Eleven Things to know if you source online

Look if you guys are sourcing explicitly listed Schedule 1's from foreign sources, than, yes, this list is probably a good thing to keep in my mind. However, if you are sourcing domestically, or you are ordering legal/gray area RC's I don't think you have anything to worry about. Especially if it's in personal use quantities. Remember, no one has been charged for ordering RC's yet for personal consumption. Could it happen? Yes, it's possible. Likely? That's for you to decide.

 

I don't see why I would freak people out, I mostly post news stories from news websites and talk about how to secure internet communications from wiretaps and traces.

Maybe the people here shouldn't worry. When I first came here I noticed the title of this forum is "synthetic drugs" but have quickly come to the conclusion that it would more appropriately be named "analog drugs". But I still stand by all security mesaures I have suggested people take. Analog defence may work for customers for now, but prior to webtryp replace customers with vendors and you have the same general theme. Fact of the matter is I do know multiple people who have been raided for getting drugs from internet vendors, and in each case it was preventable by using better computer technology or mail techniques. although they always were scheduled, don't count on grey area keeping you safe for long if at all. And if you are in UK keep in mind all drugs in pihkal and tihkal are illegal. And in USA keep in mind operation raw deal, and keep in mind webtryp, keep in mind that customers have been questioned by DEA in usa for simply working with vendors, although there have been no major cases against small time customers of analogs in USA yet that I know of. That is all I am saying.

 

No doubt you have useful information. I truly think that you are an important member of this community! I could not live without you binary.

I love you for being you!

 

Yes, thanks a lot for the info binary. It is excellent.

I think my friend was just having first-time jitters when he read your thread. Now he's not feeling quite as nervous about things.

When you are new to the RC world, you think you have things figured out to a certain extent but you are also kind of flying solo because for the most part people in other forums won't even talk to you yet.

At least here there is some solid information on how to do things in as safe a way as possible - which is invaluable to a newcomer!

So thanks again!

 

man, theres so much info on being safe.
but lets say a friend decided to order a small amount (a gram, half a gram) of an analog drug with real information like an address and name. and it is her first time, would that be a big deal?

 

It's like playing the "Fucked" lottery. Chances of getting fucked are quite slim, but if you get the 'winning' ticket (package intercepted, prosecutor decides to charge under analog act, etc) you will be quite fucked.

Analogs are much safer to order than illegals of course. But it is also much safer to get shot with a gun while you have a bullet proof vest on than off. Better to reduce the opponents weapon to a BB gun imo.

I never will understand people who are fine in 'knowing' they will beat a case, when with just a tiny bit more effort they can avoid getting one in the first place.

I wouldn't sweat it to be honest. My goal has never been to scare the shit out of people. Ordering analogs is really pretty safe, especially domestic. But there is always that slim chance, and you could be the first one to go down hard for all you know. The webtryp vendors thought analog law would keep them safe too, thing is people *always* think what they are doing is safe or an acceptable risk because if they didn't they most likely wouldn't do it. But often times imo people don't see the full picture, or don't understand that the enemy is under-handed, lies, and a jury of your peers is more like a jury of 50 year olds who have been in the church for their entire lives who think getting high is illegal more than they think substances are.

Not to mention even if you can beat an analog case, it would still be expensive.

The chances of analogs being intercepted are way low though, and the chances of them being identified if they are seized is also way low, and the chances of them giving enough of a fuck to prosecute you are way low. But it is very much playing with matches. Most likely you can play with the matches and not get burned. But someday someones match will light a fire they can't put out and they will be fucked before they know what hit them.

My philosophy with the scene has always been one of strict security in all aspects for all products. But perhaps I am just overly paranoid =).

 

LOL, the fucked lottery.

 

Great post man, covered all the basics.

 

I didn't LOL until I read this post that separated it from the rest of the context.

 

The problem I have with binary's information is that he's asking the little ol' "personal recreational use of gray area RCs" person to go out and commit 10 different WAY MORE illegal acts to keep themselves "safe."

