Has anyone ever been arrested due to not using PGP?

[cleansober]

We have all read about venders who have turned, but where are the cases of not using PGP causing anyone to be arrested, caught or anything?  If I ever buy I would try again to figure it out, but I'm tired of the "use pgp" crowd shouting their indignation at those who don't use it. Right, if someone did get caught for this reason how would anyone find out anyway, goes the logic. Link please for a case of PGP causing incarceration or arrest.  And yes I do fear the wrath of the PGP club will come down on me but show me how I'm wrong. Teach me a lesson.

Frankly I doubt the NSA or anyone else is able to figure out who the heck is doing what online. They all talk a big game but who have they caught from their spying efforts?

[DoctorClu]

The PRISM program wasn't meant to spy on an average internet user. The FISA court simply authorized it to be used that way. Anything that would be found by PRISM that didn't have probable cause in the first place would not be admissible in court.

[ManInTheMirror]

It is your decision and if a vendor accepts your address without PGP feel free to submit it without PGP.
Many people are happy if some low hanging fruits get caught first I don't want to sound like a dick but this is how it is.



Edit: I knew this would get me some negative karma beforehand, fuck off if you can't read the truth
         No one takes responsibility if you are too lazy for your own security.

[Supersaurus]

Why not use PGP?

Using it to encrypt and decrypt everything you say on the internet ever = a bit difficult.

Using it to send your address / sensitive info back and forth to vendors = not difficult at all.

Security is just couple of text fields, a tick box, and a submit button away. use it.

[GhostTown]

To me, using PGP is a little like looking both ways before crossing the street. You might cross that street 1000 times and be ok, or you might get hit by a bus!

I guess maybe the OP is a bit too lazy to look both ways before crossing...

[wetdog]

If LE does get access to something where you have been sending information that could cause you trouble that's when you'll wish you would have used it.  9,999 times out of 10,000 it makes no difference whether you've encrypted it or not.  It's just that one damn time that gets you.  Shit!!! shit ! shit!  But all of the other times you're right it doesn't make any difference at all. 

I just learned how to use it because so many vendors required it and i wanted their goods, but once i did it a few times it was second nature.  It really paid off for me though.  Because as you know the first thing to go down was tormail.  Then The Road was taken down.  Well, lucky for me i had email contact with a couple of vendors.  My new email account wasn't a trusted one (I don't think a trusted one exists), and the only way we felt safe arranging a deal via email was by using PGP.  So for the past several weeks i have been very happy that i could use it to keep my goods coming to me via email.

Bottom line is if you don't want to use it don't.  Probably or hopefully nothing will happen to you.  But if you really are interested at all stick with it and once you get it you won't mind at all because it's very easy and doesn't take much time (For a small time buyer at least).  If you are a larger vendor then it's obviously much more time consuming.

[cleansober]

Yes, I am lazy, otherwise I would be doing my work rather than screwing off on this site.  The probability of getting hit by lighting in a thunderstorm is rather low but higher than the chance leo is going to capture my address sent unencrypted. Does that mean I should wear a rubber suit when it rains?  I'm looking for just one example of the dreaded big brother and his snoop machine getting the "low hanging fruit". If they want to get us they have other far more effective methods than bridging on the whole god damn internet, searching for addresses with suspicious IP activity.

Do you guys really think it makes one iota of difference?  If so where are the examples.  Show me how wrong I am here.  I'm gonna use it, but just saying a lot of folks act like it make so much difference but I just don't see it that way.

Basically if the nsa hands the fbi or local popo's a sticky note that says "this guy, license plate XYZ, is moving 20 keys of raw @ this time from city A to city B" (that they might have obtained while looking for something/someone else)..

This is an argument that cannot be proven or disproved but for personal user transactions it is highly unlikely in my opinion.

[Dread Pirate Roberts]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

[psilo92]

It is your decision and if a vendor accepts your address without PGP feel free to submit it without PGP.
Many people are happy if some low hanging fruits get caught first I don't want to sound like a dick but this is how it is.



Edit: I knew this would get me some negative karma beforehand, fuck off if you can't read the truth
         No one takes responsibility if you are too lazy for your own security.

Hey man I +1'd you..its the truth...let them pick off the easy prey who don't use proper security before they can bother with those who do

[jayblunted]

What ever you can do to reduce a risk is worth doing. I feel like Im tempting fate every time I make a purchase but doing the most you can to cover all risk is worth the effort.
The one thing that worried me most when SR was taken down was the unencrypted details Id sent in the last year. PGP is worth the effort.

[lithonius]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

like a boss

[Xixili]

Read the complaint re: Buerman/et cetera in New York. Search for
Buerman methylone 2013
and you should find a copy of the full, many page document, with little difficulty.
Use a viewer if you're concerned re: the PDF -- from the old board, here's one, but you can find many others.
http://view.samurajdata.se

Consider that the Chinese lab involved had email monitored per warrant from 3/2012 through 7/2013, and then went to "live" monitoring for a month.
HSI and the rest of the acronyms were reading all the cleartext mail to/from that lab.

The whole methylone series of cases is a shining endorsement for Encryption Would Have Been A Good Idea. It appears to have been very easy for LE: read Chinese lab's email, complete with shipping/tracking information. Arrange CD. Arrest. Turn someone into a CI. Expand to their connections, make further busts.  When in need of more to do, go back to lab's email. I'm guessing it made their stats look great.

For bonus points, contemplate the hypocrisy of the agencies involved: OMG DROGS!!!1! R BAD!!!... but let's just keep an eye on this for a year and see what we can snag, while still letting a large amount through.

