Silk Road forums
Discussion => Security => Topic started by: Rastaman Vibration on June 18, 2013, 07:08 am
-
The chain always breaks at its weakest link. So its important to examine where the weak links are in terms of risks associated with buying from SR. I know there are many aspects of security, however I am specifically looking to minimize a user's risk of getting caught. I've read a lot about what to do in case you do get caught, but its really best to take every possible precaution to avoid getting caught in the first place. I have not included a risk assessment of disk encryption methods, for example, because I want to put the focus on not drawing attention to yourself, rather than ways to protect yourself in case you were to get caught.
I have never been a vendor on SR so I can't really weigh in on any risks associated with vending. Would be great to have some feedback from vendors though.
1. Connecting to SR
A. Are you using Tor securely?
- hopefully everyone here knows to use the Tor Browser Bundle to connect to Tor and not services such as onion.to
- Tor apps for smart phones represent a weak link in the connectivity chain. Mobile devices have too many tracking mechanisms built in for the level of security SR requires
B. Can your Tor use be traced back to you?
- Are you connecting to Tor over your internet connection? Your ISP wil be able to tell you are running Tor traffic. Attempts to hide Tor usage can sometimes draw more unwanted attention. Ideally, you should be using a public Wifi connection or trusted VPN
2. Acquiring Bitcoin
A. Are your bitcoins anonymous?
-Did you provide identifying information to get your coin?
B. Are you drawing unnecessary attention to yourself?
- Are you making a large transaction?
- If using fake credentials, are you playing it cool?
C. Are you getting bitcoin using a method that is under scrutiny from LE?
3. Placing the order
A. Are you using PGP?
- using PrivNote or other 3rd party services presents a security risk
B. Are you using PGP correctly?
- if you are not sure, there are many helpful members here who you can practice with
4. Receiving the Delivery
A. Stealth
- I think this is by far the weakest link in the chain, mostly because of factors you cannot control, such as how well the vendor has packaged your item and how well the package blends in with legitimate mail.
B. Choosing your drop location wisely
- There are many factors to consider here, such as who the package is addressed to, or whether its being delivered to a P.O. box or home address. The important thing here is to not raise suspicion
5. Maintaining IRL Anonymity
A. Keeping your mouth shut
- Are you bragging about your SR purchases to all your friends?
B. Safeguarding your clearnet presence
- Hopefully no one here is mentioning anything about SR or any of their deepweb activity on clearnet, esp. Facebook or other social media. That's a sure-fire way to attract unwanted attention.
- Are you using the same username for SR and clearnet?
- Can your SR usage be traced to your clearnet presence in any way?
Again I think the best way to not get caught is to avoid drawing the attention of LE. Its good practice to examine your SR buying practices and analyze where the weak links are. Once the weaknesses have been identified, you can then take steps to strengthen their security.
Peace
***Edit***
Added point 5.
-
That's a pretty good post! Maybe you should add points about talking about SR to the people you know since that can put you at risk too. +1
Edit : I can't give you karma, it hasn't been 72 hours yet...
-
I am not so sure about the "hiding of Tor usage." How would they know you're hiding it? If you are connected to a VPN, which is not related directly to your ISP, I doubt they'd know. Your VPN may know, but I strongly doubt them reporting you for it unless you are somehow implicated in a heinous crime. Even then, connecting to TOR is not a crime. With the recent NSA whistleblower, we will probably see an influx of people using TOR anyway.
I honestly think it goes:
1) Stealth (out of our control)
--for domestic, I think as long as it doesn't smell/feel a certain way, it's good.
--The most important part after this is how the package looks. Printed labels just look so much more authentic.
2) Clearnet/IRL relations (for example, there is a vendor here that sells Silk Road apparel)
3) Mobile connections. I know of a big-time vendor on BMR that admitted he was checking his BMR mail via Tor; I was unsure whether to keep doing business with him.
-
+1 Rasta
-
I am not so sure about the "hiding of Tor usage." How would they know you're hiding it? If you are connected to a VPN, which is not related directly to your ISP, I doubt they'd know. Your VPN may know, but I strongly doubt them reporting you for it unless you are somehow implicated in a heinous crime. Even then, connecting to TOR is not a crime.
I believe that vendors should hide their Tor use. It isn't a crime, but it could be used to identify them.
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.
LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.
-
The weekest point is BY FAR - the fact the you have no control or Information about what is happening with your package from the minute it being shipped till the minute it gets delivered (even with best stealth)
all the techy stuff are relevant only when you are already busted.