Say your gray area RCs get intercepted at customs and some Fed gets a burr up his ass to prosecute you for your 500 mg of not even really illegal chemical X. That guy still has to prove you meant to use consume or sell those chems. Not an easy feat. He's got to convince a judge somewhere that it's a swell idea to raid your house over a meager amount of a non-scheduled drug that you may or may not even have.

Now, let's assume that he actually wanted to fry your small-time ass and managed to get through all the red tape to do so. Now, he kicks down your door with a bunch of his fascist storm trooper goons, but he can't find that meager, meager, meager amount of chemical X. However, he does find your fake ID. He does find your fake e-currency addresses/names/etc. He does find your fake P.O. Box information.

Dude doesn't have the chemicals at all. Even if he HAD found the chemicals it's such a tiny, tiny amount that you're probably looking at zero jail time if it's your first drug offense. And that's assuming they could even find you guilty of anything. Except you fucked yourself trying to be cute and keeping yourself "safe."

Where the fuck is the logic in committing a host of legitimately serious crimes just to hide the fact that you might be committing one semi-nobody really cares-tiny-small fry kind of quasi-crime that the authorities would have a hard time caring enough about to prosecute you for anyway, assuming they COULD even prosecute you for it?

 

I personally wouldn't worry too much unless I was buying large amounts(multiple grams weekly) and turnin around sellin the shit. I don't, so i'm not going through the extent of fake I.D.s, encrypting your hard drive and I don't even use tor unless required. These are all great tips in this thread, I think just a little too much for most. I have ordered probably 30+ illegal/semi-legal things in the past 3 years and only 1 has gotten stopped at customs and confiscated..some mj seeds(but plenty more have made it). I do not discourage security becasue it is very important when needed, but I just think that for the average RC consumer all thse precautions are a little overboard. I do think you should take some of these steps if you are doing other things questionable.

 

Also, in your scenario there, the evidence that led to your fake po box and shit like that might be able to be suppressed because it wasn't on the initial raid warrant.

Anyway, here's a simpler and not-so-illegal thing to do: rent a box a UPS store or the like. Move and don't update your address with anyone. Then the DMV, the UPS store and the post office (whom the UPS store sends your PS FORM 1583 to) don't have your real home address, and thus the pigs can't raid you. If they don't check first, they'll raid the wrong home and you might have some warning if it's in the news or if someone by chance tells you "wow, I saw the cops raiding the place you used to live."

 

.

 

@mods:

PLEASE STICKY THIS!

 

well you have to show them your ID with a picture when you sign up for it, which would definitely be enough to find you.

 

I can make a more detailed threat model for online sourcing if people like this one. This one is pretty shallow and only gives a general over view.

Please keep in mind that this is a very general model. For example, hard drive encryption may defend against side channel attacks in the context of your activities (if your computer is seized for selling weed, they wont be able to gather evidence of you ordering drugs online from it, which would be a side channel attack), but hard drive encryption itself is vulnerable to side channel attacks (boot loaders with sophisticated key loggers programmed into them, signal emanations from keyboards being used to reconstruct keys, etc).

Online Sourcing: Threat Modeling​

Vocabulary

Risk Measurement:

Consequence Probability: What is the likelihood that you will face consequences?

Consequence Severity: If you face consequences, how severe are they going to be?

Attack Types:

Passive: These are attacks on links (such as mail hubs, versus a particular mail box which would be a node). Automated financial alerts for certain amounts of money being transfered, screening of mail en route and mass surveillance (CCTV cameras, Narusinsight internet monitoring) are some examples of passive attacks. Passive attacks are not necessarily simple (inspect x% of all mail), and can be semi targeted (mail profiling at hubs for common characteristics of drug mail is passive, but screening for mail to a particular address is an active attack on that address).

Active: These are attacks on nodes (surveillance on a particular address, versus non targeted mail screening at postal hubs which would be a link). These sorts of attacks consist of techniques that are common in undercover investigations. Examples would include: targeted surveillance of: mail boxes, e-mail accounts, IP addresses, financial accounts. Also forensic examination of electronics/packaging etc.

