Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.
“Flycracker,” the administrator of thecc.bz crime forum, hatches plan to send drugs to my home.
But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.
This would-be smear campaign was the brainchild of a fraudster known variously online as “Fly,” “Flycracker,” and MUXACC1 (muxa is transliterated Russian for “муха” which means “fly”). Fly is the administrator of the fraud forum “thecc[dot]bz,” an exclusive and closely guarded Russian language board dedicated to financial fraud and identity theft.
On July 14, Flycracker posted a new forum discussion thread titled, “Krebs Fund,” in which he laid out his plan: He’d created a bitcoin wallet for the exclusive purpose of accepting donations from other members. The goal: purchase heroin in my name and address from a seller on the Silk Road, an online black market that is only reachable via the Tor network. In the screenshot pictured above, Flycracker says to fellow members:
“Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the “Helping Brian Fund”, and shortly we will create a bitcoin wallet called “Drugs for Krebs” which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!”
Together, forum members raised more than 2 bitcoins – currently equivalent to about USD $200. At first, Fly tried to purchase a gram of heroin from a Silk Road vendor named 10toes, an anonymous seller who had excellent and plentiful feedback from previous buyers as a purveyor of reliably good heroin appropriate for snorting or burning and inhaling (see screnshot below).
Flycracker discussing the purchase of a gram of heroin from Silk Road seller “10toes.”
For some reason, that transaction with 10toes fell through, and Flycracker turned to another Silk Road vendor — Maestro — from whom he purchased a dozen baggies of heroin of “HIGH and consistent quality,” to be delivered to my home in Northern Virginia earlier today. The purchase was made using a new Silk Road account named “briankrebs7,” and cost 1.6532 bitcoins (~USD $165).
Flycracker ultimately bought 10 small bags of smack from Silk Road seller “Maestro.” The seller threw in two extra bags for free (turns out he actually threw in three extra bags).
In the screen shot below, Fly details the rest of his plan:
“12 sacks of heroin [the seller gives 2 free sacks for a 10-sacks order] are on the road, can anyone make a call [to the police] from neighbors, with a record? Seller said the package will be delivered after 3 days, on Tuesday. If anyone calls then please say that drugs are hidden well.”
Last week, I alerted the FBI about this scheme, and contacted a Fairfax County Police officer who came out and took an official report about it. The cop who took the report just shook his head incredulously, and kept saying he was trying to unplug himself from various accounts online with the ultimate goal of being “off the Internet and Google” by the time he retired. Before he left, the officer said he would make a notation on my report so that any officer dispatched to respond to complaints about drugs being delivered via mail to my home would prompted to review my report.
FOLLOWING THE MONEY
I never doubted Flycracker”s resolve for a minute, but I still wanted to verify his claims about having made the purchase. On that front I received assistance from Sara Meiklejohn, a graduate student at the University of California, San Diego who’s been analyzing the role of bitcoin and anonymity on the Silk Road. Meiklejohn confirmed that the bitcoin wallet linked to in Fly’s forum thread was indeed used to deposit two bitcoins into a purse controlled by anonymous individuals who help manage commerce on the Silk Road.
Meiklejohn and fellow researcher Damon McCoy, an assistant professor of computer science at George Mason University, have been mapping out a network of bitcoin wallets that are used exclusively by the curators of the Silk Road. If you wish to transact with merchants on the Silk Road, you need to fund your account with bitcoins. The act of adding credits appears to be handled by a small number of bitcoin purses.
“All Silk Road purchases are handled internally by Silk Road, which means money trades hands from the Silk Road account of the buyer to the Silk Road account of the seller,” explained Meiklejohn, author of the paper, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, to be released in October 2013 at the ACM Internet Measurement Conference in Barcelona, Spain.
“These accounts aren’t visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users,” Meiklejohn wrote in an email to KrebsOnSecurity. “By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are ‘owned’ by silk road.”
In short, we can see that Flycracker’s Krebs Fund wallet was used to deposit 2 bitcoins into a bitcoin wallet controlled by those who maintain the Silk Road marketplace, but we can’t say for certain whether he used that credit to make a purchase.
THE DELIVERY
A thin package containing what appears to be packets of some white powder was delivered to my doorstep Monday, a day earlier than Flycracker had told his buddies that it would arrive. The package was hand-delivered by our local postal carrier, sent in a thin USPS Express Mail envelope that was postmarked from Chicago. Inside was another blank envelope containing a May 2013 copy of Chicago Confidential, a weekly glossy magazine from the Chicago Tribune.
On the back of the magazine, taped to a full-page ad for jewelry from LesterLampert, were a baker’s dozen individually wrapped packets emblazoned with the same black and gold skull motif that was on Maestro’s Silk Road ad. I guess the seller in this case was worried that 12 packets didn’t quite meet the 1 gram measurement for which Flycracker and his goons paid, so he threw in an extra one for good measure.
13 packets of what appears to be heroin arrived at my home via the Silk Road on July 29, 2013.
