When darknet markets are shut down these days, the arrests donât generate much fanfare. Thereâs a day of press at best, and then the media moves on to bigger stories, leaving the fate of the DNM operators unreported as their case grinds through the courts. This is a shame, as the indictments for the accused reveal valuable insights into how law enforcement caught their quarry, providing opsec lessons that every bitcoiner should take to heart.
Opsec Lives and Dies on the Darknet
You donât have to be operating a multi-billion-dollar darknet market (DNM) to require privacy. Maintaining anonymity, or at least pseudonymity, when operating online is an aspiration that everyone should harbor, cryptocurrency users especially. Even if youâve no desire to launder cash or sell copious quantities of cocaine for crypto, thereâs a plethora of reasons to hide your online activities.
If youâre wondering how much data you leak simply by sending or receiving cryptocurrency, or transacting on a darknet marketplace, last weekâs Wall Street Market (WSM) indictments provide the perfect case study. Buried in these criminal complaints are opsec lessons that should give everyone pause for thought, whether youâre the next Dread Pirate Roberts or simply a staunch libertarian who wants to be left the hell alone.
Lesson 1: Donât Trust Bitcoin Mixers
According to the United States of America v. Tibo Lousee, Klaus-Martin Frost, and Jonathan Kalla, aka the three Germans charged with operating Wall Street Market, âThe United States Postal Inspection Service learned, through its analysis of blockchain transactions and information gleaned from the proprietary software described above, that the funds from Wallet 2 were first transferred to Wallet 1, and then âmixedâ by a commercial service â¦ through thorough analysis, the United States Postal Inspection Service was able to âde-mixâ the flow of transactions.â
Centrally operated BTC mixers of the sort referenced here include Mixertumbler, Bestmixer.io, Blender.io, Bitcoinfog, and Gramshelix. There is no means of knowing which mixer the authorities succeeded in deanonymizing â which they achieved on no less than three occasions â but as one recent article on mixers notes:
Centralized database systemsâ server logs can easily be accessed by anyone (hackers and other malicious individuals or groups, law enforcement etc). Even though bitcoin mixers often claim not to store transaction details for more than 24 hours, this still poses an unknown risk of being found out.
This doesnât mean you should avoid using mixing services â they are still a good privacy preservation tool. However, it would be foolish to stake your freedom on the irreversibility of a mixing service, and inadvisable to rely on a centrally operated service which could be compromised. Use a decentralized peer-to-peer mixing service instead like Coinjoin for BTC, or Cashshuffle for BCH. These services canât guarantee your funds canât be traced back to their source, but they are at least free of backdoors.
Lesson 2: Configure Your VPN Carefully
The WSM three were all technically proficient, with two holding down day jobs in IT â Lousee was a computer programmer. Despite these skills, VPN leaks appear to have been a contributor to their downfall.
As the complaint reads, âthe WSM administrators accessed the WSM infrastructure primarily through the use of two VPN service providers. The BKA [German federal police] determined that one of the administrators … used VPN Provider #1. Based on the BKAâs analysis of the WSM server infrastructure, the BKA noticed that on occasion, VPN Provider #1 connection would cease, but because that specific administrator continued to access the WSM infrastructure, that administratorâs access exposed the true IP address of the administrator. The BKA then investigated the true IP address.â
Lesson 3: Donât Recycle Identities
One of the ways in which Dread Pirate Roberts was busted was through reusing the nickname âfrostyâ which tied his Silk Road identity to his real life persona. Six years on from that hard lesson in opsec and DNM operators arenât any wiser. One of the WSM trio, Frost, used the same PGP public key on Wall Street Market as he had used previously on Hansa Market, making it easy for his BTC transactions on the latter DNM to be associated with other wallet transactions heâd made for services in his real name. As the complaint notes, a âPGP public key, in the context of darknet investigations, is likely a unique identifier to an individual.â
In addition to recycling PGP keys and wallet addresses, one of the accused, Lousee, is believed to have used the handle âcoder420â to access the WSM test server. This was subsequently correlated to âPictures of LOUSEE consuming marijuanaâ and âNumerous references to â420,â including a license plate of LOUSEEâs vehicle and a sign on a bedroom wall with â420.ââ
A separate criminal complaint against WSM moderator “MED3L1N” reveals a string of similar errors, with recycled usernames, passwords, and duplications making it possible for LE to identify their suspect with little more than some diligent internet detective work. For instance, in one public profile, the accused, Marcos Annibale, is pictured alongside a bookshelf with âGomorra,â written by Roberto Saviano, visible in the background. MED3L1N later recommended the same book in a thread on WSM.
The thousands of hours law enforcement pours into tracking down darknet market operators is is an affront to those who see the war on drugs as an assault on personal sovereignty and a gross intrusion into citizensâ private lives. It is not time wasted, however. Whatever your take on darknet market prosecutions, we should be grateful for the intensive pen testing these investigations entail. Through piecing together the clues found in criminal complaints and reading between the redacted lines, we can learn better ways to protect our privacy and preserve our right to transact anonymously.
What are your thoughts on the war on drugs and the authorities’ attempts to close down DNMs? Let us know in the comments section below.
Images courtesy of Shutterstock.
Did you know you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a Bitcoin address search to view it on the blockchain. Plus, visit our Bitcoin Charts to see whatâs happening in the industry.
The post Donât Trust Bitcoin Mixers and Other Opsec Lessons From the Darknet appeared first on Bitcoin News.