Side Channel: These are attacks that go around your normal defense/offense modeling. For example, perhaps you are busted dealing small amounts of weed in real life. This could lead to your computers being seized and law enforcement discovering you sourced online, even though they otherwise would not have found out. The compromise of an activity with a separate threat model (usually lesser consequence severity, higher probability of consequences) leads to the compromise of an unrelated activity with a different threat model (usually higher consequence severity, lower probability of consequences). Getting busted selling weed isn't going to get you in too much shit. Getting busted for selling weed is more likely than getting busted buying analog drugs. Getting busted for selling weed could lead to computers being analyzed which could lead to the possibility of facing twenty years in prison if they find evidence of conspiracy to traffic in an analog of a schedule one drug, or conspiracy to launder money (sending WU to a vendor selling illegals has gotten someone ML charges. Technically you CAN be charged for ordering analogs, so technically you could probably get ML for sending them WU also). Plus if you are already compromised for drug dealing, even if your drug dealing charge is relatively minor, you are in a vulnerable position and it is far more likely that LE will press charges (maybe just to get you to plea them away so they can hit you full force with the lesser weed charge).


Level of adversary interest:

Direct: Your E-mail account is under surveillance

Indirect: You send E-mails to an account that is under surveillance

Fringe: You send E-mails to someone who sends E-mails to an account that is under surveillance.

Being on the fringe does not necessarily mean you are safe. If someone sends an E-mail to an account under direct surveillance, it is possible that their account will come under direct surveillance. And it is likely that it will have what is called a 'pen register' applied to it, in which all E-mail accounts they have contact with are logged (but not the contents of the communications, getting a wiretap on an E-mail takes more proof of unlawfulness). Law enforcement does NOT need a warrant to get an E-mail put under a pen register order, they just need to make a statement that they have reason to believe doing so could contribute to a criminal investigation.

Defenses:

_____

Defense: Hard Drive Encryption

Defends From: Side channel attacks (if your computer is seized for selling weed, they wont find evidence of potential crimes with much more severe consequences), active attacks (protects against evidence being collected if your computer is seized in an investigation targeting your online sourcing)

Consequence Probability: In USA and most of the developed world there is little, encryption is legal. You may be held in contempt of court for failure to reveal passwords, but this issue has not made it to the supreme court and rulings have gone both ways on the issue. In the UK you will likely face prison time if you do not reveal passwords to law enforcement. You should use deniable encryption such as Truecrypt makes available, or use virtual machines from deniable encrypted containers if you run linux.

Consequence Severity: In the UK you can get around two years in prison for failure to reveal passwords to law enforcement. in USA you may be held in contempt of court for a period of time, but doubtfully for more than two or so years. Two years may be a better alternative than the sentence you could get if your hard drive was not encrypted, but you should just use deniable encryption and it is not an issue. In countries like China you may face serious consequences if you use encryption with out a license, and in places like Iran you may even be executed if you fail to reveal passwords.

Adversary interest: Encryption protects you from adversaries with a direct interest in you (although keep in mind side channel contamination).

________

Defense: Encrypted communications (GPG, OTR, etc...)

Defends From: Active attacks (if your E-mail is subject to a wiretap, the adversary is still unable to determine the contents of the communications), passive attacks (because the email is encrypted, it will not trigger most sorts of passive keyword analysis being done on the internet), side channel attacks.

Consequence Probability: Same as for hard drive encryption. You should frequently rekey and delete old keypairs, or use encryption with deniability built into it such as OTR.

Consequence Severity: Same as for hard drive encryption.

Adversary interest: Encrypting communications will protect you from direct and indirect surveillance. It is not usually applicable to fringe surveillance as that generally involves traffic analysis rather than communications tapping.

