Posted by: Allen Hoffmann, JD
February 26, 2015
The third part in a 3 parts series – the other parts are available here: #VeteranDarkMarketDweller (after publishing)
Controlling your team and the end of Shadow Crew.
An investigator once said to me in an official capacity that state police intelligence files suggested that “Deon” and his inner circle were capable of anything. On the surface, he’s just another slightly overweight, family oriented white dude who has done well for himself. To his neighbors, he’s just boring “Deon”, who is a member in an out of state LLC which revolves around computer based consultancy work – nothing you’d want to ask him about in any detail or else he might bore you to death. Despite a cursory assessment probably telling you this is a guy more at home cheering at his kid’s little league game, when you see the fire behind his eyes when he gets angry, and the cunning which lurks beneath when he’s not, combined with the subcompact semi auto I can see printing in his khakis when he stands up to go to the bathroom, you too would probably be more inclined to believe the investigator’s assessment.
AH: Were there challenges in maintaining order?
TD: Naturally. Everybody’s your buddy when you can do things for them. You expect them to wait or you cause them to realize they aren’t the center of the fuckin’ universe, you can have a bad time, especially when you’re dealing with middle class people used to service with a smile.
AH: But the customer’s always right, right?
TD: Fuck that, dude. I’m right, you’re getting shit cheap, shut the fuck up. That was our business model, and we had enough people wanting to spend money without us needing to suck their peckers for their business on the individual customer side of things… you could either pay retail today, or wait and pay less than retail to us. Clients getting shitty or threatening to roll on us would result in somebody reminding them that they had a family, and of that family’s address. Infighting on who got allocated runs and how much they got paid, people buying additional shit and keeping it or sidelining to their own customers and cutting the ‘management’ team out – there was no way of knowing that kind of thing was happening unless the information somehow made it back to us from the buyer, and more than once, it did. We had a bounty type system within the crews – you catch someone fucking us or they try to make you a deal to fuck with us, the reward was twice what you would have gotten for fucking us. It fostered paranoia, which was a positive. It got claimed a couple times, and I’m sure those runners wish they hadn’t pulled that shit.
AH: What about… ‘external factors’?
TD: There was interest from a few other local crews who were getting a feel for the kind of money we were making and wanted to take a little off the top, seeing as we were a pack of college kids. We got jacked in the parking lot coming back from a deal selling a couple station wagons full of liquor to guys who owned some bars.
AH: Shit… did you wind back who you were dealing with?
TD: Nah… that’s when we all started learning how to shoot and carrying protection. It was a wake up call.
AH: Did you ever have occasion to make use of that protection?
TD: … If I had, and it weren’t documented, do you think I’d actually tell you on the record?
AH: So is it better not to ask about whether you’ve got a permit for what’s in your waistband?
TD: I think its better we change the topic of conversation back to the past, rather than the present right now.
AH: It couldn’t last forever… as we all know, Shadow Crew was seized in late 2004 by the Secret Service. What was next for you and your team?
TD: When SC went down, and we decided to wind down the online presence, we started to focus on other revenue streams. I maintained contact with the Russian dudes and the Cali ID dude came on board with us in another capacity. We looked into setting up over at Carder Planet, but the reality was, we just didn’t need to. Our exposure was confined to our little slice of the country, we had access to the vendors to whom we needed access, and the fact that the fucking Secret Fucking Service were the ones who raped Shadow Crew was not lost on the inner management team, who had ideas, if not precise knowledge, of the source for the supplies with which we were able to do business. Carding in store has gotten harder in recent years, and the increase in quality and quantity of surveillance cameras out there which are being stored digitally, not on a tape that your cashier buddy might be able to make disappear, means that the risks just kept going up. The European dump market, something we used to use at places with certain merchant facilities, has been basically completely extinguished, since their cards need to make use of both a chip and a pin in the card – if you have access to the pin, you don’t fucking need to buy things, dude, you just drain the account at the ATM.
AH: Would it be unreasonable to say, perhaps, that you got a little shook up?
