|
xpl0de
ḆËŦŦЯ_őƑ_Ŧwo ƹvïlz




Registered: 07/14/07
Posts: 2,213
Last seen: 3 years, 10 months
|
How a drug dealer’s IP was found out by package tracking 1
#21686911 - 05/16/15 12:24 PM (8 years, 8 months ago) |
|
|
http://arstechnica.com/tech-policy/2015/05/how-the-usps-targeted-a-drug-dealer-via-his-ip-address/
Quote:
 Suspect routinely checked tracking on shipments of methylone from China.
A federal drug case in Massachusetts has shed new light on how the United States Postal Service’s (USPS) law enforcement unit uses something as simple as IP logs on the postal tracking website to investigate crimes.
According to a December 2013 affidavit of an ongoing federal criminal case in Rockland, Massachusetts, one alleged drug dealer named Harold Bates was found out simply by the digital trail he left on the USPS' Track n’ Confirm website. The affidavit was added to the court docket in January 2015, and the case was first reported by Motherboard.
Bates was charged back in March 2014 with conspiracy to import methylone (also known as "molly"), importation of methylone, and possession with intent to distribute methylone, among other crimes. Last month, the judge in the case ruled against Bates in his attempt to supress evidence seized in those packages.
The judge’s memorandum and order explains that postal investigators found 500 grams of a substance that turned out to be methylone in a package to be delivered in Hollywood, Florida. That statement could suggest that investigators found the suspicious package first and then manually checked IP logs to see if anyone had been searching for tracking information. Once they located Bates’ IP address, they may have checked to see if it had been used to search for other packages.
But in the affidavit, United States Postal inspector Stephen Dowd seems to imply that this link happened in a more automated fashion.
As he wrote, "The USPS database reflected that an individual using a computer or other device with IP address 75.67.6.214 accessed the USPS Track 'n Confirm website to track the progress of both the Florida Parcel and Bates Parcel #1."
Neither the United States Postal Inspection Service (USPIS) nor Bates’ attorneys responded to Ars’ multiple requests for comment.
Ahmed Ghappour, a law professor at the University of California, Hastings, told Ars that he has never seen a case like this before. "What’s most bizarre about this case is the tip-off by algorithm," he said. "It seems that the investigation was triggered by a system that mines Track N’ Confirm user-data in order to detect suspicious activity."
"The Dowd affidavit is very clear that Postal Inspectors discovered a connection between packages delivered to Florida and Massachusetts before initiating contact and obtaining consent to search the Florida package," Ghappour said. "The affidavit is not clear whether the mere act of tracking packages addressed to different cities was sufficient to trigger the investigation or whether other factors, such as foreign return address, came into play." You’ve got mail from China
The affidavit provides further detail on how Bates was investigated.
Once the USPIS found the matching IP addresses, it quickly determined that they belonged to a Comcast IP block. After requesting Comcast to hand over subscriber data, investigators found that the subscriber linked to the IP address at the time was someone named Matthew Demaggio of Rockland, Massachusetts.
After checking further records, the USPIS determined that Demaggio has been in jail in Massachusetts since September 2013 due to an armed robbery conviction. The USPIS then checked what postal mail was being delivered to the Rockland address and found that it was being addressed to Bates.
Dowd continued:
I have verified through a USPS letter carrier that Bates regularly received mail at the Bates Residence for at least the past six months through the present. I also reviewed records maintained at the Rockland Post Office and determined that five prior Express Mail parcels from either China or Hong Kong had arrived addressed to Bates at the Bates Residence since October 21, 2013.
For three of those packages, Bates had called ahead to the post office and arranged to come pick them up in person rather than wait for them to be delivered. So Dowd and his colleagues anticipated that he might do this again.
On November 13, 2013, Bates Parcel #1 arrived at the Rockland post office, and Dowd arranged for a controlled delivery—he secretly watched Bates arrive in the building and pick it up. A dog named Lucky
There, Bates picked up his package and paid for a postal scale with $50 in cash. He and a woman that he was with drove to East Water Street in Rockland, where Massachusetts State Police (MSP) were surveilling his residence. The MSP watched as Bates placed two large white plastic garbage bags in a dumpster behind his building. Once Bates and the woman drove away, the MSP retrieved the bags.
Inside the bags was a host of evidence suggesting that Bates was involved in some sort of business from China.
By December 2013, the two USPIS packages from China had arrived, and both had been tracked with the same Comcast IP address. Updates were being sent to the e-mail address satva1100@ymail.com, the address previously associated with package tracking.
Dowd called an officer in the nearby Braintree Police Department to bring his drug-sniffing dog "Lucky."
Dowd continued:
I traveled with the two parcels to the USPS facility in Braintree, Massachusetts, where I placed the Parcel #2 and Parcel #3 at different ends of a large loading dock. I also placed six other innocent parcels among the two suspect parcels as controls.
Officer Seibert advised that upon reaching Parcel #2 and Parcel #3, "Lucky" reacted in a positive manner for the scent of controlled substances. No further indications were observed in the search area. Based on my training and experience, I know that a positive alert means that the parcels contain narcotics or were recently in close proximity to narcotics.
Dowd then "assumed the role of letter carrier" and attempted to deliver the packages to a woman named Julie Carlozzi at a different address on Maple Street, just a half mile away from Bates’ East Water Street residence. When Carlozzi didn’t respond, Dowd left a notice of a missed delivery. Less than an hour later, Carlozzi called the post office and said she would come pick them up in person.
When she picked up the packages, she was followed by undercover law enforcement. She drove to a nearby Rite Aid where she met Bates, who took the packages from her and put them in his car.
Based on these observations, the authorities sought and received a sealed warrant to search Bates’ packages and his home, and USPIS planned for a controlled delivery of two more packages for Carlozzi.
The bust took place the next day, on December 7, 2013. Carlozzi picked up her packages and drove to the same Rite Aid, where she again met Bates. The surveillance tail lost Carlozzi while another group stayed with Bates. After he stopped for gas, law enforcement made their move to arrest him.
Bates was arrested and taken to the Rockland Police Department, where he was interviewed. He waived his Miranda Rights and told the officers that he "received an e-mail from someone in China" and began ordering molly from that person; he paid for it with Western Union money transfers. He also consented to a search of his laptop and iPhone and gave officers the passwords to his e-mail and Skype accounts.
Bates’ trial is set to begin in federal court in Boston on August 10, 2015.
Please guys, dont underestimate the importance of proper OPSEC.
--------------------
|
refried

