-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
1/51
!""#$%%&'()*++,-.(/
01'23) 5'+)6!37
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
2/51
!""#$%%&'()*++,-.(/
& '8) &'()*++,-.(/
& !39+ 3) 2)"+'+6" 2) &):(;+.+18.3"2()
I dont know everything < Im just a
*++, 72"! "2/+ () /= !3)16
;'- &):('/3"2() ;+.8'2"= 5()68>"3)"
3" ?'86"+1;+.
5(
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
3/51
!""#$%%&'()*++,-.(/
& 72>> B+ "3,2)* "7( #+'6#+."29+6
C+(#>+ "'=2)* "( 6"3= 3)()=/(86
C+(#>+ "'=2)* "( 1+ 7!+'+ =(8 68':H .()"'3B3)1 3732"6
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
4/51
!""#$%%&'()*++,-.(/
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
5/51
!""#$%%&'()*++,-.(/
A3',)+"6
?!+'+ 3'+ /3)= 1+:2)2"2()6H B8" /2)+ 26
anonymizing private network
I6+ (: +).'=#"2() 3)1 #'(J2+6 K6(/+ "2/+6 ("!+'#++'6L "( (B:86.3"+ 7!( 26 .(//8)2.3"2)* "( 7!(/
;(/+"2/+6 '+:+''+1 "( 36 52#!+'6#3.+
K>(9+ "!3" "+'/L
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
6/51
!""#$%%&'()*++,-.(/
?!+ M)2() N(8"+'
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
7/51!""#$%%&'()*++,-.(/
!"#$@2'6" "!+ I; E393> N+6+3'.! F3B('3"('=H "!+) "!+ O@@ 3)1 )(7 "!+ ?(' C'(P+."
KQRS.T )()>3).+ "!3" "!'+3"+)6 #+'6()3> :'++1(/ 3)1 #'293.=H
.():21+)"23> B862)+66 3."292"2+6 3)1 '+>3"2()6!2#6H 3)1 6"3"+ 6+.8'2"= ,)(7) 36
traffic analysis. ~ As defined by their site
!"&'$0..+66 )('/3> &)"+')+" 62"+6 3)()=/(86>=H 3)1 ?(' !211+) 6+'92.+6-
(#)$F(.3>>= '8) ;M5U; #'(J= "!3" .())+."6 "( "!+ ?(' )+"7(',-
http://www.torproject.org/http://www.torproject.org/ -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
8/51!""#$%%&'()*++,-.(/
F3=+'+1 +).'=#"2()
G2= :(.86+1 () (8" #'(J=2)* "( "!+ &)"+')+" W('+ 2):( 3" !""#6$%%777-"('#'(P+."-('*
Internet Server
Directory Server
https://www.torproject.org/https://www.torproject.org/https://www.torproject.org/ -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
9/51!""#$%%&'()*++,-.(/
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
10/51!""#$%%&'()*++,-.(/Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
11/51!""#$%%&'()*++,-.(/Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
12/51!""#$%%&'()*++,-.(/Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
13/51!""#$%%&'()*++,-.(/
Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
14/51!""#$%%&'()*++,-.(/
Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
15/51!""#$%%&'()*++,-.(/
Image from http://www.torproject.org/hidden-services.html.en
http://www.torproject.org/hidden-services.html.enhttp://www.torproject.org/hidden-services.html.en -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
16/51!""#$%%&'()*++,-.(/
5>2+)"
X86" 3 86+'
N+>3=6
?!+6+ '+>3= "'3::2.H 3)1 .3) 3." 36 +J2" #(2)"6
G'21*+6N+>3=6 )(" 319+'"26+1 2) "!+ 12'+."('= 6+'9+'6H 6( !3'1+' "( B>(.,
Y83'1 E(1+6
I6+1 "( /2"2*3"+ 6(/+ "'3::2. 3)3>=626 3""3.,6
&)"'(18."2() C(2)"6
V+>#+'6 2) /3,2)* .())+."2()6 "( !211+) 6+'92.+6 N+)1+D9(86 C(2)"