- in most cases its addressed to our name and addresses (fake name WILL NOT get you off the hook)
- opened by accident?
- some dog sniffed it?
- got detected in some other way?
- flagged and being followed
- if using a drop point - still needs to be picked up
- you have now idea if just today some "super drug detecting tech" just came into service
and similar stuff....
unlike street deals, the element of surprise is 100% on the LE side,
sure you can say - dont sign etc bla bla bla...
maybe you will get out of it at court somehow, but you will be arrested, interrogated and search, loose your computer for quite a while, spend shitload of money on lawyers and other unpleasant crap, i have been there unfortunately and im always stressed as hell from the minute of shipment to pickup - and nothing is more stressful than a letter thats being late, i always think that this is when im fucked
Glad that my pack arrived today safely :)
+1 great thread
-
C. Are you getting bitcoin using a method that is under scrutiny from LE?
Which methods exactly are under the most scrutiny?
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.
LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.
This is quite scary to me and I am not a vendor. Could small-time buyers also potentially go down using this technique?
-
C. Are you getting bitcoin using a method that is under scrutiny from LE?
Which methods exactly are under the most scrutiny?
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.
LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.
This is quite scary to me and I am not a vendor. Could small-time buyers also potentially go down using this technique?
No; this scenario depends on having a basic geographical location to start within -- as described, they get that by ordering a package and finding all the Tor users in the originating city. Unless you order from a cop, they aren't going to have a city to start from. I also can't imagine they'd ever bother for somebody buying a few dime bags here and there, etc..
-
The weekest point is BY FAR - the fact the you have no control or Information about what is happening with your package from the minute it being shipped till the minute it gets delivered (even with best stealth)
Yep. In 100% of cases that I've heard of where someone got busted because they ordered from SR, it was because the package was intercepted.
I agree that people put too much emphasis on the technological aspects, which are theoretical so far. Anonymously purchasing bitcoins, encrypting your address, leaving no forensic traces of Tor on your computer, etc. No one has been identified, investigated, arrested or prosecuted based on that evidence alone. To my knowledge, it has never been the starting point of an investigation. Of course, there's a first time for everything, and LE will get savvy to it eventually, if it is worth their time.
The best thing you can do to protect yourself from getting arrested is to order amounts that are small enough not to get you CD'ed.
-
Although interception due to screening or random chance is likely the most common reason for a customer to be arrested, we must keep in mind that we may not know the cause of an interception. It is entirely possible that some interceptions that appear to be due to screening or random chance are actually due to technical attacks or even more likely human intelligence. I have seen cases where multiple large shipments to different people were sent out at the same time, and all of them were intercepted. There are many possibilities of how this could have happened. It could be that they were randomly screened for contraband, it is possible that they were flagged, it is possible that one of them was intercepted and the others were identified due to sequential tracking numbers, it is possible that the one that was flagged was flagged because tracking was checked with Tor, it is possible that an undercover compromised the shipper, etc etc. In a case where a technical attack leads to an interception, it is entirely possible that the technical attack that leads to the intelligence will never be revealed in court even. There is a big distinction between intelligence and evidence, intelligence points the agents to where they must look for evidence. Evidence in a drug case will always be in the form of the intercepted drugs, but the intelligence that leads to the interception taking place could be from a wide variety of different things, and it may never be revealed.
It is similar to when people are 'randomly' pulled over and subjected to a drug search. In some cases they may have committed a minor traffic violation and been pulled over for that, in some cases they may have acted in a suspicious way and been flagged for that. Indeed, in the majority of cases somebody arrested for transporting drugs via a vehicle will probably have originally been pulled over for unrelated traffic violations or for having been behaviorally flagged. However, in many of the cases they will have already been identified as having drugs due to human intelligence, or due to technical intelligence, but this will not be revealed if the conviction can be obtained based upon the evidence obtained during a 'routine' traffic stop.
-
The best thing you can do to protect yourself from getting arrested is to order amounts that are small enough not to get you CD'ed.
There are two potential strategies imo.
The first strategy is to keep your orders so small that they are unlikely to be detected, and that if they are detected you are not likely to get CD'ed. Certainly smaller orders are less likely to be intercepted, and indeed they are also less likely to get you CD'ed (although I would never count on that for specifically scheduled drugs higher than schedule 3, regardless of the amount). This strategy is also beneficial in that in the case of an interception, the charges that can be brought against you will be relatively less severe than if you order large amounts.