Registered: 06/14/13
Posts: 3,675
|
Re: How a drug dealer’s IP was found out by package tracking [Re: xpl0de]
#21687065 - 05/16/15 01:21 PM (8 years, 8 months ago) |
|
|
so it sounds like they let several parcels through to him. i wonder if a vpn would have helped at all or if it was just too late by then.
|
Cognitive_Shift
CS actual




Registered: 12/11/07
Posts: 29,591
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21687139 - 05/16/15 01:45 PM (8 years, 8 months ago) |
|
|
Couldn't he of used tor to check the package tracking? I couldn't using tor
-------------------- L'enfer est plein de bonnes volontés et désirs
|
fapjack
Title



Registered: 07/26/07
Posts: 16,574
Loc: Central New Jersey
Last seen: 3 years, 10 months
|
Re: How a drug dealer’s IP was found out by package tracking [Re: Cognitive_Shift]
#21687178 - 05/16/15 01:59 PM (8 years, 8 months ago) |
|
|
If you are going to use a fake name, make sure it isn't someone that is currently in prison for armed robbery...
This isn't only bad opsec, this is just stupidity. He was probably buying shit off skype or clearnet and the NSA figured it out and they connected the dots afterwards.
--------------------
|
refried

Registered: 06/14/13
Posts: 3,675
|
Re: How a drug dealer’s IP was found out by package tracking [Re: fapjack]
#21687295 - 05/16/15 02:40 PM (8 years, 8 months ago) |
|
|
can no longer check usps tracking via tor but there are forwarding services i understand you can access those via tor and they will track it for you.
|
fapjack
Title



Registered: 07/26/07
Posts: 16,574
Loc: Central New Jersey
Last seen: 3 years, 10 months
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21687595 - 05/16/15 04:37 PM (8 years, 8 months ago) |
|
|
You can use a VPN and connect with that through Tor.
--------------------
|
azur
God of Fuck



Registered: 04/21/12
Posts: 28,103
Loc: Daid
|
Re: How a drug dealer’s IP was found out by package tracking [Re: fapjack]
#21687749 - 05/16/15 05:43 PM (8 years, 8 months ago) |
|
|
This is why i never check tracking.
|
refried