I wasn’t planning even to touch the individual packages, but curiosity got the best of me. Before calling the cop who took my initial report and letting him that know he could come and retrieve the parcel, I had a look inside one of the packets. But not before donning a particulate face mask and a pair of disposable gloves. Hey, I watch Breaking Bad: Safety first!
Without actually having the substance tested at a lab, I can’t say for certain whether this is talcum powder or the real thing. The cop that came to collect the package said he had a drug field test kit in his squad car but then discovered he was out of the heroin tests (I’m not sure what that says about the heroin problem in Northern Virginia, but I digress). Frankly, I’m willing to give the seller the benefit of the doubt, given that Maestro currently has glowing feedback from almost 100 other buyers on Silk Road. Nevertheless, if I receive any testing results from the local police, I’ll update this blog post.
It’s not every day your enemies deliver drugs to your door. I’m pretty sure they don’t teach you about this stuff in journalism school (not that I went or anything).
Just who is this Flycracker mischief maker? That will have to wait for another post. Stay tuned.
Brian,
Well it says something about how good of a job you do when you attract this kind of attention, by the way stay safe brother! Dogs and guns are a good thing 😉
I think every drug dealer in USA should start using this excuse.( if you find any drugs in my mail its not for me ) Funny as hell that is ..
Brian, your translation is slightly wrong. It doesn’t say “Seller said the package will be delivered after 3 days, on Tuesday” but rather “Seller said the package will be delivered on Tuesday at 3 PM”. Also, MUXACC1 doesn’t just refer to any fly but to this one: http://en.wikipedia.org/wiki/Tsetse_fly
Either way, congratulations on dodging this bullet and keep up your good work!
Brian, please always include the DEA and the VA state police in your circle of notification. They both go after drugs on anonymous tips. They both have SWAT teams aware they can kill you and get away with it. That you touched a packet and opened one could by itself cost you more than $100,000 in legal fees to win the case, should some prosecutor find it a political benefit to lodge a charge. /Rey
LoL, you americans^^
I’m in serious shit, I feel totally lost.If I’m asking for help it’s only because.Being with you has opened my eyes
Could I ever believe such a perfect surprise?
Wanna fly to a place where it’s just you and me. Nobody else so we can be free.
Brian,
I really hope you can get this smack monkey off your back. 😉
Silk Road is incredible – I just don’t see how it can really be so anonymous.
So, you cannot trace back bitcoin users?
All Bitcoin transactions are public. The only difficulty is connecting Bitcoin wallets with actual people – unless somebody publishes his wallet ID this can only be achieved on the exchange points.
The SWAT stuff was at least scary but do they really think you’re some kind of dickweed who couldn’t bullshit his way out of a baggie or a dozen? Buttcoins before swine.
This is hilarious. Of course, directed at someone with less connections and smarts, it wouldn’t be.
I agree with Reybo’s advice above: make sure EVERY law enforcement agency with jurisdiction in your area knows you are the target of this sort of thing.
I’d advise telling the NSA, too, but no doubt they already know EVERYTHING about you. 🙂
You need to also tell ICE and USPS Investigations probably. Though they may think you are fruity cake.
Good Read, what does your partner think of all of this? lol
last year i saw a swat team coming with like 30 cops and a battering ram to my neighbors house a few months back yelling at everyone on the block, and I thought of Brian….haha.
Detectives also came to my house about a package at the airport that had my address on it last year. My mom was freaking out. At the time i was blaming these hackers from chicago I met on quakelive.com. this makes me believe that even more. The DT’s were real cool though and gave us their card in case of any problems.
BK is the man! Unlike Brian I don’t have the connections and the skills to track these people down and get proof. I love the fact he does though. He could write the manual.
MUXACC1 also has his twitter pic as you, what a tribute lol
Great article, and luckily you found out upfront.
Keep your friends close, keep your enemies closer …
This will become known as the “Brian Krebs defense” in legal circles. Once word about this gets out on the street, all the little dealers in Northern Virginia (and elsewhere) will now claim that they are computer security journalists, and that the stash in the toilet tank of their apartment was mailed there by evil cyber crooks in Russia 🙂
Found this report via /r/bitcoin. 🙂 Nice read.
Any idea what would have happened had you not known this was going on? (and therefore weren’t able to inform the fbi, police etc). I don’t know how much of a defence simply claiming you know nothing about how you ended up with heroin in your mailbox would be!
If he spotted it in the mail before the neighbor called, he could call in a suspicious package report, say there is white powder, and the anthrax watch squad would show up. Anthrax in the mail has been used against well-known people before.
It’s also been hoaxed — my state representative when I was a kid put white powder in a letter he received from the guy running against him in an election, then claimed his opponent sent him anthrax. A special election soon followed since he couldn’t attend legislature sessions from prison.
If you get hold of the police report on the material will you post it as seller feedback?
Further comment: having just posted the previous comment I was left with the comment form filled in with the email address of what I assume was the poster before (Stew). Not ideal.
whats going on
Great read! These guys are virtually writing your posts for you. If they keep this up, you’re going to need some sort of meta blog; krebsonkrebsonsecurity.com is a bit long, though.
