Silk Road forums
Discussion => Security => Topic started by: Angel Eyes on July 03, 2013, 05:47 pm
-
I'm not sure if anyone else has posted this story from the NY Times, but its pretty relevant to anyone who sends paper mail (at the least). Check it out, I'd love to hear thoughts from anyone who already knew about this or has any additional info.
http://mobile.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?from=global.home
-
Yeah, also posted in Shipping forums http://dkn255hz262ypmii.onion/index.php?topic=179287.0
I wonder how we can avoid massive SR surveillance when DEA and local police have unfettered access to all mail "metadata" and are probably doing data mining on it at this very minute.
-
Have seen it mentioned in a couple other threads. It's interesting to know anyway. Probably makes it even more compelling to be careful using fake names/addresses, because, at least with printed labels, you know they're automatically doing OCR on that and storing it in a searchable database. Any new name suddenly appearing that doesn't cross reference to known persons might bring up a flag? I don't know just brainstorming.
-
Have seen it mentioned in a couple other threads. It's interesting to know anyway. Probably makes it even more compelling to be careful using fake names/addresses, because, at least with printed labels, you know they're automatically doing OCR on that and storing it in a searchable database. Any new name suddenly appearing that doesn't cross reference to known persons might bring up a flag? I don't know just brainstorming.
That's exactly how I imagine it being used. Checking for consistent package sources too - like if someone's getting the same letter every month or so from a location that doesn't appear to be a business or bank, that could possibly come up suspicious if they're looking for mailed drugs/illegal items.
-
I guess the one good thing about photographing 160 billion pieces of mail is that they have 160 billion photographs. Like the NSA, they are swimming in an ocean of data that they can't look at. No human eyes will look at the photos of your packages unless you come up in an investigation, like that woman in Texas who sent ricin in the mail. Even though she used a fake return address, they found her by looking at the cities of the return addresses of other pieces of mail that went through the system immediately before and after her letters, which turned out to be useful in that case.
-
I guess the one good thing about photographing 160 billion pieces of mail is that they have 160 billion photographs. Like the NSA, they are swimming in an ocean of data that they can't look at. No human eyes will look at the photos of your packages unless you come up in an investigation, like that woman in Texas who sent ricin in the mail. Even though she used a fake return address, they found her by looking at the cities of the return addresses of other pieces of mail that went through the system immediately before and after her letters, which turned out to be useful in that case.
by looking at the cities of the return addresses..? can you explain what they did ? How did this leave a trace?
-
Being that LE does not even need a subpoena to obtain mail covers (all they need to do is request them), this is a SERIOUS threat to all contraband vendors. Mail covers have been around forever, but now it's known that LE can request RETROACTIVE mail covers... shiiiit. I'd be worried...
-
And my first thought was, "No damn wonder they are so far in the red".
How much money are they being forced to spend to take and store pictures of everything.
Then I thought they just need to order themselves one item from here, then cross check the return address and get all the other addresses that received packages from there.
Fuck.
-
I guess the one good thing about photographing 160 billion pieces of mail is that they have 160 billion photographs. Like the NSA, they are swimming in an ocean of data that they can't look at. No human eyes will look at the photos of your packages unless you come up in an investigation, like that woman in Texas who sent ricin in the mail. Even though she used a fake return address, they found her by looking at the cities of the return addresses of other pieces of mail that went through the system immediately before and after her letters, which turned out to be useful in that case.
Yeah, I'm wondering how they could narrow it down to an individual address just from the mail that was surrounding it. You'd think they knew what town the ricin letter came from simply by the postmark. Maybe once they identified the other mail they could tell what mailbox it came from by the addresses on the other mail... and then there could've been some CCTV footage from near the mailbox. Something like that I guess.
Otherwise I totally agree, a lot of stored photos with nothing to sort based on, at least until someone particular comes into focus, which is pretty unlikely in such a large ocean of data.
On the other hand, it seems to be only paper mail, so parcel packages may not be photographed?
-
by looking at the cities of the return addresses..? can you explain what they did ? How did this leave a trace?
Not sure exactly. Here's the Wikipedia article about her, which mentions the Mail Isolation Control and Tracking thing:
https://en.wikipedia.org/wiki/Shannon_Richardson
There were articles about it too. Apparently that wasn't all they used to find her, and she called LE herself.
-
It's all about priorities and resources my friends... a small and powerless group of geeks who take drugs will never compete with terrorism; where the worst case scenario is a nuclear bomb killing us all. The bulk of resources will always go to that, and the other 1000s of things on a higher priority than SR right now.
Some of you are killing yourselves with stress, and most of you are just personal buyers. Thankfully there's a section at the marketplace that helps with that. :)
-
Let's just everyone relax. I'm not lawyer, but I do know I'm innocent until proven guilty here in the US of A! That means that they must prove that I received contraband in the mail. A paper trail isn't going to mean a thing if they can't obtain the evidence. If I was accused of receiving contraband but they have not found any contraband I'd hire a good lawyer and say nothing. I'd hire a good lawyer and say nothing anyways.
-
spokeo.com - hello everyones name and address for every city and state.
-
Let's just everyone relax. I'm not lawyer, but I do know I'm innocent until proven guilty here in the US of A! That means that they must prove that I received contraband in the mail. .
I'm gonna guess that you've not had many run-in with the Garda I mean police. I hear all the time on here that "they can't do this, or are not allowed to do that" doesn't mean that they don't. They do not care what they can or can't legally do unless there are ten new cameras pointed at them. Anyone see the picture of the cop kick a sitting, handcuffed woman in the head outside a casino a year or two ago? He can't do that, but he did.
