[http://ia801506.us.archive.org/27/items/gov.uscourts.nysd.422824/gov.uscourts.nysd.422824.232.8.pdf / http://antilop.cc/sr/exhibits/DX_C_le_counterintel_file.pdf ; converted using http://www.onlineocr.net, hand-edited to correct OCR errors, sectionize, and some commentary.] [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 1 of 17] EXHIBIT 8: /home/frosty/backup/project_references/le_counter_intel.txt [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 2 of 17] [beginning of East India Traitor section] from East India Traitor on forum: Well this obviously isn't private but i'll share jediknight is your attacker. I realize this will be treated like bullshit as most other info that gets relayed to you, but he is the script writer over at atlantis and brags of his assualt on your psuedo-revolution. I realize you support free market but even at the cost of attacks on your marketplace, you may say yes in public but i know this not to be true in your pirate head. Be sure to read my sig if this helps you otherwise I want nothing more than for this to continue for as long as possible...soon the other markets will decentralize your profits and vendors and you can retire...please do not let the dea follow your btc trails as they did in the past watchin your btc pile grow daily until it was obvious who the owner of the mtgox account was...i know this is a non issue now but im just saying, they have a quarter million dollar bounty on your head for info and have been here since May 2011. Attacker SR Forum Profile: http://dkn255hz262ypmii.onion/index.php?action=profile;u=51427 --- Long story short I just did 6 months federal time in a DRAP program for SR related crimes, currently living in halfway house very little time to get up to the local library to talk. DEA visited/visits me twice a month...asks me shit, then they brag about their shit. Such as the mt gox bullshit a couple months ago, asking if SR members would go for paid informant work, I sent them on wild goose chases just enough to get them to come share with me more than they could get from me. I in no way snitched out anyone, they are currently trying to get into your staff forum mods esp...i suggest they change usernames every month start posts counts back at zero. I suggest you relocate outside usa...if not already, they are foaming at the mouth which branch of the LE gets credit for your arrest. blah blah got to run...last person in library have an 7:30pm curfew. --- yeah it's more detailed also covered that jediknight info was from an unlogged set of chat sessions so i dont have links but the atlantis crew runs on the same server as the Silk Road IRC so to make a fake username and buddy up to them is no problem...the younger and smarter they are the more they brag. There's definately more details on the visits from the different visited me...esp trying to track down ovdb vendors and admin. Please if there's something you have questions about ask and i will tell you what I know...they are pretty forthcoming and brag like any other ego driven personality. Like I said Im still on parole in a halfway house and visit a library to get this back to you so my dedication to this is obviously a great risk to my freedom again except there is no way ill get a light 6 months federal Residential Drug Abuse Program my second strike. So please understand I need this info I bring back to you and convey to be Ultra Top Secret. Burned After Reading scenario. --- Wow i never expected that. Well let's start with the most important issue and I dont expect you to answer this to me but think, "Who knows your real name in relation to Silk Road?" Admin from OVDB? Eneylsion or Envious or any of those guys? What about people from the Bitcoin forums? [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 3 of 17] "Do you have the servers in your name or a staff members name?" Hopefully these servers are spread out internationally. Again these are rhetorical questions? I dont wanna know the answers just stuff for you to protect yourself. Again the BTC block chain is definitely being watched for large transfers or deposit to same address which I assume was solved long ago. They know you have multiple btc tumblers and that you dont keep but around 1/3 of SR's btc balance on any given site. Remember the agent that i spoke with that had been on the investigation started in late april 2011...i asked him and he told me. The postal inspector asked me shit like why do i think you tell everyone to use USPS instead of private couriers and I told him and he was pissed and wanted to know how I knew that. Then he wanted the postal workers that use SR in the forums real names..like I have a clue to that. They expect shit that is unrealistic but I do know there's compromised vendor accounts and looking for the highest up vendors to interrogate. They are paerticularly hung up on Limetless...they asked me about my money laundring and I of course said I have no idea how to do that cause admitting that gets you 15 years. They seem to think Limetless laundrers for you, probably cause he has spoken about laundring in the forum opening countless times. This isnt just a US investigation they ARE collaborating with other governments and international packages can be opened without a warrant. They simply have to have an address on a postal list and it can be opened as part of the homeland security initative. Sorry this is all I can cover today, I've go to spilt to get to a meeting at the halfway house...idk if i can hit the library on Friday but they let me go to there on Saturdays to "study law". I'm trying to get some community service out of the way with the library as well so ill have more time here. Thank you again and I'll be in touch very soon. :) --- ok not sure where we left off. Let me explain my situation a little more. See I still have contact with these agents, not in person anymore but by phone. So guess who I talked to yesterday. They are focusing on the forum and your admin and mods. In particular Libertas and Samesamebutdifferent who is in my opinion your weakest link. They dont really know anything about Libertas except he helps on the marketplace with coding...they have his tormail. Idk what that does for them but they have ssbd's as well. So i advise you to have them erase their emails and change tormail accounts or better yet not use tormail. The way they got their tormail mail addresses is by importing their pgp ley and it was on there. I have a feeling they think Libertas is scout...idk for sure but they have been asking about those three for months. If by monday you can have them all start new usernames it is in your best interest as well as the community at large. So you can see I have them in the perfect spot to play spy for Silk Road with the DEA. Does this interest you? Let's see what else...they believe that admin fromovdb is your chief code writer or at least the very least works on your staff. They have envious' return address in montana some how. They seem to think he might have some connection with you pre SR days...not sure why. [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 4 of 17] Several agents question me on a fairly regular basis and are all doing different cases and sharing the info from interrogations. I know there are things Pm not remembering at this very moment but when they do come to me I shall relay them to you. If there is anything in particular you want to know if Ive heard about ask. These guys vary in intelligence quite a bit from person to person...one cant use encryption another has been in the forum since it was on the orignal market. They asked me if I knew anyone that bought shrooms from you and that if they had a return address for you...like that is even remotelty possible to come up with. They are looking for every little think said in the forum about personal habits or the mods/admin..you. Yesterday they told be they believed their was at least 2 ppl using the DPR username or more, which makes sense to me. One for the forum bs and one for the marketplace. Is this the type of stuff you are interested in? --- As far as I know dont know anything about the shroom sales except you sold them sometime in the first month or couple months. Mt Gox I was given anything but generalities...such as a huge amount of btc in one account that blew up in the matter of weeks, I'm thinking they said around the time of the original gawker article...the public invite article. They seem to be under pressure to get someone of great impoertance toshow a win for the USA on this situation. And from what i gathered from the dea they were [issed they couldnt login during the dos attacks, so that says they had nothing