TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
As some of you may know, a cocaine vendor by the handle "Insta" got busted not too long ago. Well, the article contains a ton of information we don't normally have the luxury of receiving as far as how they were busted. Here's a little summary I made on some of the OpSec mistakes they made:
The article mentions things like:
Being watched for something not originating from dark web/internet activity.
Residue on the outside of packages
Converting large sums of crypto to cash
Using crypto that isn't private like XMR
Using a phone connected to your identity while doing clandestine business.
Some excerpts:
... (DEA) started investigating all four defendants for their involvement in a cocaine trafficking operation. At the time, the DEA had not associated the defendants with any darkweb vendor account.
...
Additionally, the phrasing in the complaint indicates that “large cryptocurrency for cash transactions” led the DEA to Engstrom.
...
the DEA watched Krieger and Elliott meet in a parking lot and transfer a container from Elliot’s vehicle to Krieger’s vehicle. The DEA then followed Krieger to the Post Office and watched him drop packages off at the Post Office.
...investigators contacted the United States Postal Inspection Service (USPIS) and the North Las Vegas Police Department. Law enforcement recovered the packages from the bin and deployed a so-called “drug canine” to ensure they had probable cause to open the packages. Surprisingly, the canine hit on only four of the fifteen packages. Law enforcement officers opened the packages and discovered cocaine.
...
USPIS recognized the packages deposited by Krieger. In 2019, USPIS had identified an individual selling cocaine on the darkweb under the moniker “Insta” who was located in the Las Vegas area. The DEA started investigating Insta directly.
...
the DEA surveilled Engstrom leaving his stash house with a backpack, and drive directly to BitLiquid, Inc.
...
Investigators, through toll analysis on Engstrom’s phone, were able to see that Engstrom communicated with BitLiquid six times between 2:06 pm and 2:21 pm on that day. Further, investigators obtained Bit Liquid’s crypto wallet that utilizes the Ethereum platform. Investigators queried Bit Liquid’s wallet on etherscan.io (aka Etherscan) to search activity on the Ethereum Blockchain at approximately the time Engstrom was observed at BitLiquid. Based on the query, investigators found that on January 28, 2021, at 4:58 pm PST, 37,000 Paxos Standard, was sent from an unknown wallet to BitLiquid’s wallet. The transaction amount was valued at $37,000.00. Investigators further confirmed the financial transaction verifying that on January 29, 2021, BitLiquid, in accordance with their obligations as a Money Transmitting Business, filed a Currency Transaction Report (CTR) for the transaction. The report noted that on January 28, 2021, BitLiquid provided $36,900.00 cash to Engstrom in exchange for cryptocurrency
...
By analyzing BitLiquid’s wallet with CTR’s filed by BitLiquid, EG3 was able to identify two of Engstrom cryptocurrency wallets. $1.8 million had transferred through one account and $1.2 million through the other.
...
DEA located Insta on White House Market. In March 2021, the DEA made two purchases of seven grams of cocaine each from Insta, using an undercover identity and undercover mailing address. The DEA was unable to intercept the first package directly from the defendants. The undercover purchase arrived at the undercover address in a Priority envelope with the same return address label, packaging, and Priority postage stamp as other envelopes intercepted by the DEA. Investigators intercepted the second package by seizing all packages mailed by the defendants on a certain day.
...
There was a white powdery substance around the toilet bowl, two spoons in the toilet, and a metal tray with white powdery residue on the floor near the toilet. Law enforcement officers found multiple open plastic zipper bags on a television tray filled with a white powdery substance. There was a paper drinking cup filled with a white powdery substance next to two scales used for measuring quantities. Four pressed bricks of a white powdery substance with the embedded insignia “BMW” were recovered from the same office where Engstrom was trying to hide from law enforcement. In addition, two large black filing cabinets contained approximately one hundred Priority Mail Envelopes already packaged and sealed in containers labeled with various quantities that have been previously seized from this drug trafficking operation in US Priority Envelopes.
The DEA conducted four random field tests on the white powdery substance as a sample of the larger seizure. All four field tests tested positive for the presumptive presence of cocaine. In total, the DEA seized 6,800 grams of a white powdery substance that field-tested positive for the presumptive presence of cocaine.