So: it appears that, yes, some people have been arrested due to not using PGP. To be more precise - although "arrested due to not using PGP" would be an entertaining charge - they were arrested because their cleartext communications linked them to other behaviors/actions.

A lot of them were arrested, actually, if you read that case and the many that preceded it.

PGP does not protect you from a vendor who stores or transmits your information unencrypted, nor does it protect you from a vendor who stores encrypted and then gives your info up anyway. And it does not protect you from controlled vending/buying, by LE who uses PGP. It does not protect you from traffic analysis - your patterns of communication will still be visible, unless you use a new identity (and keypair) for each person with whom you correspond.
It does protect you from predation by LE who are going after the weakest members of the herd, either by monitoring communications or by taking hold of the entire messaging system.

Personally, I like putting my mail in envelopes, because it's no one's damn business what's in there. Credit card payment? Smut? Letter to my elderly aunt? Doesn't matter, it's my mail, go away, nosy LE.

The LE agencies already have SOD/parallel construction. The least we can do is make it a little bit harder for our email / messages to be detected and then turned over when they are "incidentally encountered" during domestic spying.

The problem with the 'low hanging fruit' / 'lame antelope' / whatever is that each order that is examined or intercepted by LE increases their dataset of information on buyers and allows them to build a profile of the vendor's packaging, assorted shipping locations, and very approximate whereabouts/times (from the shipping data.) If LE knows that the vendor ships from Oakland, Wichita, and St. Paul, and always uses blueboxes and drops off between certain pickup times, eventually there's an accretion of data which may pay off for LE. For the vendors who have no electronic devices/tracking devices on-hand, have no use of trackable payment involved in their travel, are never around a traffic camera, etc., that's less of a worry.
Still - why let LE get more info than they already have?
They have a ton already now.

[DELYSID]

The probability of getting hit by lighting in a thunderstorm is rather low but higher than the chance leo is going to capture my address sent unencrypted. Does that mean I should wear a rubber suit when it rains? 

So you were on the old SR, and not using PGP?  You realize that the lightning strike you just described as being so rare just happened, right?  LEO has your address unencrypted right now.  They're not going to bust down your door (b/c if you were doing anything they cared about, you wouldn't be too lazy to use pgp), but it's not at all unlikely that all addresses are compiled into a database that could be used to flag packages in the future.

It takes all of 3 seconds (literally, if you're not aware), so you really don't have much of an excuse.  There are thousands of incoherent, babbling, hopelessly addicted piles of shit on here who have figured it out, and you seem to be able to piece together a sentence - I'd say give it a try, and just ask for help if you need it.  Most people are happy to help keep the community safe.

-Del

[Nunya]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

You remind me of the new pope....

The new pope can see my address too?  Sheesh!

[kr-rypt]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

You remind me of the new pope....

the new pope is supposed to be the anti christ pope............................lul XD

[Nunya]

The risk can be difficult to quantify but I don't think anyone denies it is real.  It's just a matter of how much risk you are willing to accept.

You can send your address in clear text.  If you did that on the old SR before June 23 or so, LE has it.  Who knows if LE will do anything with that info, but I suspect eventually they will - even if it is only to blacklist an address for future delivery.  Are you and your vendor OK with that risk?

It's also OK to FE.  Are you OK with that risk?

You can also choose to buy bitcoin in ways traceable to you.  It's not illegal.  But an argument could be made it could also increase your visibility if there is reason otherwise to suspect you.  Are you OK with that risk?

Most in this game are very risk averse for very good reasons.  PGP is a piece of cake - it a an added minute or so for not worth some peace of mind?  I know how I would answer these questions for me.

[cleansober]

Read the complaint re: Buerman/et cetera in New York. Search for
Buerman methylone 2013
and you should find a copy of the full, many page document, with little difficulty.
Use a viewer if you're concerned re: the PDF -- from the old board, here's one, but you can find many others.
http://view.samurajdata.se

Consider that the Chinese lab involved had email monitored per warrant from 3/2012 through 7/2013, and then went to "live" monitoring for a month.
HSI and the rest of the acronyms were reading all the cleartext mail to/from that lab.

The whole methylone series of cases is a shining endorsement for Encryption Would Have Been A Good Idea. It appears to have been very easy for LE: read Chinese lab's email, complete with shipping/tracking information. Arrange CD. Arrest. Turn someone into a CI. Expand to their connections, make further busts.  When in need of more to do, go back to lab's email. I'm guessing it made their stats look great.

For bonus points, contemplate the hypocrisy of the agencies involved: OMG DROGS!!!1! R BAD!!!... but let's just keep an eye on this for a year and see what we can snag, while still letting a large amount through.

So: it appears that, yes, some people have been arrested due to not using PGP. To be more precise - although "arrested due to not using PGP" would be an entertaining charge - they were arrested because their cleartext communications linked them to other behaviors/actions.

A lot of them were arrested, actually, if you read that case and the many that preceded it.

PGP does not protect you from a vendor who stores or transmits your information unencrypted, nor does it protect you from a vendor who stores encrypted and then gives your info up anyway. And it does not protect you from controlled vending/buying, by LE who uses PGP. It does not protect you from traffic analysis - your patterns of communication will still be visible, unless you use a new identity (and keypair) for each person with whom you correspond.
It does protect you from predation by LE who are going after the weakest members of the herd, either by monitoring communications or by taking hold of the entire messaging system.

Personally, I like putting my mail in envelopes, because it's no one's damn business what's in there. Credit card payment? Smut? Letter to my elderly aunt? Doesn't matter, it's my mail, go away, nosy LE.

The LE agencies already have SOD/parallel construction. The least we can do is make it a little bit harder for our email / messages to be detected and then turned over when they are "incidentally encountered" during domestic spying.

