DEA Busts TOR-Operated “Farmer’s Market” Drug Market Place

The DEA arrested 8 named and 7 unnamed people today in what it says is the first TOR-operated drug bust.

“The drug trafficking organization targeted in Operation Adam Bomb was distributing dangerous and addictive drugs to every corner of the world, and trying to hide their activities through the use of advanced anonymizing on-line technology,” said Briane M. Grey, DEA Acting Special Agent in Charge. “Today’s action should send a clear message to organizations that are using technology to conduct criminal activity that the DEA and our law enforcement partners will track them down and bring them to justice.”

[snip]

The 12-count indictment charges that each of the defendants was a member of a conspiracy to distribute a variety of controlled substances worldwide through the use of online marketplaces that allowed independent sources of supply to anonymously advertise illegal drugs for sale to the public. According to the indictment, the operators of the online marketplaces provided a controlled substances storefront, order forms, online forums, customer service, and payment methods for the different sources of supply. For customers, the operators screened all sources of supply and guaranteed delivery of the illegal drugs. The online marketplaces handled all communications between the sources of supply and customers. For these services, the operators charged a commission based upon the value of the order. Customers of the on-line marketplaces have been identified in every U.S. state and the District of Columbia and in approximately 34 other countries. There were thousands of registered users of the online marketplaces. The on-line marketplaces have multiple sources of supply offering various controlled substances, including lysergic acid diethylamide (LSD), MDMA (ecstasy), fentanyl, mescaline, ketamine, DMT and high-end marijuana. Between January 2007 and October 2009 alone, defendants Willems and Evron processed approximately 5,256 online orders for controlled substances valued at approximately $1,041,244 via the online controlled substances marketplaces.

As alleged in the indictment, the “Farmers Market”, previously known as “Adamflowers”, operated on the TOR network. According to the indictment, TOR is a circuit of encrypted connections through relays on the TOR network that can be downloaded on home computers. TOR allows websites and electronic mail communications to mask IP address information by spreading communications over a series of computers, or relays, located throughout the world. The online marketplaces have accepted Western Union, Pecunix, PayPal, I-Golder, and cash as payment for illegal drug sales.

The indictment isn’t yet on PACER. But I’m curious to see how they busted these guys–and whether it involves some way to counteract TOR. I’m also interested in the mention of 7 unnamed arrestees; presumably they’ll be the next lucky folks dragged into the government’s informant network.

No wonder Obama defended the war on drugs while he was in Colombia; the DEA was preparing arresting one of these guys–Buenos Aires-based American citizen Michael Evron–in Colombia at the same time Obama was there (though Evron was in Bogota, not Cartagena).

Update: One of the weirdest parts of the indictment (via Wired h/t MD) is the way it uses different time frames to quantify the drugs involved:

January 2007-October 2009: 5,256 orders valued at $1,041,244

May 2008-May 2010: 608 Western Union orders totaling $200, 031

January 2008-August 2011: 29,285 hits and 63 grams of LSD

March-September 2009: 148 grams MDMA

March 2008-June 2010: 1,489 ounces of pot

July 2009: 350 units fentanyl

It’s a veritably Borgesian list of unlike time periods and items. But it may hint at how they found these guys.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

42 replies
  1. Danny Pizdetz says:

    a) There are good reports that an agency is hosting a lot of the exit servers to TOR and can trace things that come in and out semi-reliably.

    b) I don’t think they’d reveal that capability just to bust these dudes.

    c) More likely they just ordered some drugs from them online and then started tracking them back through the postal service.

  2. MadDog says:

    The weaknesses of Tor are discussed here.

    And as the beginning of the Wiki article makes clear, Tor’s development, and later financial support, has had US government fingerprints all over it.

    I’ve never been comfortable believing in Tor’s insistence that they can provide Internet anonymity. Particularly with the reach of NSA.