I6+1 :(' '+>3=2)*%+6"3B>26!2)* .())+."2()6 "( !211+) 6+'92.+6
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
17/51
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
18/51!""#$%%&'()*++,-.(/
?32>6$ ?!+ 0/)+62. &).(*)2"( F29+ ;=6"+/
!""#6$%%"32>6-B(8/-('*%
?('Z[+B C'(J=
!""#$%%"('Z7+B-('*
?(' V211+) [2,2$
!""#$%%,#9D\,2Z9Q3*7"TQ-()2() ;.3>>2() K/3,+ !(6" )3/+6L
!""#6$%%*2"!8B-.(/%>3.!+626%6.3>>2()
M)2() 53"
!""#$%%777-.=#!+'#8),-3"%()2().3"%
N+112" M)2()6!""#$%%777-'+112"-.(/%'%()2()6
https://tails.boum.org/https://tails.boum.org/http://tor2web.org/http://tor2web.org/http://kpvz7ki2v5agwt35.onion/http://kpvz7ki2v5agwt35.onion/https://github.com/lachesis/scallionhttps://github.com/lachesis/scallionhttp://www.cypherpunk.at/onioncat/http://www.reddit.com/r/onionshttp://www.reddit.com/r/onionshttp://www.cypherpunk.at/onioncat/https://github.com/lachesis/scallionhttp://kpvz7ki2v5agwt35.onion/http://tor2web.org/https://tails.boum.org/ -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
19/51
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
20/51
!""#$%%&'()*++,-.(/
KU++# 2) /2)1H "!26 26 P86" "!+ 1+:38>"6L F(.3>
^RQR%".# ?(' ;M5U; #'(J=
^RQS%".# ?(' .()"'(> #('"
K^SQR 3)1 ^SQS () ?(' G'(76+' G8)1>+L
N+/("+
ccT%".# 3)1 _R%".# /(6">=
;+'9+'6 /3= 3>6( >26"+) () #('" ^RRS%".#H 3)1 12'+."('=
2):('/3"2() () ^RTR-
W('+ 1+"32>6
!""#$%%777-2'()*++,-.(/%2-#!#]#3*+b6+.8'2"=%1+"+."
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
21/51
!""#$%%&'()*++,-.(/
!""#$%%*+"2Z#-)+"
http://geti2p.net/http://geti2p.net/http://geti2p.net/ -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
22/51
!""#$%%&'()*++,-.(/
5'=#"( 58''+).=
C'((: (: 7(',
G2".(2) 011'+66+6 e C'293"+ U+=6
G>(., 5!32) K>+1*+'L
?8/B>+'6 K>38)1+'2)*L
[3= /('+ 2):( B= G(B [+266
!""#$%%777-2'()*++,-.(/%2-#!#]#3*+b921+(6%B621+61+ZRST%Z
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
23/51
!""#$%%&'()*++,-.(/
On Dec. 16th 2013 a bomb threat was made to Harvards student news
#3#+' 3)1 6(/+ (::2.23>6-
?!+ #+'6() 86+1 !""#6$%%777-*8+''2>>3/32>-.(/"( 6+)1
+/32> 3:"+' .())+."2)* (9+' ?('
Y8+''2>>3 W32> #8"6 3) f>3/32>-.(/j
;8BP+."$ V+= B3B=a
f
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
24/51
!""#$%%&'()*++,-.(/
0>> ?(' )(1+6 3'+ #8B>2.>= ,)(7) K+J.+#" B'21*+6L$
!""#$%%"('6"3"86-B>8"/3*2+-1+
O36= "( .(''+>3"+ 7!( 736 3""3.!+1 "( V3'93'1 )+"7(',
3)1 862)* ?(' 3" "!+ 63/+ "2/+ "!+ +/32> 736 6+)" K8)>+66
=(8 86+ 3 B'21*+L-
O>1( U2/ 736 .())+."+1 "( "!+ ?(' )+"7(', 3'(8)1 "!3"
"2/+-
;86#+." O>1( U2/ 73)"+1 "( *+" (8" (: 3 :2)3> 3)1 31/2""+1
!+ /31+ "!+ B(/B "!'+3" 7!+) 2)"+'92+7+1-
W('+ A+"32>6$!""#$%%3'6"+.!)2.3-.(/%6+.8'2"=%ZRST%SZ%86+
!""#$%%777-6.'2B1-.(/%1(.%S^ZT\S\cZ%U2/
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
25/51
!""#$%%&'()*++,-.(/
F+66()6 F+3')+1$
Dont be the only person using ?(' () 3
/()2"('+1 )+"7(', 3" 3 *29+) "2/+I6+ 3 B'21*+]
Dont admit anything
5(''+>3"2() 3""3.,6 3'+ 3 B2".!