to do wirth it, like i said anyway jediknight was in chat bragging about how he had implemented escrow on atlantis in a 24 hour period and that he had plans to divert members from Silk road to Atlantis. It wouldnt hurt i suspect to have someone look into logging chat on the atlantis channel that ios also non the SR IRC. --- O just as i was about to sign out i remembered they asked me if Graham Greene was possibly a moderator or Admin. I remember graham from before the arrest but ive been out of the loop for a couple of months so I really have no idea how much he got involved in the forum...I know he was one of the more outspoken members that had the best interests of the community in mind but i told them i didnt know that name. --- can you give me links to where he is bragging? what do you know about an mtgox account? the DEA has a $250k bounty on me? how do you know? [These 4 questions seem to be DPR->East India Traitor, not EIT's replies to DPR's unlogged side of the conversation] ======= Cause i just did 6 months federal time for your revolution and they bragged about their doings too much upon interrogations. They would visit me twice a month trying to get info from me..i would lead them on wild goose chases. Just enough to get more out of them than they me. They asked about offering the average member this bounty, how many would flip on you , they assumed 80% of the members would flip on you, but i know much better your following than them. I also know that your current members dont have jack on you...but they are trying to talk to nelson you remember nelson right from database days. He's still locked up. I will also warn you that your staff is currently being targeted if not already a compromised one. Specifically the forum [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 5 of 17] members. They followed an mtgox account that was in excess of some outrageous number of bitcoins, an account that should have had enough bitcoin to be it's own exchange. They did not release the account username but they are very much obtaining info in manner possible. I'm trying to warn you. The DEA, ICE, POSTAL INSPECTOR, NSI,FBI,CIA,NSA are itching to get credit for your arrest. I advise you to relocate yourself from the US and before that have your complete staff change usernames at least once a month and no rolling over posts. As far as jediknight i do not log chats so I cant link you to anything but that doesnt change the fact. Like I said I just got back out and am on parole...so to clear up the info i have on jediknight it is at least 6 months old. But he was your denial of service instigator before the members started dos themselves and he and the atlantis crew are your troublemakers as Im sure you've come to the conclusion yourself. I know without the exact quotes this is meaningless to you but at least I tried to make you aware of the issues you are currently being annoyed with...and could even become your fall from grace. Please delete all info as it is for your safety not mine. I want nothing from you and I am not trying to throw psyops at you. I've not always liked the way you ran the community but I'm no traitor. I respect your progress on this frontier but I worry about your future. Along with the members futures. If you don't believe me and wanna live in denial go ahead one day you will look back and wished you'd looked further in the rabbit hole. [end of East India Traitor section] [commentary: East India Traitor seems unlikely to be legitimate. His claims conflict badly with the Ulbricht trial exhibits, known SR1-related busts, the DEA internal timeline, and the later DEA agent Carl Force's briefing. Specifically: there is no known $250k bounty on DPR (and Force implies there would have been no money for a bounty even if they had wanted one); the earliest investigations stem from *after* April 2011, prompted by Schumer's grandstanding, and only really heated up in January 2012; he seems to imply that the SR1 hedging account was seized by LE when the best current guess is hackers or insiders; it's not clear there was any meaningful tracking of large blockchain movements like EIT claims; OVDB/Envious do not appear in any other documents and the connection seems to've been completely ignored in the investigation; EIT focuses on the then-rumored mushroom sales by DPR but neither Force nor any other LE sources mention the mushrooms until after Ulbricht was arrested and his laptop harvested; EIT claims LE thought DPR was 2 people, but Force specifically and emphatically says that they thought the opposite; EIT claims LE was going after a Mtgox account when they weren't; and EIT's general account about LE 'bragging' about all this to him seems improbable. All in all, EIT seems highly questionable and may have been either paid or living out a fantasy or trolling or something.] --- [beginning of Mr Wonderful/emailgate section] scout's tormail where he is talking to mrwonderful: username: scoutsr password: b311am0n Symm's tormail talking to mrwonderful: symmetry2 bjBTrmPzUBhmN3uH scout, forum username: scout pass: nlNlaGKUb1r6sqYY [end of Mr Wonderful/emailgate section] [beginning of Hetu section] StExo has discovered that Dr David Decary-Hetu is planning to do research on SR for canadian LE Address: Montreal, Canada http://ca.linkedin.com/pub/david-d%C3V0A9cary-h%C3%A9tu/41/298/702 http://jrc.sagepub.com/content/early/2011/09/20/0022427811420876 [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 6 of 17] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2119235 E-mail: david.decary-hetu@umontreal.ca [see also: Ormsby was apparently told about this accusation http://allthingsvice.com/2015/04/02/special-agent-force-alpacino-and-me/ - by StExo, an apparently incorrigible publicity hound?] [ending of Hetu section] [beginning of Carl Force/DEA double-agent/informant "alpacino" briefing for money; this seems to be his initial briefing for the upfront payment, and not include the weekly updates he then gave DPR. For additional background on Force & Bridges, see the complaint http://www.justice.gov/sites/default/files/opa/press-releases/attachments/2015/03/30/criminal_complaint_force.pdf and the related filings & exhibits in the Ulbricht trial. The alpacino leak is mentioned in Ulbricht's journal entries: "06/05/2013 - 09/11/2013 / Haven't been logging. Tried counter intel on DEA's 'mr wonderful' but led nowhere. tormail was busted by dea and all messages confiscated. 'alpacino' from DEA has been leaking info to me. Helped me help a vendor avoid being busted." (For the specific vendor saved, see later.) So these emails, through Tormail, probably took place 2013-06-05 until Tormail was shut down as part of Freedom Hosting on 2013-08-04.] correspondence with alpacino: silkpirate@tormail.org This is for YOU only. Try this (and I'll explain later why). Message your staff/moderators individually and ask "So, feeling wonderful lately?" and then ask "Anything you want to tell me?" Make sure to use the word "wonderful". Theres an ongoing effort to engage and coerce your staff into giving up some access/insight/internal communications. Last I hear there IS headway on that. The key points are potential greed or intimidation. I believe it was someone @ DHS or CBP who wanted to own it, but ultimately its a DEA gig with a few cooks in the kitchen. Will absolutely request you not ever let on about this, and I'm sure you know how to run your team (and what level of trust to repose), but just know that absolutely there's an ongoing dialogue there with a "mr wonderful". Shocking, huh? Be smart about that. Know that some of your vendors have been approached for (and have provided for money) buyer information (the idea is to purchase buyer information, which gets dumped and collated into excel). Vendors that get banned are approached via the email addresses they provide on their pages "in the event SR is down, contact here..". Just recently a New York based pill guy sold his entire customer list to what he thought was atlantis. Can find out his handle so you can poke around old private messages if need be. Several uses for databases of buyer information.. Am certain there are not many techies involved. Due to the unconventional nature of this network and technology, not much use for full time "geeks" being sourced & assigned anything more then standard workload. Unless there's some specific technical question/explanation needed There are a few different working "profiles" on you (can probably get into detail later on how thats culled). The most popular is that you're East Coast , live with family, have either quit your office job or primarily do consulting/contract work from home. Theres other stuff I'd rather not get into, but rest assured anything worthwhile/concrete usually makes the rounds as gossip, and there's no real gossip. If that makes any sense.. There are really tons of useful nuggets that I do have to offer. And what my birdie doesn't know, he can probably find out, but no guarantees on timeframe. Due to the nature of keeping everything properly 'insulated', birdie has to fetch information with proper care. Also please realize the risk I run (and have run).. Anything you want to ask? --- I don't mind you talking my ear off asking questions.. there's a decent amount in my head, and fairly regular amount of chatter that makes it rounds to my ears. But as said, weekends are not optimum for me to poke my nose around as you can imagine the nature of this stuff (despite me being pretty insulated).. being casually brought up with the birdie(s) in anything other then a casual environment could trigger a disastrous chain of events for me. Evenings and weekends are probably when I can be more responsive. 