  3. emptywheel says:

    In one case a DEA bought LSD from one of the guys using Paypal. That’s probably one start of how they got them.

  4. MadDog says:

    Just a suspicion, but in making so much detail about the US government’s access to both the content of supposedly encrypted emails, and who supposedly communicated anonymously what and when to whom, it seems like that the US government is desirous of instilling global fear that all Internet communications are theirs for the taking.

    That seems to be counter-productive in the sense that by alerting folks worldwide of the deep level of US Internet surveillance and decrypting capabilities, the US government is inducing these folks to abandon use of the Internet and encrypted emails for some other forms of communications thereby reducing the US’s ability to acquire their desired intelligence.

  5. emptywheel says:

    I’m trying to figure out why it lists the ages of these 18-21 year olds. Are there new laws that make it more of a problem to sell to adults who can’t drink yet?

  6. emptywheel says:

    December 21, 2009, Willems and Evron figured their Western Union approach had been sniffed out.

  7. nameo says:

    Danny Pizdetz: Fully agreed.

    The original forum in question advertised in semi-public and they originally relied entirely on Hushmail and Hush Forms for their security, so law enforcement could have obtained appropriate warrants and somehow coerced information from Hush, Inc. that would compromise the integrity of Adam`s security. At that point the feds would have been able to simply follow Adam’s forum through all it’s incarnations until they felt that they had enough evidence to get some ROI and they made their move.

    This almost certainly isn’t a TOR compromise, much more likely just sloppy work by st0ned hacker-wannabes who should have known better.

    NOTE TO SELF: If risking a federal life sentence with minimum mandatory sentencing guidelines, don’t rely solely on technology that has an Inc. after its name.

  8. MadDog says:

    From page 53 of the indictment (66 page PDF):

    “…249. On April 26, 2010, using coded language in an e-mail communication, defendant WILLEMS to the UC that he knew many customers had lost trust in their on-line marketplace due to order-processing problems since the prior Christmas holiday and advised the UC that he had resumed operating Adamflowers marketplace because he did not like the marketplace operating on the TOR network…”

    Really? Ya think? Heh!

  9. emptywheel says:

    In March 2010 they added a second Undercover officer buying from IA, which is where their cash drop was.

  10. MadDog says:

    In a way, I’m just stunned about how clueless these folks seemed to be about the US government’s Internet surveillance and decrypting capabilities.

    It’s as if they were all too stoned to realize that everything on the Internet is susceptible to capture by the US government.

    It’s like a sequel to Cheech and Chong’s Nice Dreams.

  11. emptywheel says:

    Yeah, that appears to be how they did it–the UCs kept persisting until they could send money directly.

  12. MadDog says:

    A couple of additional observations:

    1) These folks are the smallest of small potatoes, yet the US government obviously utilized NSA-captured global communications as well as NSA-provided decryption facilities.

    2) These folks were apparently monitored from Day 1, and allowed to continue their “marketplace” for years. For what real purpose? As I said in 1 above, they are the smallest of small potatoes in the drug world. Cartels with billions and billions of dollars of income have been on the loose for decades now. What is the US government’s purpose (and message) behind this public indictment?

  13. nameo says:

    This should not be taken to mean that anonymity and privacy are impossible. Sure at some level the NSA or NRO might be able to decrypt the toughest GPG passwords imaginable, but not the DEA or FBI. Even if they could, they wouldn’t waste so precious a weapon on the long-lost war on drugs. Hopefully not, anyway.

    Sybil attacks against TOR Hidden Services are well documented, and Keysh almost certainly knew that, he was not a foolish guy. Just a little greedy and a lot arrogant. Honest though, and that is why this whole affair is a bummer, albeit a not entirely unpredicted one.

  14. MadDog says:

    @P J Evans: It sure wasn’t to shutdown a major source of illegal drugs.

    Yeah, whether they’ll ever come right out and admit it, the US government surely has a reach and grasp that should scare the hell out of everyone of us.