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
26/51
!""#$%%&'()*++,-.(/
5MB
8MB
Client
Client
Client
Client
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
27/51
!""#$%%&'()*++,-.(/
Client
Client
Client& .(8>1 P86"
73".! "!+"2/2)*6-
C8>6+ "!+
13"3 :>(76
/=6+>:-
M' +9+) P86"
.!3)*+ "!+ >(31() "!+ #3"!-
A(; (8"621+
!(6" "( 3::+."
"'3::2.-
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
28/51
!""#$%%&'()*++,-.(/
DNS
Query
Monitored DNS Server
If I dont use the#'(J= :(' AE;H &
/3= 6+)1 "!+
k8+'= "( 3 AE;
server. It wont
6++ /= "'3::2.
"(%:'(/ "!+
1+6"2)3"2()H B8"
/3= )(7 ,)(7
Im visiting
6(/+#>3.+-.(/%
-()2()%-2Z#
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
29/51
!""#$%%&'()*++,-.(/
V+."(' f392+' W()6+*8' K;3B8L )('/3>>=
86+1 ?(' :(' .())+."2)* "( &N5 B8" 736
.38*!" )(" 862)* 2" ().+ 3)1 @G& :(8)1
!26 !(/+ &C- 0:"+' B+2)* .38*!"H !+
6"3'"+1 "( .(>>3B('3"+- V+."(' 6#(,+ 72"! X+'+/= V3//()1
K68#p*L () &N5H 3)1 X+'+/= .3683>>= >+"
6>2# 7!+'+ !+ !31 B++) 3''+6"+1 B+:('+
3)1 *'(8#6 !+ 736 2)9(>9+1 72"!- ?!26 )3''(7+1 "!+ 686#+." #((>H 6( "!+
@G& *(" 3 .(8'" ('1+' "( /()2"(' !26
&)"+')+" 3..+66-
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
30/51
!""#$%%&'()*++,-.(/
V3//()1 86+1 ?('H 3)1 7!2>+ "!+ .'=#"(
736 )+9+' B86"+1H @G& .(''+>3"+1 "2/+6
68#p* 736 "3>,2)* "( ;8B8 () &N5 72"!
7!+) V3//()1 736 3" !(/+ 862)* !26
.(/#8"+'- W('+ A+"32>6$
!""#$%%3'6"+.!)2.3-.(/%"+.!2.=%ZRSZ%RT%6"3,+(8"
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
31/51
!""#$%%&'()*++,-.(/
F+66()6 F+3')+1$
I6+ ?(' .()626"+)">=
Dont give personal information5(''+>3"2() 3""3.,6 3'+ 6"2>> 3 B2".!a
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
32/51
!""#$%%&'()*++,-.(/
@'++1(/ V(6"2)* !(6"+1H 3/()*6" ("!+' "!2)*6H/3)= .!2>1 #(') '+>3"+1 !211+) 6+'92.+ 7+B62"+6-
@'++1(/ V(6"2)* !31 #'+92(86>= .(/+ 8)1+' 3""3.,
B= 0)()=/(86 18'2)* M# A3',)+" B+.386+ (: 2"
!(6"2)* 5C-
&) X8>= (: ZRSTH "!+ @G& .(/#'(/26+1 @'++1(/V(6"2)*H 3)1 2)6+'"+1 /3>2.2(86 X393 ;.'2#" "!3"
86+1 @2'+:(J B8* 5qO+ 26 B36+1 () @2'+:(JH 3)1 "!+
)+7+6" 9+'62() 736 3>'+31= #3".!+1H B8" )("
+9+'=()+ 8#13"+6 2) 3 "2/+>= :36!2()-
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
33/51
!""#$%%&'()*++,-.(/
The payload was Magneto, which phoned hometo servers in Virginia using the hosts public IP-
!""#$%%*!(7+)-/+%:B26($
W3*2. F3)"+')
@Mf05&A
5(/#8"+' 3)1 &)"+')+" C'("(.(> 011'+66 q+'2:2+' K5&C0qL
?!3),6 "( X(+ 52.+'( :(' gC'293.= &) 3 ;8'9+2>>3).+
;"3"+H O9312)* A+"+."2()g KC-&-;-;-O-A-L "3>,-
I am the best Giraffe
EVAR!!! Bow to my
Giraffey goodness!