1) That I struggled with myself, and anticipated. Well, I suppose you have no solid way of knowing. But ponder this - I have NO intention of asking YOU anything what so ever. There is not a single thing I have any intention or need to ask you. If this was a play to extract information/data out of you, it would be futile as there is not a single thing I want to know. If you dig around your staffs correspondence (unless already deleted) you will notice I'm right on the money [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 7 of 17] about "mr wonderful".I would not be privy to such if I was Joe Blow from nowhere. I can also tell you that one of your guys claimed he's been "recycled". That is the *exact* word. I am not sure if thats some internal term or it means he/she was in a different role and put into another one. I can assume it means a moderator or administrator was shifted from a previous role to a similar role. If that term "recycled" means anything to you, then that should at least speak to my legtimacy. Again, you do not have to acknowledge you know what that means. If it makes sense to you, then so be it, and if it doesn't then I can poke around more. I'm confident if you re-examine your staffs behavior and correspondence, it should verify my solid info. I'm not psychic, I'm not on your staff, therefore& 2)If you can come up with a method to verify I'm not, I am open to it as long as I'm able to protect myself to the fullest. I'm hesitant to touch any data, but I can (and do) commit things to memory. There would be no gain in feeding you false information or lying to you. It would not benefit you in any way and you would realize your time is being wasted and that would be all she wrote. I think you are intelligent enough to parse bullshit from fact. Feeding false information would be the goal of someone intent on disrupting your activities or hoodwinking you. Again, something you would probably be able to verify - maybe half a year ago a guy from podunk Virginia contacted local and was crying about being blackmailed for his personal information by 'anonymous criminals' (Phil something). Middle aged guy who ran a travel agency. Even down to that level pops up on the radar nearby to where the birdie hangs out. Did not take long to assemble the backstory (small time recreational buyer just got blackmailed if you want to call it that by a crooked vendor) and dismiss as utterly irrelevant. I'm sure old private messages or communications can be examined to verify that instance. How on *earth* would I be privy to that? And to know hard details? These things make the rounds, believe me. I would only provide you with things that could be of utility. 3) In short I admire you and what you've created, I don't think for a minute that helping you out time to time would hurt anyone (might sound hypocritical but it's not), and personal gain. I don't think you've done anything that warrants resources of the state being delegated to interfere. I call a spade a spade, and JTFs/reports/operational/mindset are all a crock. I don't see anything wrong in what goes on here, and in another less boring life I'd probably have wished I could have been apart of it. Granted I'm technically on the other 'side' on paper (indirectly), but that's a means to eat. I'm not Snowden by any stretch, but I admire that. I've always tossed around the idea that how cool would it be if someone like the birdie would hook you up here and there, but the horror of getting utterly fucked and have my freedom taken would kill any such thoughts. But as I've said.. without being arrogant I know I'm relatively insulated enough by virtue of NOT being that close anymore. I'm a fly on the wall in the grand scheme of things. And more importantly, personal gain. If you're in a position to potentially augment your means & income, wouldn't you? I make a decent living, but I also have responsibilities and material desires. My conscience is clear because I don't feel I'm harming a single living creature. I don't come for free, so theres that motivation. Worst case scenario I can provide you with insight and philosophy. Best case I can provide you with solid action- items that would unequivically give you a competitive edge. I'm not trying to sell my utility to you, I'm pretty sure thats a no brainer. But I do think I can deliver.. --- I think that works. Initial+ weekly. I'm not entirely sure myself on what's fair or not fair. Initial retainer.. I don't know, 5k too much or is 8k too much? I'll let you decide. Weekly do you want to do 500? Obviously some weeks there will be nothing major other then chatter, and other weeks there might be extremely useful intel. I think we can just leave it at 500/weekly. I made an account on your main site: "albertpacino". Another thing, what I'm doing, despite all precautions (I've thought out all scenarios) could possibly ruin mine and my [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 8 of 17] family's life if ever discovered. I implore that never utter a word to a soul, a partner, a significant other, even God (if you're religious). I know you take security seriously, and you've demonstrated that, so I know you know where I'm coming from.. And if either of us ever wants to cease communication, then that should be an option and understood as a logistical decision, with no hard feelings. Let's operate under your terms, and I will get to work tonight on writing up as much as I can RE you'r questions, then you can dissect and pick my brain with followups, then I respond etc. I just have to be careful to walk a fine line that won't identify me or my location, but I've made a decision and I'm fairly confident in my abilities to satisfy your purposes and cover my ass too. The only condition I have is that nothing I ever say be used in a manner that can harm anyones safety. Even if actual information is provided for some purposes (a vendor name or location), I would hope that nobody's safety is ever seriously jeopardized. Could not live with that. What you do with information (if involves threatening or anything) is your business, but nobody can actually be harmed. I don't think you operate that way anyways.. I do have to run to dinner, so will get you get a comprehensive writeup later tonight. And I do respect what SR stands for. In another life I'd have loved to be part of it. Maybe this is one way to live that fantasy out. --- I know that Eileen [Ormsby] has a publishing deal and is writing a book around SR, and has had extensive dialogue with everyone from buyers to new vendors to old hats. She claims that she has your blessing and at some point will be (or has) interviewing you of sorts. Also you've made reference to a book or memoir at some point. No matter what, I will make a gentleman's request that a word of this isn't spoken in this lifetime. I've taken many risks and gambles in my life and mostly have been lucky.. but the magnitude of what I'm doing, if uncovered, could put my family in harms way and/or devastate them and no money in the world could justify that. So that's that. (Some stuff might jump allover the place as it comes to me, so apologies if theres more stream-of-thought and less organization) Byt virtue of the professional capacity of a birdie I know, I have/had access and in-office/out of office knowledge of local, state and federal initiatives that deal with work tasked to monitor, report on, and coordinate interagency initiatives dealing with 1) Domestic movement of narcotics 2) Movement of narcotics traffic through land/sea/air borders 3) Cyber crime (extortion, child porn, domestic terrorism, credit card fraud, SPAM, password