  15. hohoho says:

    Paypal? Western Union? And everything got started in the opennet? hushmail could be a honeypot too you know.
    Oh sure, make it sound like those geniuses hacked tor, bitcoin and PGP.

  16. MadDog says:

    EW, in regard to the question you raised of on the indictment and the “way it uses different time frames to quantify the drugs involved”, I’d offer the following suggestion:

    The disparate components of the indictment you mention were produced by both different individuals in the US government and different organizations.

    While the DEA probably led the effort, they might have grown the initial operation into a Joint Task Force-type operation with additional US government agencies involved.

    For example, the Western Union orders information might have been the result of the involvement of other US government agencies like the US Treasury, the FBI, perhaps the IRS, perhaps even Postal Inspectors from the US Postal Service.

    I can certainly imagine that turf barriers would necessitate the involvement of different US government agencies. I would bet that Postal Inspectors from the US Postal Service were involved in both the cash drops in Iowa as well as perhaps with the actual drug deliveries in the US.

    If I would guess, it seems likely that there was a whole smorgasbord of US government agencies involved in this caper. DEA, Treasury, FBI, Department of State, NSA, IRS, the US Postal Service, etc.

  17. emptywheel says:

    @MadDog: Both 1 and 2 are not necessarily true. If they accessed NSA’s archives,then the 2006 stuff could be stuff they got after making a brick and mortar ID in IA last year.

  18. MadDog says:

    @nameo: I take a slightly different slant on the points you raise regarding the NSA and folks like the DEA and FBI.

    To my mind, the DEA and FBI, as well as other US government agencies all use the services of the NSA when they can.

    If you think of the NSA as merely a service organization (which they are), that captures and often decrypts communications gathered globally, then folks like the DEA, FBI, CIA, etc. are their primary customers.

    For the most part, this is exactly what the NSA is. It is not (much of) a analyzing organization per se.

  19. MadDog says:

    @emptywheel: Yeah, I thought of that, but only after I posted my comment, and then I decided not to bother updating it with that additional possibility.

    Who knew the intrepid EW was keen on the scent? *g*

    Though it sounds like UC Number 1 out of California was involved very early on. It may still be that the data tracking had a historical component, but it also sounds like some of the later stuff was indeed real-time.

  20. MadDog says:

    Totally OT – Was just reading through some NYT stories as is my normal evening pastime, and read their piece on the Pulitzer prizes, and lo and behold, a favorite place to poke the NYT here at Rancho Emptywheel stood out from the crowd:

    “…One of the oldest American news outlets, the 166-year-old Associated Press, took one of two investigative reporting prizes for its series on the New York Police Department’s covert intelligence gathering in the aftermath of the Sept. 11, 2001, terrorist attacks…”

  21. nameo says:

    @Maddog I respect your opinion and you may well be right, but as soon as it is revealed in public record that any contemporary open source cryptographic algorithm is compromised, the public switches to another. So NSA would never give up such a golden goose to an agency with such menial goals as drug eradication, they will reserve their RSA AES and Blowfish hacks for spying on other governments.

    It isn’t impossible that they cooperate, but I think the FBI learned about this in a case involving a mobster using PGP and they were forced to reveal for the first time the existence of Magic Lantern. An unimportant gambling case cost them the use of a powerful surveillance tool because after being forced to demonstrate how it works, overseas A/V companies started to detect Magic Lantern as malware, so the feds lost their R & D and any future value the tool might have had.

  22. emptywheel says:

    @MadDog: Agree on both counts. UC1 may well just troll multiple sites trying to set up ways to connect to brick and mortar world. Remember he was asking to send cash early on. And I wonder whether delays weren’t about doubts about him (and correct doubts about the compromise of the WU transfers).

    And of course, the unindicted conspirator in Panama is key. She was there from the start, and they’ve got names of purchases from her of people around the world. Don’t know how htey got her but I suspect she was a key part.

