30
Jul 13

Mail from the (Velvet) Cybercrime Underground

Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.

“Flycracker,” the administrator of thecc.bz crime forum, hatches plan to send drugs to my home.

“Flycracker,” the administrator of thecc.bz crime forum, hatches plan to send drugs to my home.

But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.

This would-be smear campaign was the brainchild of a fraudster known variously online as “Fly,” “Flycracker,” and MUXACC1 (muxa is transliterated Russian for “муха” which means “fly”). Fly is the administrator of the fraud forum “thecc[dot]bz,” an exclusive and closely guarded Russian language board dedicated to financial fraud and identity theft.

On July 14, Flycracker posted a new  forum discussion thread titled, “Krebs Fund,” in which he laid out his plan: He’d created a bitcoin wallet for the exclusive purpose of accepting donations from other members. The goal: purchase heroin in my name and address from a seller on the Silk Road, an online black market that is only reachable via the Tor network.  In the screenshot pictured above, Flycracker says to fellow members:

“Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the “Helping Brian Fund”, and shortly we will create a bitcoin wallet called “Drugs for Krebs” which we will use to buy him the purest heroin on the Silk Road.  My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!”

Together, forum members raised more than 2 bitcoins – currently equivalent to about USD $200. At first, Fly tried to purchase a gram of heroin from a Silk Road vendor named 10toes, an anonymous seller who had excellent and plentiful feedback from previous buyers as a purveyor of reliably good heroin appropriate for snorting or burning and inhaling (see screnshot below).

Flycracker discussing the purchase of a gram of heroin from Silk Road seller "10toes."

Flycracker discussing the purchase of a gram of heroin from Silk Road seller “10toes.”

For some reason, that transaction with 10toes fell through, and Flycracker turned to another Silk Road vendor — Maestro — from whom he purchased a dozen baggies of heroin of “HIGH and consistent quality,” to be delivered to my home in Northern Virginia earlier today. The purchase was made using a new Silk Road account named “briankrebs7,” and cost 1.6532 bitcoins (~USD $165).

Flycracker ultimately bought 10 small bags of smack from Silk Road seller "Maestro."

Flycracker ultimately bought 10 small bags of smack from Silk Road seller “Maestro.” The seller threw in two extra bags for free (turns out he actually threw in three extra bags).

In the screen shot below, Fly details the rest of his plan:

“12 sacks of heroin [the seller gives 2 free sacks for a 10-sacks order] are on the road, can anyone make a call [to the police] from neighbors, with a record? Seller said the package will be delivered after 3 days, on Tuesday. If anyone calls then please say that drugs are hidden well.”

h3

Last week, I alerted the FBI about this scheme, and contacted a Fairfax County Police officer who came out and took an official report about it. The cop who took the report just shook his head incredulously, and kept saying he was trying to unplug himself from various accounts online with the ultimate goal of being “off the Internet and Google” by the time he retired. Before he left, the officer said he would make a notation on my report so that any officer dispatched to respond to complaints about drugs being delivered via mail to my home would prompted to review my report.

FOLLOWING THE MONEY

I never doubted Flycracker”s resolve for a minute, but I still wanted to verify his claims about having made the purchase. On that front I received assistance from Sara Meiklejohn, a graduate student at the University of California, San Diego who’s been analyzing the role of bitcoin and anonymity on the Silk Road. Meiklejohn confirmed that the bitcoin wallet linked to in Fly’s forum thread was indeed used to deposit two bitcoins into a purse controlled by anonymous individuals who help manage commerce on the Silk Road.

Meiklejohn and fellow researcher Damon McCoy, an assistant professor of computer science at George Mason University, have been mapping out a network of bitcoin wallets that are used exclusively by the curators of the Silk Road. If you wish to transact with merchants on the Silk Road, you need to fund your account with bitcoins. The act of adding credits appears to be handled by a small number of bitcoin purses.