The problem with the 'low hanging fruit' / 'lame antelope' / whatever is that each order that is examined or intercepted by LE increases their dataset of information on buyers and allows them to build a profile of the vendor's packaging, assorted shipping locations, and very approximate whereabouts/times (from the shipping data.) If LE knows that the vendor ships from Oakland, Wichita, and St. Paul, and always uses blueboxes and drops off between certain pickup times, eventually there's an accretion of data which may pay off for LE. For the vendors who have no electronic devices/tracking devices on-hand, have no use of trackable payment involved in their travel, are never around a traffic camera, etc., that's less of a worry.
Still - why let LE get more info than they already have?
They have a ton already now.

Thank you for the response X, I will study the case and come to a ruling soon.  Just kidding, you nailed it, incarcerations due to not using PGP, it has happened. 

As far as my address going into some drug data base, you must be joking. Show me one case where...

Peace out,

CS

 

[Xixili]

hi, cleansober -

Don't know if there is a drug database per se, but look up Accurint profiles.

I'll eat my socks if there's not a way to tag 'hot' addresses in the USPS tracking system. Don't know about LN/Accurint itself, but there are references to USPIS being made aware of "a suspicious package" using their own system in some of the postal warrants.

The very obvious, does-not-need-the-time-of-an-analyst thing to do for LE is to take all the SR cleartext addresses and run a desktop batch in Accurint - this would rapidly return the address profiles linked to real identities, would probably also quickly link faux identities to addresses (and possibly a goodly number of real identities) quickly. Plus their case-connect feature would probably be of some help.
Put a data massage therapist on it and I think it would turn into a viable dataset very fast, but even just that first level of cross-check gives them a lot of information.
 
Basics on accurint:
hxxps://www.ok.gov/dcs/solicit/app/viewAttachment.php?attachmentID=1292


But now I'm curious to know: Has anyone ever been arrested due to using PGP?

[AKQJT]

My understanding was that if you even if you didn't use PGP to send a purchase address to a vendor through SR, the address didn't remain on the SR server/database once it was forwarded to the vendor.  Once SR forwarded it to vendor it was erased.  Is this not accurate?

[rasputin]

There may be no documented proof (ie - "we intercepted this package because we had arrested Vendor X and found Customer Y was making so many purchases that we deemed it to be beyond personal use, and at the same time, Customer Y failed to encrypt his address, so we obtained a search warrant"). And you'll never see it that plainly.

But, you will see Customer Y arrested.

You just don't know. Nod was informing for 3 months prior to it making the news. And digitalink apparently sat in jail for quite some time before charges were finally filed so that news wouldnt break.

They're not going to give away their methods. If they bust a vendor and that vendor kept records, you might be visited. But, DPR2 is at the top of the totem pole. Supposing they get him and take down the servers, would you rather they get encrypted gibberish or your address in plain text? Do you REALLY want to gamble with your freedom simply because the terms PGP encrypted and unencrypted haven't shown up in news articles or court indictments?

[ASlone2013]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

You remind me of the new pope....

the new pope is supposed to be the anti christ pope............................lul XD

Lawl Say what?

[Sensaiy36]

We have all read about venders who have turned, but where are the cases of not using PGP causing anyone to be arrested, caught or anything?  If I ever buy I would try again to figure it out, but I'm tired of the "use pgp" crowd shouting their indignation at those who don't use it. Right, if someone did get caught for this reason how would anyone find out anyway, goes the logic. Link please for a case of PGP causing incarceration or arrest.  And yes I do fear the wrath of the PGP club will come down on me but show me how I'm wrong. Teach me a lesson.

Frankly I doubt the NSA or anyone else is able to figure out who the heck is doing what online. They all talk a big game but who have they caught from their spying efforts?

My last 2 orders, I didn't use PGP, and I really didn't give a fuck.

[ओ३म्]

I was pulled over last night and the cop asked to see my public key.

[cleansober]

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

OK, I'm from the USA so naturally I only speak one language but this don't make no sense to me. DPR is clearly writing in a manner to mask his real identity but doing so makes his meaning difficult to decipher.  While everyone makes interesting points, not really, many don't address my question. You get marked down as a consequence.  X was the only one who gets a fucking A and an attaboy for answering my curiosity query.

  One thing I do believe if I do leave this so-called revolution, I'll have lot of free time to do things that really matter. That's a personal problem, I know, so please don't judge me.

X, ya I wonder if by using PGP NSA tracks our IP's gathering all the secret shit we think we are doing on TOR.

[kr-rypt]

''like pgp is so fucking hard dude''
'oh i know right man'
''yeah fer real i am just so like going to order some coke and x without it''
'sounds good man pffft pgp tha fuck it do anyway? heerrrrrp'
''deeeerrrrpp it just like makes things harder''
'right right just buy dat shiznit'
''done its gonna be here tommozz''
*a flipped silkroad moderator see's your unencrypted address and passes it along*
'''knock knock knock'''
''DA SHITZ HERE!''
*opens door*
''herror der''
*SWAT team kicks door in*
'OOO NUUUUUUUUUU!'
*2 hours later*
'''We recieved a unencrypted transmission that you ordered a gram of cocaine and a 100 xtc tablets'''

^^^THATS WHY YOU NEED PGP.

[Xixili]

a fucking A and an attaboy for answering my curiosity query.

Awww, thanks, my neurotic little heart is pleased, I have never received a fucking A before

X, ya I wonder if by using PGP NSA tracks our IP's gathering all the secret shit we think we are doing on TOR.