trafficking, counterfeiting of currency, computer intrusion, etc) 4) Financial crimes related to narcotics trafficking/distribution,/profit laundering Prominent on the radar is Silk Road (amongst other known sites/actors on TOR) and since late 2011 there's been a lackluster yet interagency effort to monitor, disrupt, infiltrate and/or penetrate operations. The office of the DAAG (Deputy Assistant Attorney General) Computer Crime (at time Jason Weinstein) was the principal in spearheading. This is after Sen. Schumer & party created a hoo-ha. Weinsteins office jumped to take charge and assume oversight. Under the auspices of the NCIJTF (National Cyber Investigative Joint Task Force which is DOJ), the following fed agencies have a presence when it comes to SR (Stateside) 1) DEA [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 9 of 17] 2) FBI 3) DHS 4) ICE 5) USPIS 6) ATF 7) CBP That should NOT worry you, because by "presence" I only mean their are active agents and officer level involvement from who's resources are pooled and budgets are shared. On a limb I'll say this, everything having to do with Silk Road (like any other open set of investigations) is on shared drives that almost all can read+write, and there is a shared public Outlook folder where all emails/correspondence pertaining to SR are routed. Everybody (and I mean everybody) from entry level up to the heavens have "read" access. Additionally, people talk a LOT. Loose lips is an understatement and the level of immaturity and juvenile attitude is staggering. There is no such thing as "confidential", and this is a culture where people are numb. You must understand that part of why I'm so confident (in my ability to maintain this relationship) is that nothing is treated as sacred and there are probably 100 people like me who could offer the same level of access. Analysts do collate data and prepare summarizations/status sheets and CC the requisite list/group.. and majority of the time nothing happens. Little to none replies/discussion. This is not SR specific, but does include SR. For example reports related to CP sites/forums or BMR often get the same treatment.. ambivalence. Here is something that will bring a smile to your face.. it is just not in the budgets to aggressively dedicate resources to SR. The way the budgets are allocated are almost certainly political in nature, and the lions share goes to War on Terrorism or "real world" drug activity. That's the cold hard truth. That's not to say that there are no zealots who do have a harden for SR related activity, but that is more focused on suspected real world trafficking. Ironically enough, guys at USPIS do not care in the least about SR. Yes you read that right. They're broke and have no concept of tech savvy.. and frankly, they are not interested. DEA guys often initiate most chatter having to do with SR, yet follow up is minimum and they are too bogged down in pending investigations of subjects whom they have the ability to surveil and/or who's circle they can infiltrate by way of CI's (conf informants).. none of which is possible when dealing with a beast that is virtually immune to real world surveillance. It's not a question of getting warrants to ISPs.. its a question of who/where to begin looking. They're stuck. At the analyst level, SR forums and the main site are crawled/monitored. Not more then 4 people are tasked with just crawling and mining the forums main site in an observational capacity. These 4 people are also tasked with crawling and mining many other websites and forums on TOR and clear net. So while everything is printed, you can guesstimate the scrutinity level is not extraordinary. That's not to say that others do not actively surf the forums and maintain both buyer and vendor accounts on the main site, they do. But at any given time, there are not more then a handful of people overseeing a crawl. When something deemed highly interesting or important pops up, they will CC the SR mailing list with a description and screenshot with their thoughts. Otherwise, there is a weekly status sheet that gets dumped with the most relevant/interesting/useful occurrences on the forum along with a summary on value/suggested "action items". Everything you post (along with the time stamps) is copied. You are referred to as DPR across the board. Often there is nothing interesting, and if there is there is it would be a bullet point such as "Vendor XYZ (who deals in ABC..) said his packaging methods consist of 123" etc. This is so they seem like they're doing their job as often there is nothing interesting at all taking place on the forum side. When moderators quote you, that is often the bulk of what gets bullet pointed "DPR has instructed us to do such and such". Now, there have and continue to be attempts to compromise staff accounts (on the forum and main side) by the normal methods of password guessing, but AFAIK none have been successful. There have been successful instances of cloning lookalike accounts which have all been shut down on your side. Of significant focus is attempts to impersonate you and your moderators on not only SR mainsite/forum, but on other TOR sites such as BMR or Atlantis to see if any prior correspondences can be restarted. Nothing there either. A 'profile' is an outline of a user that contains key points/occurences/assesment regarding their activities. There is not one on every single vendor, but there are on the high volume ones. The goal is to have all user profiles searchable offsite. In vendor profiles are return addresess/packaging method/pictures of the package & contents, replication of their vendor page text, and any other relevant data. Your profile (no idea who authored) has you as extremely intelligent with a background in IT, between 35 and 55, living on the East Coast, working from home in a contractor/consulting arrangement and living with family. An [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 10 of 17] assessment like this would be based on your speech, patterns (such as when you log on, when you go idle on the forums), personality,expressed interests, ideology, unique mannerisms (for example your use of the word "ya" instead of "you" sometimes. As in "I'll tell ya" or "would ya believe" .. etc off the top of my head). The assumption is that you are conscious to actively remain off any kind of radar, do not take any drugs, do not live extravagantly. If you have any partners (I'm not talking about staff), you most certainly are the assumed shot caller and are as anonymous to them as you are to everyone else. Contrary to rumors, it's not stated or assumed that you are not the original brainchild of SR or have ever not been the same person. You are the same you that started the site and have never relinquished ownership. Whether it's all you or you've farmed out responsibilities, it's unclear if the servers are all located in your physical possession or spread out. It's pretty much agreed that you have never been a vendor on the site or tied to any vendor IRL. You're essentially a ghost. And since you are not a vendor, there is no tangible way to engage you in any compromising scenario. There have been attempts to approach you (can assume under the guise of journalists or researchers) to probably build a repertoire and study your speech, to later on analyze and compare if by some fluke there are any suspected leads on who you are IRL. As of now, I can say with utmost surety there are absolutely none whatsoever. You are as anonymous as you were 1 year ago. There HAVE been concentrated efforts to DoS/DdoS the site and forum to assess your response time and technical acumen. I'm not too savvy regarding this, but on a horizontal scope there have been/are attempts to run exit notes [exit nodes] and track traffic across TOR. To what end this has been aimed at SR would be something I would need to poke around about. Since the assumption is that security of the servers and high level system are handled solely by you, you are overworked and delegate lower level duties to your staff. There is a fixation on some how penetrating or compromising your moderators into giving access. The philosophy is that you are less stoic with your team and interact with them in a more informal fashion, which would provide insight into where you are located geographically and your habits (which could be identifiers). The Mr Wonderful operation (if you want to call it that) is still in progress and revolves around bribing or threatening your team into providing access to a staff account. The benefit would be to not only get closer to you, but to be in a position of trust in the community which could potentially net