  23. MadDog says:

    @nameo: As sometimes occurs, overnight my brain must have been connecting a dot or two.

    I wonder if this bust had a White House fingerprint or two on it.

    The nexus in time, the revelation of a TOR surveillance success, and a successful Hushmail decryption might possibly tie back into John O. Brennan’s, President Obama’s senior adviser on counterterrorism and homeland security, latest missive on ramping up US Cyber Command (aka NSA).

    From last Sunday’s WaPo’s Op-Ed pages:

    Time to protect against dangers of cyberattack

    While the Intelligence Committees’ Congresscritters likely already are somewhat aware of the depth and reach of NSA’s Cyber Command, the non-intelligence, and non-intelligent, other Congresscritters really have no clue.

    Perhaps both the revelations in this indictment and Brennan’s Op-Ed were meant to juice up the support for the latest pending Congressional Cyber legislation.

  24. MadDog says:

    @emptywheel: I found the numerous instances of reference to the unindicted conspirator in Panama very curious as well.

    Why an unindicted conspirator? Did something change in our extradition treaty with Panama after Noriega’s drug bust extradition?

  25. nameo says:

    You all seem very confused about this being a compromise of TOR when it clearly was not. It was a few specific dolts who many of us know personally, and the way they got busted was by doing business through Hush PRIOR to their use of TOR.

    Please look these things up before making such paranoid and erroneous statements. TOR is solid as a rock, but like all crypto, it hasto be USED properly to be effective. A gun can be a powerful weapon, but if you don’t know how to use it correctly it can cause more harm than good. These dumbasses ran their illegal forum for years before switching to TOR and by the time they did switch, half their customers were police.

    TOR is very solid and their articles subtly and inaccurately implying otherwise is the feds way of making us think they can monitor it when simple LE like FBI are impotent against TOR (excepting several widely known and published attacks against hidden services.

    It seems like this thread is playing right into their hands, with technologically unsavvy people jumping to the inaccurate conclusions the fed wants you to make.

  26. orionATL says:

    @MadDog:

    to continue remedial education if you haven’t a clue what “tor” might be, as i did not, there is this from miss wiki:

    “… History

    An alpha version of the software, with the onion routing network “functional and deployed”, was announced on 20 September 2002.[2] Roger Dingledine, Nick Mathewson and Paul Syverson presented “Tor: The Second-Generation Onion Router” at the 13th USENIX Security Symposium on 13 August 2004.[7] Though the name Tor originated as an acronym of The Onion Routing project, the current project no longer considers the name to be an acronym, and therefore does not use capital letters.[8]

    Originally sponsored by the US Naval Research Laboratory,[7] Tor was financially supported by the Electronic Frontier Foundation from 2004 to 2005.[9] Tor software is now developed by the Tor Project, which has been a 501(c)(3) research/education nonprofit organization[10] based in the United States of America[1] since December 2006 and receives a diverse base of financial support;[9] the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation are major contributors.[11]

    In March 2011 The Tor Project was awarded the Free Software Foundation’s 2010 Award for Projects of Social Benefit on the following grounds: “Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt.”[12] …’

  27. orionATL says:

    @nameo:

    looking on the bright side, this is free advertising. i had never heard of tor; now i have.

    it sounds like a very useful tool.

  28. MadDog says:

    @nameo: First of all, some of us do have a wee bit of computer experience. For example, my background is 30+ years in computer and networking stuff.

    Second of all, if you read the comments a bit more closely, you’d see that no one has claimed that TOR has been “totally” compromised. It does in fact have weaknesses that I linked to in my comment # 2 above.

    Thirdly, in my comment # 6 above, the point I’m trying to get across is that the US government wants folks to believe they’ve totally compromised TOR even if that fact is not true.

    It may or may not be true. Regardless, a suggestion comes across in the indictment that the US government did in fact successfully track traffic across TOR. That may be nothing more than exploiting TOR’s known design weakness with regard to tracking across its exit nodes.