____________

Defense: Tor / Anonymity networks in general

Defends From: Active attacks (an adversary specifically interested in your pseudonym/online activities will have extreme difficulty tying a real person to it) non-global passive attacks (adversaries doing passive monitoring of some % of internet traffic will have a significantly reduced chance of tracing you, but an adversary who is monitoring all links used by the tor network, such as perhaps NSA, will be able to trace you still), side channel attacks

Consequence Probability: Varies depending on country. Very low in USA and most of the first world. General consensus is that running Tor is quite legal in USA and most of the first world, but it has never really had any legal precedent. Major universities and the EFF run Tor nodes though, and everyone is in general confident that you can not get in trouble for being part of the Tor network.

Consequence Severity: In countries like China or Iran it is quite possible that you will be arrested or even executed if you are caught using Tor. People using Tor in these countries, and even in first world countries perhaps, should make use of Tor bridges. using a bridge with Tor significantly reduces the chances that you will be detected as a part of the Tor network.

Adversary interest: Using an anonymity network will help protect you from direct, indirect and fringe surveillance.

_____

Defense: Fake ID to send money

Defends From: Active attacks (there is no record of YOU sending money) passive attacks (by structuring money transfers over a range of fake IDs, you can send large amounts and stay under the amount that will trigger passive screening systems on any individual ID) side channel attacks

Consequence Probability: Depends on the quality of ID and the country you live in. In the USA there is an extremely low chance of being detected using a fake ID, provided it is high quality. In parts of Europe and the UK there is a higher risk of detection because their IDs are harder to forge, so you therefor are more likely to have a low quality fake. Fakes in UK and europe also must be backed with a 'legitimate' stolen identity to work usually, where as a synthetic identity (made up information) is adequate in USA and other countries.

Consequence Severity: You are at significant risk of being charged with money laundering if you are busted sending money with a fake ID or are caught with a fake ID that was used for sending money. ML charges could easily result in spending 10-20 years in prison per count.

Adversary interest: Using a fake ID to send money can help protect you from direct, indirect and fringe surveillance.

________

Defense: Layering money through multiple ecurrency accounts

Defends From: Indirect active attacks (the vendor you send money to, and anyone who compromises the vendor, will not easily be able to follow the financial traces back to your identity, even if you initially load the money with your legitimate ID.). This will not protect you from passive attacks if you load money with your real identification (you will still trigger the system if you load to much, but it could still hurt the adversaries ability to see the final destination of the money)

Consequence Probability: Fairly low. Anonymous Ecurrency is sort of a grey area legally. People running Ecurrencys have been busted and charged with money laundering before (only ones in USA afaik, in Panama it is big business and fully legal), and exchangers have had money seized and I think have been charged in some cases where they were operating as sub-ecurrencies like 1mdc (ecurrencies backed by other ecurrencies), but I have yet to hear of a case where someone was charged just for owning ecurrency and it seems highly improbable. Anonymous ecurrency can be considered the analog drug of money laundering, and is probably your best option if you exclusively source analogs and want to be secure with out putting yourself at un-needed risk. It will not be a trivial task for most law enforcement to even prove that someone owns or has purchased anonymous E-currency, even if it is paid for legitimately (your own ID or credit card or whatever).


Consequence Severity: Money laundering carries severe consequences

B]Adversary interest:[/B] Layering payments through ecurrency can help protect you from direct indirect and fringe surveillance.

_________

Defense: Fake ID for setting up a box


Defends From: Active attacks (if the vendor is compromised after you have used him, or you determine that a package has been seized prior to attempting pick up), side channel attacks (you can use different boxes for different vendors/shipments, helping to minimize cross contamination)

Consequence Probability: Low. Most box places will only glance at your ID. I suggest you use photoshop to modify facial features (but not to an extent quickly noticed by a human eye) to throw off computational facial recognition algorithms being run on the photo in the ID if the box is ever compromised and the ID is photocopied (it isnt usually).


Consequence Severity: Moderate. You could get a charge of fraud and a charge of possession of a fake ID, but will be unlikely to face more than a few years for this.