I do get the gist of what you're getting at though broccoli and you def have a point.
Lets all be safe rather than sorry
-
Let's just everyone relax. I'm not lawyer, but I do know I'm innocent until proven guilty here in the US of A! That means that they must prove that I received contraband in the mail. A paper trail isn't going to mean a thing if they can't obtain the evidence. If I was accused of receiving contraband but they have not found any contraband I'd hire a good lawyer and say nothing. I'd hire a good lawyer and say nothing anyways.
Intelligence != evidence. There is a high chance that this system resulted in multiple interceptions in the past, if a vendor ships out ten big packages at once and then one of them is intercepted, guess which packages are going to be scrutinized most heavily? The ten sent immediately before and after the one that was intercepted. I have noticed that bulk interceptions tend to happen in clusters, if one person has 1 kg of MDMA intercepted then all of the people sent MDMA in that shipping period have their orders intercepted as well. I have seen the same thing happen with bulk crystal LSD and other things. I would bet that it went something like this:
A. Vendor sends 10 people bulk orders at the same time
B. Dumbfuck customer checks his packages tracking with Tor which flags it
C. Customs discovers it is loaded with bulk amounts of drugs
D. Customs queries for all packages sent immediately before and after the intercepted package
E. Customs intercepts 10 packages that are now flagged
I am almost positive scenarios like this have unfolded before.
-
Don't give out tracking numbers...
The debate on using TOR to track packages is never going to stop, but I'm pretty certain that it's probably a bad idea given all this PRISM shit going on.
Wardriving on clearnet for trackers.
Don't give out trackers.
Change packaging frequently.
-
I recall plenty of private forum vendors refusing to hand out tracking information because customers are so stupid they hang themselves by bombarding USPS websites with multiple Tor connections constantly checking their package status (do to being drug fiends lol)
As for Canada, Can post photographs all parcels/express post and other courier items. They don't photograph regular lettermail (yet)
-
There isn't much of a debate about checking tracking with Tor. Even if we stupidly assume that they do not monitor for this, it only takes a basic level of tech education to realize how trivial it would be for them to check for this and flag all packages checked with Tor. Packages checked with Tor almost certainly contain contraband, and given how trivial it is to detect packages which have tracking checked with Tor, it is obviously a trivial system that would result in a high success rate.
-
But how much priority and express mail goes through the US each week? You would have to flag a package (priority or express) that is probably out of any major sorting facilities in 48 hours and en route to rural areas.
So you specifically target and intercept one or two packages and do what with them exactly?
Open them?
Where's the warrant?
Unless your return address is flagged (from LE knowing the return address) I don't see the grounds for a lost or opened package via a warrant if the package is simply linked to being tracked with TOR. Logistically it makes no sense. If you have a dick fuck ton of orders going out and whatnot then yeah, probably not good to use TOR via USPS.
But who actually does that? You can check tracking via a third party with TOR, so now we're discussing tradecraft and semantics instead of TOR tracking flagging packages.
What about a vendor who sends one or two orders every few days and checks them 48-72 hours or even later via TOR?
-
But how much priority and express mail goes through the US each week? You would have to flag a package (priority or express) that is probably out of any major sorting facilities in 48 hours and en route to rural areas.
So you specifically target and intercept one or two packages and do what with them exactly?
Open them?
Where's the warrant?
Unless your return address is flagged (from LE knowing the return address) I don't see the grounds for a lost or opened package via a warrant if the package is simply linked to being tracked with TOR. Logistically it makes no sense. If you have a dick fuck ton of orders going out and whatnot then yeah, probably not good to use TOR via USPS.
But who actually does that? You can check tracking via a third party with TOR, so now we're discussing tradecraft and semantics instead of TOR tracking flagging packages.
What about a vendor who sends one or two orders every few days and checks them 48-72 hours or even later via TOR?
If they are photographing every piece of mail stands to reason they would write a simple script that reads server logs and looks for known Tor exit nodes and flags those tracking numbers. They wouldn't need a warrant to open it if the return address is found to be fake, or they deem it 'suspicious'. They also might just do surveillance on whoever picked it up. Tor logs would definitely fall under "metadata" for police/fbi/nsa/federal spying allowances.
Plus just by talking about it here, we probably gave the DEA some ideas lol since they are reading and archiving every single post on this forum guaranteed.
-
But how much priority and express mail goes through the US each week? You would have to flag a package (priority or express) that is probably out of any major sorting facilities in 48 hours and en route to rural areas.
So you specifically target and intercept one or two packages and do what with them exactly?
Open them?
Where's the warrant?
Unless your return address is flagged (from LE knowing the return address) I don't see the grounds for a lost or opened package via a warrant if the package is simply linked to being tracked with TOR. Logistically it makes no sense. If you have a dick fuck ton of orders going out and whatnot then yeah, probably not good to use TOR via USPS.
But who actually does that? You can check tracking via a third party with TOR, so now we're discussing tradecraft and semantics instead of TOR tracking flagging packages.
What about a vendor who sends one or two orders every few days and checks them 48-72 hours or even later via TOR?
The warrant is issued after the dogs hit on the package. Also, customs doesn't need a warrant to open whatever the fuck they want. Yes even the shipping address could be flagged, checking tracking with Tor is a horrible idea whether it is the customer doing it or the vendor doing it. I am thankful that I work with vendors who know not to look up my shipping address on Google Maps with Tor, or to check the tracking on my packages with Tor, but I am under the impression that a lot of noob vendors are under estimating or disregarding the extremely serious intelligence leaks caused by this sort of behavior.
-
You need to use a different return address for every letter/package due to the USPS mail cover program where they scan every piece of mail for later analysis.