Darknet Opsec

Opsec – Darknet Series Part 1

Written by aedvrything

This article is taken with permission from the original transcripts from a class originally taught over a forgotten IRC by the user, “aediot”

Socialhax is not responsible for any damage caused with the knowledge provided. The Darknet Series is a 9 part series of classes that we will release over the next couple of weeks.

Opsec: A Primer.

I’m not giving direct methods or resources, I’m telling you how to both break systems and how to make money on Darknet.

I will be going over various ways to make money, both for the technically minded and the non-technically minded.

Each trade comes with its ups and downs and each require specializations, so study on which method calls out the most to you and pick your craft.

This first part is about OPSEC specifics in regards to the Darknet and how to not fuck it up.

Part two will be on surviving in the community.

And part three to seven will be detailing how to actually make money.

Now you might be thinking to yourself “Oh aediot I’ve already been lectured on how to maintain good OPSEC blah blah blah this class is redundant I’ll just wait until you actually teach how to make the money”

Well feel free to risk spending the next 20+ years in jail since you clearly know everything.

This class is to ensure that you don’t rush into this nonsense and fuck yourself over with a big stick, I don’t want to see anyone here locked up.

If you do plan on sticking around then I’d like to give you a few pieces of friendly advice.

First being, you should always maintain a healthy dose of fear.

Not only will it save you from jail but it’ll also make the game more enjoyable.

If you ever face a situation and you have the choice between paranoia and arrogance.

Pick paranoia.

Secondly, it’s a common misconception that you need to be a tech genius to navigate or make money on the Darknet.

This is untrue.

As far as the users go, these are just roundups from my own personal experience.

Id say about 5/10 Darknet users run on Windows, rely on the Tor browser and don’t have full disk encryption set up.

Aka “low hanging fruit”, These are the ones that get arrested fairly quickly because they lack a healthy dose of fear and don’t take the time required to set up properly.

About 3/10 people are a mix between skill levels.

They have good tips and tricks/know how to avoid law enforcement, But they may still be running Windows even though they’re likely using something like Whonix or Tails in a VirtualMachine paired with partial disk encryption.

2/10 people who I’m going to refer to as “elites” are the ones who know what will and wont get them caught.

Using fully encrypted drives, pure Linux setups, IMEI changing burners.

The whole 9 yards.

Does this mean all elites are tech smart though?

No.

They just take the necessary precautions to take to avoid jail time.

Just like modern day journalists are now by extension, tech journalists.

As they need to know proper security and OPSEC in order to not get screwed by Government.

A good number of the elites (especially the older ones) were criminals even before the Darknet and simply immigrated to the internet to adapt to the times.

These are people like Bankers in the business of money laundering, Kingpins looking to sell their product en mass, and likewise.

That said.

There are those who develop Malware and Exploits as well as provide other services and those are the tech smart ones, But they aren’t everywhere so don’t expect them to be.

So, that said.

What does this mean for you?

Well if you take your time and prepare yourself out with the knowledge taught here as well as with your own research, you’ll find your business opportunities and your own worth in the community skyrocket if you become an elite who knows tech.

Many people will want you to be their contacts solely for the fact that you’re among the few that know tech to the extent many do not.

And therefore can pull of better heists, better setups, and provide services that others cannot.

Though I’ll touch more on that in later classes.

For example, a potential admin might ask you to develop a store and in exchange give you a cut of profits made.

You might be asked for help with encryption or server setup/security setup.

Aka good opportunities for you, the user.

The only bonds that tie in the Darknet are fear and profit, if you can convince people that you can provide either they’ll flock to you like moth to a flame.

It’ll do you good in the long run to remember that.

Third, when you get to the point of eventually hanging around the Darknet community after these classes.

Keep in mind this isn’t a community that just “doxes for fun” or “to make a point”.

You’re dealing with Kingpins, CEOs, Bankers, and Blackhats who only care for their personal flow of coin and the flow of commerce.

As well as keeping out of the public spotlight of course.

We are not in this for fame.

We are not in this for fun.

The game is a tad bit different because you’re dealing with greed.

Like true greed.

Thousands.

Hundreds of thousands.

Millions.

Billions in some cases.

If they find you a threat they’ll try to come after your contacts and credibility.

Whether it means sabotaging your business in some way, or ruining your name with something embarrassing in an attempt to have you lose contacts.

They’ll try whatever they can to threaten your flow of coin, or your life if you don’t keep your OPSEC up to point with the game you’re playing.

But really at that point Law Enforcement is more likely to nab you than a fellow Darknetter.

Granted you won’t encounter the more powerful people just starting out when you sift through the public markets and forums first building a reputation.