The second strategy is to order large amounts infrequently. If you order 1 hit of LSD every week, it is less likely that any of the individual hits will be intercepted (although LSD is not the best example, since even sheets weigh very little and can be disguised as letter mail), but due to the frequency of ordering it is possibly more likely that SOME of your individual hit orders will be intercepted. If you order 100 hits of LSD once every two years you are much more likely to be charged for it if it is intercepted, and the charge will be much more serious than if you had ordered a single hit. Additionally, with many drugs, ordering two years worth of it at a time is going to result in a shipment that is more likely to be intercepted than a single dose of the drug would be. The advantage is that now you only need to get 10 shipments over 20 years to keep yourself supplied with LSD, versus getting 96 shipments through over the same 20 year period if you order one weeks supply at a time.
I have generally gone with the second strategy, ordering a year or two supply of drugs at a time. I can totally see the validity of your strategy though. Your strategy is also the strategy a friend of mine uses. Usually he orders a months worth of drugs at a time. This means that he receives many packages, but they all contain relatively small amounts. On the other hand, I tend to buy drugs a year or so in advance. This means that I get large shipments, but much less frequently.
-
Thanks for all the suggestions about running your mouth IRL about SR. I edited the OP and added a point on that. My silly technical mind forgot all about it, lol
C. Are you getting bitcoin using a method that is under scrutiny from LE?
Which methods exactly are under the most scrutiny?
Hard to say for sure, but you can be sure that's something they're paying attention to. I read a post on here from someone who had LE knock on his door because he was mining tons of bitcoins and selling them on localbitcoins.
-
C. Are you getting bitcoin using a method that is under scrutiny from LE?
Which methods exactly are under the most scrutiny?
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.
LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.
This is quite scary to me and I am not a vendor. Could small-time buyers also potentially go down using this technique?
No; this scenario depends on having a basic geographical location to start within -- as described, they get that by ordering a package and finding all the Tor users in the originating city. Unless you order from a cop, they aren't going to have a city to start from. I also can't imagine they'd ever bother for somebody buying a few dime bags here and there, etc..
Yep. The attack Astor pointed out is a very real concern for vendors, but not at all for customers. In addition to needing the rough geographical location of the target, the attacker also needs to go to quite a bit of trouble to carry the attack out. It is unlikely that they would bother going to so much trouble to bust somebody who is only buying for personal use, but they couldn't even if they wanted to because they don't know the rough geographical location of customers with enough precision that they could even get started. And if they do know where the customer lives to a small enough radius that this attack would be realistic, chances are they already have the customers address anyway. For a big vendor it is a totally different story though. Even more worrying is that they may be able to enumerate Tor clients simply by long term observation of the directory authority servers (ie: without cooperation of ISP's local to the vendors area of operation). This is prevented in cases where vendors use bridged connections, as bridges act as directory guards as well. Bridges also make it less likely that a vendor will be detected as a user of Tor even in cases where the attacker gains the cooperation of the vendors local ISP's.
-
I am not so sure about the "hiding of Tor usage." How would they know you're hiding it? If you are connected to a VPN, which is not related directly to your ISP, I doubt they'd know. Your VPN may know, but I strongly doubt them reporting you for it unless you are somehow implicated in a heinous crime. Even then, connecting to TOR is not a crime.
I believe that vendors should hide their Tor use. It isn't a crime, but it could be used to identify them.
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.
LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.
Interesting proposal, but A. plenty of vendors do not ship from their own city and B. most vendors have a VPN. Bye bye Big Brother.
-
Yeah, a VPN or even a free bridge blocks this attack, assuming LE hasn't enumerated all of the bridges. China did, but the Tor people detected it. I have not seen them mention that they detected anyone else doing it. Of course, maybe others are just better at doing it surreptitiously, or the Tor Project was served an NSL, oh my.
Most likely, Western LE don't care enough about Tor users to do it. Obviously, since this attack has not been performed as far as we know, they don't care about SR vendors enough to do it.
Stealth packaging and safe shipping operations are far more important for vendors. Don't get your fingerprints on the packages, change your mail drop locations, don't carry a mobile phone with you, that kind of stuff.
-
Evidence in a drug case will always be in the form of the intercepted drugs, but the intelligence that leads to the interception taking place could be from a wide variety of different things, and it may never be revealed.
Now I'm not a lawyer but doesn't the prosecution have to reveal it's information during discovery?