My understanding is that they don't track our IPs for encrypted communiques via Tor (although they likely do via clearweb) - but you do get free bonus backup storage for all your encrypted communications they detect.
So -- if you need any old copies of any PGP text, just text yourself or email yourself the request, and they'll get right on that.



also, what kr-rypt said, but I can't say it in as hilarious a manner.

[ENP]

As far as my address going into some drug data base, you must be joking. Show me one case where...

You logic is flawed or nonexistent, yet you've convinced yourself that you are of sound mind.
Just because there is no case to grab out there doesn't mean LE isn't working on compiling cleartext addresses to flag and/or surveil. There are such things as precedent setting cases, and maybe we just haven't ours yet.
Whether or not there is a "no fly" type list for flagging people who get drugs mailed to their house, I don't know, but why not proceed as if there was? You're better off knowing how to encrypt messages anyway with the way things are clearly moving in terms of surveillance and monitoring... 

[cleansober]

You logic is flawed or nonexistent, yet you've convinced yourself that you are of sound mind.

Anyone on this site must have some sense their mind is unsound, I'm no exception.

Whether or not there is a "no fly" type list for flagging people who get drugs mailed to their house, I don't know, but why not proceed as if there was?

Who are you asking? I've already stated I'm going to use it but mostly to blend in and avoid the PGP Police force, not because I'm afraid of the NSA snoop machine.  When I start moving kilos I'll get more concerned.

[kok]

https://www.nytimes.com/2007/09/24/sports/24cnd-steroid.html - operation raw deal
http://www.digitaltrends.com/web/feds-bust-farmers-market-an-online-illegal-drug-ring-hidden-by-tor/ - operation adam bomb

two major internet drug operations off the top of my head that relied on the targets not using GPG. There are many others as well but I can't think of all of their names. What was the operation that busted Alice and her customers? They gathered all their shipping addresses after watching her E-mail account for a month.

[kok]

As far as my address going into some drug data base, you must be joking. Show me one case where...

You logic is flawed or nonexistent, yet you've convinced yourself that you are of sound mind.
Just because there is no case to grab out there doesn't mean LE isn't working on compiling cleartext addresses to flag and/or surveil. There are such things as precedent setting cases, and maybe we just haven't ours yet.
Whether or not there is a "no fly" type list for flagging people who get drugs mailed to their house, I don't know, but why not proceed as if there was? You're better off knowing how to encrypt messages anyway with the way things are clearly moving in terms of surveillance and monitoring...

in raw deal they made a massive database of all addresses of all customers. They had like 9 gigabytes of E-mail intelligence, probably fuck loads of addresses. They straight up admitted to sorting all of the addresses in a database. Read about it.

[cleansober]

Kok, is the second member of the A club.  He addresses my joking question "Show me one case where..." with real sources. 

Somehow, the same folks who are rolling out the health care plan would need to make huge improvements with their snoop database to make it really work.  I'm thinking along the lines of SouthPark and the "Intellilink" latest episode...funny.  To overestimate your opponent may be better than underestimating, I don't know.  Will check the Art of War to find out what they say there.  We are playing strictly defense here so tactics are different.

[Strangiato]

If someone did get caught from no PGP they could still post here. PGP is technically not needed IF everything works as planned and only the recipient reads your message. However, PGP is recommended in case someone is watching or something goes wrong for extra security.

[rasputin]

If someone did get caught from no PGP they could still post here. PGP is technically not needed IF everything works as planned and only the recipient reads your message. However, PGP is recommended in case someone is watching or something goes wrong for extra security.

That is the worst bit of advice imaganable.

I mean, technically Tor isn't needed so long as everything works as planned and no one monitors the site your visit.

Technically, Bitcoin isn't needed so long as everything works according to plan and no one traces money flowing around.

DPR2.0 has been clear that he doesn't want us to trust him (this is a GOOD thing); he wants you to use PGP  so that you never have a doubt whether your messaging is being compromised.

When they busted DPR1.0 they did so with a lot of fanfare, and everyone who hadn't been covering their tracks became nervous once they realized their exposures. SUppose DPR2.0 is one day busted without the fanfare, and instead SR is allowed to keep running?  Technically, users might still think that PGP, because they have no idea that an adversary is observing their messaging.

PGP is a very small program to download, takes minutes to learn how to use after you've gotten an understanding of the concepts (public key, private key)m there is really no reason why anyone here should be without it. None at all.

If i were a vendor and someone sent me their details without PGP, I would cancel the order immediately. Not just that, but if a vendors only forum existed, I would warn others to avoid this person as well. if someone can't even be responsible to protect themselves from the numerous adversaries out there, how could anyone else believe that that user would take anyone elses security seriously either?

[Nightcrawler]

Kok, is the second member of the A club.  He addresses my joking question "Show me one case where..." with real sources. 

Kok is referring to the DEA's "Operation Raw Deal" wherein the DEA, using the Mutual Law Enforcement Assistance Treaty (MLAT) got the Canadian Minister of justice to issue a warrant to Hushmail in Vancouver, B.C., for a list of targeted accounts.  The DEA made two such requests, and were provided with 12 CDs worth of decrypted email. One DEA source boasted to the media that they received in excess of 100,000 emails from Hushmail.

Somehow, the same folks who are rolling out the heath care plan would need to make huge improvements with their snoop database to make it really work.  I'm thinking along the lines of Southpark and the "Intellilink" latest episode...funny.  To overestimate your opponent may be better than underestimating, I don't know.  Will check the Art of War to find out what they say there.  We are playing strictly defense here so tactics are different.