-For the most part-

This really only applies to you if you find yourself deeply involved.

However it’s better to get into respectful habits early so that you don’t screw yourself over when you do get deep into it.

Your first mission is to figure out what information your persona shares.

Aka, Tradecraft.

It’s not easy, but just like anything that’s worth your time it requires patience, planning, wit.

As far as compartmentalizing what information you can and can’t share, you’ll find it’s a much easier task to declare what information you can share with each persona.

As opposed to detailing what you can’t.

Example:

“My name is Evil0n3, I am a frauder in the Darknet. As far as anyone is concerned I am based in the USA and my backstory is that I’m a banker in real life but do not know which bank. Everyone in the Darknet knows I am in various carding communities and I can openly admit that I have done illegal things because I’ve done my tradecraft and know I’m protected.”

Like that^

Maybe not the best of examples but you get the idea.

Sharing no other information about yourself aside from those things listed is the trick to handling your day-to-day OPSEC.

Identifying what you can share just makes things a whole lot simpler.

Your second mission is to run your Tradecraft analysis to identify tasks, vulns, and countermeasures.

Here’s the rundown.

You need to identify firstly, what it is exactly that you have to protect.

We’re going to be using Todd as an example.

Todd is a Kingpin who’s been put in charge of three warehouses full of drugs, 10 corner dealers to sell to normal users and addicts who want a fix, and he gets his source from some grows in another city who ship it to a specific drop every 3 weeks.

So we’ve identified what it is that Todd has to protect.

So now we identify the potential vulnerabilities for each.

With the three warehouses you need to cover you obviously have quite a few risks.

The purpose of the warehouses is so you have a place to stash the drugs that you give to your corner dealers.

In terms of securing it, think about a few different ways you could go about this.

You could have it set up so that you’re the only person who knows about the warehouses location, meaning your contacts and dealers don’t know its whereabouts.

Problem is that comes with its own subset of vulns as well seeing as the implementations you have to put in place to maintain relative anonymity.

Which we are going to go over now.

I’m going to be listing the subsets of the setup with numbers like 1/2/3 etc, and below the subsets I’ll be listing out vulns for each subset via letters like A/B/C and for each vuln below I’ll list a possible countermeasure via [] brackets.

Now keep in mind this is just for the one possible way you could go about things, sky’s the limit when you’re working with imagination and wit.

1. You’d need to hide the contents of the boxes or packages you’re putting the drugs in and either haul them in yourself (probably not the best idea) or for example hire some random heavyman company to place/move the boxes for you without knowing the packages contents or they’ll snitch you out.

A) The company you randomly hired could drop the box or something could leak out and they would see that you’re handling drugs which would lead to jail Countermeasure [ Seal the drugs ahead of time in vacuum tight non see-through packages ]

B) If something ever happened to you your entire gang/crew would be shit out of luck unless you told them the locations before you died, not likely to happen seeing as it’ll likely be a gunshot wound. Countermeasure [ Leave a note that has the locations of the warehouses in a box. Then give the box to the next succesor in your crew via your will ]

C) You would need to handle the drugs yourself or make trips to the warehouse to unload the drugs for passing out to the corner dealers. Your inner circle might know you’re gone and if you have a snitch amongst you then he might try to tail you to the warehouse. Countermeasure [ Actually couldn’t think of one for this because its too complex and there are too many things you’d have to cover ]

For the sake of completing this class within the next century I’m not going to go over every possible method, but I think you get my point on what needs to be done.

And also for the sake of time I’m not going to go over the most lengthy yet vital step which is identifying possible fuckups/things that could go wrong and finding countermeasures for those as well.

An example being “if someone follows me to the warehouse, this is my countermeasure”.

Etc.

This needs to be applied to everything you do.

OPSEC is a 24/7 job and does not end when you shut off your computer and go to sleep for the night.

Nym creation, Heists, Encryption, Anonymity.

Everything needs to be put through the fire and figured out to its fullest extent before you tackle really important shit.

And do you see the time it takes to do this properly?

Identifying the entirety for just ONE possibility of a way you could secure the warehouses and listing out the vulns/countermeasures for it?

Imagine how long it would take to list out the top four or five possible ways to secure the warehouses.

And then you’d have to deal with the other two things you need to protect.

Aka the corner dealers and your drop source.

This is the level of time and patience that it takes to nail down your OPSEC and get it right.

If you rush into this without figuring countermeasures for everything you would be as bad as Todd and his crew by putting themselves at risk for a mass amount of jail time.

So to recap, the steps are as follows:

1. Identify what you’re protecting.

2. Identify your end goal.

3. Identify the top best possible setups to protect your assets while weighing the pros and cons to each.

4. Identify the weaknesses in each setup.

5. Identify countermeasures for each and every possible weakness.

Nobody is perfect.