“All Silk Road purchases are handled internally by Silk Road, which means money trades hands from the Silk Road account of the buyer to the Silk Road account of the seller,”  explained Meiklejohn, author of the paper, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, to be released in October 2013 at the ACM Internet Measurement Conference in Barcelona, Spain.

“These accounts aren’t visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users,” Meiklejohn wrote in an email to KrebsOnSecurity. “By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are ‘owned’ by silk road.”

In short, we can see that Flycracker’s Krebs Fund wallet was used to deposit 2 bitcoins into a bitcoin wallet controlled by those who maintain the Silk Road marketplace, but we can’t say for certain whether he used that credit to make a purchase.

THE DELIVERY

A thin package containing what appears to be packets of some white powder was delivered to my doorstep Monday, a day earlier than Flycracker had told his buddies that it would arrive. The package was hand-delivered by our local postal carrier, sent in a thin USPS Express Mail envelope that was postmarked from Chicago. Inside was another blank envelope containing a May 2013 copy of Chicago Confidential, a weekly glossy magazine from the Chicago Tribune.

On the back of the magazine, taped to a full-page ad for jewelry from LesterLampert, were a baker’s dozen individually wrapped packets emblazoned with the same black and gold skull motif that was on Maestro’s Silk Road ad. I guess the seller in this case was worried that 12 packets didn’t quite meet the 1 gram measurement for which Flycracker and his goons paid, so he threw in an extra one for good measure.

12 packets of what appears to be heroin arrived at my home via the Silk Road on July 29, 2013.

13 packets of what appears to be heroin arrived at my home via the Silk Road on July 29, 2013.

I wasn’t planning even to touch the individual packages, but curiosity got the best of me. Before calling the cop who took my initial report and letting him that know he could come and retrieve the parcel, I had a look inside one of the packets. But not before donning a particulate face mask and a pair of disposable gloves. Hey, I watch Breaking Bad: Safety first!

Without actually having the substance tested at a lab, I can’t say for certain whether this is talcum powder or the real thing. The cop that came to collect the package said he had a drug field test kit in his squad car but then discovered he was out of the heroin tests (I’m not sure what that says about the heroin problem in Northern Virginia, but I digress). Frankly, I’m willing to give the seller the benefit of the doubt, given that Maestro currently has glowing feedback from almost 100 other buyers on Silk Road. Nevertheless, if I receive any testing results from the local police, I’ll update this blog post.

It's not every day your enemies deliver drugs to your door.

It’s not every day your enemies deliver drugs to your door. I’m pretty sure they don’t teach you about this stuff in journalism school (not that I went or anything).

Just who is this Flycracker mischief maker? That will have to wait for another post. Stay tuned.

Tags: , , , , , , , , , , , ,

137 comments

  1. This is Krebs. This is Krebs on drugs. Any questions?

  2. A good read!

    If the dealer knew it was going to Krebs and that it wouldn’t actually be used then he could have sent a phoney shipment of baking soda or whatever and come out further ahead in profits then normal, ha! Will interesting to know if it tests positive.

    Then again, whose to say they didn’t actually send 14 packets and Krebs is now hooked? uh oh! LOL.

    Then once again, if maestro was “in” on the whole dealio or wanted to exact some revenge of his own on behalf of his brethren he could have sent the package with something else entirely more dangerous as an attack of his own (which would then be attributed to this flycracker dude – oohhh!).

    • The point was not to rip him off, but to get him arrested, so sending phony dope is not a realistic action. Also, the vendor would not have been aware that this was a setup, otherwise they would not have shipped the real thing, or even taken the transaction.

      • While “I am not a crook” probably the smarter move in that situation would have been to only make 1 or 2 or 3 of those packets to be legitimate, thus guaranteeing a mandatory minimum sentence on the impossible to believe possibility that ever could have worked while maximizing profits.