It is a serious error to paint all of government with the same brush. Law enforcement, does not as a rule, advertise its failures. That is one of the reasons that hard evidence is difficult to come by. I don't know if you're old enough to have lived through the crypto wars of the 1990s, but at that time, the various heads of the law enforcement agencies in Canada, the U.S. and the UK were all bordering on hysterical over the prospect of unescrowed crypto. At the time, there was a legislative proposal in the U.S. to require that all crypto be back-doored, with the keys held in escrow by the U.S. government. People were told that the keys would only be made available to police pursuant to a court order. Needless to say, the backlash to this was considerable.

It was the prospect of such legislation that led Phil Zimmermann to release PGP 1.0, in order fto make it available before any such legislation had a chance to become law.

The head of the FBI at the time, Louis Freeh, was almost apoplectic at the thought of unescrowed crypto making it way into the hands of criminals. He stated flat-out that the use of such crypto could stop investigations dead in their tracks. If crypto wasn't effective, they would not have reacted this way, would they?

You asked the question, "Show me one case where people were busted because they didn't use PGP?"  Let me answer that in a roundabout way, by telling you a story.

Once in a while, one finds out about criminal cases, the details of which tend to hint at law enforcement capabilities and weaknesses. One such case was that of a paedophile ring which was broken up several years ago.

This ring was broken up after an investigation by the FBI and the Australian Federal Police (AFP) lasting the better part of two years. The ring had operated, pretty much with impunity, for about 5 years by the time they were broken-up. According to the court documents, they were reasonably sophisticated, with members using Tor, remailers, VPNs, and (naturally) PGP.

Members of the ring posted PGP-encrypted messages to various newsgroups; all the members of the ring used a common PGP keypair, to facilitate communications amongst themselves.

According to the court documents, the police were aware of this message traffic for some time, but due to the PGP encryption, they could not read the message traffic -- they were stymied. 

So, you might ask, "How did they finally get caught?"  Well, they used one of the classic methods outlined in Sun Tzu's Art of War -- the informer or spy. (Spies are so important, that Sun Tzu devotes an entire chapter of the Art of War to them.)

One of the members of the ring was caught committing a child pornography offence, unrelated to the ring's activities. In exchange for leniency, they turned over knowledge of the existence of the ring, their PGP keys, and the information on the computer to the police. This allowed an undercover officer to assume their identity and begin monitoring the ring's activities.

After about 2 years of investigation, a series of simultaneous raids took place in the U.S., the UK, Australia and elsewhere. In all some 22 suspects were apprehended. The FBI's own figures state that there were 60 members of the ring, so even despite having been penetrated, about two-thirds of the ring's members were never apprehended. (It was later stated that those who used VPNs were arrested, while those who used Tor and remailers were not.)

Frankly, it was the sheerest of luck that led a member to be arrested, and to turn over information leading to the ring's penetration. I daresay that, if this had not happened, the ring still might be operating to this day. Frankly, as unpalatable as the ring's activities were, this case revealed the limitations of even a well-funded, multi-national police investigation. It only underscores the protection provided by such tools as are commonly available.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

[merge]

That was Operation Achilles, the group was just called the group I think and was led by Yardbird aka Dr. Who. up to the freedom hosting bust it was the most secure CP ring to ever be busted. Kind of hard to compare it to Freedom Hosting though, in a way they were actually even more secure because they had super strict membership requirements and all group traffic was encrypted. The informant was certainly a flaw in their security but they always expected to be infiltrated eventually, so their Achilles heel was actually the use of VPN's instead of Tor by some of the members. You really would need to be absolutely insane to use a VPN for CP, everyone who does that gets busted eventually due to a trace whereas the people who get busted using Tor are invariably busted from browser or web server exploits or giving away too much info on themselves, or via analysis of photographs in the case of producers). Operation Achilles is actual pretty close to definitive proof that at the time Interpol thought they had no chance of tracing through Tor, Bart Huskey was I believe one of the members of the group who was not taken down in the initial bust but they got him about 6 months later after analyzing photographs. This guy was a first class sick fuck and abused his daughter so severely in the CP he produced that many of the investigators thought he was going to end up killing her before they could locate him. The people who used VPN's still delayed their arrests by about six months after the group was infiltrated but they never traced Bart with traffic analysis and it took a full year after their investigation into the group started before they managed to locate him, again by analysis of the photographs he took rather than via technical measures. If they could have traced Tor to find him they almost certainly would have to save the life of a young girl.

It has been a long time since I read (a lot) about that case but I don't think it took 2 years after infiltration to raid them. The entire operation traced back to its very root might have taken two years to get to the point that they managed to infiltrate the group though. I can't remember the name of the original operation I think it was joint hammer though, pretty damn near every major organized CP ring that has been busted over the past seven years is linked back to that operation and it is still ongoing today. Busting the Yardbird Group was a minor part of Joint Hammer, Achilles was one of the many many spin off operations.

story on the arrest of Bart, on June 20, 2008

www.dailytelegraph.com.au/news/national/how-tara-was-saved-from-evil-world/story-e6freuzr-1111116685751

AN international investigation that began in Australia has caught a paedophile halfway across the world after brilliant, painstaking police work.

In what police described as a race against time, tennis coach James "Bart" Huskey is finally behind bars in a high-security US jail in Atlanta, Georgia, accused of committing and filming despicable sexual crimes on a young girl over a four-year period.

The story of how the tall, bearded, heavy-set 38-year-old father of two was arrested on Monday began in Brisbane in 2006.

The victim was first abused when she was five, US authorities allege. The attacks were filmed, photographed and distributed to an international internet paedophile ring.

"The images have become increasingly violent, with the latest showing the subject wielding a large knife toward the victim," the FBI affidavit states.