high volume vendors. A few of your staff have absolutely been in touch with Mr.W and most likely have carried on correspondence with them off-site. Mr. W is being actively maintained by DEA. Nothing major has come from this AFAIK, but tidbits have made the rounds such as there is fear of you and you have or had asked for personal information in the past in order to appoint members of staff. Also that you have "recycled" staff, which is taken to mean that either Cirrus is Scout (who has communicated with Mr W) and Liberatas could be Nomad Bloodbath. SSBD has also communicated with Mr.W. To what extent exactly the nature of their correspondences are, I do not know. I could find out, but it would not be immediate as it has to be handled with tact. If there was a successful breach of any staff account, it would be known and I would tell you. There has not been. Moderators are seen as loyal but weak, susceptible to intimidation and/or bribery. If their anonymity is ever compromised, they would turn. SSBD is assumed to be in the UK, where as Cirrus is assumed to be Midwest Stateside. Inigo UK, Liberatas States. Assumption is that you also have employees on the main site who are completely unknown who handle maintenance and upkeep. No geographic assumption on any of them. AFA your relationship with vendors it is a rule of thumb that you do not have any special relationship with high volume vendors over other vendors. No vendor is assumed or perceived to be close to you. They will keep trying to open open lines of communication with you under various guises, even as vendors yet the likelihood of you befriending any vendor (real or agent) is nil. Locating you or the servers, although would be a major coup, seems all but impossible so the focus is aimed at netting vendors. The high-vol vendor operations such as (to just name a few) Nod, NorCalKing, RxKing are all under scrutiny. They've all been purchased from multiple times and general geographic location is assembled. For example it would be known that the Nod operation is NY, NCK is in California, RxK is Southwest US etc. There are also ongoing attempts to befriend the 'biggish' vendors through private message/forum pm/privnote/pgp and take correspondence off-site. This is where off-site deals and 'partnerships' would get cooked up and layers of anonymity be peeled away, leading to more detailed profiles. No high volume US vendor has been surveilled. On a state level, several suspected major vendors have been surveilled, yet none have been touched as that won't happen till a multi-jurisdiction plan to move on several vendors simultaneously in a grand slam display is logistically possible let alone greenlit. AFAIK, something of that magnitude [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 11 of 17] would not be possible currently. There have been one-off prosecutions on county and state levels. What happens is that a vendor that has confidently profiled/ascertained to be originating packages out of a certain jurisdiction, that information is shared down to local/state to put eyeballs on. A lot of that was happening in the beginning, but now there's more of a "hands off" approach. They'd want to sweep the maximum amount of vendors at once. Having the Sheriff of Mayberry hit one based on JTF Intel is just not the culture/mindset. Nearly all efforts are conducted out of Jersey and Los Angeles. All LE case reports (from county-level upwards) are indexed by a Lexus-nexus type database and can be searched for keywords. When they hit, they will hit several big vendors at once. They will parade them in front of the media and give the impression that the entire SR infrastructure was brought down (a la Farmers Market). Barring any unforeseen circumstances, there is nothing cooking at that level currently. Something of that magnitude would be seen coming well in advance and chatter would ramp up. There has never been heightened activity of that level in my birdie's time being a fly on the wall. Posing as vendors - yes. That has happened. Although, DOJ attorneys will never ever allow drugs to 'walk' en masse. Especially after scandals such as Fast and Furious where the guns were allowed to walk.. they simply can not introduce narcotics into circulation. Vendor accounts have been bought to gain access to that side of the site and Vendor Roundtable and to establish longterm credibility, but any "purchases" would be absolutely fake and bought by their own accounts to build credible stats. Pm sure on state level there have been targeted vendor-posed operations to net bulk buyers, but those are highly controlled and short term. I have not heard of any of the top of my head. That does NOT mean that is not currently happening or will not happen in the future, but any significant bust would have made waves. Vendors HAVE been approached off-site (most list their tormails on their pages) for customer information. This has been bought. Then collected and dumped. It has mostly been vendors who have vanished/been banned/ or slowed down. They're deemed to be the most vulnerable. This is not pursued as much due to a poor ROI. Most vendors/former vendors have not entertained such advances and those who have have demanded funds that simply are not available even in the discretitionary account(s). Like any other government effort/agency/JTF, funds are near impossible to get approved & released. Even undercover buys require paperwork and approval. There is no joint kitty of BTC available to make purchases from every vendor. It would take 2-3 days to get funds released for anything, and approvals are not that easy to obtain AFAIK. And in any case in this scenario, verifying information would be a nightmare. No guarantee that they would not just copy and paste names from the phonebook or use a name generating site. No real benefit other then to identify potential bulk buyers who would resell IRL (and this information would get kicked down to state/local). Right now, there is a "watch and see" enviroment. I don't want to say that idea is to turn a blind eye by any means.. but until they swoop in to hit several vendors at once, there is no big fish in the cross hairs. The servers are a mystery, as is the leadership. Going after buyers would do absolutely nothing and not justify the budgets. Going after vendors one at a time also won't sit well as those get kicked down the food chain. Going after several vendors at once will be the play, bet on that. That will require compromising and turning CI's in each vendor's operation or periphery, which is not easy. Also, sustaining a DDoS against SR will not be the play either, I know this for a fact. Let me put it simple terms. You're winning. They just don't know how to tackle this beast effectively. In all honesty I've had a very long day.. I'm kind of pooped right now. I'll have to call it a night. I know you'll have questions and I'll have answers and so on/so forth. Will hit the bed as I'll have probably have a fresher mind in the morning. Let's call it a night for right now. --- I can only imagine. And usually the weakest link is the human element. We are all human, and all the precautions in the world don't mean a hill of beans if a slip up is made IRL. I don't want to give you a false sense of security, but you have done a thorough job of flying under the radar. [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 12 of 17] One thing to be cognizant of, there's a lean on the domestic BTC exchanges to cooperate. There have been informal discussions in the last few months to develop working relationship with Coinbase (I know for a fact). After DHS hit Gox, even the boogeyman of a FinCEN violation is enough to mortify any of the btc guys. Anyone moving large sums of BTC will be open to scrutiny. I reference Coinbase because I know there was a series of meetings with Compliance at Coinbase. That can only mean one thing& BUT, that does not mean that the full on arm twisting by Treasury is going to be utilized to track black market vendors. They're more concerned (and justify) their desire for access due to terrorism. Most of the black market economy is essentially low hanging fruit in comparison to terror funding. But if OC activity is disrupted and theres political mileage for DoJ, the wide dragnet serves a multi faceted purpose. 