        On the other hand, if the seller knew of who Krebs is (and not like he has not written about SilkRoad, and from what it sounds like he was sent these things from a popular ‘vendor’), it seems actually to be a dumb move to have sent this unless he varied his usual shipping procedures. From what I know of USPS Investigation Divisions, they actually have record better than other agencies in U.S.A.

        I watch a lot of American crime dramas from online. It does work like this no?

        I will guess this toes guy does not know you Brian.

        • I’m afraid that the seller would not want his packaging to be known and intercepted otherwise that is the start of being able to target that particular packaging style.

          • Also, I frequent SR forums and I have never heard of this Kreb chap, so I’m certain barely even anyone knows who he is, or cares. Plenty of articles are written on SR, doesn’t phase anyone in the least.

            • @M. You really think he uses his own name doing infiltrations? Duh.
              Packaging… it’s just a symbol. Yes they do marketing.

          • Of course if we are extending this craziness even further, if this toes seller recognised the name of ‘Krebs’, maybe he decided to take his own revenge steps and send a competitor’s products. lol. Someone had mentioned that the Post Office cannot check all packages and this is (somewhat) true (until the price and use of chemical sensors becomes ‘acceptable’ the way they install so much other equipment there becomes acceptable).

            But they do not need to care about every package. They care about cases with ‘higher profiles’. Once they know what to look for (and remember they do have scans of the envelopes, possible fingerprints, and an entire routing trail, as well as trade images), this guy that thecc.bz set up becomes federal target himself. I wonder if this creates small difference or not between calling thecc.bz ‘narqs’ for setting up some dealers they do not know on SilkRoad or not. Too many crimes in your U.S.A., so they can selectively investigate and prosecute ones that people hear about and care about.

            PS: Brian, while I have often gotten the ‘other peoples’ information in reply section’ issue before, this is the first time I got the ‘replying to someone other than who I clicked to reply to’ in the ‘Leave your reply to [Name]’ thing; is good thing I checked. Your web site has the funniest problems, really.

  3. Alan Bolinger

    MDMA anyone ?? 🙂

  4. “Drugs for Krebs” I lol’d

    That Silk Road is interesting, I’ve known of that for a while but still don’t understand why or how anyone can buy anything using Bitcoins. Why do people place any value on them? I understand that all currency can be a lie agreed upon but still.

    • K.Street Irregular

      People use Bitcoins because they a) think they’re rare (thus giving them perceived value and credibility), and b) think they’re useful (i.e., can be used to buy things people want and have a reasonable expectation of getting them). You can’t just start a Bitcoin client anymore and hope to get some BTC in your wallet after a day or two since GPU (and now dedicated hardware) mining have pushed the difficulty up too high, so their perceived value is high.

      To put it another way, the thinking goes something like this: “I want to buy stuff without having to put my name to it. This Bitcoin thing is used by lots of people as currency, and only a few of the stupid ones are getting caught. Therefore lots of people think it’s valuable. Therefore, I can use it and other people will accept it.”

      People want to buy something with a method that is less personally identifiable than online credit card transactions, and Bitcoin is the solution they decided works best for them.

    • Bitcoins are also useful in countries where the local currency has a high inflation rate, or has other onerous controls attached to it.

    • Imagine going to the grocery store. You pull out your wallet hand over your $5 bill and get a jug of milk and a handfull of change. What were the properties of the transaction?

      1) no banks were involved as intermediaries. i.e. only you and the clerk took part
      2) the transaction was quasi-annonymos. That is unless the clerk had a reason to know who you are, there is nothing to distinguish who you are.

      A bitcoin is a computer protocol that tries to emmulate this. If I want to give money, or buy something, from anyone, anywhere in the world, n exactly the same way I bought that milk, I would use a Bitcoin.

      And unlike other computer files, because of the way the ledger is handled, a bitcoin cannot be copied, couterfeitted, double spent.