Police became aware of the videos and images, known as "The Tara Series" in June, 2006, when police in Brisbane tipped off the FBI's Innocent Images Unit in Washington DC about an international child porn ring.

The Australian police believed the ringleader and other members most likely lived in the US.

They were desperate to find the victim and perpetrator because every few months, as new images appeared, the assaults became more violent.

The attacker's face on the images were pixilated, so to track him down and save the girl took immense worldwide effort. According to an FBI affidavit the ring had about 48 members.

Passwords were protected. Members never provided their true identities and no traditional forms of communication were used.

With leads difficult, investigators worked with what they had - the photos and footage. They studied every small detail of the images, particularly background settings or any object that could be traced.

In one photo series it appeared "Tara" was assaulted inside a vehicle. Investigators showed the photo to a car dealer who identified the interior of the car as a Pontiac Aztek painted sunburst orange paint. Investigators then created a list of all registered users of 2003-2005 Pontiac Azteks in Georgia.

In other photos, it appeared "Tara" was being assaulted in a hotel room. In the background was a unique piece of artwork titled Inspired Hillsides. A spreadsheet of all sales of the painting was produced and from the list it was discovered the painting was sold to a hotel in Carrolton, Georgia. The hotel manager confirmed that Huskey was registered in the hotel on July 21, 2007.

A check also discovered a 2005 Pontiac Aztek was registered to a woman with Huskey's surname. They checked the woman's MySpace page and compared background interior photos on it to background shots from the "Tara" images. They appeared similar.

An analysis was also undertaken on a bedspread viewed in some of the images of the Tara series. It was discovered the bedspread was a product of FingerHut Corporation, an online shopping company, which confirmed products were sent to Huskey's home.

As authorities closed in, they compared Huskey's driver's licence photo to the pixilated pictures in the Tara series images and it showed "Huskey as having a close resemblance".

On Monday, FBI agents raided Huskey's home in LaFayette, Georgia, northwest of Atlanta. They allege he quickly confessed.

"Huskey admitted to sexually molesting a nine-year-old child since she was approximately six-years-old and posting images and videos on the internet," the FBI affidavit states.

On Tuesday, the alleged victim was interviewed.

"She disclosed that Huskey had been sexually abusing her for several years," the FBI affidavit states.

Huskey is being held in jail ahead of a bail hearing on Monday.

story on yardbird ring bust, the raids were carried out in February 2008, so about 4 months before they got Bart. This story is conflating Operation Joint Hammers and Operation Achilles though, they were two separate operations, Operation Achilles was initiated after Joint Hammers led to the arrest of a member of Yardbirds group but they are referring to parts of Operation Joint Hammers as being part of Operation Achilles.

Police agencies around the world are now sifting through 400,000 pieces of evidence after they cracked a major online child pornography network that used a sophisticated encryption code.

'Operation Achilles' was initiated by Queensland police task force Argos and it is alleged that a core administrator of the highly secret website was a 29-year-old Queensland public servant.

For years, a network of men scattered across the world had reached what they considered to be the pinnacle of success.

Seasoned paedophiles, they believed their sophisticated knowledge of computer encryption had made them untouchable, and in that safe zone, they commissioned, made and traded images of the youngest children involved in the worst sex acts.

FBI executive assistant director J Stephen Tidwell says the pornography ring used highly specialised techniques to hide from law enforcement authorities.

"We have found ourselves now, as this case demonstrates, that we have groups as sophisticated as any other criminal organisation, that have the wherewithal, that have the means to literally pursue children and to exploit children at a level that has surprised us," he said.

Legal documents obtained by ABC1's Lateline program show just how at ease the men were as they messaged each other offering pictures.

"I have a few five-year-old Taras that you do not have," one said.

"These girls are heavily drugged ... to move or resist. Three girls, the first one being the youngest, around eight or nine years old," another said.

Another writes his assessment of the importance of the child sex network.

"My thanks to you and all the others that together make this the greatest group of pedos to ever gather in one place. I'm honoured just to be part of it," he said.
Penetrating the network

This paedophile network had more than 400,000 child abuse films and images on their computers. Many of the images were sadomasochistic.

But what the men didn't know was that their group was about to be destroyed from within, because the world's police had finally caught up with their computer techniques.

In the end, it was a group of Queensland police that brought the downfall of the network and cracked the case open for the FBI.

Operation Achilles began with a series of secret events in New Zealand and Australia.

It was December 2005 when New Zealand's Department of Internal Affairs made an extraordinary discovery, which cannot be disclosed as the investigation is continuing.

The New Zealanders passed their information to task force Argos in Queensland.

In January 2006, task force Argos began one of the most complex child paedophile investigations ever undertaken, in co-operation with the FBI, Interpol, Europol, German, British, New Zealand and Canadian police.

By July 10, 2006, covert operatives had broken through the security apparatus that protected the paedophile ring.
Rescuing children

At this point, task force Argos made a shocking discovery. A video was being offered for sale to the network.

It turned out to be what is now being dubbed, 'the Daphne and Irene' video, which shows the repeated rape of two girls aged 11 and nine, by their 35-year-old father.

On July 27, the father was arrested and the house of the Italian webmaster, Sergio Marzola, was raided in Italy. He was found to have 150,000 euros in cash stashed in his stereo speakers.

When Daphne and Irene's father was finally arrested in Belgium, he had 150 separate videos of his children.

Europol officer Menno Hagemeijer says many of the videos were tailor-made.

"Individuals were willing to pay hundreds and hundreds of euros if, for example, their favourite model would do their particular pose," he said.

"We have found pictures of the models, in which the model is holding a piece of paper with the name of the customer - a personal trophy."