http://ghowen.me/fbi-tor-malware-analysishttp://ghowen.me/fbi-tor-malware-analysishttp://ghowen.me/fbi-tor-malware-analysis -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
34/51
!""#$%%&'()*++,-.(/
0) &'26! /3)H O'2. O(2) W3'k8+6H 26 3>>+*+1 "( B+"!+ (#+'3"(' (: @'++1(/ V(6"2)*- ?!+ 6+'9+'6
!(6"2)* @'++1(/ V(6"2)* 7+'+ "2+1 "( !2/ B+.386+
(: #3=/+)" '+.('16-
W3'k8+6 736 6321 "( !39+ 129+1 :(' !26 >3#"(# "(
6!8" 2" 1(7) 7!+) #(>2.+ '321+1 !2/- W('+ A+"32>6$
!""#$%%777-72'+1-.(/%"!'+3">+9+>%ZRST%R^%:'++1(
/
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
35/51
!""#$%%&'()*++,-.(/
F+66()6 F+3')+1$
A()r" !(6" 53#"32) C2.3'1 ('
X8>23) G36!2'C3".!H #3".!H #3".!
@(>>(7 "!+ /()+=
F+39+ +).'=#"+1 >3#"(#6 2) 3 #(7+'+1
1(7) 6"3"+ 7!+) )(" 2) 86+a
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
36/51
!""#$%%&'()*++,-.(/
Lets see if the
!211+) 6+'9+'
3## 26
98>)+'3B>+ "( 3)
+J#>(2" KB8::+'
(9+':>(7%7+B
3## 6!+>>
+J+.%+".L-
;+)1 3 #3=>(31
"!3" .()"3."6 3)
&C & /()2"('-
Exploit &
Payload
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
37/51
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
38/51
!""#$%%&'()*++,-.(/
The earliest they could find was from 3>"(21 () "!+ ;!'((/+'=-('* :('8/6 () RS%Z\%SS-
!""#$%%777-6!'((/+'=-('*%:('8/6%6!(7:>3"-#!#%E8/B+'%ST_dR^^Q
http://www.shroomery.org/forums/showflat.php/Number/13860995http://www.shroomery.org/forums/showflat.php/Number/13860995http://www.shroomery.org/forums/showflat.php/Number/13860995 -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
39/51
!""#$%%&'()*++,-.(/
G2"5(2)?3>,-('* C(6"
u8("+ :'(/$ 3>"(21 () X3)83'= Z^H ZRSSH R\$cc$QS CW
[!3" 3) 37+6(/+ "!'+31a t(8 *8=6 !39+ 3 "() (: *'+3" 21+36- V36 3)=()+
6++) ;2>, N(31 =+"] &"r6 ,2)1 (: >2,+ 3) 3)()=/(86 3/3D()-.(/- & 1()r" "!2),
"!+= !39+ !+'(2) () "!+'+H B8" "!+= 3'+ 6+>>2)* ("!+' 6"8::- ?!+= B362.3>>= 86+
B2".(2) 3)1 "(' "( B'(,+' 3)()=/(86 "'3)63."2()6- &"r6 3"!""#$%%"=1*..=,2J#B8d8D-()2()- ?!(6+ )(" :3/2>23' 72"! ?(' .3) *( "(
62>,'(31cZR-7('1#'+66-.(/ :(' 2)6"'8."2()6 () !(7 "( 3..+66 "!+ -()2() 62"+-
F+" /+ ,)(7 7!3" =(8 *8=6
think!""#6$%%B2".(2)"3>,-('*%2)1+J-#!#]"(#2.bS\Q-/6*cZc\^v/6*cZc\^
https://bitcointalk.org/index.php?topic=175.msg42479#msg42479http://tydgccykixpbu6uz.onion/https://bitcointalk.org/index.php?topic=175.msg42479#msg42479https://bitcointalk.org/index.php?topic=175.msg42479#msg42479https://bitcointalk.org/index.php?topic=175.msg42479#msg42479http://tydgccykixpbu6uz.onion/https://bitcointalk.org/index.php?topic=175.msg42479#msg42479 -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
40/51
!""#$%%&'()*++,-.(/
An account named 3>"(21 also made 3 #(6" () G2".(2)"3>,-('* 3B(8" >((,2)*