      • This is very similar to what my argument for and in favour of LibertyReserve is. “What” is considered “valuable” is negotiable depending on people involved. Hell old money was not money, it was scrip, just some substitute piece of paper with zero value whatsoever, you give me eggs, I give you paper you can give to guy down street to buy potatoes, etc. BitCoin is just this: People have agreed it has some arbitrary value that is acceptable as long as other people accept that they can use it to trade with somebody else. Is no different than handing some IOU note over to somebody else. It has value because people believe it has value. This is true for all money though. Governments just like to control it. Like is a weak word. Demand to. At least your governments. Not that those here do not demand, but bartering is not the crazy thing in other countries that it apparently is in your “over developed countries”. Money has never had value. In funny way, being owed potatoes is worth far more. Not like you can go trade your US Dollar in for its value in Gold or Silver or what ever it was now. But I can trade in my IOU for a sack of potatoes. And someone else can trade in that IOU if they have potatoes but do not need anything from me to trade and use that to trade with someone else. Money simplified nothing but scrip. BTC probably has more value than money right now.

  5. Jeez. You got some guts, Krebs. Thanks for fighting the good fight.

  6. > Seller said the package will be delivered after 3 days, on Tuesday.

    Correct translation would be “on Tuesday, after 3 p.m.”

  7. Russians are Retarded

    Seriously, do they not read your other articles like the one about swatting and KNOW that this would be the outcome? I don’t understand how they think this will work.

    • Dont Loose your self

      One day It may work .wHO KNOWS.

      • One day it will work.

        • Mujahed spalilsja kak rebenok 🙂

        • Or it’ll backfire. They’ll keep on upping the ante, with Krebs always one step ahead of them. Ultimately, Krebs will track down his nemesis and murder him, but will be able to convince everybody that it was actually a suicide staged to make him look guilty.

          • No coke , Only pepsi .

            How about changing coordinates in Intercontinental Ballistic Missile (ICBM) to Brians address !? Most modern designs support multiple independently targetable reentry vehicles (MIRVs), allowing a single missile to carry several warheads full of heroin , each of which can strike a different target .

            P.s See if he can stop that . Ha Ha .

            • Maybe this is what Russia has REALLY brought to international space station this past week :/

            • That would be when Brian Krebs takes off the kid gloves and has his mole in USSTRATCOM activate the spaceborne laser device. What, you’ve never seen Bubblegum Crisis?

  8. Robert Scroggins

    Good job, Brian!

    Keep shining the light of day on all these nefarious activities!

    Regards,

  9. My new band has to now be called, “Drugs for Krebs”.

  10. What if someone had done this privately?

    Seems like the only reason it didn’t work was because Krebs caught wind of it on the forums, but if someone had fronted the coins themselves and made the purchase silently it may have turned out differently.

    Scary stuff, glad nobody is after me like that.

    • The thing about Krebs fans’ is that not only they want revenge, they love to boast. Doing it privately wouldn’t allow them to boast.

  11. Jeez, if only they’d put all of that brainpower to use for good….

  12. Brian’s blog is better than watching any crimi on TV 🙂

  13. wow..you do really piss them off.

  14. Brian, a little risky, unless the USPS is irradiating all the mail to Fairfax County, too. Remember anthrax?

    I just mailed something to a Revenue Officer at the main IRS in DC, and he said all the incoming mail is still being irradiated because of anthrax. He said to ask him in 30 years if he had noticed any side effects yet…

    • I was going to say the same exact thing. There’s probably some people who want Brian dead, so putting an airborne poison in a package isn’t too far-fetched. :/

      I’d turn it over to the cops first thing instead and warn them it may have dangerous substances inside before they open it.