We aren’t machines.

You’re going to make fuckups, which is what step 5 is for.

But if you did your Tradecraft right you’ll be able to know how you can recover from that and will have figured countermeasures for fuckups as well.

If your sin is extremely deadly you may even want to consider going dark (shutting down all your accounts/jacking it to another country or state) completely.

And as a demonstration of what not to do, I’m bringing up a prime example.

Recently a user by the name of DiscordianAnon was doxed here by a few other members of this IRC.

His OPSEC was terrible and he was some anon who claimed to fight governments and do all this activism nonsense.

Problem is “Discordian Anon” is a nym that was linked to his OLD nym which had been doxed by a group known as “HTP” about three years back at the current time of writing.

Do NOT do what DiscordianAnon did when he was doxed the first time and just change your @ on twitter while using the same account so that you can keep your follower/e-fame reputation.

That’s obviously not a good countermeasure.

If he really is involved with all these journalists and whatnot like he brags that he is then his OPSEC is complete and utter shit and you should let that teach you as an example of what NOT to do.

By not going Dark he didnt recover from his sin, which means that he didn’t do Tradecraft analysis before becoming an Anon.

Aka he has no idea what it is that he’s doing and is/was just winging it for the sake of fame and fortune.

This is how you land jail in Darknet.

He was not fit to tackle any government or corporation with a setup like that.

Nobody would be.

Pull this level of shit OPSEC on Darknet and I guarantee you you’re fucked and landing 20+ years and not just an asswhooping on IRC/Twitter like he got.

I’m going to say this, and I’m going to say it once.

Low hanging fruit should not be respected, looked up to, counted among your contacts, or anything else that even remotely ties yourself to them.

Because low hanging fruit are the first to squeel when the pigs threaten them with jail.

So if they considered you among their friends or contacts.

You’ve just painted a big red target sign on your back for Fed proding and investigation.

Were moving on to the final part now which are really just a few things to get your brain jogging.

The minor (yet important) details are what keep you from arrest in most cases.

One important thing you need to drill into your head is that you are not here for fun or friends.

You play the Darknet to amass your own empire and protect any commerce and resources you’ve acquired.

You don’t have friends.

You don’t have allies.

You have contacts.

Nothing more nothing less.

Trust everyone equally, aka not at all.

And for anyone unfamiliar.

A contact is someone who helps your coin flow better, whether it’s a source of high quality cards or someone who you know is a good Blackhat and can hook you up with some custom malware for a discounted price or give you some advice on where to score a resource you need.

Another small thing you might want to consider when doing your compartmentalization analysis is if you’re foreign to the extent of it showing in your typing.

You’ll notice that anybody on public and private Darknet forums use proper grammar.

Aka Capital at the beginning of the sentence and a period at the end of it.

Like I’m doing now.

There are reasons for this.

Same reasons you don’t throw addons on the Tor Browser.

One being reputation is all you have in the Darknet.

And you want people to not view you as some crazed methhead to who just discovered Tor.

And like the other reason is because it disguises you.

If everyone types and talks the same, there’s nothing to profile.

If you’re foreign and can’t type in well informed sentences it might do you better in the long run to publicly identify as someone from whatever country you’re from.

That way people won’t think you’re an english speaking retard who can’t type correctly and will have a bit more patience for your bad english.

Though obviously the downside to this is that the Fed and other users might be able to profile you a bit if you don’t keep up your OPSEC as strongly as you should.

Of course I’ll leave that decision to you so you can decide what you can/cannot handle.

Also if you type in a certain way that isn’t the way I’m typing right now and you’re not bad at english, you should consider changing that before you get involved with the Darknet to avoid profiling.

Like .. if you have a speech pattern like this!

Every other.. sentence

Or something equally as stupid.

Last point I’m going to touch on is really just to reiterate that you need to maintain a healthy dose of fear.

I really can’t stress how important that is.

Fear will keep you from doing really stupid shit like antagonizing higher ups who know more than you.

Or can do more than you.

Fear will stop you from carding without the proper protections thinking “eh, the feds won’t care about lil ol me!”

Fear protects you from making really stupid fucking decisions that may lead to entrapment.

So all in all fear is what assures that you’ll maintain a long and happy Darknet career.

It’s the little things like this that really strengthen your mindset considering OPSEC is a 24/7 job.

Take the time to follow all this correctly, and keep the little things in mind while you do.

If you can successfully pull this off then you’ll eventually come to learn that really the Feds aren’t the one you need to fear.

When in reality it’s other users.

That’s it for part one.

Comment with Facebook

About the author

aedvrything

Leave a Comment