:(' an IT #'( 2) "!+ B2".(2) community and asked interested parties to contact
+#,,9=>+?8"' &' @6&?= :#' 8#6 (10/11/11L-
!""#6$%%B2".(2)"3>,-('*%2)1+J-#!#]"(#2.bc\_SS-R
https://bitcointalk.org/index.php?topic=47811.0https://bitcointalk.org/index.php?topic=47811.0https://bitcointalk.org/index.php?topic=47811.0 -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
41/51
!""#$%%&'()*++,-.(/
Ulbrichts Google+ profile show an interest in the W26+6 Institute a world
.+)"+' (: "!+ 086"'23) ;.!((> (: +.()(/2.6.
Dread Pirate Roberts signature on the Silk Road forums had a link to the W26+6
&)6"2"8"+- 086"'23) O.()(/2. "!+('= 736 3>6( 6"3"+1 B= A'+31 C2'3"+ N(B+'"6 "(
be influential to the the Silk Roads philosophy.
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
42/51
!""#$%%&'()*++,-.(/
gN(66 I>B'2.!". account also posted on ;"3.,M9+':>(7 36,2)* :(' !+># 72"! CVC .(1+ "(
connect to a Tor hidden service. The username was quickly changed to frosty
KRT%Sd%SZL-
!""#$%%6"3.,(9+':>(7-.(/%k8+6"2()6%SQccQZ_Q%!(7
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
43/51
!""#$%%&'()*++,-.(/
;(/+()+ 736 .())+."2)* "( 3 6+'9+' "!3" !(6"6 "!+ ;2>, N(31 :'(/ 3) &)"+')+"
.3:w )+3' 7!+'+ N(66 >29+1 2) ;3) @'3).26.(- C'293"+ /+663*+6 () ;2>, N(31
/3,+ 2" 6++/ A'+31 C2'3"+ N(B+'"6 >29+1 2) "!+ C3.2:2. "2/+ D()+-
&C (: 3 ;2>, N(31 6+'9+' 736 3""3.!+1 "( 923 3 qCE 6+'9+' "!3" 736 .())+."+1 "(
B= 3) &C B+>()*2)* "( 3) &)"+')+" .3:+ () F3*8)3 ;"'++" 2) ;3) @'3).26.( :'(/
7!2.! I>B'2.!" !31 3>6( .())+."+1 "( !26 Y/32> 3..(8)" 72"! KB("! () X8)+ THZRSTL-
CW "( A'+31 C2'3"+ N(B+'"6 :'(/ 3 86+' 6321 "!+ 62"+ 736 >+3,2)* g6(/+ 6('" (:
+J"+')3> &C 311'+66g B+>()*2)* "( "!+ qCE-
@G& 6"3'"6 "3,2)* 1(7) ;2>,N(31 servers, though Im are not sure how they were
:(8)1- 5(8>1 !39+ B++) /()+= "'32> "( 3>236+6H (' 36 E2.!(>36 [+39+'
.()P+."8'+1H "!+= !3.,+1 ;2>,N(31 3)1 /31+ 2" .()"3." 3) (8"621+6 6+'9+'without using Tor so it revealed its real IP. Once located, FBI was able to get a
.(#= (: ()+ (: "!+ 6+'9+'6-
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
44/51
!""#$%%&'()*++,-.(/
M) R\%SR%ST I; 586"(/6 2)"+'.+#"+1 ^ &A6 72"! 12::+'+)" )3/+6H B8" 3>> !392)* 3 #2."8'+ (:
I>B'2.!"- V(/+>3)1 ;+.8'2"= 2)"+'92+7+1 I>B'2.!"H B8" !+ 1+)2+1 !392)* ('1+'+1 "!+/-
Smart: ULBRICHT *+)+'3>>= '+:86+1 "( 3)67+' 3)= k8+6"2()6 #+'"32)2)* "( "!+ #8'.!36+ (:
"!26 (' ("!+' .(8)"+':+2" 21+)"2"= documents. Stupid: HoweverH IFGN&5V? 9(>8)"++'+1 "!3" g!=#("!+"2.3>>=g 3)=()+ .(8>1 *( ()"( 3
7+B62"+ )3/+1 g;2>, N(31g () g?('g 3)1 #8'.!36+ 3)= 1'8*6 (' :3,+ 21+)"2"= 1(.8/+)"6 "!+
#+'6() 73)"+1-
Roommates knew him as Josh. PMs show DPR was interested in getting fake IDs.
