the fact the attacker is asking for payment..
there'd be disciplinary action at the very LEAST. But you are right
in the sense that highjacking/ransoming the site for
profit is not how LE operates. I'm thinking if the attacker was not
LE, then they launched a separate attack with the
wishful thinking that the massive onslaught would disrupt the site
long enough to cause hot vendors to go back on the
streets and open themselves up to catch cases.
I will look into this.
There are a few shared drives, but the lions share of SR related data
is dumped to a drive titled (I'm not being
humorous) "Silk". I would say SR related maybe 3 gigs? As for getting
a copy of it -
this is scary. I don't know how/when/IF such a thing would be
audited. Do you know? I'll research. But the thought of
making a copy of all the folders onto an external from my
workstation.. that really turns my stomach. What if theres a
system wide audit of who copied/moved/read/wrote what folders/files
and it's asked of me what I was doing copying
that entire folder to a USB..we're talking Do Not Pass Go, Do Not
Collect $200, straight to prison. But maybe I'm
being paranoid as well, because there are so many cooks in the
kitchen and people move folders/files all the time. No
cameras where any of the cubes are.. so theoretically if I found an
open work station, a copy *might* be possible. But
I can tell you that the risks involved in this are unquantifiable. I
can think this one through. Maybe copy some does at
a time, in 2 or 3 passes. Let me read up on how/what can be audited.
Every avenue is being explored by Treasury and HSI (Homeland Sec
Investigations) to get claws into the Bitcoins
exchanges. By claws I mean sweet talk and then flat out
intimidate.The view in LE circles is that Bitcoin exchanges
are shamelessly serving as money launderers and know very well that a
wide chunk of the bitcoin economy is from
black market transactions. Now, when Gox was hit in the spring.. that
was literally over an unchecked box on some
form asking "Are you a money transmitter?"! Because (the US
subsidiary) of Gox failed to check the "Yes" box.. that
alone was enough to get a judge to sign off on a warrant. The rest is
history. LE has reached out to EVERY SINGLE
DOMESTIC btc exchange and asked them to share records on vague
grounds (ongoing narco-traffic investigations,
Islamic charities/donations etc) and establish channels. The
exchanges seem to talk to each other, and have by large put
a united front and rebuffed these advances so far and have insisted
their Ts are crossed and I's are dotted, which means
they are not obligated to share records with any LEA on gratis. And
since their paperwork is in order, LE is stuck here.
They have not been enable to find cause to hit any of the other
exchanges the way they hit Gox. I can tell you that LE
is so used to banks bending over backwards to accommodate, they're
annoyed that the exchanges have not rolled over.
They have not seized servers of any domestic btc exchange. Even Mutum
Sigillum's seizure was just their Dwolla
account, not their servers or any stateside Gox data. Coinbase,
however, is probably playing ball at some level. If you
recall they scored like $5mil in a Series A round a few months ago.
Few weeks after that (I'm talking June), there were
meetings between there Compliance/attorneys and Treasury. This is not
public knowledge. Either this was the investors
insisting that they reach out to the feds and get in their good
graces, or Treasury tried to squeeze them and maybe
found something they thought they could use to bully them. But that's
been quiet since. Have not heard anything. Gut
says they probably reached some tentative agreement to pass on
records in a limited capacity. Long story short, no,
they are not tapped in to the exchanges (yet), aside from possibly
Coinbase.
Civilian leads come in all the time to both local and federal.
Sometimes its a call to one of the tip lines, and sometimes
from confidential informants on the local level who are helping build
cases on street dealers, and the street dealers are
suspected of putting drugs in the mail or fedex, and SR is mentioned.
Other civilian leads would be from academic
research regarding SR/TOR (crawlers, potential bugs/flaws in the for
network etc). Or then instances of someone
coming to local LE for help because they were being extorted and
'threatened to have their information released
allover SR forums' etc (usually a buyer that's getting blackmailed by
a vendor) have also trickled in.
---
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 16 of 17]
Yes, I'm thinking slow dump to USB, then PGP'd and sent to a tormail
you provide. Will have to be slow, and ideally
any chance I get to an open machine that I'm not logged into. The
good thing is people don't take their workstation
security serious and are pretty lazy.
What are your thoughts on this RE the weeklies and anything that
comes through the pipe on Outlook. I was
considering screen shots, but then the fear of an audit catching an
outrageous amount of screen shots might be a
problem. So, suppose I got an old iPhone or anything with a high res
camera, and pulled up docs and took pictures?
Then can transfer the pies later, remove exif data, crop out anything
identifiable (reflections, other open work on the
machine) and then send? Although crude, this would at least work in
terms of getting your eyes on stuff. Fallback
would be you wouldn't be able to copy paste anything. Thoughts?
About Gox: No way. Hitting Mutum Sig was a last resort and
reactionary because they had approached Gox directly
and were rebuffed, and then reached out to the Japanese government to
no avail. Although on good relations, Japanese
companies are very anal when it comes to perceived threats to their
bottom line. Must not forget that Gox is fully
aware that that a staggering amount of traffic is dirty money (no
offense), and that makes them money. They can't
fathom turning over records and data to the Americans without a
crippling mass exodus of capital (if it ever came to
light). Also Japanese are a proud people when it comes to their work.
There are free trade agreements with Japan that
have binding clauses to provide financial information to requests
from say the IRS, but something that like can't be
used as a tool with the Japanese government because of limited
resources and approvals on our end. It's very
beauracratic and not just a matter of a few phone calls and emails.