1) a) BMR is on the radar and that is ATF's baby. Politics plays a significant role in prioritization of which agency gets to own which investigations. The climate is aggressive when it comes to weapons trafficking and with the gun control hot potato has guaranteed virtually a carte blanche to ATF. And they have deep pockets as well. Because tor based weapons traffickers are almost always running guns IRL, there is synergy between federal and state. Federal approves staggering sums of money for surveillance,undercover and CI's. I don't want to say BMR is "infiltrated", but there are a lot of compromised accounts and there have been a few quiet busts. Nearly every bust has resulted in cooperation. I am not sure what the long play is, but as long as this current administration is in power the gunrunners will always be hard targets. They are intimidated with the threat of tangible charges (interstate trafficking, conspiracy, organized crime, distribution) and they ALL cooperate. The general consensus is that weapons dealers are not sophisticated and have a lot of IRL visibility, so they are ALWAYS on the radar. "backopy" from BMR is also of significant interest because the operating assumption is that he maintains a healthy relationship with BMR vendors privately. This would have come from multiple compromised/cooperative vendors sharing their correspondence. He's thought to be a 1 man operation who's around the Las Vegas area. As to where the servers are is an unknown. The administrative structure of BMR is loosely unknown. But he's been a direct POC for cooperators and nothing I've seen or heard suggests that there are any hard leads on his location or identity. I do know that BMR/backopy is seen as a ragtag operation. "East Coast Trade" from BMR has been discussed as a potential major middleman based on buys that have been made. This would stem from primarily quality of product and similarity to product that was interdicted at the street level. b)HardCandy/Jailbaits are notably on the radar as they've been publicized in the media. Although these sites (and dozens other CP directories/forums) are on a permanent back burner when it comes to federal muscle. The consensus is that the hosting, content and major trafficking is foreign, so efforts should be coordinated under Interpol's umbrella. This is low priority. c) HackBB and TCF are prominent and actively surveilled. Have not heard of any significant operations that have netted any majors, but there have been some successful prosecutions/interagency wins. HackBB especially is monitored closely. There is another counterfeit site whose name escapes me now, but there was a major sting that happened in Boston last winter which was a result of efforts focused on it. Paypal was involved and was very accommodating to SS in handing over logs. d) Atlantis is too new to be taken seriously yet. It is not a honeypot.. it is for real. But it is being monitored and buys have been conducted. They're still figuring out where it stands and if it is fly-by-night or making a play to enroach into SR's territory. It is too early to tell and there is not significant traffic enough to justify re-allocation of resources. 2) Essentially yes. I have 'Read' permissions and can view docs. 3) Yes, a lot of people including my birdie are CC'd and have access to that email folder. 4) Both. Automated scripts primarily, and manually to a lesser extent. There have also been external (civilian) efforts to smart-crawl the site in a research capacity. [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 13 of 17] 5) No. There has never been any names, concrete geography, or associations. Something like that would be a big deal, and not the kind of thing that would be able to be kept mum even if it was field-level. You are too "big of a fish" for it to be able to remain on the field. That is not to say that if the full resources of the state are at their disposal that they wouldn't be able to close in. But THAT is never going to happen. You aren't Bin laden, and there is not much political mileage in justifying millions in someone that is not physically trafficking in anything. You are operating a continued criminal enterprise and violating a host of laws.. sure, but you aren't moving drugs. You are not packaging and trafficking drugs. The irony is that although this is your show, the cast is more important to target. That is not to say that you shouldn't take precautions and your security very seriously. This entire Snowden fiasco has shed some light on what kind of impressive technology is at their disposal. Anybody can be surveilled at any point and wide enough parameters can be set to pickup on even the slightest unique identifier.. but again I can't stress enough, it's not in the budgets. If the spooks ever wanted to find you, that could happen.. but they do not and will not. There are no hard or soft leads on you, and I can swear on my children to that. If there ever were, I'd know about it.. and as per our arrangement, you would. But if you continue your SOP's in regards to security, you are a ghost. It is believed that you are the same you since the beginning, and that ownership/administration has never changed hands. But you can sleep knowing that you are as known today as you were 2 years ago.. unknown. The door will not be kicked in just like that. There will be a flurry of activity for weeks and months beforehand.. a flurry that no birdie would be able to not notice. Don't take that to mean you shouldn't have several outs and exits, which I'm sure you do. This is not my place to say this, but if I can venture some advice. Walk away from this one day. You've done something remarkable that will go down in the history books. But you are human, and humans are prone to mistakes. Any kind of mistake in your position would be catastrophic. 6) Yes. I can poke around more, but in short - yes. What the end-goal was, I'm not sure. What they assessed, I'm not sure. But further attempts on the integrity of the site will be executed, be sure of that. Although I can tell you, that won't be a long term play. It can't be sustained forever. [#6 is presumably a reply to DPR1 asking "what were those DoS attacks on SR1 trying to assess?"] 7) Not AFAIK. I can poke around and get back on this. But does not ring any alarms in my head. I vaguely recall some back and forth about a paper that was published, but I don't recall anything coming of it. This would be something on the tech side. I will circle back with you on this. [Is #7 that a question about the hidden-service guard-based de-anonymization attacks?] 8) Some, yes. Off the top of my head - I know that "Costco" is a West Coast operation and theres some fair certainty that it's an Asian gang deal. There is an immigration element and tied to IRL dealing. I'm not sure what the wait is, but there's some play that probably involves state/local. "Marlostansfield" is NYC, and the guy has a lengthy record and has been a CI in the past. "Godofall" is NYC and they're Dominicans who are street level/wholesalers. "DaRuthless1" has been surveilled by local in Queens and has a prior for distribution oxy. "UndergroundSyndicate" I know was assumed to have been made, but there was some snafu with that and bickering state level. I know there were a few California based pot guys who were being surveilled, I can circle back on vendor information. There is a vendor in Dade County, FL that was surveilled, grabbed and turned but the focus was on his IRL connects to coke wholesalers, not on mail. [Marlostanfield, Godofall, and DaRuthless1 seem to have disappeared before or during the fall of SR1 and no busts are known to be associated; UnderGroundSyndicate was busted as part of the SuperTrips case; the CA and FL mentions are too vague to judge. Ulbricht in his journal credits Force's info with saving at least one vendor, although it's unclear which. It's noteworthy that someone contacted Eileen Ormsby in December 2013 (http://allthingsvice.com/2015/04/02/special-agent-force-alpacino-and-me/), referring to Force's info and telling Ormsby to "ask M___ how DPR knew stuff that helped him not get busted. He won't know how, but he will know what you are talking about"; Marlostanfield is the only vendor named in the entire file whose name begins with "M" and if he had already run afoul of the law many times, he would be quick to disappear upon being warned, although Ormsby denies that M was Marlostanfield, saying it was someone else and better known (https://www.reddit.com/r/DarkNetMarkets/comments/336p83/the_force_briefing_le_dnm_investigative_methods/cqi3v2t) so possibly this M was discussed in later messages from Force.] I can poke around in regards to more on this topic. I'm sorry if I said anything that makes you unhappy.. I would not lie to you about anything, I would not gain anything from withholding, rather you'd lose your utility for me and obviously that's counter to me even reaching out. Please understand that it's obviously possible that I'm not privy to EVERYTHING that goes on. I work in a 