Author Topic: Safe (paranoid) on-line ordering  (Read 1810 times)

0 Members and 1 Guest are viewing this topic.

GOD

  • Guest
Safe (paranoid) on-line ordering
« on: September 25, 2002, 04:39:00 PM »
A few questions regarding making purchaces of materials that are watched by the DEA.

1.  Usually, sales above a certain threshold (or no threshold) are said to bee monitored, does this mean that the supplier must periodically submit information or does the DEA come around every so often to inspect records?  This question excludes the obvious fact that a vendor will report 'suspicious activity'.

2.  Lets say one chooses to avoid using credit cards etc to make purchases, and decides to use a money order with an assumed identity, often times, the buyer must still submit an online 'secure' order form.  When making orders to bee paid by money order, does this information generally get saved by the vendor?  If so, is it subject for scrutiny by the DEA?  Swims not talking about a place like JLF or a research chem vendor who may possibly get raided etc...

  Swim asks because he would like to know if hes beeing paranoid using a proxy just to print out an order form in order to send in a money order, plus, if making one large order for something looks suspicious, he believes a bunch of smaller orders (to one or several places) within a semi short period of time might bee a safer way to go about acquisition.  The reasoning is that if even small orders get (manditory) reported, and constitute a flag, one could theoretically use an 'identity' over a small period of time and still aquire what they need without having to make one single big order which might prompt the vendor to report a suspicious transaction and start an immediate investigation.  If the DEA is going to bee recieving periodical reports in general, the identity/maildrop could bee used for a given period of time and then discarded.  This would give the buyer a 'safer' window of opportunity.

BTW, this question isnt nessisarily directed towards chem supply houses, however if any info bees have to offer also happens to also apply there, please say as much. 

Any thoughts about this?  Theoretical experiances?

KraZAlchemist

  • Guest
secure ordering
« Reply #1 on: September 25, 2002, 06:45:00 PM »
SWIZ has had the same questions, about possible IP logging, etc.  (which is why one would want to use a SSL proxy).  However, as Hey_man pointed out to me it isn't always secure, because when you go to use somone's secure page your computer must verify with a CA (certification authority), which would reveal your real IP address to the CA.  Check out this post for hey_man's excellent info:

Post 358938 (missing)

(KraZAlchemist: "Chaining Proxies", The Server Room)


As long as your not ordering gallons of sassy, or lbs of RP & I to your mailbox, i think you can pretty much breath easy about the DEA comming to your mail box location.  Stake-outs cost big bucks.  If on the other hand, you are ordering gallons of sassy, reason would dictate that you should never return to that location after picking up your sassy.

of course said mailbox isn't in your real name, right?  so don't sweat it too much.

"We face daily, a series of great opportunities brilliantly disguised as insoluble problems."[sic]

GOD

  • Guest
Yeah, swim'll just use public terminals to bee on ...
« Reply #2 on: September 25, 2002, 07:02:00 PM »
Yeah, swim'll just use public terminals to bee on the safe side anyways.  Those novelty ID's kick ass!

Phemios

  • Guest
re: Safe (paranoid) on-line ordering
« Reply #3 on: September 26, 2002, 01:39:00 AM »
1.  Usually, sales above a certain threshold (or no threshold) are said to bee monitored, does this mean that the supplier must periodically submit information or does the DEA come around every so often to inspect records?  This question excludes the obvious fact that a vendor will report 'suspicious activity'.


I believe the order records would be filed with them (sent) semi-annually. If a supplier was under investigation they might come by unannounced and get the records them-selves. But, I don't see the importance of how they get the information. The question is how sophisticated their data mining is.

Even with all the wasted resource at their disposal I doubt they could go threw each transaction. They would most likely group the transactions into two main classes a business and a personal. Inside the personal group they would sort the purchases into the chemicals they bought and what potential uses said chemicals might have then group into quantity, where it was sent, etc. From this data they could start a file and use it as evidence to warrant an investigation.