AH: Dude, we were shook bad by the SC takedown coming from the inside. Besides, there were human factors. Runners and cashiers graduated or got real jobs too, and it meant having to recruit new unknown quantities into our structure. We never planned for things to get as big as they did, and they were good times, for sure, but it was never gonna be a 20 year thing. There was some dabbling in card not present stuff, your more traditional carding for a few years running parallel with our instore operations, but the diffuse nature of the time people were at risk running those sorts of things was not appealing in the long term. All told, high volume carding stopped being our main business in around 2006 or 2007.
Cryptocurrencies and mainstream markets
Author’s note: We’re on to coffee at this point, and “Deon” and I agreed that his present source of income would be off limits for the purposes of this interview.
AH: May I go out on a limb and presume that you’re keeping up with recent developments in TOR, underground marketplaces, and security and privacy.
DT: (Chuckles) You could presume that without going out on a limb, yes.
AH: What do you think of the brave new world we’re seeing at present?
DT: Cryptocurrencies and TOR have changed the game, dramatically. My approach to doing business, and even the way I would’ve generated revenue 10 years ago, would’ve been very, very different if these two things had been a factor back in the day. The shit is now mainstream, limited expertise is needed to get involved, and the drawcard is being able to buy drugs. That wasn’t something on the table 10 years ago. You don’t have to risk getting jacked in your fancy car in the hood to buy rock anymore, because you can get it delivered to your door. That shit is seriously mainstream. People who use drugs don’t think of themselves as criminals, and that’s cool, maybe they shouldn’t, maybe the drug laws are unjust. I never felt like I was breaking the law or stealing from anyone with my carding operation, does that make me less morally culpable? Nah, fuck no. But not everybody has the balls or risk appetite to take a credit card which has somebody’s else’s details on it and buy something at Circuit City, in much the same way not everybody has the balls or risk appetite to grab a 9mm and stick up a liquor store.
DT: Is the low bar to entry to these sorts of markets today offered by TOR, compared to the comparatively compact marketplace of ShadowCrew 10 years ago, a good thing or a bad thing in your opinion?
AH: Depends on which way you look at it. More clients mean more dollars for those on the vending side of things, but infinitely more chance to be exposed to investigation, because the low bar to getting involved means at least a proportion of your clients will be fucking idiots if not cops. Doing business on the internet means anyone is investigating you potentially, not just your local staties. It means those on the selling side have to take serious fucking precautions and treat their operation with the respect it really needs, because when you’re sending shit across international or state lines, you’ve strapped on your big boy pants and are playing at the high roller table as far as the penalties for fucking up go.
AH: In the wake of the first Silk Road being seized, and the subsequent, broad based and multijurisdictional ‘Omynous’ operations, what do you see as the major issue that those in these marketplaces have to contend with?
DT: Its been a coming of age, and the SC days happened organically and weren’t principally aimed at profit. I mean, in this day and age, vendors have people on their teams dedicated to maintaining PR. Back in the day, we were all realistic about the illicit nature of what we were into, even if we didn’t fully appreciate that we were engaging in serious criminal activity, that’s what we were doing, but we all knew we were up to no good. Its clear DPR was dreaming of some magical fucking utopia, instead the fuckin’ senate decided to go after him. There’s a serious gap between the principles of legit commerce, the idea of full blown libertarianism, and being engaged in criminal enterprise. Trying to meld those utopian ideas with traditional business approaches and the fact that what people are doing is straight up illegal, regardless of how you feel about it morally, means its gonna be an ongoing and evolutionary development.
AH: We’re seeing all sorts of sophisticated and heavy duty investigative tactics being deployed these days. Did you ever hear of anything like these DPR style ‘hits’ being organised?
DT: (Pause)… without naming names, I did hear of someone who was causing problems to one vendor’s physical operations in Europe around ’02 or ’03, external to what was going on on SC, simply not being around anymore. I don’t think it was like what the cops did with DPR, put it that way. And the guy on that one has never been investigated to my knowledge.
AH: So you’re suggesting someone got murdered over Shadowcrew?
DT: I’m not suggesting that, but if someone did go missing or had decided it would be better not to be around, and it was discussed over Shadowcrew, once again, it wouldn’t have been result of activities occurring on Shadowcrew.
AH: I assume this was discussed in the clear? So how do you feel about encryption and so on, in hindsight?
DT: Look, considering all we know about how the NSA rolls and how the FBI and others conduct investigations, most of us in the old days were flying blind… we certainly weren’t thinking about PGP in those days, I only knew of one vendor who used it at all, so if they’d wanted to scoop up everyone, they probably could have.