In Queensland, nine men were arrested and charged for buying the video, and a four-year-old Australian girl was found and rescued.

Then, Operation Achilles found another predator, this time in Germany.

The man, who appeared in court two weeks ago, has been sentenced to 10 years in jail for the rape of his two daughters. One is six years old, the other one is just three years old. He filmed and broadcast his crimes live via his webcam.

Watching the video, police recognised the theme of a local radio station playing in the background and they heard the unusual names of the two girls. German police tracked down the location and rescued the children.
Local crimes

As task force Argos and their international partners mapped the network, they were able to crack the ring's encryption codes.

They found the secret passages of what appeared to be legitimate websites, opening the secret door into the paedophiles' hellish trading room.

They also unearthed the paedophiles' pseudonyms, the screen names that hide an abuser's identity.

They saw in the networks communication that group members were tested on photo recognition. Every paedophile knows intimately all the photos that have been traded. New members are questioned about traded photos to test their trustworthiness.

At this point, task force Argos made a very significant discovery - the man they now believe was the key administrator of the group actually lived in their own state - in Townsville, in far north Queensland.

Police believe the alleged Townsville predator was responsible for the security and administration of the group. Experts in these networks say an administrator plays a critical role.

Task force Argos operatives and their international partners watched and listened to the network for 18 months, until they had enough evidence to move in and arrest the predators.

On February 26 this year, John Rouse, the man who had cracked the ring, briefed colleagues on their targets, and their pornographic material. On February 29, simultaneous raids occurred across six countries.
Standing trial

Detective Superintendent of Queensland Police, Ross Barnett, says police feel they have achieved a great result for the victims of the network.

"We're very confident that we have got all of the major players in this group, and that's a really pleasing result for law enforcement," he said.

"But probably even more important than the arrest of these offenders is the fact that along the way we've been able to rescue 20 children around the world from ongoing sexual abuse."

The 14 American alleged child abusers will be tried in June by the grand jury. The inditement obtained by Lateline says some of the victims were as young as five years old.

If convicted, the US predators are likely to get tough sentences - more than 15 years each.

But that is only the start of this operation Achilles.

FBI agents will now have to sift through many thousands of clues that they have recovered from the predators' hard drives.

And there will be some children that they will never find.

hm I guess it could have been an 18 month operation after all. I thought it was 6 but like I said it has been a long time since I read about it. Then again this news story is horribly inaccurate so who knows. For one they confuse two independent operations as being one, for two they make it seem like the feds cracked the encryption but really what happened is joint hammer led to a bust of one of the members of Yardbirds Group and then the police took over his account and started Operation Achilles.

[Cornelius23]

So you were on the old SR, and not using PGP?  You realize that the lightning strike you just described as being so rare just happened, right?  LEO has your address unencrypted right now.  …

You can send your address in clear text.  If you did that on the old SR before June 23 or so, LE has it.  …

Unlikely, I think, for the following reason:

My understanding was that if you even if you didn't use PGP to send a purchase address to a vendor through SR, the address didn't remain on the SR server/database once it was forwarded to the vendor.  Once SR forwarded it to vendor it was erased.  Is this not accurate?

Actually, old SR (like new SR) deleted addresses upon confirmation of despatch.

Personally, I never bothered with PGP on the old SR mostly because of this. I did so on Sheep after SR went down and do so now on SR because that had finally got me into the habit.

If you don't use PGP then I can see your address. You do not know who I am and you cannot be sure I am not law enforcement, so use PGP and you don't have to hope that I'm not law enforcement.

OK, I'm from the USA so naturally I only speak one language but this don't make no sense to me. DPR is clearly writing in a manner to mask his real identity but doing so makes his meaning difficult to decipher.…

To put it another way, you cannot be certain that someone who has access to information on the server (such as DPR or a mod) might not be working for law enforcement. If you use PGP nobody with access will see your address.

[WateRWalkeR]

Personally, I've never been one to use PGP, however I think that you're thinking about this the wrong way.
PGP is simply a precaution to stop messages from being read by other people. If you feel that the vendor is to be trusted, and will not keep any record of your address, in addition to silk road in itself then hey, why not. But if the vendor makes a single mistake, or get's caught with all of his messages released, then who's to say your address won't still be on there? Or the same thing happens with SR1, and all of your messages and the server in itself is compromised, how hard is it to use PGP when you are basically giving them your address?

As said, the chances are slim but ever so present, you be the judge of your own safety.

[merge]

Personally, I've never been one to use PGP, however I think that you're thinking about this the wrong way.
PGP is simply a precaution to stop messages from being read by other people. If you feel that the vendor is to be trusted, and will not keep any record of your address, in addition to silk road in itself then hey, why not. But if the vendor makes a single mistake, or get's caught with all of his messages released, then who's to say your address won't still be on there? Or the same thing happens with SR1, and all of your messages and the server in itself is compromised, how hard is it to use PGP when you are basically giving them your address?

As said, the chances are slim but ever so present, you be the judge of your own safety.

The chances are clearly not slim considering it already happened once. Only total idiots wouldn't use GPG. All the time it saves peoples asses.

[Cornelius23]

… Only total idiots wouldn't use GPG.…

I didn't use it and most people seem to think that I'm quite bright. Bits of me may be idiotic at times but I don't think all of me entirely

[bbkf]

I don't know how many of you knew my buddy Elroy666, he was from either Birmingham or Manchester. He was a very active buyer/vendor on SR and everywhere else, great guy, one of my better digital friends. Elroy didn't use PGP and now he's doing time. They got warrants on his email after an interception. I'm not going to clearnet to get the doxx and I'm not going to doxx him anyway,

It's just sad, Elroy never did anyone any harm.