B]Adversary interest:[/B] Using a fake ID box does a good job of protecting from fringe surveillance and can also help protect from indirect surveillance. It increases the expenses and complexity of direct surveillance as well.
_________

Defense: Using physical remailers

Defends From: Low level active attacks (think scammers, not LE), actually INCREASES risks of passive attacks (its in the mail twice as long, may go through customs twice, etc), side channel attacks

Consequence Probability: Using remailers is legal most places so there is little direct consequence probability. Using remailers increases your protection from some attacks, and increases your susceptibility to others. If you are working with a scammer and he gets your address, he may threaten to spam it or otherwise blackmail you if you call him out as a scammer. This leads to scammers getting away with it for longer periods of time before they are called out. If the scammer has only the address of a remailer, it may not be as big of a deal if he spams it. If you work with a vendor who keeps records and he is busted six months later, law enforcement will not immediately be able to find your address and depending on how long the remailer keeps information for, they might have no luck tracing you. Some people use series of remailers effectively for small amounts of analogs. You reduce your protections from other attacks though. The package takes longer to get to you as it is going through remailers first, so you will not be as tipped off to if a seizure has happened or not. Also, it is in the system longer so there is a higher chance of it being noticed by a passive attack. If you use international remailers (in countries that are not required to have remailers keep logs, or keep logs for long) then your package may go through customs more times than if it was sent directly to you. This puts it at significantly higher risk of being detected with a passive attack. One advantage of using international remailers is that to your government the package will seem to be coming from a possibly safer country to get things from (canada instead of china), putting you under less scrutiny perhaps. I suggest only using international remailers for international packages, if the material is already domestic there is no need to use a remailer in another country and doing so will greatly increase risks for little benefit.


Consequence Severity: N/A


Adversary interest: Indirect, fringe

_____________





Activities

_____

Activity: Domestic personal use analogs

Consequence probability: very low, most attacks will be passive / indirect / fringe / side channel and there is low chance of prosecution. Chance of low consequences is significantly higher than risk of severe consequences.

Consequence Severity: Potentially extremely high (up to twenty years in prison), more likely low (visit from police with no charges pressed)

_____

Activity: Domestic bulk analogs (purchase)

Consequence probability: low, but any potential consequences are more likely to be severe. Most attacks will be passive / indirect / fringe / side channel

Consequence Severity: Potentially extremely high (up to twenty years in prison), and there is a significantly higher chance of prosecution than for smaller amounts

______

Activity: USA/UK analog vending

Consequence probability: low-high depending on security. there is a high chance of prosecution AND a high chance of direct active attacks

Consequence Severity: Probably extremely high (up to twenty years in prison)

________

Activity: CA/EU analog vending

Consequence probability: Low-moderate depending on security and if you work with USA customers. Moderate chance of direct active attacks

Consequence Severity: Likely moderate

___________


Activity: Domestic personal use illegals dogs cant smell

Consequence probability: Low but almost certain severe consequences if any. High chance of indirect attacks, Moderate chance of direct active attacks

Consequence Severity: Probably very severe

________________

Activity: Domestic personal use illegals dogs CAN smell

Consequence probability: low-medium (depending on security) but almost certain severe consequences if any. High chance of indirect attacks, moderate chance of direct attacks, at high risk for passive attacks

Consequence Severity: Probably very severe

______

Activity: Domestic bulk illegals dogs cant smell

Consequence probability: low-high (depending on security) but almost certain severe consequences if any. High chance of direct and indirect attacks.

Consequence Severity: Probably very severe

______

Activity: Domestic bulk illegals dogs can smell

Consequence probability: low-high (depending on security) but almost certain severe consequences if any. High chance of direct and indirect attacks, at high risk for passive attacks.

Consequence Severity: Probably very severe

______

Activity: International personal use analogs

Consequence probability: Low. At higher risk of indirect and fringe attacks than if domestic, but not by a lot.

Consequence Severity: Potentially very high, and possibly at higher risk of prosecution for importing + additional charges.

___________

Activity: International bulk analogs

Consequence probability: Low-medium (depending on security). Signficant chance of prosecution.