Once an investigation is started the rules change. You can be assured background checks would be conducted on the given name and address. False information would elevate the investigation further. Once this happens, their number one priority for the investigation would be to apprehend the suspect on the basis of falsely identifying themselves. At which point they would find out who you really are etc.

2.  Lets say one chooses to avoid using credit cards etc to make purchases, and decides to use a money order with an assumed identity, often times, the buyer must still submit an online 'secure' order form.  When making orders to bee paid by money order, does this information generally get saved by the vendor?  If so, is it subject for scrutiny by the DEA?  Swims not talking about a place like JLF or a research chem vendor who may possibly get raided etc...

The information absolutely gets saved along with the order information. The reasons are numerous why they will log the purchaser’s IP--mostly to protect the business against fraud/maliciousness. However, if the DEA/FBI asked for the information, they would most certainly hand it over.

As long the form you are printing out does not have transaction information you are safe. If the order has any kind of unique data (ID) on it’s possible that your IP can be tied with the order.

And as far as proxies go they are not fail safe. Your IP can still be gotten via browser side scripting languages (jscript, vbscript, etc.) or embedded applications (java, COM, etc.) Or the proxy could be subpoenaed to give up the logs.

The exact rules chemical suppliers have to adhere by are publicly available. It just requires actually work to find them, and not all of this fun hypothecation. ;)

KraZAlchemist

  • Guest
They would most likely group the transactions ...
« Reply #4 on: September 26, 2002, 03:54:00 AM »
They would most likely group the transactions into two main classes a business and a personal. Inside the personal group they would sort the purchases into the chemicals they bought and what potential uses said chemicals might have then group into quantity, where it was sent, etc. From this data they could start a file and use it as evidence to warrant an investigation.

Shhhh!!  Don't give'em any ideas.  They monitor this site you know.

False information would elevate the investigation further. Once this happens, their number one priority for the investigation would be to apprehend the suspect on the basis of falsely identifying themselves.

How would they know that the person is falsely identified?  Maybe a postal inspector could lay some whoop ass on someone if they opened up a Mailbox at an actual post office some where (they are federal employees).  But I highly doubt fooling the fool at the mail box place is a felony, enough to warrent star troopers chaseing you down, but hey, this is a war, you never know.

At which point they would find out who you really are etc. 

Once again, I don't see how they are going to find out "who you really are".  Remeber, the whole point of being anonymous, is that you DON'T want people tracking you down.  So how exactly would they track said person?

You seem like you know a lot about the subject.  Are you our assigned DEA agent for this month?  ;)

Welcome aboard!

"We face daily, a series of great opportunities brilliantly disguised as insoluble problems."[sic]

wyndowlicker

  • Guest
hmmmmm!
« Reply #5 on: September 26, 2002, 04:04:00 AM »
That advice did come with extreme authority! ;)  :P

Counting starts by candlelight all are dim ,but one is bright.-GD

Phemios

  • Guest
How would they know that the person is falsely ...
« Reply #6 on: September 26, 2002, 07:04:00 AM »
How would they know that the person is falsely identified?

The investigator could be presented w/ a suspicious order or several orders. They would look something like this:

Name: John Doe
Address: P.O. #203, 123 Some street, Middle America, 12345, USA.
DEA Cert: 123-4567-890 (optional)
Date: 4/20/03
Chemical: Lysergic Acid
Amount: 10 kilograms
Packaging: Cardboard box
ID Type: Drivers License (optional)
ID Number: V123-45-67890 (optional)
(Depending on the order type the stuff marked optional, may or may not be included.)

 The investigator would then proceed to run a background check on the individual, business, and DEA Cert. If the name came back as false, the investigation would be elevated. (The contents of this order are a joke, if some saw 10 kilograms of lysergic acid being ordered the investigation would be immediately elevated.)

So how exactly would they track said person?

You have to pick-up and check your mail sometime don’t you?
;)