9-5 environment and I'm nowhere near the field (and I'd never be). If there's something that you're 99.9% sure of is in [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 14 of 17] DPR's profile then you'd know better. If I don't know about it or have not heard/seen it, then that's a limitation of what I'm privy too. And I apologize for that sincerely, but I have no control over that. As for #6, I can stress again that I'm not a technical person. From everything I've heard, it was the guys behind the DDoS. Thats the water cooler buzz so to speak. I said I have no idea what the goal was, if any. It's not my place to venture any opinions, but if someone else claimed to take responsibility then either they wanted to jump on the bandwagon, or they could have been trying to engage you and solicit some response. I am simply not consulted on operations.. I don't know any other way to put it. I'm a cog, not anything more. I can stand by the profile of you that I provided. If there is more then I do not doubt it in the least, but it must be pegged as need-to-know. RE your scenarios - I reached out to you for, as I said, personal gain. There is no card being played.. believe me I'm not in the game. To placate you into a false sense of security.. but then ask for compensation? That doesn't make sense. I see what you're saying, and I don't blame you, but if that scenario had any merit, why would I "compromise" the Wonderful deal? Do you see what I'm saying? Scenario 2 is one that I'm whole heartedly (well, heavy heartedly) willing to accept. I do concede that I'm not an agent, I'm not operational, I'm not field. I'm a worker bee and I do feel I'm useful.. and I'm willing to prove it (while also covering my own ass). But if you feel I'm not as useful as you had hoped.. I'm pretty damned sorry and I can accept that? I'm open to whatever you suggest.. --- Well now you have me thinking too. It's one of two things: Out of an abundance of caution. There could purposely be bogus OR outdated profiling (left over from a legacy report). Knowing theres various agency crosstalk (and curious eyeballs), the thinking can be to keep sensitive information off the shared drives for fear of someone going into business for themselves. The nature of btc and for can tempt anyone to come to you (as I have) with something you'd presumptively write a blank check to get your hands on. Leaks happen all the time.. but generally they're to the press, not the subject. Could be a safeguard. Or, could simply be because your sources might be closer to the field and have first hand knowledge of updated working data. The DDoS would certainly be NCIJTF/FBI. There would not need to be any full time geeks tasked with attacking or penetrating SR and nothing else. Could only be 2 ways: 1)They would assign a group internally, fast track the assignment approval, provide an objective and get briefed on any developments. This isn't open ended and there has to be some goal/metrics to be reported on in a specified timeframe. 2) Farmed out to a contractor. A lot security specialists are contracted out by the FBI. This is a bit murkier as they operate on their own guidelines and are just asked to deliver with minimum oversight. But they have limited resources at their disposal unlike employees. This is something I can dig around and find out if it was internal or outsourced. I can also find out if theres a set group that's been delegated specifically to SR. Would also be able to ascertain which office they'd be out of. Most importantly I can try to see what (if anything) has been the yield and what the priority level is. If I start getting too technical with my poking around that might raise a flag.. so it's a balancing act for me. But I can get you something RE: past IT based attacks on your infrastructure. --- [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 15 of 17] I will, that is something I can do that might shed some light on the attack(s). Engaging you/intake of your response is attempted by every means. This is my opinion, but even if it was legitimate extortion does not rule out a contractor(s) sourced by LE. Anybody can see dollar symbols and see a financial opportunity even if they've been tasked by feds. Now, if it was in-house then yes, demanding payment to ceasefire would be bizarre as there would be too much oversight on the operation and if you had gone public (for example) with the fact the attacker is asking for payment.. there'd be disciplinary action at the very LEAST. But you are right in the sense that highjacking/ransoming the site for profit is not how LE operates. I'm thinking if the attacker was not LE, then they launched a separate attack with the wishful thinking that the massive onslaught would disrupt the site long enough to cause hot vendors to go back on the streets and open themselves up to catch cases. I will look into this. There are a few shared drives, but the lions share of SR related data is dumped to a drive titled (I'm not being humorous) "Silk". I would say SR related maybe 3 gigs? As for getting a copy of it - this is scary. I don't know how/when/IF such a thing would be audited. Do you know? I'll research. But the thought of making a copy of all the folders onto an external from my workstation.. that really turns my stomach. What if theres a system wide audit of who copied/moved/read/wrote what folders/files and it's asked of me what I was doing copying that entire folder to a USB..we're talking Do Not Pass Go, Do Not Collect $200, straight to prison. But maybe I'm being paranoid as well, because there are so many cooks in the kitchen and people move folders/files all the time. No cameras where any of the cubes are.. so theoretically if I found an open work station, a copy *might* be possible. But I can tell you that the risks involved in this are unquantifiable. I can think this one through. Maybe copy some does at a time, in 2 or 3 passes. Let me read up on how/what can be audited. Every avenue is being explored by Treasury and HSI (Homeland Sec Investigations) to get claws into the Bitcoins exchanges. By claws I mean sweet talk and then flat out intimidate.The view in LE circles is that Bitcoin exchanges are shamelessly serving as money launderers and know very well that a wide chunk of the bitcoin economy is from black market transactions. Now, when Gox was hit in the spring.. that was literally over an unchecked box on some form asking "Are you a money transmitter?"! Because (the US subsidiary) of Gox failed to check the "Yes" box.. that alone was enough to get a judge to sign off on a warrant. The rest is history. LE has reached out to EVERY SINGLE DOMESTIC btc exchange and asked them to share records on vague grounds (ongoing narco-traffic investigations, Islamic charities/donations etc) and establish channels. The exchanges seem to talk to each other, and have by large put a united front and rebuffed these advances so far and have insisted their Ts are crossed and I's are dotted, which means they are not obligated to share records with any LEA on gratis. And since their paperwork is in order, LE is stuck here. They have not been enable to find cause to hit any of the other exchanges the way they hit Gox. I can tell you that LE is so used to banks bending over backwards to accommodate, they're annoyed that the exchanges have not rolled over. They have not seized servers of any domestic btc exchange. Even Mutum Sigillum's seizure was just their Dwolla account, not their servers or any stateside Gox data. Coinbase, however, is probably playing ball at some level. If you recall they scored like $5mil in a Series A round a few months ago. Few weeks after that (I'm talking June), there were meetings between there Compliance/attorneys and Treasury. This is not public knowledge. Either this was the investors insisting that they reach out to the feds and get in their good graces, or Treasury tried to squeeze them and maybe found something they thought they could use to bully them. But that's been quiet since. Have not heard anything. Gut says they probably reached some tentative agreement to pass on records in a limited capacity. Long story short, no, they are not tapped in to the exchanges (yet), aside from possibly Coinbase. Civilian leads come in all the time to both local and federal. Sometimes its a call to one of the tip lines, and sometimes from confidential informants on the local level who are helping build cases on street dealers, and the street dealers are suspected of putting drugs in the mail or fedex, and SR is mentioned. Other civilian leads would be from academic research regarding SR/TOR (crawlers, potential bugs/flaws in the for network etc). Or then