Registered: 06/14/13
Posts: 3,675
|
Re: How a drug dealer’s IP was found out by package tracking [Re: fapjack]
#21687963 - 05/16/15 06:57 PM (8 years, 8 months ago) |
|
|
Quote:
fapjack said: You can use a VPN and connect with that through Tor.
I've never understood how this would work, tor first then vpn. would you need to run tor and then have the vpn running on your router as opposed to using whatever client they supplied? Still, pretty sketch and I think tor + using a forwarding service would be even better, but I wouldn't want to check it at all knowing what we are starting to know. Sounds like they keep those ip logs indefinitely because they were able to look back over his previous pickups.
|
Willy Wonka
Medicine Man



Registered: 12/14/11
Posts: 2,109
Loc: The Other Side
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21688950 - 05/17/15 12:23 AM (8 years, 8 months ago) |
|
|
Dude deserved to get popped for importing methylone. There is WAY to much methylone "molly" going around.
|
fapjack
Title



Registered: 07/26/07
Posts: 16,574
Loc: Central New Jersey
Last seen: 3 years, 10 months
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21689471 - 05/17/15 06:00 AM (8 years, 8 months ago) |
|
|
I'm not entirely sure.
--------------------
|
Gorlax



Registered: 05/06/08
Posts: 6,695
Last seen: 16 days, 17 hours
|
Re: How a drug dealer’s IP was found out by package tracking [Re: fapjack]
#21692313 - 05/17/15 08:52 PM (8 years, 8 months ago) |
|
|
He could of just used a proxy server website. The thing says it logs IP's when you view tracking information. Having your IP disguised under that would work I'm assuming. If you are really paranoid you could just track your shit at the library/internet cafe or something
|
rackem



Registered: 11/27/09
Posts: 14,024
|
Re: How a drug dealer’s IP was found out by package tracking [Re: Gorlax]
#21692405 - 05/17/15 09:15 PM (8 years, 8 months ago) |
|
|
that is pretty scandolous on usps part. but it goes to show you the steps they are taking against the darknet.
|
Gorlax



Registered: 05/06/08
Posts: 6,695
Last seen: 16 days, 17 hours
|
Re: How a drug dealer’s IP was found out by package tracking [Re: rackem]
#21695592 - 05/18/15 07:08 PM (8 years, 8 months ago) |
|
|
Yeah, they are federal employees so not shocking really. Plus they don't want to look compliant by not revealing the data. That's why I never sign up for text alerts or any of that shit.
|
BigHeart
Burner

Registered: 05/30/14
Posts: 1,319
Last seen: 7 years, 5 months
|
Re: How a drug dealer’s IP was found out by package tracking [Re: Gorlax]
#21699253 - 05/19/15 05:20 PM (8 years, 8 months ago) |
|
|
dude was gonna get caught anyways, he was way too sloppy for someone importing half keys of m1.
--------------------
|
durian_2008
Cornucopian Eating an Elephant



Registered: 04/02/08
Posts: 16,685
Loc: Raccoon City
|
Re: How a drug dealer’s IP was found out by package tracking [Re: BigHeart]
#21706710 - 05/21/15 02:48 PM (8 years, 8 months ago) |
|
|
You would think that China is more regulated, but paraphernalia is listed right alongside normal stuff. You don't have to go looking for it, it finds you.
|
my3rdeye



Registered: 08/10/12
Posts: 4,354
Loc: Canada
Last seen: 2 years, 8 months
|
Re: How a drug dealer’s IP was found out by package tracking [Re: durian_2008]
#21712202 - 05/22/15 09:25 PM (8 years, 8 months ago) |
|
|
Don't use TOR to check packages. If they log IP's than having no IP is for sure going to bring attention to your package. It's been speculated for a while checking tracking with tor causes them to get intercepted. I only check the number when it doesn't show up on time, and if you are nervous you should go to a coffeeshop, that's never a bad idea and always increases your security. And don't order a pound of methylone from China to make fake molly capsules.
|
Stonehenge
Alt Center


