28.11.17 Dark Web and Cybercrime Roundup

More Prison Time for Ex-Agent in Silk Road Case

The Department of Justice announced that Shaun Bridges, a corrupt Secret Service agent who investigated Ross Ulbricht, will spend even more time in prison. He had previously received a six-year prison sentence for stealing $800,000 in Bitcoin during the Silk Road investigation. The additional two years stemmed from a case involving yet another Bitcoin theft.

At least two federal agents involved in the Silk Road investigation caught charges for their criminal activity during the investigation: the Secret Service’s Shaun Bridges and the Drug Enforcement Administration’s Carl Force. Both had used their power to steal Bitcoin from Ross Ulbricht or divert Bitcoin from US government wallets.

Bridges chose not to stop with the Silk Road, though. He used Secret Service credentials to illegally access a Bitcoin wallet owned by the Secret Service. He then sent 1,600 BTC to a wallet he controlled. DeepDotWeb

Alphabay Vendor “PeterTheGreat” Found Dead in Jail

Earlier this year, a federal taskforce investigated and arrested a South Carolina couple for their role in the overdose of an Oregon teenager. The couple, Theodore Vitaliy Khleborod and Ana Milena Barrero, had allegedly distributed U-47700 and fentanyl on several darknet marketplaces under the pseudonym “PeterTheGreat.”

In November, the Spartanburg County Coroner’s Office announced that an inmate had taken his own life in a South Carolina jail. An investigation into the inmate’s death had begun, the county coroner’s office reported. Authorities had not discovered any reason to believe the death involved any foul play. The inmate, they revealed, was one of the suspects accused of being behind PeterTheGreat. Theodore Vitaliy Khleborod.

Although Barrero admitted she had played a role in the death of the Oregon teenager, Khleborod initially indicated that he would take the case to trial. DeepDotWeb

Reddit User Found the White Shadow Market Script Online (and Possible Dev)

Not long ago, Catalin Cimpanu wrote about an increased number of darknet market IP leaks. Darknet market admins with hardly any security experience or skill in general are one of the main culprits. Some markets make critical mistakes outside of accidentally leaking server information. White Shadow market, for instance, came from a script designed by an innocent freelance developer. One Reddit user found the source code for sale on Bitcointalk and HackForums.

The Redditor found the developer’s website where he sells his scripts. Personal information was easily obtained. The Reddit user then accessed the dev’s messages on Bitcointalk after discovering the account password. (They never explained the method, but some of the developer’s passwords can be found in various database dumps.)

In the Bitcointalk messages, the developer and the suspected White Shadow market admin chatted, the Redditor said. At some point in October, the suspected admin hired the developer to make changes to the script. The admin got the following for roughly $11,000 in Bitcoin:

  • The ability to search;
  • Automatically changing deposit addresses;
  • New user control features;
  • Bitcoin withdrawal management features;
  • And “a ton of other features that the script would require to even be considered viable for a DNM.”

Additionally, the developer set up the server for the marketplace.

“The deal between Eckmar & this user was finished a few days before the end of October, funnily enough around the exact same time the White Shadow sub reddit was created & the market launched,” the Reddit user wrote. A cursory Google search revealed other places the suspected WS admin posted online. And while the developer of the “market” is undoubtedly unaffiliated with the market, such a discovery by law enforcement would lead to pressure on the developer. The developer, having no reason to risk incarceration, would give the police what they wanted. Market compromised. Reddit

Texas Playpen Member Gets 17.5 Years in Prison

Daryl Glenn Pawlak, a member of a darknet child porn forum called “Playpen,” just received one of the longest sentences handed out to a Playpen member. A federal judge sentenced the 39-year-old Texas man to 18 years in prison. Pawlak, who went by “notsoslow” on the child abuse forum, basically handed the case to the prosecution.

The FBI identified Pawlak as one of the site’s users during the notorious “Operation Pacifier” investigation. Agents showed up at the man’s house to question him, but he never answered the door. One agent made the decision to call Pawlak. On the phone call, Pawlak knowingly told the FBI agent that he knew child porn viewers often use Tor; he told the agent that he had heard of a few child porn sites; he told the agent that he had accessed Playpen; he also told the agent that his username on Playpen was “probably notsoslow.” The FBI recorded the phone call. DeepDotWeb

German Dealer Busted After Five Package Seizures

In a press release from the Public Prosecutor of Tübingen and the Police Headquarters in Rottenburg, officials revealed the arrest of a 24-year-old drug dealer who resold drugs that he ordered from a darknet vendor. Police reportedly caught the dealer after following a path of evidence that involved “police-known suspects.” Based on the description of the investigation, it sounded as if the Rottenburg police profiled a darknet supplier’s packages and busted the recipients.

In a only a handful of days in October, the 24-year-old managed to order five drug packs and lose all five to law enforcement. In fairness, the packages only contained a collective total of 300 grams of marijuana and 15 grams of cocaine. The police confirmed their suspicions by the fifth package and raided the suspect.

They found the usual: drugs, scales, packaging material, and other “drug trafficking equipment.” DeepDotWeb