-
Im always taking the small amounts approach, in my country and most countries you will get arrested anyway for international orders as its "drugs importation". In here - even for 1 cannabis seeds, there are no love letter and when theres a CD nobody care if you sign or not, you will still have some unpleasant experience, penalty will be very easy at court maybe some fine and crap if its not a repeat felony ,
Personally i think that the search-arrest-interogation is the worse part, much more than the punishment when
We are talking about small amounts, specially when you have family...
But from some reason im taking the risk..l makes me wonder :)
Btw astor - reading you technical posts has always been my pleasure n these forums
-
:'(
-
This is quite scary to me and I am not a vendor. Could small-time buyers also potentially go down using this technique?
No; this scenario depends on having a basic geographical location to start within -- as described, they get that by ordering a package and finding all the Tor users in the originating city. Unless you order from a cop, they aren't going to have a city to start from. I also can't imagine they'd ever bother for somebody buying a few dime bags here and there, etc..
Yep.
Yay. My answer has been validated. I feel all warm and fuzzy now that kmfkewm approves of my response ::)
LOL... I'm just fucking with you man; struck me as funny, that's all. I don't mean anything by it.
-
Im always taking the small amounts approach, in my country and most countries you will get arrested anyway for international orders as its "drugs importation". In here - even for 1 cannabis seeds, there are no love letter and when theres a CD nobody care if you sign or not, you will still have some unpleasant experience, penalty will be very easy at court maybe some fine and crap if its not a repeat felony
That seems harsh. What I gather from many years of reading about drug busts in articles and personal posts on various forums, in the United States you are much more likely to get a package intercepted in customs than in domestic mail, but the amount has to be bigger in order to get CD'ed. I have heard of 100 tabs of MDMA getting seized in customs and the recipient did not get CD'ed. On the other hand, in recent months, two cases involving about 100 g (equivalent to 1000 tabs) did get CD'ed.
I don't know what the cut off is for various drugs, and most likely there isn't a specific cut off. If the amount is within some gray area, it probably depends on whether someone in the LE hierarchy decides to pursue the case.
So, I keep my orders safely below what I believe is the gray area for the few drugs I'm interested in.
Also, love letters only come from customs. I have never heard of love letters coming from domestic mail interceptions. The purpose of a love letter is to inform you of a package that you can theoretically claim, because there are people with DEA licenses who are legally allowed to possess and import controlled substances, including hard drugs. They are mainly researchers working at official research institutions.
On the other hand, the majority of knock and talks come from domestic mail interceptions. I believe a knock and talk, where LE knocks on your door and openly asks about a package, is a type of fishing expedition. The amount is too small to spend the resources to do a proper controlled delivery, and it's not something they would want to spend money on if you decided to fight it in court, but if they knock on enough doors, a certain percentage of people will get scared and confess.
Showing once again that you should never talk to LE. They have professional interrogators. You will not outsmart them. Your best defense is to say nothing.
One anecdote: I personally know someone who got a knock and talk on a package of 30 percocets. The name he used was fake, he claimed it was a transient ("some guy I met at the bar") that he allowed to live in his house for a few weeks but kicked out days earlier ("because he was shady as hell"). He didn't get charged.
LE didn't have to believe his story. They couldn't prove otherwise. I still strongly believe in not using your real name anywhere. It is a stronger defense than not signing for the package, putting "return to sender" on it, and most of the other suggestions for plausible deniability that I have seen. If you must receive mail under a "real" name, get a fake ID.
Hey look, we're talking about buyers again in this thread! :)
Sorry I derailed it to vendors.
Personally i think that the search-arrest-interogation is the worse part, much more than the punishment when
We are talking about small amounts, specially when you have family...
Yeah, in many circumstances, simply catching charges can fuck up your life. Instead of dealing with the legal intricacies of whether signing for the package proves I knew about its contents, I'd just rather not get CD'ed in the first place.
Btw astor - reading you technical posts has always been my pleasure n these forums
Hey, thanks man. :)
-
sub'd
-
@Astor - Yes, you state some important point (some not relevant to my country) and from what you are saying that been said many times before - stick to small domestic orders and you won't have much to worry about,
unfortunately there are no vendors from my country on SR and even if there were - i would not trust them with my address, ever.
so here we are always fucked with importation charges (although i have yet to hear about a regular letter that was intercepted, only from known seed banks in Europe and such)
regarding LE, unfortunately i had my share of encounters with them, some ended well and some not so much - even when i did not talk :) im not really bothered with the legal consequences of these small amounts rather than the mess that the process can do to my life...
