Deepweb Drug Trafficking Is Not A Major Concern For Police

Websites, including our own, have been filled with news of Germany’s recent drug takedowns. Nearly every article referenced what Holger Muench, head of Germany’s Federal Police, said after the Munich shooting. Muench spoke of cracking down on the deepweb. Little has been known until a recent interview with the LKA that shed some light on the topic.

Berlin Online received the opportunity to interview Olaf Schremm, head of the German Federal Police’s drug department. During the interview, drug importation, legalization, and the deepweb were discussed. Schremm’s words on the subject were the next look into the LKA’s policies and stances on drug users and drug crimes.

The reporter from Berlin Online initiated the discussion by asking about the current drug problem in Berlin, “in general.”

Schremm spoke, initially, of consumers. “We know that in Berlin all known drugs are consumed,” he said. Cannabis products have been the most used. Heroin and cocaine use have been the next line of focus. However, ecstasy, amphetamine, and crystal meth use has been on the rise. But specific drugs are a concern for the LKA.

Drug-reconnaissance books of Focus

Schremm reassured the reporter that consumers are not a concern for police. Out of the 14,000 drug offenses reported by the Police Crime Statistics (PKS), 9,000 cases involved consumers. He said that police must arrest consumers under the current narcotics law, but the focus is not on them. Continuing to clarify the numbers given in the PKS, Schremm said that adjustments had been made to those numbers. In reality, the number of consumers who get prosecuted has been “very slim.”

The LKA has only seen an increase in drug use and distribution when looking at synthetic drugs. Otherwise, the head of the drug department described, numbers have remained essentially consistent. External drug sources such as the deepweb and new labs throughout Germany have had little impact on current consumer drug offenses.

Trade routes for the classic drugs have not changed either, Schremm said. Ecstasy and amphetamine have still been smuggled into Germany from various locations in Europe. Heroin and cocaine have still been smuggled in from Asia and South America. The only change seen by the LKA has been the importation of more exotic drugs. Rarer, harder to find drugs, he said, are coming in via the deepweb. Postal services are rarely used for the classic drugs; newer synthetic drugs have dominated that sector.

The Berlin Online reporter shifted the focus of the interview to drug traffickers. He asked “What about investigations into drug traffickers?”

Schremm admitted that the LKA have few options in respect to taking down traffickers. The methods used have not changed. Police forces have been highly restricted in their ability to investigate distributors. Specific protocol has to be followed, he said.

Schremm explained that due to the restrictions in place, the LKA had become vigilant in watching suspected drug traffickers. Law enforcement has been increasingly concealed in their actions. Any preliminary investigation in recent drug busts had to be unnoticeable. He explained that raids only take place when the LKA knows a prosecution would follow. More than “a little” probable cause is required.

Deepweb drug trafficking had thrown another wrench in the LKA’s ability to investigate drug traffickers, Schremm explained. The Federal police have not been capable of monitoring the darknet as necessary. He said the department that is focused on darket and deepweb activity is very small. Even though the LKA has been falling behind in tracking deepweb activity, Schremm said deepweb trade in Germany is slow.

“Some very young and tech-savvy guys have made a fortune there in a short time,” Schremm admitted. Those days are over. However, standard investigation rules are used to observe suspected deepweb vendors that do make appearances. The one biggest difference in deepweb investigations is the LKA’s monitoring of mailboxes. Local dealers, he went on, are watched making direct deals. That had not been the case for traffickers on the deepweb.

In short, he summarized, many of the investigations and busts made are due to the LKA’s obligation to follow protocol. Deepweb buyers and consumers, like street buyers, are not a focus for police. But if illegal drug activity is seen, the LKA must pursue the suspect. While the number of deepweb-related busts has increased, the investigation tactics have not changed. Until more of the concerning drugs are seen coming into the country from the deepweb, tactics will remain the same.

New Documents Reveal the FBI May Have Hacked Every TorMail User Illegally

In 2013, the FBI took down Freedom Hosting and with it, brought down a minimum of 23 child pornography sites. The seizure of child pornography (CP) servers was considered a win by law enforcement and many Tor users. However, recently unsealed documents reveal just how far the FBI stepped outside the law.

During the investigation, agents discovered a connection between an email service and many CP websites. The FBI was then given a warrant to hack 300 users of TorMail, the email service in mentioned.

TorMail was an encrypted mail platform that allowed users to send and receive emails over the Tor network. The FBI was allowed to hack TorMail users after discovering that both TorMail and the CP sites were hosted on the same server. tormail.png

Documents explicitly clarified that only the 300 target accounts listed in the affidavit were to be hacked.

The ACLU fought to have the documents unsealed in September and the Department of Justice ultimately published them in redacted form. The released documents confirmed the suspicions and theories of many cybersecurity researchers and TorMail users alike. motion.png

tormailorg.png

“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.

The suspicion that the FBI operated outside the scope of their warrant existed almost immediately. The “hack” was not discreet. As revealed in the affidavits, the type of “hacking” performed by the FBI was a network investigative technique (NIT). This malware, according to Greg Virgin, former NSA employee turned cyber security consultant, did not “crack” Tor encryption. It circumvented anonymity altogether.

Malware was only to be deployed once one of the “target” users entered their TorMail username and password, the affidavits explained. However, within a week of the arrest of the Freedom Hosting owner, TorMail users started reporting otherwise. Users were met with an error page before being able to access the TorMail log-in page.

Researchers looked at the source code of of the “Down for Maintenance” message that was displayed on every Freedom Hosting website. A hidden iframe tag was discovered that loaded “a clump” of javascript code from a location in Virginia.

magneto.png

Security researchers dissected the code and it wasn’t long before Mozilla made a statement. The code exploited a critical memory management vulnerability in Firefox, the company said. Tor, being based on Firefox, consequently suffered from the same vulnerability. The “Down for Maintenance” error page that presented itself to TorMail users ultimately exposed their identities.

Wired reported that the FBI’s malware looked up the victim’s MAC address and Windows hostname. The NIT then transmitted the identifying data to a server in Virginia. Data was sent via HTTP, outside of Tor, revealing the victim’s IP address.

Joseph Cox, a contributor to Vice’s Motherboard, spoke with a former TorMail user who confirmed the error page “appeared before you even logged in.

The email Christopher Soghoian sent to Motherboard continued:

The warrant that the FBI returned to the court makes no mention of the fact that the FBI ended their operation early because they were discovered by the security community, nor does it acknowledge that the government delivered their malware to innocent TorMail users. This strongly suggests that the FBI kept the court in the dark about the extent to which they botched the TorMail operation.

“What remains unclear is if the court was ever told that the FBI had exceeded the scope of the warrant, or whether the FBI agents who hacked innocent users were ever punished,” he continued.

Motherboard reached out to the FBI for comment and heard back from Christopher Allen, a spokesperson for the FBI. “As a matter of practice the FBI narrowly tailors warrants, and we do not exceed the scope of those warrants,” he said.