Consequence Severity: Signficant chance of severe consequences

_______

Activity: International personal use illegals dogs cant smell

Consequence probability: low-medium (depending on security). Very high chance of prosecution. Likely subject to active and direct attacks as well as indirect and fringe attacks.

Consequence Severity: Probably very severe

_______

Activity: International personal use illegals dogs CAN smell

Consequence probability: medium-high (depending on security). Very high chance of prosecution. Likely subject to active and direct attacks as well as indirect and fringe attacks + at high risk of passive attacks.

Consequence Severity: Probably very severe

________

Activity: International bulk illegals dogs can't smell

Consequence probability: Low-medium (depending on security). Very high chance of prosecution. Likely to be targeted by international police agencies such as interpol. Subject to active and direct attacks as well as indirect and fringe attacks.

Consequence Severity: Probably very severe

_________

Activity: International bulk illegals dogs can smell

Consequence probability: medium-high (depending on security). Very high chance of prosecution and likely to be targeted by international police agencies such as interpol. Subject to active and direct attacks as well as indirect and fringe attacks + high risk of passive attacks.

Consequence Severity: Likely extremely high

_________

Activity: International non-hard-opiate non-schedule one pharmaceuticals

Consequence probability: Medium-high

Consequence Severity: Likely extremely low, chances are you will merely get a letter asking you to stop importing them.

 

binary shadow

Uhh, thanks for the education, I think. It might be called scaremongering by some. I'd love to hear any references or resources to support your analysis; rather than I attempt to 'disprove' statements made.

 

If it is called scaremongering by some I don't care, it is an entirely accurate threat model (although not very detailed). I can supply references but as so much was discussed it would be helpful actually for you to specifically state what you are in doubt regarding.

________________________

http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA495688&Location=U2&doc=GetTRDoc.pdf

This is the basic threat modeling system I used in regards to active/passive attack definitions etc. This paper is specific to anonymity networks but the attack classifications apply to anything that can be threat modeled; a passive attack and active attack model exist independent of what is being analyzed:

_________________________

http://www.schneier.com/blog/archives/2007/10/uk_police_can_n.html

In the United kingdom it is illegal to not give up a password to encryption, which is why I suggested Truecrypts plausible deniability, and OTR deniable encryption or GPG with frequent rekeys.

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html

In the united states it has not made it to the supreme court yet, but rulings have gone both ways so the issue is up in the air.

_______________________________

http://www.torproject.org/eff/tor-legal-faq.html

Tor has EFF backing and nodes are run at many universities. Although it is not specifically legal, chances are it isn't illegal either. And if it is illegal, a lot of universities and journalists are in trouble =).

________________________________

The data on fake ID was admittedly original research to an extent. I know dozens of instances where fake identification was used in USA for financial activity or for opening a box, and in none of these cases was anyone ever even given a second glance. I have also seen many sources for USA identification, but very few for European. Those in Europe I have heard of using fake identification have had less success than Americans, primarily due to the fact that those countries have stronger identity authentication systems in place (the card is linked to a database that has information on it only known to the holder of the card + on cryptochips, versus USA all the relevant data is on the card or in the magstrip).

I doubt you will be able to find a source for data on this one way or the other short of individuals with direct experience.
_________________________________

E-currency can get you money laundering charges if you base the company in USA, or run a top level exhcanger with pseudo-currency:

http://www.securityfocus.com/news/11528

However there have been no reports of users of the system being charged with ML, although many had their money seized.

________________

How much trouble can you get into for analogs? From the DEA penalty chart:

And we already know from the analog act that you can be charged for analogs as if they were the scheduled drug that they mimic:

You can try to defend yourself from 20 years in prison on a minor technicality (section C subsection IV) but truth be told no jury is going to buy that you had some research chemical for legitimate research. It is just unfeasible. If they decide to prosecute you, you WILL face up to twenty years in prison if it is an analog of a schedule one or two drug.

