7.11.17 Dark Web and Cybercrime Roundup

Security News ThreatsCybercrime Uncategorized

Dream Vendor “CzechoSlovakFarm” Busted in Slovakia

According to an official update posted on Facebook by Slovak law enforcement, police in the Trenčín Region of northwestern Slovakia had apprehended a 24-year-old darknet marijuana vendor named Juraj. The police’s statement alleged that Juraj had grown marijuana in his Northwest Trenčín family home from September 2016 until his late 2017 arrest. He had used the house as a base of operations for international marijuana distribution. The 24-year-old, known to his customers on the Dream and Valhalla marketplaces as “CzechoSlovakFarm,” allegedly shipped from Slovakia to roughly one dozen countries including Hungary, Turkey, Bosnia, France, and Italy.


CzechoSlovakFarm’s former buyers expressed their regret after hearing that one of their favorite marijuana vendors had left the scene. Users said they had appreciated Juraj for both the marijuana’s quality and the “amazing stealth” he used when shipping the product across borders. Unfortunately, the fantastic stealth provided markers for Slovakian law enforcement. They claimed they had uncovered the vendor’s shipping techniques. They said they knew the specific envelopes Juraj had used and that Juraj shipped out through various branches of the Slovak post.

Police caught Juraj with 10 kilograms of dried marijuana and 25 seedlings. Based on calculations of the vendor’s total sales and prices combined with the estimated value of the marijuana in his possession, authorities speculated that CzechoSlovakFarm had grown almost $118,000 of marijuana. DeepDotWeb

Two Inmates Controlled Canadian Fentanyl Trade from Prison

Two men who had spent time together in Canada’s Drummond Institution near Montreal—each for a crime completely unrelated to the other’s—controlled the fentanyl supply in Canada for three or more years. They oversaw a massive fentanyl trafficking operation while behind bars for attempted murder and, fittingly, fentanyl distribution. The kingpin, Daniel Vivas Ceron, landed in Drummond years before his future accomplice. Ceron had served ten years in prison for attempted murder before he paroled out and Canadian authorities deported the man to Panama. While locked up in Drummond, Ceras met Jason Berry, a fentanyl trafficker serving a five year sentence.

The United States government, during one of the most expansive fentanyl trafficking investigations, identified Ceras as a key player in the fentanyl trade while behind bars. Canadian law enforcement, in collaboration with their US counterparts, had traced the influx of fentanyl back to a supplier in China. That supplier, Jian Zhang of Zaron Bio-tech, worked with Ceras to arrange deliveries across the United States and Canada. Many of the recipients were high-profile darknet fentanyl vendors, such as the former Evolution vendor Brandon Corde Hubbard.


Canadian authorities, after finally allowing him to parole out of Drummond, dropped Ceras in Panama where he was quickly apprehended by local authorities on a provisional arrest warrant from the United States. Recent court documents reveal that the Justice Department doubted Ceras worked alone. He was “one of the organizers and leaders of this criminal conspiracy in Canada,” a spokesperson for the DoJ said. The North Dakota prosecutor’s office then indicted Berry for his role as Ceras’s partner in crime. Officers had searched the suspect’s cell and found a cellphone with Wickr installed on it, along with a writing pad that served as a operation ledger.

Berry is currently serving 12 years for unrelated drug crimes in Canada, a Correctional Service Canada spokesperson said. The CSC spokesperson declined to answer any questions regarding the extradition of Berry to the United States. DeepDotWeb

Alphabay Vendor “Blime-Sub” Admits Selling 1,100 grams of Heroin

Emil Vladimirov Babadjov, a 32-year-old California man, appeared in court in late October where he pleaded guilty to the distribution of 1,100 grams of heroin, 510 grams of meth, and 66 grams of fentanyl. And he had advertised and sold all 1676 combined grams on the now-deceased Alphabay marketplace before getting arrested in December 2016. (Court documents ignored Babadjov’s accounts on markets like Dream or Valhalla). The 32-year-old sold on darknet markets under the names “Blime-Sub” and “BTH-Overdose.” Both names proved valuable to the feds during the brief investigation into Babadjov.

First, as noted by the agent who filed the Criminal Complaint against the suspect, the California man’s first name and last initial, when reversed, spell “Blime.” And second, BTH-Overdose’s PGP key belonged to someone with the email address “[email protected][dot]com.” That email address, according DEA Special Agent John T. Rabaut, linked to a Facebook account under the name “Lime Vojdabab.” The name on the Facebook account, as if Babadjov had named it in an attempt to troll law enforcement, mirrored the vendor’s real name.


Babadjov’s chances of dodging a conviction grew increasingly dim following the undercover buys placed by federal agents. A USPIS officer tracked a Postage Validation Imprinter (PVI) label on a package sent by the vendor. She traced it to a self-service kiosk (SSK) within walking distance of Babadjov’s house. She pulled a time and date and then pulled a picture from the SSK that matched Babadjov’s license photo. As the USPIS conducted their investigation, a DEA lab finalized their forensic analysis of the heroin the vendor had shipped to undercover agents.

Special Agent Rabaut received two surprises: that the “heroin” contained more fentanyl than heroin and that the lab had pulled a fingerprint off the drug’s packaging. It matched Babadjov’s. Case closed. DeepDotWeb.

Dispatch from Academia: Exit scams, hacking, violence, predation and fraud

Drawing on his research with Kim Moeller and Jakob Demant, darknet drug market researcher and criminologist Rasmus Munksgaard shared his thoughts on the current darknet market scene in light of events such as the (still) ongoing DDoS attacks that rendered the majority of markets worthless. In the article, the researcher focused on the impact that violence had on former darknet markets. Reaching as far back as the original Silk Road, Munksgaard pointed out that darknet markets had faced DDoS threats and various attacks from rivals from the very beginning. The attacks, he said, usually carried a financial motivation of sorts. DPR 1 had allegedly paid his extortionists as they could have disrupted the market’s long-term usability. DPR 2 openly admitted to eliminating his competition in successful attempts to drive customers to SIlk Road 2.0.

Exit scams from both vendors and market owners hurt customers. However, the scams carried out by the seemingly invisible market administration affect the most people. Think: Sheep Marketplace and Evolution. The fallout and collateral damage caused by the market’s disappearance ranged from minimal to saddening to life-threatening. “These attacks draw attention to the markets and complicate everything, and it might be just as financially rewarding to allow peaceful transactions and the commission gained from them,” Munksgaard wrote. He explained that TradeRoute provided a good example of why these types of attacks are best avoided.

He closed:

Drug market violence is not good for business and the harms may spill onto those uninvolved. It has repercussions and it draws law enforcement attention. If PhishKingz is to blame for the Traderoute exit scam, what happened last week is parallel to what happens in drug markets: Violence spills over and everybody loses.”

7.11.17 Dark Web and Cybercrime Roundup