Enlarge image
US Postal Vehicle: Don't sign anything
Photo:
RACHEL WISNIEWSKI / REUTERS
Sam Bent has a lot of good advice on how not to get caught by the police as a drug dealer on the Internet.
In the end, they didn't help him himself: the former moderator and administrator of various so-called Darknet trading places, who also sent illegal drugs himself, was in prison for 18 months.
On Saturday, however, Bent had a big performance: At the Defcon hacker conference in Las Vegas, he gave a lecture to hundreds of spectators about security precautions for people like him.
What at first glance looks like questionable tips for questionable business is actually a piece of hacker culture: it's about analyzing threats, finding creative solutions to difficult problems and thinking like an opponent.
Bent's topic is OpSec - Operations Security, in this case the process and measures to protect one's own identity.
"A lot of information that could be relevant for you can be found in the instructions," says the 37-year-old.
What he means: Training material from authorities that reveals how drug investigators think, for example.
Some of these can be found on the internet if you know what to look for.
A great role model for Bent was the hacker Kevin Mitnick, who even told police officers the biggest lies on the phone in order to gain access to internal systems and thus to such documents.
Addresses of people »whose lives you can screw up without any problems«
As an example, Bent cites the US Postal Service's instructions for detecting suspicious packages.
For someone who sends drugs, it is instructions on what
not to
do: use a lot of packing tape, fill out delivery notes by hand, go to a post office where the employees know you, use a fake return address.
Of course, it can't be your real one either, so you need addresses from people "whose lives you can screw up," as he puts it.
His alleged solution causes laughter and applause from the audience, but is morally devastating: In the United States there are public databases of convicted sex offenders, along with their home addresses - Bent sees their lives as legitimate collateral damage if a package is ever intercepted and traced.
The fact that innocent people can also be found in such databases and that convicted criminals have served their sentences doesn't seem to bother him.
Drug recipients also have to be careful, says Bent.
Much of this relates to the case of already being targeted by investigators who just want to get their evidence.
For example, you should never acknowledge receipt of parcels, but have them left in front of the door.
It may also be advisable not to open a package at home because of the tracking device it may contain, but "ten miles away."
Then you stand a good chance of being out of range.”
According to Bent, the "threat model" of people who operate, administer or moderate illegal Darknet trading places also includes their own potentially treacherous household waste and curious or jealous neighbors: "If they don't like you, they're your opponent.
They could always e-mail the FBI if they see you keep getting packages.”
Neighbor's internet used
Of course, Bent also has technical advice.
Some go without saying: As a criminal, you should only use the Tor browser with the highest security level, even if this makes many common websites virtually unusable.
The use of secure communication and encryption solutions is also a matter of course.
Bent's solution for the safest possible Internet access made more of an impression on the audience.
He himself had hijacked that of a neighbor whose house he could just watch through a telescope "to keep an eye out for black vehicles" that were suddenly parked in the area.
To do this, he got himself a Yagi-Uda directional antenna in order to be able to pick up the neighbor's WLAN signal.
Bent left it open whether he had to crack his password.
Because many of the OpSec measures have to be maintained even after going out of business, and because "the job is very stressful," Bent doesn't recommend anyone dealing drugs themselves on the dark web.
According to him, the payment is tempting: Even moderators of a trading platform could earn up to 5,000 dollars a week, mediators up to 12,000.
But as soon as you do your job well and more and more orders come in, you need help.
Bent confided in his cousin - which was his undoing.
Over time, he says, she became careless, drawing the attention of law enforcement officers.
Pressured by the police, she betrayed him.
The fact that Bent was not sentenced to 20 years in prison, but was ultimately released after 18 months, was partly due to a mistake by the authorities.
They didn't have a warrant for the first of his packages they searched, he says on his website.
He also successfully applied for release on humanitarian grounds.
He supposedly taught himself how to phrase it in prison.
He had enough time.