____________________________________

Interpol is clearly interested in the international sourcing of illegal drugs over the internet, and in fact they are the primary active adversary in such situations:

From interpols website:

Souring illegals with in country will likely fall to the federal police, such as FBI or DEA. Oh yeah, here is information on western unioning funds to a vendor of illegals being money laundering:

www.allbusiness.com/crime-law/criminal-offenses-misc-smuggling/12677918-1.html

He was importing schedule one and twos from a source in brazil that got busted. The DEA was able to identify him due to direct surveillance that was done on his source (so indirect surveillance on him). This would have been prevented with Tor and GPG. After identifying him, the DEA was able to piece together TWO YEARS worth of interactions simply by the paper trail of western unions sent to Brazil, packages received to a mail box he registered under his own name, etc. So here we have a case of indirect surveillance fucking a dude over. If he had taken the security precautions I had actually advised to him (Tor, GPG, fake IDs): he would not have gotten fucked.

_______________

I think all of our personal observations can determine that purchasing analog drugs domestic and even internationally has a relatively low risk of severe consequences, although as I showed priorly there is a possibility of this. There is however substantial risk of lower consequences: many in USA have gotten visits for working with analog vendors and although in USA never charged they have been asked to testify against the vendors. These people are identified usually via indirect or fringe surveillance or side channel attacks.

In the UK people ordering analogs got light sentences such as probation shortly after webtryp.

_____________

Laws on pen register versus wiretap:

http://en.wikipedia.org/wiki/Pen_register

_____________

really I could go on and on but I would rather answer specific questions you have than try and guess what you considered to be fear mongering and end up just doing another analysis on the first analysis.

 

Personal experience, your detail of probabilities and levels of consequences do not match my reality. I have seen your 'security information' posted places online. You are probably familiar that while some may cheer you for encouraging use of security; others suggest your perception of what happens to everyone is skewed. I could tell tales, and post pics of Love Letters (redacted hopefully), or mailing labels&boxes&contents&etc ... just to show that I am the exception to your generalization of vague 'possibilities/probabilities'.

Without naming names or finger-pointing lets just say you are specific enough to tell me I have never lost a game of roulette, the dealer isn't watching the table, and the house doesn't care it's losing big with me there.

Seems disconnected from reality; but yes, I'm one who hasn't been prosecuted, taken many gambles, and only once was I given note to not to try that again; and here is the forms to ask for your stuff back... 'large amount' of 'low-scheduled' substance. And I've had the chance for someone to rip me off by sending fake product, and customs opened and tested it to make sure it was fake. My seizure letter, though, listed substance and quantity (by their measure, source sent 10% bonus( and eventually reshipped the seized amount in bits over the years of our back-and-forth once we compared letters), and ~$ value (greatly underrated imho). Maybe this is alike instance of how cocaine dealers get off while crack dealers do forever in fed pens. Anyhow, there are more people than I should name who use 'no security' and have nothing happen to them for years (read: 'so far') and only slightly adjust their methods/menu as time progresses.

Casinos don't make money that way; might make one imagine the house employees are in on the take. (Attn: losing war on drugs; transportation flow so massive it is impossible to 100% secure.)

I just think your analysis is wrong, focusing on data accessible, through statistics of those who got caught and messed up. How can you compare that to a census data set of those who succeed and are not prosecuted, nothing seized/found/known-about? This is X=unknown variable factor kind of issue. Sure they(Interpol/whoever) might get off their arse to conduct surveillance, going UC, and all the detective work you mention. However, some characterize administrating enforcers as the greatest blocks to proper conviction of criminal types. This all plays into the statistical numbers game pushed by individuals for personal gain. Using factors/formula you can make a losing horse look like a champion. Dark-horses who aren't registered on the track will not count towards the spread on the betting table. But my money says "if you play by the rules, of course the odds are in the houses' favor". Personally I like hearing about 'the big one that got away' fish stories, and knowing that there are 'masterminds' who learn how to trick/fool the system into cashing their false winning ticket or chips, or simple card-counters who get slapped on the wrist, as they may be as plentiful and creative, like their adversary. My magic 8-ball sez 'Outlook Hazy' when I asked if there is bigger threat from scammers than enforcers for the typical, uh where are we now?... 'Psychedelic Synthetic Drug' person.