    I see nothing in this thread that implies or states “paranoid and erroneous statements” as you apparently do. I see nothing that states that TOR is totally compromised.

  29. orionATL says:

    so the fbi is making a big deal out of a penny-ante drug bust involving a mere mill?

    and the drugs?

    among the most innocuous – lsd, ecstacy, pot, and a potent pain-killer.

    this is big-time drug enforcement?

    what’s behind this pr stunt?

  30. orionATL says:

    @MadDog:

    i must say, maddog, for a hothead like myself, your style of responding serves as the very model of a firm, polite, ever so gently pointed, rebuttal :)

  31. jerryy says:

    @MadDog: Agreed. As more info comes out, it is easy to see that no one had to compromise Tor (or, for @orionATL’s info other. perhaps better anonymizing software) to find the group. That does not mean the fed’s did not do it though. On the one hand Tor is a strong program, extremely strong against casual nosiness.

    On ther other hand, keep in that that zero-day-exploits is a thriving for-profit and not-for-profit business. Groups that find vulnerabilities sell them on the open market instead of telling the software manufacturers, the backdoors are not fixed. Some of the ones that buy the information include the usual (insert bad guy name here) that misuse it. Also included in this morass are the folks that think they are doing good, by supposedly taking down predators or foreign agents. etc. not realizing that the same techniques are then later used to go after others.

  32. nameo says:

    Maddog, your limited 30 years of experience explain your fundamental lack of understanding of the issue, which is that TOR security has not even been called into questions in this case at all, and even using TOR as a tag for this thread may serve to scare people from enjoying the benefits of TOR.

    Keep reading and learning, you are not a stupid fella, you will eventually catch up with those of us who cut our teeth designing the PDP11 (go ahead laugh, it was a wonderful box until RSX11+…)

    As I have repeatedly said,TOR was not the issue, Adam and Keysh relyng on Hush, Inc. early on was. The fact that they did eventually migrate their public drug forum to a public TOR forum is irrelevant.

    That many of us knew Keysh personally and warned him about it when he came to us for advice in the beginning are laughing now, as sad as it is.

  33. MadDog says:

    @nameo: Designing the PDP11 doesn’t impress me. I cut my teeth with plugboards before DEC was even a dream of Ken Olsen’s.

    And you still don’t get it. I’m not saying that TOR was compromised. I’m saying the US government would like folks to think they compromised TOR.

    Whether they did or not is unknown. You can believe that they didn’t and others can believe that they might have. In either case, TOR does have weaknesses as even you’ve admitted.

    You keep imagining that folks here have stated as fact something that hasn’t been stated at all.

    As to fundamental understanding, I worked for over a decade on the largest networks in the entire world for a networking company. I spent many a moon doing networking stuff at places like Piscataway and Murray Hill.

    In the end, rather than be disagreeable, let’s just agree to disagree.

  34. nameo says:

    Actually mate I am starting to think that we have been in agreement all along, we were both too passionate and emphatic about what we were wanting to communicate that somehow we crossed sabers. I think the thing we disagree is the degree of cooperation between different levels of law enforcement, and that is a whole different conversation.

    In any case, perhaps we can agree that TOR itself, whether compromised by high levels of government or not, was probably not involved in this bust.

    Perhaps we might even agree that, properly implemented, a combination of TOR and strong cryptographic messages (where open source crypto algorithms are used client-side and sent across encrypted transport) it is probably possible to avoid most forms of government surveillance.

    I do not deny that at SOME level, the USA and UK governments are capable of anything, I wish only to remind people that TECHNOLOGY is not to blame in this case, as usual, human stupidity usually is.

    Please lets keep hope for open source projects like TOR, for the security of brave, curious minds in China and north Korea and the growing number of people worldwide whose motives are much more noble than selling some dope (not that I care about dope, but you see my point…)

Comments are closed.