  15. I don’t believe any of this. Get real any reputable dealer would never send his product through the mail and risk jeopardizing his business let alone himself !! Besides the price of heroin is far less then what was stated in this story. At least it is so where I’m from. And I’ve seen high grade heroin (and it ain’t that white sh-t) many times before, it sure don’t look like that!! Come on lets get real , everyone knows that quality heroin comes from out in western US and is the Black Tar from Mexico. This China White stuff is for amateur anyhow !! Personally I think this Kerbs is just out to get some good H free !! He won’t get it unless he goes west young man go west ! Later When Your Straighter Man

    • I think you have conspiracy theory wrong, Rak. Brian caught sight of this in forum and knew that it would be an alibi and at the same time it would set up forum members in cybercrime world to look like drugs criminals. The real conspiracy theory is that they never collected enough bitcoins to order, or just lost interest, so Brian ordered smack himself and made it look like they ordered it. In American con stories is called the “old switcheroo” or something silly like this. 😉

      Also there is Elvis body in Federal Depository of U.S.A. because he was national treasure.

    • Uh, why shouldn’t they send the drugs by regular mail? Last time I checked, post offices are not usually equipped with drug sniffers, and the US Mail is generally not in the habit of opening individual envelopes (PRISM et al. nonwithstanding).
      So if neither party happens to be the target of (or getting caught in the dragnet surrounding a) criminal investigation, posting the stuff is pretty low-risk.

  16. Interesting reading as always. These criminals have met their match with you :). Keep up the good work and hope you will continue to stay ahead of these dark forces. Just remember, only you can best protect yourself, so minimize your reliance on others as much as possible….

  17. Bullies don’t like it when you expose them. They will go to unimaginable lengths to make themselves feel in control of your life because their life is out of control.

    They are surrounded by toadies that feed their ego’s.

    Don’t let them win. Keep exposing them, but keep your head down and your power dry.

  18. Stillfiguring

    How does the shipping work?

    Using TOR for transactions may provide anonymity.

    But every package shipped anywhere is tracked at each step of the journey.

    Surely the package leads back to a real human.

    • You put the drugs in a regular envelope and drop them into a convenient post box at a busy street corner in a major city.
      How would you track that?
      You’ll get caught, eventually, if you do that in sufficiently high volume or if you are careless, but otherwise: no way.
      See the Anthrax scare for an additional example.

      • Was there actually any third party call made to the police as the flycracker guy requested? I find no mention of it, so the way it seems now is that even if Mr Krebs had missed the birth of this prank he would just have ended up with unsolicited smack in his mail but no police intervention regarding it, right?

  19. Carlos the Jackal

    Tee hee… and to think that I thought the lame ass hackers that keep ‘trying’ to break in to my web site were dumb, desperate and persistent… these enemies of Brian have raised the bar.

    I vote that covert assassinations of such mentally ill inhabitants of the Internet be authorized and executed by the covert government agencies that do such things ;).

    Oh… wait…. they already have been doing that. Green light authorized for operators of Silk Road and its membership.

  20. I’m not terribly impressed with the USPS if drugs can be delivered by mail, without even using hermitically sealed packages.

    • K.Street Irregular

      To have a better than 99% success rate at intercepting and seizing drugs shipped through the USPS, they would have to rip open and search every letter and package for illegal goods. Even the United States, in its terminal paranoia, isn’t willing to go that far yet. X-ray imaging isn’t perfect. Shape recognition of packages isn’t perfect. Profiling source/destination mailing address patterns isn’t perfect. Drug sniffing dogs aren’t perfect.

      You make it sound like the USPS is utterly clueless, and that is not the case (but it is the common attitude of J. Random Interwebs Poster). For the detection measures they have in place which strike a balance between utility, cost, and benefit, they work some of the time and they don’t work some of the time. Nobody’s entirely certain of what the actual figures are (by definition, you can’t count what you don’t know about because you didn’t detect it), so at best the false positive and false negative rates are estimates based upon those partial known figures.

      • 99% success rate or better?

        Do they have any success at all? Is USPS actually actively looking for narcotics in the mail? Are they required to? It is expensive and it would possibly delay logistics, so I doubt it.