I am sure this was two-fold. One, it was to see how far Brian was able to go with his reasearch, and the other is that the goon gets some free publicity. It probably got some laughs from his buyers and he may benefit greatly from extra sales. Or the purchaser is livid and is determined.
Looks like Brian is popular ( not in a good way) with the mobsters. If they start throwing money away while bragging about it, then risks tend to rise.
The papers will probably be taken to a lab and they more than likely will see if there are any prints on it – other than Brians’. Maybe they will get lucky and give you a name.
I sense that if they didn’t want you to find out the information, they probably could have done so without much effort. Just watch those breadcrumbs. Some can be food…..others….bait.
With Brian being a reporter, and he stirs up a bit of curiousity from time to time, I am sure the cops are starting to understand the concerns to approach things cautiously. Things can be established with local police to assist in standing down in certain situations. Avoid the use of “cry wolf”.
Owning concealed weapons permits is always a good thing. In this case especially. No one says you have to pack a piece, but the unknown itself could thwart any sort of non-sense.
Another good read in the morning with a strong cup of coffee. What Brian reports on is not hard to do, but it takes a certain dedication, risk, an all around 24/7 heightened awareness and a larger set of kahunas to do this lone wolf. Continue on Young Man, with caution.
Hummm Bakers Dozen? or presumably Unlucky 13 ? I guess it depends on whether you glass is half full or half empty.
Cutting a package open like that is extremely dangerous. Who says it is what it is. It could be something quite toxic – as in the “13” they meant it to be.
As a reporter, they know you are curious, and lets hope that slicing that package open doesnt put you or any others at risk.
Wow! Amazing! Good article, Brian! Your methadone is on the way. 🙂
Not even in the same country, so I could be wrong, but if the bad guys somehow manage to trigger the arrival of a SWAT team on your doorstep, they will know about the concealed weapons permit, and they will be nervous.
Cultural differences here, but to me the USA looks gun-happy, and that includes the cops. Stay safe. Stay legal.
We are indeed gun happy. Americans tend to care more about having the legally defensible possibility of shooting someone (even though most of us never would if we had the chance) than we do about, say, warrantless, unchecked surveillance.
That’s how we roll – if it doesn’t affect us personally we don’t really care. Until it does, and then we’re all sturm und drang about it.
A more proper reference to Germany could not be funnier. 😉 Is it not odd though that your gun rights are rapidly decreasing and ‘violent crime’ is rising mostly there (by the way it is not rising, it is falling, but this is not ‘correct’ to say is it?)? When in other countries with very liberal gun rights, no similar situation is seen… It’s the culture. Not the guns.
Surprised the drugs made it at all considering the guy didnt vac seal and just shipped baggies.
You’re lucky DEA wasn’t involved they would’ve seized your house first, jailed you with no bail and then asked questions.
Fantastic 🙂
It’s always such a joy to read through your blog posts.
Keep up the good work, Mr. Krebs.
krebsondrugs.com anyone?
I am sure you already have done a credit freeze with the credit agencies to prevent opening of accounts/credit in your name. But you may also consider transferring accounts like your cable, etc to another name. You could check with your accountant how many of the accounts you could transfer to a company name and write off all or part from taxes.
A P.O. box instead of mail directly to your house would probably be good too. Just like “junk”/real emails, it would help sort the legitimate mail from bogus (i.e. if it comes directly to the house, it’s bogus).
Of course if he does this and they defraud still (why would you assume they would not try), then those ‘companies’ would have no FDIC protection and he could (in theory) be even more exposed. He is not just any man just seeking anonymity. Friend and enemy and internet all know where he lives by now. Once your address is known, you have lot fewer options.
Wow, scary stuff. Stay safe!
>
I never doubted Flycracker”s resolve
You have a closing quotation mark instead of an apostrophe.
I’m glad you were on top of this scheme but worry about what might happen if you happen to miss something in the future.
I am wondering when one of these will be a “feint” for a real (different) attack?
Amazing. I add my “be careful and be safe” to those coming from the rest of your concerned readers.
Wow.
Dang Brian, You are da man.
I am sure most of us want you to continue to expose the criminals that prey on those who don’t know any better.
Please take care and keep up the good work.
I love it when you stick it to them in public like this. It has to make them feel like the little piss ants they really are.
Carry on!
It would have been funny to let them think their plan worked by planting a story. “Mr Krebs was arrested while high as a kite. He was babbling something about The Russians. Meanwhile police confiscated all of his computers.”
Have an interesting question.
If this was not established admin/vendor on thecc.bz (member since 2007), but just some new person, would people have donated (more? less? at all?)? How much does trust have to do with vending experience and how much has to do with ‘seniority’ when it comes to these revenge type schemes? Since in this case would be crime with only psychological payoff, and no actual other ‘profit’, Mr. Krebs, this is a question (and I think an interesting one) directed to you, since you may know — are people more likely or less likely to go along with someone who has not been in forum or well-known for these schemes as opposed to ‘just’ buying dump/cards/what ever people are buying?