Registered: 06/20/04
Posts: 14,850
Loc: S.E.
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21715022 - 05/23/15 05:53 PM (8 years, 8 months ago) |
|
|
Quote:
refried said:
Quote:
fapjack said: You can use a VPN and connect with that through Tor.
I've never understood how this would work, tor first then vpn. would you need to run tor and then have the vpn running on your router as opposed to using whatever client they supplied? Still, pretty sketch and I think tor + using a forwarding service would be even better, but I wouldn't want to check it at all knowing what we are starting to know. Sounds like they keep those ip logs indefinitely because they were able to look back over his previous pickups.
If you start your vpn and then start tor, you are going from vpn to tor to the site. They will then see you on tor. There is no benefit in doing that. Start tor first, then start the vpn and its tor - vpn - website and they see you on the vpn. You can always check that first by going to a "whats my ip?" website and they will tell you what they see which is what usps will see.
You can use a vpn alone, use one located in another country that claims not to keep logs or only for a day. By the time they find its a vpn, realize its in another country, they will give up. Or if they do request the info it will be too late plus they don't have to comply and probably won't. Its not as safe as tor - vpn - website but it would have saved this guy.
He was a fool to confess and give up his passwords. They probably said they would go easy on him. Ha! now he's going to trial looking at heavy time. Never believe a word a cop tells you. Never agree to a search, never tell them anything.
-------------------- “A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves largesse from the public treasury. From that moment on, the majority always votes for the candidates promising the most benefits from the public treasury with the result that a democracy always collapses over loose fiscal policy, always followed by a dictatorship.” (attributed to Alexis de Tocqueville political philosopher Circa 1835) Trade list http://www.shroomery.org/forums/showflat.php/Number/18047755
|
refried

Registered: 06/14/13
Posts: 3,675
|
Re: How a drug dealer’s IP was found out by package tracking [Re: Stonehenge]
#21715307 - 05/23/15 07:28 PM (8 years, 8 months ago) |
|
|
cool, thanks for the info definitely did not know that. I have always just used the vpn client first thing when starting my computer then connected to tor and i'm glad you told me because I do indeed want to disguise my tor use from isp despite it being legal to use tor. i was using vpn on my router but it slowed my internet connection to a crawl and don't really need it on other devices besides my own phone which has a vpn through the service. thanks!
|
Stonehenge
Alt Center


Registered: 06/20/04
Posts: 14,850
Loc: S.E.
|
Re: How a drug dealer’s IP was found out by package tracking [Re: refried]
#21715410 - 05/23/15 07:54 PM (8 years, 8 months ago) |
|
|
If you want to disguise your tor use from your own isp, you have to go through the vpn first, unfortunately. I guess there is a benefit from doing it that way. You could go the other way just when you check tracking on special packages. Another possibility is to use a third vpn or just a web based proxy. Go through vpn, tor, then to the proxy website. The proxy can be anywhere because it has no idea what your ip is.
The difficult thing with vpn-tor-proxy is that many proxies do not let you log in or do certain operations like posting. It may or may not let you click enter to check tracking. A paid proxy will allow that. I've never tried it that way but it would be worth a try. Also, using 3 services to disguise your browsing means speed will be super slow.
I would use tor only or vpn only for regular browsing or no service at all. Maybe a vpn on drug sites and vpn-tor on extra risky sites.
-------------------- “A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves largesse from the public treasury. From that moment on, the majority always votes for the candidates promising the most benefits from the public treasury with the result that a democracy always collapses over loose fiscal policy, always followed by a dictatorship.” (attributed to Alexis de Tocqueville political philosopher Circa 1835) Trade list http://www.shroomery.org/forums/showflat.php/Number/18047755
|
rxb
n00b-sabot



Registered: 08/24/13
Posts: 9,521
Loc: FREE PSYCHONAUTICA
Last seen: 2 hours, 17 minutes
|
Re: How a drug dealer’s IP was found out by package tracking [Re: my3rdeye]
#21715427 - 05/23/15 07:59 PM (8 years, 8 months ago) |
|
|
Quote:
my3rdeye said: Don't use TOR to check packages. If they log IP's than having no IP is for sure going to bring attention to your package. It's been speculated for a while checking tracking with tor causes them to get intercepted. I only check the number when it doesn't show up on time, and if you are nervous you should go to a coffeeshop, that's never a bad idea and always increases your security. And don't order a pound of methylone from China to make fake molly capsules.
with tor you have an ip... just looks like some other ip than yours
-------------------- ->$10 FLOW HOOD ALTERNATIVE <- . i cleaned a mold contaminated live culture and saved it. (might have useful applications) [quote]Enlil said: I'd be the guy with thousands of minions doing my bidding and all of the hot women locked in a cage for my use.[/quote]
|
|