        I acknowledge that in the post 9/11 era they certainly screen for explosives (molecular trace “sniffers”) and maybe even screen for guns, but other than that I believe you could ship bags of flour to and fro all day long and no one would ever care to open a package because he sees a suspicious lump suggesting organic matter (powdered drugs like Heroine or Cocaine) on his scanner. Or a bag of capsules / pills. Could be any kind of food supplement.

        I really doubt USPS would proactively do that, they are in the logistics business and this is like a ball and chain to the foot for such an organization.

        • @Andy, the deterrence is statistical and psychological. You bring in a sniffer dog for a shift, and it stands near one or two lines of moving parcels for an hour or so. As you stated, there simply isn’t the budget to supply every line with a dog and a handler 24 hours per day. That would likely take 21,000 highly trained dogs and handlers – a figure not even close to practical.

          So they end up checking only a small fraction of the mail. Maybe they find something, maybe not. If they’re lucky, they might end up with a bust they can publicize, which is very useful to frighten the people who might otherwise casually ship drugs. The TV news is broadcast to the same body of people who play the lottery even though it pays out less than 8% to everyone but the winner – people with no grasp of statistics. They’re easily swayed.

    • K.Street Irregular is right on. A friend of mine that does postal security said they don’t open a package unless it has obvious problems. (She didn’t add the government snooping order motive…) Otherwise, most of them just go right through.

      Contrary to popular belief, the security and privacy of USPS packages is actually a *benefit*. People who value privacy, from journalists to crooks, have used USPS as a tool for securely moving packages from A to B for a long time. People have been known to send classified information through it, too, b/c it’s so reliable. It can also support anonymous transfer if you make sure proxies are used.

    • The USPS ships 365 million packages a year; you have any bright ideas about how to search them all for drugs while keeping total delivery costs low enough that a package costs $10 rather than $100?

      Haha wait, did I say 365 million packages annually? I meant, 365 million packages – during the holidays. The *actual* annual number of packages is closer to 4 billion (http://about.usps.com/who-we-are/postal-facts/#H2).

      But yeah. You keep thinking you’re clever and the USPS is simply incompetent.

  21. There won’t be any of this problems if Krebs would do his job anonymously. But I get the feeling that this is all just PR.

    Anyway we cannot blame people who have no other option but to make many on crime (this guys are generally from Russia or Ukraine – one of the poorest countries in region). There is really hard to get decent job.

    • …and as a side benefit they provide job security to security analysts.

      If you want to make money with security solutions/consulting you need an adversary. Kind of like the relationship between the cheque fraudster and his FBI nemesis in the movie “Catch me if you can”.

  22. I like the second post in the first pucture, the one from one SIN the Immigrant:

    “I’m in withdrawal too. fuck krebs let’s snort it all ourselves…”

  23. Just another anon

    Packages over 12 ounces have to be handed in in person–but even then, they’ll take cash and not check your ID or the validity of the return address. Under 12 ounces, put the right number of stamps on it, drop it in the mailbox, and almost always it will get there in a few days.

  24. So, Flycracker is Clarence Beeks!

  25. Let us help you. Provide us with a secure (if there is such a thing) address and we will send you a RappITUp. At least then they won’t be able to track your movements.

  26. The packages could have easily contained a bio-agent, like anthrax. Please, please don’t let your curiosity get the best of you again. Thanks for a great article.

  27. @ Brian Krebs

    Bruce Schneier wrote about this on his blog.

    https://www.schneier.com/blog/archives/2013/07/brian_krebs_har.html

  28. A person hopelessly addicted to a controlled substance.

    Come on people. do you believe it this ??
    What if all junkies will call a police and say bla bla bla someone is trying to set me up and if you get any drugs in my mail it not for me 🙂
    That is ridicules excuse .If you ask me .
    I think every drug dealer in USA should use this excuse from now ..

  29. Good idea, give all the scipt kiddies who read this blog new devestating ways to attack their xbox live foes.