What does it take to catch those using dark web markets for illicit purchases? These days, feds rely on various hacking methods to uncover those buying and selling illegal goods, whether drugs or weapons, on the anonymizing Tor network. In one startling Georgia-based case, involving a man who pled guilty to trying to acquire a mail bomb on a Tor-hosted market, they threw the digital kitchen sink at the perp.
That’s according to a handful of just-unsealed court documents unearthed by Forbes, in which an undercover cop was contacted by two monikers belonging to the accused, Clinton Scott Bass, over an unnamed dark web site. He was keen, at first, to buy a car bomb that would explode as soon as the vehicle’s door was opened or closed. But he then decided he wanted a mail bomb, which would go off on being opened.
The undercover agent agreed to sell him a bomb, which was in fact inert and delivered to an address provided by one of Bass’ monikers, who paid $550 in virtual currency for the service. Hidden in the fake explosive, however, was a location tracker. Cops waited for Bass to pick up the parcel, then followed him to what they believed was his true residence. They were eventually able to determine that Bass had delivered the inert bomb to his intended target in Hahira, Georgia, on the morning of April 27th. He was arrested by the FBI later that day.
FBI goes phishing
Prior to that arrest, in one message to the covert officer, Bass handed over an email address provided by temporary mail vendor Guerrilla Mail, so he could receive instructions on how to activate the bomb, according to a search warrant (published below). In an attempt to gather information like his location, IP address and browser type hidden by his Tor connection, the police sent a phishing email to the address. The message included a document, which, once opened, would send that identifying data to an FBI server, somehow overcoming the IP-masking provided by Tor. A separate document indicated the government also installed what’s known as a pen-trap tool to record all the information coming from the hack.
It’s unclear just how successful that particular hacking attempt – known amongst officials as a Network Investigative Technique (NIT) – was. An executed warrant document revealed 19 different IP addresses were retrieved and there was no indication from the public filings, including Bass’ plea agreement, that useful evidence was uncovered. Why so many IP addresses? It may have been that Bass was also using a VPN to mask his true IP address on top of Tor, or that he shared his temporary email with others, who were able to check messages on Guerrilla Mail, where no password is required, only the original address. The Department of Justice could not comment on the matter.
A Guerrilla Mail admin who goes by the name Flashmob saw few issues with the feds’ hack: “The way I see it is, the FBI has to do something to catch criminals, and at least in this case they didn’t resort to draconian methods such as mass surveillance without a warrant. Instead, they used a simple procedure with a warrant that doesn’t need much technical ability.”