PGP as a honeytrap, and so what if the NSA knows who I am?
AH: Did you ever use PGP back in ’01 and beyond?
DT: To me, it didn’t seem a high priority to use PGP. It wasn’t user friendly, but then again, I can think of things much less friendly to me than jail, so obviously, its something I’m up to speed with in this day and age, as are those with whom I do business. But if you can’t catch the message in the air, they can just target your terminal or your software. Its a very, very hard game to play in the current climate for any prolonged period of time, because of the persistence of digital data… the fuck up you make today might not come back to haunt you for 5 years, but come back to haunt you it can. Someone’s been watching your PGP emails, they bust your key in a year or two, they’ve got everything now, even if they didn’t have it back then.
AH: Considering the contextually recent revelations of just how widespread surveillance is in the digital world today, would it be fair to say you took limited countermeasures back in the day?
DT: It would be, I guess. Like you say, the mass surveillance shit wasn’t something anyone knew about in the old days. Countermeasures to surveillance in the old days were not high on the to do list, because the attack in terms of LE was expected at a local level, not from the internet side. I personally used proxies pretty religiously in my SC days simply because I knew how for other reasons, and by the time the USSS was interested in SC, my main source of income was the operation running off SC. I was just buying my dumps from the Russians on ICQ and selling the very occasional Cali DL to underage kids, so I was never on anyone’s ‘to arrest’ list, even if I hadn’t been using proxies. But its a question of how bad somebody wants you, in the end.
AH: So what’s your take on PGP and encrypted communications in the current environment?
DT: I’m gonna go conspiracy theorist here for a moment if you don’t mind. Honestly, deep down, I think PGP’s probably been cracked by the NSA or some other agency, and it works for them from an intel gathering perspective not to let people know that. Can’t blame em, it’s a known fact that legit hajji terrorists were using PGP with a customized hajji interface a few years back. Its probably one of their deepest and best kept secrets, and straight up, I’m cool with it, seeing as I’m not a fucking terrorist – call me whatever you want for having that attitude. Crime and terrorism are not the same ballpark, or even the same sport. I mean, if you don’t wanna use PGP, the alternative is getting those with whom you gotta talk cross country using one time pad encryption, outside a terminal – so in other words, using pen and paper. That shit takes a long time, and its just about the exact opposite of user friendly. If you’re going that hard in terms of things you’ve gotta be communicating, you’re probably wearing headgear made outta Reynolds Wrap.
AH: Do you think there’s any real way to prevent yourself as a dark market user or vendor from being exposed by an undercover?
DT: You can’t stop the cops. You just gotta make their lives as hard as mother fucking possible. Vending is one thing, facilitating a marketplace opens you up to a whole bunch of other shit you may not even have considered. Regardless of how you get involved, don’t be worth pursuing, don’t wave a flag saying ‘Come and get me mother fuckers!” like DPR apparently did, leave nothing to find in the first place and nothing can be found later no matter how hard someone digs, and don’t fucking trust anyone online, not a vendor, not a buyer, not an admin, nobody – that was a seriously hard lesson guys who went down with the ship at ShadowCrew, and now at other markets using TOR, have been taught.
AH: Do you get worried that you might one day get a knock at the door for your old activities?
DT: Without specifying how I know, I am known to the federal government as having been involved in things related to carding. Does that mean they’ve got enough to prosecute me or search my house and seize my shit? No way. Is there a file on me that some dude in a cubicle in Langley is building including which boxes I tick when I look up porn? Probably. But if it doesn’t get me in front of a judge, if I’m not a fucking terrorist, do I really give a fuck?
AH: Finally, do you have any words of wisdom for those considering a foray into these marketplaces as a vendor or operator?
DT: Don’t! Pay your taxes, take a shitty 9-5 and be another drone, be good instead! You need to not question authority and not rock the boat! All that being said, if you simply cannot be good, no matter how hard you try, you gotta be VERY good at it. Prisons are full of fuckers who really believed they had the game locked down, and when it came down to it, found out they didn’t.
AH: Its been a pleasure, “Deon”
DT: Pleasure was mine, dude. I don’t get to relive this shit too often, its been a trip down memory lane. And thanks for the seafood.