- BTW - the "return to sender" thing is a myth, once the LE wants to catch you, and delivers you a package in CD or just following the pack, be sure that you will not hold the package in your hands more than 3 second before getting raided and busted (so you will not have any chance to get rid of any evidence), if your not busted instantly, you are safe.
-
I completely agree, microdotter. I have read many personal accounts of CDs and where they mention package signing, they all seem to agree that not signing for the package makes no difference. Each story is an anecdote, but a lot of them in aggregate are pretty convincing.
-
I completely agree, microdotter. I have read many personal accounts of CDs and where they mention package signing, they all seem to agree that not signing for the package makes no difference. Each story is an anecdote, but a lot of them in aggregate are pretty convincing.
What exactly does a Controlled Delivery consist of? How do they get the Information necessary, to know your getting drugs sent In the mail? Can this happen through only buying domestic since It won't need to go through customs? Also how would this work at a post office?
-
What exactly does a Controlled Delivery consist of? How do they get the Information necessary, to know your getting drugs sent In the mail?
They could randomly select it for inspection (least likely), the package could look suspicious, or they are tipped off about it.
There are stickied threads in the Shipping section that discuss stuff like what looks suspicious to postal inspectors. There's also a thread in the Newbie section about that. All well worth a read.
Can this happen through only buying domestic since It won't need to go through customs? Also how would this work at a post office?
Yes, any of these options could happen to domestic mail, but they are less likely than when the package goes through customs
-
Evidence in a drug case will always be in the form of the intercepted drugs, but the intelligence that leads to the interception taking place could be from a wide variety of different things, and it may never be revealed.
Now I'm not a lawyer but doesn't the prosecution have to reveal it's information during discovery?
I believe they have to reveal all of their evidence but not all of the intelligence they used to obtain the evidence. A quick search turns up the following Wikipedia page:
https://en.wikipedia.org/wiki/Brady_disclosure
Brady disclosure consists of exculpatory or impeaching information and evidence that is material to the guilt or innocence or to the punishment of a defendant. The term comes from the U.S. Supreme Court case, Brady v. Maryland,[1] in which the Supreme Court ruled that suppression by the prosecution of evidence favorable to a defendant who has requested it violates due process. Following Brady, the prosecutor must disclose evidence or information that would prove the innocence of the defendant or would enable the defense to more effectively impeach the credibility of government witnesses. Evidence that would serve to reduce the defendant's sentence must also be disclosed by the prosecution.
The prosecutor must disclose an agreement not to prosecute a witness in exchange for the witness's testimony.[2]
The prosecutor must disclose leniency (or preferential treatment) agreements made with witnesses in exchange for testimony.[3]
The prosecutor must disclose exculpatory evidence known only to the police. That is, the prosecutor has a duty to reach out to the police and establish regular procedures by which the police must inform him of anything that tends to prove the innocence of the defendant.[4] However, the prosecutor is not obligated to personally review police files in search of exculpatory information when the defendant asks for it.[5]
The prosecutor must disclose arrest photographs of the defendant when those photos do not match the victim's description.[6]
Some state systems have expansively defined Brady material to include many other items, including for example any documents which might reflect negatively on a witness's credibility.[7]
Police officers who have been dishonest are sometimes referred to as "Brady cops." Because of the Brady ruling, prosecutors are required to notify defendants and their attorneys whenever a law enforcement official involved in their case has a sustained record for knowingly lying in an official capacity.[8]
So in summary they must reveal if they have evidence against the defendant that they plan to use in court, and they must disclose if they have information that could prove the innocence of the defendant. If law enforcement obtains information from a human intelligence agent that a suspect will be transporting drugs, and then the police monitor the suspect and pull them over due to a routine traffic violation, I do not believe they need to disclose that the original reason they pulled the defendant over was because of intelligence that they were transporting drugs. The defendant still broke a traffic law and was legally pulled over, if the officer then smells drugs or believes the suspect is 'acting suspiciously' or whatever, the car could then be searched and evidence found. If they don't believe they need the testimony of the undercover agent, I don't think they will even mention the existence of the undercover agent, as doing so would identify their intelligence asset needlessly, and it doesn't appear to be required as testimony from the undercover agent would not prove the innocence of the suspect (but rather the guilt).
I also am not a lawyer though and if a lawyer corrects me I will stand corrected. I have seen several examples of cases where it appears that intelligence was used to obtain evidence, without the intelligence ever being disclosed.