Anybody, buyer or vendor, should check it out to make sure they aren't making any of the same mistakes insta did.
The article mentions things like:
Being watched for something not originating from dark web/internet activity.
Residue on the outside of packages
Converting large sums of crypto to cash
Using crypto that isn't private like XMR
Using a phone connected to your identity while doing clandestine business.
Some excerpts:
... (DEA) started investigating all four defendants for their involvement in a cocaine trafficking operation. At the time, the DEA had not associated the defendants with any darkweb vendor account.
...
Additionally, the phrasing in the complaint indicates that “large cryptocurrency for cash transactions” led the DEA to Engstrom.
...
the DEA watched Krieger and Elliott meet in a parking lot and transfer a container from Elliot’s vehicle to Krieger’s vehicle. The DEA then followed Krieger to the Post Office and watched him drop packages off at the Post Office.
...investigators contacted the United States Postal Inspection Service (USPIS) and the North Las Vegas Police Department. Law enforcement recovered the packages from the bin and deployed a so-called “drug canine” to ensure they had probable cause to open the packages. Surprisingly, the canine hit on only four of the fifteen packages. Law enforcement officers opened the packages and discovered cocaine.
...
USPIS recognized the packages deposited by Krieger. In 2019, USPIS had identified an individual selling cocaine on the darkweb under the moniker “Insta” who was located in the Las Vegas area. The DEA started investigating Insta directly.
...
the DEA surveilled Engstrom leaving his stash house with a backpack, and drive directly to BitLiquid, Inc.
...
Investigators, through toll analysis on Engstrom’s phone, were able to see that Engstrom communicated with BitLiquid six times between 2:06 pm and 2:21 pm on that day. Further, investigators obtained Bit Liquid’s crypto wallet that utilizes the Ethereum platform. Investigators queried Bit Liquid’s wallet on etherscan.io (aka Etherscan) to search activity on the Ethereum Blockchain at approximately the time Engstrom was observed at BitLiquid. Based on the query, investigators found that on January 28, 2021, at 4:58 pm PST, 37,000 Paxos Standard, was sent from an unknown wallet to BitLiquid’s wallet. The transaction amount was valued at $37,000.00. Investigators further confirmed the financial transaction verifying that on January 29, 2021, BitLiquid, in accordance with their obligations as a Money Transmitting Business, filed a Currency Transaction Report (CTR) for the transaction. The report noted that on January 28, 2021, BitLiquid provided $36,900.00 cash to Engstrom in exchange for cryptocurrency
...
By analyzing BitLiquid’s wallet with CTR’s filed by BitLiquid, EG3 was able to identify two of Engstrom cryptocurrency wallets. $1.8 million had transferred through one account and $1.2 million through the other.
...
DEA located Insta on White House Market. In March 2021, the DEA made two purchases of seven grams of cocaine each from Insta, using an undercover identity and undercover mailing address. The DEA was unable to intercept the first package directly from the defendants. The undercover purchase arrived at the undercover address in a Priority envelope with the same return address label, packaging, and Priority postage stamp as other envelopes intercepted by the DEA. Investigators intercepted the second package by seizing all packages mailed by the defendants on a certain day.
...
There was a white powdery substance around the toilet bowl, two spoons in the toilet, and a metal tray with white powdery residue on the floor near the toilet. Law enforcement officers found multiple open plastic zipper bags on a television tray filled with a white powdery substance. There was a paper drinking cup filled with a white powdery substance next to two scales used for measuring quantities. Four pressed bricks of a white powdery substance with the embedded insignia “BMW” were recovered from the same office where Engstrom was trying to hide from law enforcement. In addition, two large black filing cabinets contained approximately one hundred Priority Mail Envelopes already packaged and sealed in containers labeled with various quantities that have been previously seized from this drug trafficking operation in US Priority Envelopes.
The DEA conducted four random field tests on the white powdery substance as a sample of the larger seizure. All four field tests tested positive for the presumptive presence of cocaine. In total, the DEA seized 6,800 grams of a white powdery substance that field-tested positive for the presumptive presence of cocaine.
Anybody, buyer or vendor, should check it out to make sure they aren't making any of the same mistakes insta did.