instances of someone coming to local LE for help because they were being extorted and 'threatened to have their information released allover SR forums' etc (usually a buyer that's getting blackmailed by a vendor) have also trickled in. --- [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 16 of 17] Yes, I'm thinking slow dump to USB, then PGP'd and sent to a tormail you provide. Will have to be slow, and ideally any chance I get to an open machine that I'm not logged into. The good thing is people don't take their workstation security serious and are pretty lazy. What are your thoughts on this RE the weeklies and anything that comes through the pipe on Outlook. I was considering screen shots, but then the fear of an audit catching an outrageous amount of screen shots might be a problem. So, suppose I got an old iPhone or anything with a high res camera, and pulled up docs and took pictures? Then can transfer the pies later, remove exif data, crop out anything identifiable (reflections, other open work on the machine) and then send? Although crude, this would at least work in terms of getting your eyes on stuff. Fallback would be you wouldn't be able to copy paste anything. Thoughts? About Gox: No way. Hitting Mutum Sig was a last resort and reactionary because they had approached Gox directly and were rebuffed, and then reached out to the Japanese government to no avail. Although on good relations, Japanese companies are very anal when it comes to perceived threats to their bottom line. Must not forget that Gox is fully aware that that a staggering amount of traffic is dirty money (no offense), and that makes them money. They can't fathom turning over records and data to the Americans without a crippling mass exodus of capital (if it ever came to light). Also Japanese are a proud people when it comes to their work. There are free trade agreements with Japan that have binding clauses to provide financial information to requests from say the IRS, but something that like can't be used as a tool with the Japanese government because of limited resources and approvals on our end. It's very beauracratic and not just a matter of a few phone calls and emails. And even still the Japanese can stall and pushback. As long as Gox is operating where they are, they will guard the integrity of their records/logs/data. Gox is outside the tentacles. --- No no, I can, I was thinking in terms of immediate data transmission. Grabbing off the drive is going to have to be done over some time. I can copy the contents of the weeklies to a file.. especially as they're sitting in Outlook. It does make my stomach turn.. but I know I've made a decision and opening emails is not out of the ordinary for me. I just have to remind myself that I'm as anonymous as can be and the financial incentive is attractive. And realistically I'm one of around 100 or more who would routinely be privy.. so I don't stick out. But Jesus this is scary. Sorry, just thinking out loud. I do appreciate you reposing trust in me and being generous with comp. --- When I put my paranoia into perspective vis-a-vis what stress you must live under.. and see a (wo)man who's seemingly calm and collected, that does ease the burden. At the end of the day us corresponding on for is as safe as can be. And my age/appearance is helpful in regards if ever asked why I'd be accessing SR specific docs/folders.. it's not entirely bizarre that I'd be curious in counter culture. And without getting into my position, I am tasked with a lot of grunt-work that involves being in various drives. Because of my clearance I haven't even done drugs in ages and can't., so I've never indulged in the site. And this method of correspondence was thought out by me for weeks. I'm not on my personal machine. God forbid the day would ever come where an eyebrow would even be raised though. I know you know how to keep an eye on your staff.. but realize that correspondence on the Wonderful situation is something you'd want to pay close attention too. Even if your guy(s) swear up and down the moon (to Mr. W) that you aren't in the know they've been talking, it will be assumed that you ARE watching and/or playing them directly. That can be a pro or a con for you, depending on how you finesse the situation. They either feed disinformation and/or take anything relayed with a grain of salt. I would not let your staff know you know they've been talking.. not only would that raise a flag, you'd lose a major opportunity to manipulate the situation. Bottom line is, assume they're [Case 1:14-cr-00068-KBF Document 232-8 Filed 04/16/15 Page 17 of 17] compromised or infiltrated, and you can have the boys running on goose chases. The more you send confusing signals via the forum and manufacture events, probably the better. For example to post that you're satisfied with the new setup/configuration of the server would be a good throwoff/distraction. Or to let speculation run about how many people are DPR/has SR changes hands and whatnot is advantageous to you (but you knew that). Or even to appear to unconsciously reveal an identifier about your habits/intentions/origins is good psychological warfare (but you knew that too). As far as your vendors go.. that's the weakest link. You have to keep an eye on their PM's and behavior/correspondence. Keeping them off the street, encouraging they partner up to appear to be operating out of various geography, monitoring their attempts to work outside the framework and open themselves to under covers are all no brainers but imperative. I'm going to poke around all I can on previous attacks/future plans of assault on the site.Know that paralyzing the site forever would never be an end goal of LE. That would be anticlimactic. Breaching your site security would be, and if that were to happen, they'd sit on it and watch.. with no time constraints. And still target the high volume vendors. If that were too happen, it would eventually filter back to me and thus you, and how you tackle it is obviously your call. If the climate in regards to the BTC exchanges changes and theres heightened interaction with Treasury/HSI, I will tell you the who and when. That might help you strategize big picture. For right now they're safe. That could change. I assume you'll want to know of street level activity or buzz that comes in via local or USPI, even if mundane. I'll get that to you too. If I can't get a vendor name, I can provide you with the geography and whatever identifiers I find. But these guys are almost always flipped and used to setup their IRL connects. Also, do not put it past them to wiretap journos. If you (for example), interact with people like [Adrian] Chen or Ornsby [Eileen Ormsby], assume they can see it. Assume journalists are compromised/breached. What I'll do this week is figure out how to start gleaning docs off the drives, and copying the weeklies/emails. Will need a few days to get that sorted out. I do sincerely hope that all this helps/will help you. I guess that wraps up our initial framework. I don't know anything else off the top of my head that might be critical. But if something does come to me then I'll inform you. Give me a tormail where I'd be able to send stuff to. I'll create one as well strictly for this purpose. If I'm not missing anything.. then I assume the first part of our initial arrangement/deal is squared away? If you could take care of the balance of my retainer tonight I'll have some peace of mind that I'm starting the week/this chapter of my life squared away. And the weekly comp following the weekly data that comes your way? I assume that's fair? --- Ok, got it. Thank you for that DPR, you're a man of your word as am I. Thank you for being receptive. Most weeks there's something at least.. so "nothing new or interesting" is almost never the case unless theres a complete lull or resources are re-allocated to some pressing other business. Even if there's nothing "new" per se, I can always engage others informally and chat them up to see what the buzz is. I'll figure out the doc/files and send them encrypted to that address. Feel free to ask any questions whenever, I'll check this forum account every evening and again at night. During working hours is almost possible unless I'm working from home, in which case I'll be reachable. If there's any specific you'd want want me poke around, then just point me in the right direction and I can circle back. Sorting out what else they have that isn't in the current profile (and why/how it's omitted) as well as the what/who/where/why RE the DoS I've put on top priority. I'll get something. [ending of Carl Force/DEA double-agent/informant "alpacino" briefing for money]