[Forgotten1]

I don't know how many of you knew my buddy Elroy666, he was from either Birmingham or Manchester. He was a very active buyer/vendor on SR and everywhere else, great guy, one of my better digital friends. Elroy didn't use PGP and now he's doing time. They got warrants on his email after an interception. I'm not going to clearnet to get the doxx and I'm not going to doxx him anyway,

It's just sad, Elroy never did anyone any harm.

<3 out to Elroy and all the others like him.

[TheSlyFox]

I don't know how many of you knew my buddy Elroy666, he was from either Birmingham or Manchester. He was a very active buyer/vendor on SR and everywhere else, great guy, one of my better digital friends. Elroy didn't use PGP and now he's doing time. They got warrants on his email after an interception. I'm not going to clearnet to get the doxx and I'm not going to doxx him anyway,

It's just sad, Elroy never did anyone any harm.

If you don't use PGP then you're an idiot and gain no sympathy from me.
Look people shouldn't be locked up for drugs it sucks I know but I mean Unless you did not know about PGP there is no excuse.

Not using PGP when trading or talking about sensitive data can effect other people too (not just him).

[Lief]

I don't know how many of you knew my buddy Elroy666, he was from either Birmingham or Manchester. He was a very active buyer/vendor on SR and everywhere else, great guy, one of my better digital friends. Elroy didn't use PGP and now he's doing time. They got warrants on his email after an interception. I'm not going to clearnet to get the doxx and I'm not going to doxx him anyway,

It's just sad, Elroy never did anyone any harm.

If you don't use PGP then you're an idiot and gain no sympathy from me.
Look people shouldn't be locked up for drugs it sucks I know but I mean Unless you did not know about PGP there is no excuse.

Not using PGP when trading or talking about sensitive data can effect other people too (not just him).

Thing is, PGP is not even difficult to learn. I was soooooo freaked out about it and it shocked me how swiftly I got my head around it.

[Getobox]

Has anyone ever been arrested due to not using PGP?

Yes. EVERYONE that got arrrested and had evidence used against them which involved communication.  Without that its hard to prove intent. You should implement security at EVERY level. EVERY level. LEO doesnt use just one method.

If you don't use PGP then you're an idiot and gain no sympathy from me.

1 million times YES. Zero sympathy.

[GR8FULL27]

I don't know how many of you knew my buddy Elroy666, he was from either Birmingham or Manchester. He was a very active buyer/vendor on SR and everywhere else, great guy, one of my better digital friends. Elroy didn't use PGP and now he's doing time. They got warrants on his email after an interception. I'm not going to clearnet to get the doxx and I'm not going to doxx him anyway,

It's just sad, Elroy never did anyone any harm.

If you don't use PGP then you're an idiot and gain no sympathy from me.
Look people shouldn't be locked up for drugs it sucks I know but I mean Unless you did not know about PGP there is no excuse.

Not using PGP when trading or talking about sensitive data can effect other people too (not just him).

Oh, foxy, thank you thank you thank you!  LOUDER....PGP is pretty good protection. Tails makes it a little better.  If you cannot learn to use it, get a partner in crime, if you will. 
Foxy points out that it is not only YOU that is jeopardy.  Look at the genius who ALLEGEDLY created this masterpiece.  Even he fucked up......should tell all of us something.

PGPGPGPGPGPGPGPGPGP

for u n me

I wrote a lil song about it, like to hear it, here ya go............

PGP is for u and me, do da do da
If you don't use it dont talk to me, oh da doo da day........

Feel free to add on, peeps

[Getobox]

I wrote a lil song about it, like to hear it, here ya go............

PGP is for u and me, do da do da
If you don't use it dont talk to me, oh da doo da day........

Feel free to add on, peeps

^.^ LMFAO!


HALLEJEUJA BROTHA!! AWWWW LAWWWD, PREACH IT!!!

[thecatisback]

PGP can be a pain in the fuckin ass esepcially with Whonix. I've had it work great 90% of the time being able to get the message to the seller to decrypt and 10% say I can't descrypt it. These are with the same xact keys and I know how to use it.

PGP is not fall proof. Further if you'll note MOST of the vendors I've seen don't use 4096 bit PGP they use the lesser but which I am pretty sure arn't that secure and are prone to be broken if someone really wanted to do the work.

Just my take but PGP can be a pain in the fuckin balls.

[anonymousGuy57]

Bro PGP is literally so simple to use and understand..

If you dont understand it i would GLADELY WRITE YOU UP THE SIMPLEST WAY TO USE IT AND UNDERSTAND EVERY PART..

Ive writting and helped member before that swear they just wont be able to figure it out, after i write a SIIMPLE STEP BY STEP GUIDE you will seriousy say WOW AND I THOUGHT THAT WAS HARD?

It confused me reading about it when i started, but i literally learned overnight.. its simple.. PM me and id be glade to HELP ANY ONE!! PGP IS FOR YOUR PROTECTION!! USE IT! NOT PRIVNOT! IT REQUIRES JAVA, TOR SHOULD NOT HAVE JAVA ENABLED , IF U HAVE IT CHECKED, UNCHECK IT!!! AND MAKE SURE YOU HAVE GLOBLE SCRIPS OFF..

[Trust In Us]

Simple answer to your question. Yes. I personally know a handful of morons who where busted selling on SR1. LE had no trouble figuring out there info as they used no pgp at all.
PGP saves lives.
What is it aster used to always say? It never hurts to be extra safe.
In this case this is basic for your safety in all of your illegal darknet activitys