-
http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm02052.htm
Rather, the prosecutor need only disclose evidence favorable to the accused that, if suppressed, would deprive the defendant of a fair trial. Id. at 675. That necessarily does not include inculpatory evidence, no matter how helpful such evidence might be to the defendant in preparing his/her defense.
so apparently the government has no legal requirement to disclose intelligence that doesn't exonerate the suspect, unless they plan to use said evidence in court.
-
tip off for the reward ;)it buys the next hit & keeps l.e in business.its always about $$$
-
so apparently the government has no legal requirement to disclose intelligence that doesn't exonerate the suspect, unless they plan to use said evidence in court.
Ah, that makes sense. Thank you for clarifying that.
I believe there's an ex-prosecuter on these forums. Maybe he can weigh in on the subject as well? The more information we have about the judicial process involved the better IMO. Great discussion all around.
-
The chain always breaks at its weakest link. So its important to examine where the weak links are in terms of risks associated with buying from SR. I know there are many aspects of security, however I am specifically looking to minimize a user's risk of getting caught. I've read a lot about what to do in case you do get caught, but its really best to take every possible precaution to avoid getting caught in the first place. I have not included a risk assessment of disk encryption methods, for example, because I want to put the focus on not drawing attention to yourself, rather than ways to protect yourself in case you were to get caught.
I have never been a vendor on SR so I can't really weigh in on any risks associated with vending. Would be great to have some feedback from vendors though.
1. Connecting to SR
A. Are you using Tor securely?
- hopefully everyone here knows to use the Tor Browser Bundle to connect to Tor and not services such as onion.to
- Tor apps for smart phones represent a weak link in the connectivity chain. Mobile devices have too many tracking mechanisms built in for the level of security SR requires
B. Can your Tor use be traced back to you?
- Are you connecting to Tor over your internet connection? Your ISP wil be able to tell you are running Tor traffic. Attempts to hide Tor usage can sometimes draw more unwanted attention. Ideally, you should be using a public Wifi connection or trusted VPN
2. Acquiring Bitcoin
A. Are your bitcoins anonymous?
-Did you provide identifying information to get your coin?
B. Are you drawing unnecessary attention to yourself?
- Are you making a large transaction?
- If using fake credentials, are you playing it cool?
C. Are you getting bitcoin using a method that is under scrutiny from LE?
3. Placing the order
A. Are you using PGP?
- using PrivNote or other 3rd party services presents a security risk
B. Are you using PGP correctly?
- if you are not sure, there are many helpful members here who you can practice with
4. Receiving the Delivery
A. Stealth
- I think this is by far the weakest link in the chain, mostly because of factors you cannot control, such as how well the vendor has packaged your item and how well the package blends in with legitimate mail.
B. Choosing your drop location wisely
- There are many factors to consider here, such as who the package is addressed to, or whether its being delivered to a P.O. box or home address. The important thing here is to not raise suspicion
5. Maintaining IRL Anonymity
A. Keeping your mouth shut
- Are you bragging about your SR purchases to all your friends?
B. Safeguarding your clearnet presence
- Hopefully no one here is mentioning anything about SR or any of their deepweb activity on clearnet, esp. Facebook or other social media. That's a sure-fire way to attract unwanted attention.
- Are you using the same username for SR and clearnet?
- Can your SR usage be traced to your clearnet presence in any way?
Again I think the best way to not get caught is to avoid drawing the attention of LE. Its good practice to examine your SR buying practices and analyze where the weak links are. Once the weaknesses have been identified, you can then take steps to strengthen their security.
Peace
***Edit***
Added point 5.
great post.
-
- BTW - the "return to sender" thing is a myth, once the LE wants to catch you, and delivers you a package in CD or just following the pack, be sure that you will not hold the package in your hands more than 3 second before getting raided and busted (so you will not have any chance to get rid of any evidence), if your not busted instantly, you are safe.
At least in the United States, this is not so clear cut. Just recently someone posted a news article about a man who received a USPS parcel containing heroin. The package was intercepted by LE who placed a tracking device inside that alerted officers when the package had been opened. The search warrant was said to be valid as soon as the package was opened or two hours after it was delivered (whichever was sooner). The suspect spent some time examining the package but did not open it before the officers arrived. It's not clear what the outcome will be, but there is a quite a bit of additional evidence in the case.
-
everybody's details on silk road are available for a price