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
45/51
!""#$%%&'()*++,-.(/
;+'9+' 86+1 ;;V 3)1 3 #8B>2. ,+= "!3" +)1+1 2) :'(6"=h:'(6"=-;+'9+' 3>6( !31 6(/+ (:"!+ 63/+ .(1+ #(6"+1 () ;"3.,M9+':>(7-
O9+)"83>>=H () SR%RS%ZRST "!+ @G& F3)1+1 () !2/ 2) 3 F2B'3'= '2*!" 3:"+' !+ +)"+'+1 "!+
#3667('1 :(' !26 >3#"(#- W('+ +921+).+ 736 :(8)1 () !26 >3#"(#-
W('+ 2):( KG2* "!3),6 "( E3"+ 0)1+'6() :(' "!+ ('2*2)3> 3'"2.>+ 3)1 0*+)" 5!'26"(#!+'
?3'B+>> :(' .(8'" 1(.6L$
!""#$%%3'6"+.!)2.3-.(/%"+.!2.=%ZRST%SR%!(7
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
46/51
!""#$%%&'()*++,-.(/
F+66()6 F+3')+1$
U++# ()>2)+ 21+)"2"2+6 6+#3'3"+
U++# 12::+'+)" 86+')3/+6@'(/ 12::+'+)" >(.3"2()6
V39+ 3 .()626"+)" 6"('=
Dont talk about interests Dont 9(>8)"++' 2):('/3"2()a
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
47/51
!""#$%%&'()*++,-.(/
W3=B+]
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
48/51
!""#$%%&'()*++,-.(/
?3>, () A3',)+"6 2) *+)+'3>
!""#$%%777-2'()*++,-.(/%2-#!#]#3*+b921+(6%321+
!""#6$%%777-"('#'(P+."-('*%1(.6%"('-!"/>-+)
&ZC &)1+J "( ?+.!)2.3> A(.8/+)"3"2()!""#$%%777-2Z#Z-1+%!(7
http://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networkshttp://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networkshttp://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networkshttp://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networkshttp://www.i2p2.de/faq.htmlhttp://www.i2p2.de/faq.htmlhttps://trac.torproject.org/projects/tor/wiki/doc/TorFAQhttps://trac.torproject.org/projects/tor/wiki/doc/TorFAQhttps://www.torproject.org/docs/tor-manual.html.enhttps://www.torproject.org/docs/tor-manual.html.enhttp://www.i2p2.de/howhttp://www.i2p2.de/howhttp://www.i2p2.de/howhttps://www.torproject.org/docs/tor-manual.html.enhttps://trac.torproject.org/projects/tor/wiki/doc/TorFAQhttp://www.i2p2.de/faq.htmlhttp://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networks -
8/11/2019 Dropping Docs on Darknets: How People Got Caught
49/51
!""#$%%&'()*++,-.(/
&)"'( "( A3',)+"6$ ?(' 3)1 &ZC [(',6!(#!""#$%%777-2'()*++,-.(/%2-#!#]#3*+b921+(6%2)"'(
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
50/51
!""#$%%&'()*++,-.(/
A+'B=.()
;+#" Zc"!
-
8/11/2019 Dropping Docs on Darknets: How People Got Caught
51/51
cZ
?72""+'$ h&'()*++,p0A5