And even still the Japanese can stall and pushback.
As long as Gox is operating where they are, they will guard the
integrity of their records/logs/data. Gox is outside the
tentacles.
---
No no, I can, I was thinking in terms of immediate data transmission.
Grabbing off the drive is going to have to be
done over some time. I can copy the contents of the weeklies to a
file.. especially as they're sitting in Outlook. It does
make my stomach turn.. but I know I've made a decision and opening
emails is not out of the ordinary for me. I just
have to remind myself that I'm as anonymous as can be and the
financial incentive is attractive. And realistically I'm
one of around 100 or more who would routinely be privy.. so I don't
stick out. But Jesus this is scary. Sorry, just
thinking out loud. I do appreciate you reposing trust in me and being
generous with comp.
---
When I put my paranoia into perspective vis-a-vis what stress you
must live under.. and see a (wo)man who's
seemingly calm and collected, that does ease the burden. At the end
of the day us corresponding on for is as safe as
can be. And my age/appearance is helpful in regards if ever asked why
I'd be accessing SR specific docs/folders.. it's
not entirely bizarre that I'd be curious in counter culture. And
without getting into my position, I am tasked with a lot
of grunt-work that involves being in various drives. Because of my
clearance I haven't even done drugs in ages and
can't., so I've never indulged in the site. And this method of
correspondence was thought out by me for weeks. I'm not
on my personal machine. God forbid the day would ever come where an
eyebrow would even be raised though.
I know you know how to keep an eye on your staff.. but realize that
correspondence on the Wonderful situation is
something you'd want to pay close attention too. Even if your guy(s)
swear up and down the moon (to Mr. W) that you
aren't in the know they've been talking, it will be assumed that you
ARE watching and/or playing them directly. That
can be a pro or a con for you, depending on how you finesse the
situation. They either feed disinformation and/or take
anything relayed with a grain of salt. I would not let your staff
know you know they've been talking.. not only would
that raise a flag, you'd lose a major opportunity to manipulate the
situation. Bottom line is, assume they're
[Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 17 of 17]
compromised or infiltrated, and you can have the boys running on
goose chases.
The more you send confusing signals via the forum and manufacture
events, probably the better. For example to post
that you're satisfied with the new setup/configuration of the server
would be a good throwoff/distraction. Or to let
speculation run about how many people are DPR/has SR changes hands
and whatnot is advantageous to you (but you
knew that). Or even to appear to unconsciously reveal an identifier
about your habits/intentions/origins is good
psychological warfare (but you knew that too).
As far as your vendors go.. that's the weakest link. You have to keep
an eye on their PM's and
behavior/correspondence. Keeping them off the street, encouraging
they partner up to appear to be operating out of
various geography, monitoring their attempts to work outside the
framework and open themselves to under covers are
all no brainers but imperative.
I'm going to poke around all I can on previous attacks/future plans
of assault on the site.Know that paralyzing the site
forever would never be an end goal of LE. That would be
anticlimactic. Breaching your site security would be, and if
that were to happen, they'd sit on it and watch.. with no time
constraints. And still target the high volume vendors. If
that were too happen, it would eventually filter back to me and thus
you, and how you tackle it is obviously your call.
If the climate in regards to the BTC exchanges changes and theres
heightened interaction with Treasury/HSI, I will tell
you the who and when. That might help you strategize big picture. For
right now they're safe. That could change.
I assume you'll want to know of street level activity or buzz that
comes in via local or USPI, even if mundane. I'll get
that to you too. If I can't get a vendor name, I can provide you with
the geography and whatever identifiers I find. But
these guys are almost always flipped and used to setup their IRL
connects.
Also, do not put it past them to wiretap journos. If you (for
example), interact with people like [Adrian] Chen or Ornsby [Eileen
Ormsby], assume
they can see it. Assume journalists are compromised/breached.
What I'll do this week is figure out how to start gleaning docs off
the drives, and copying the weeklies/emails. Will
need a few days to get that sorted out. I do sincerely hope that all
this helps/will help you.
I guess that wraps up our initial framework. I don't know anything
else off the top of my head that might be critical.
But if something does come to me then I'll inform you. Give me a
tormail where I'd be able to send stuff to. I'll create
one as well strictly for this purpose.
If I'm not missing anything.. then I assume the first part of our
initial arrangement/deal is squared away? If you could
take care of the balance of my retainer tonight I'll have some peace
of mind that I'm starting the week/this chapter of
my life squared away. And the weekly comp following the weekly data
that comes your way? I assume that's fair?
---
Ok, got it. Thank you for that DPR, you're a man of your word as am
I. Thank you for being receptive.
Most weeks there's something at least.. so "nothing new or
interesting" is almost never the case unless theres a
complete lull or resources are re-allocated to some pressing other
business. Even if there's nothing "new" per se, I can
always engage others informally and chat them up to see what the buzz
is. I'll figure out the doc/files and send them
encrypted to that address. Feel free to ask any questions whenever,
I'll check this forum account every evening and
again at night. During working hours is almost possible unless I'm
working from home, in which case I'll be reachable.
If there's any specific you'd want want me poke around, then just
point me in the right direction and I can circle back.
Sorting out what else they have that isn't in the current profile
(and why/how it's omitted) as well as the
what/who/where/why RE the DoS I've put on top priority. I'll get
something.
[ending of Carl Force/DEA double-agent/informant "alpacino" briefing
for money]