Lets just spit some hearsay out there and suggest that while some 'chemicals' are seized, and once someone got prosecuted - more so for the more serious causes... You never know how many tons did not get seized. Bean-Counters can't crystal ball those numbers for you. At best you are guessing, and I guess you are guessing inaccurately on a 50/50 odds question. Makes me wonder if any of it is valid.

'entirely valid threat model' ... 101 ways to skin that cat if your pappy taught you some secrets and adjusted your view. 'not very detailed = select source information and extrapolate conclusions from their number set'?


(psst: scare-mongering is a powerful tool, and using it to encourage use of 'more security' might be considered positive, but you don't have to fllim-flam us with your analysis... Some folks live forever happily without 'security', as ciphers have been used as long back as alchemy perhaps - still some unsolved riddles there, it is also an evolving technology. The other issue is millions of packages/people cannot be properly studied without bringing the flow of people and things to a stop, as paranoid Americans have suggested, and that "WE CLOSE ALL BORDERS NOW!" to control them dern terrurists.)

 

A coin has a 50% chance of landing heads and a 50% chance of landing tails. Flipping a coin and getting heads 5 times does not make an exception to that rule ;-).

I have taken many gambles as well and never been prosecuted or even had a package seized. But I have seen many who have not been so "lucky". And the thing I notice is those who tend to not be lucky also tend to be those who are not secure. So maybe it isn't luck at all?

Large amount of low schedule substance was seized and you just got LL and forms for it back? It was probably anxiety pills or a similar non-hard prescription. And what apparently happened to you fits with my threat model actually:

_____
Activity: International non-hard-opiate non-schedule one pharmaceuticals

Consequence probability: Medium-high

Consequence Severity: Likely extremely low, chances are you will merely get a letter asking you to stop importing them.
______

Also sure many will get away with nothing happening to them. Playing Russian roulette with a six shooter once a year pulling the trigger you can get away with it alive for up to 5 years with not a single bad thing happening to you. It means nothing as to the actual risk of consequences and severity of consequences and is essentially irrelevant.

Sometimes a group of associates will avoid detection for years only to be brought down over two months after they have been targeted. Read the developmental smuggling model paper and you will quickly see that using past success as a meter for future success is phase II rather than III thinking. And phase II smugglers tend to get busted after 5 years. It is documented by experts on both sides of the war on drugs that it is the smugglers taking security precautions that do not get busted over time.

www.thefreelibrary.com/Drug+Smuggling+Behavior+A+Developmental+Smuggling+Model+Part+1-a01073956158

My analysis is not based entirely on data accessible in relation to drug smuggling cases but rather is based on the abstracts of threat modeling and threat analysis. Defending from passive attacks does not require you to know of every sort of passive attack used to bust someone in the past, it only requires you to understand what a passive attack is and figure out how to defend against that class of attacks.

And anyways, there is plenty evidence that those who succeed and are not prosecuted are those who are taking security precautions. How do I know this? Because I see that those getting busted and making the news are not taking security precautions and I know that some people are taking security precautions. Not to mention its spelled out in the DSM anyways.


Yeah interpol might get off their ass and do detective work LOL. Interpol is an association of federal police in almost 200 countries. You are honestly naive as hell if you think that they don't do detective work. I mean, really, think about that for a minute. But you are right, they do their operations largely based on statistics and numbers. Which means they will target those who are low hanging fruit as it is easy and they can get big numbers. Which means if you don't make yourself low hanging fruit by taking no security measures, you will reduce your risk of getting fucked!

The bigger threat as far as severity of consequences is law enforcement, likelyhood of consequences is scammers. But in honesty many of the worst scammers are on LE dick anyways and in some cases it is hard to separate the two from each other. Many of the large busts of online smugglers I have seen recently are the direct result of scammers gathering intelligence for LE.

There are 101 ways to skin a cat? But....there are only certain ways to do threat modeling. Maybe you should research the discipline lol.

Not very detailed = I did threat modeling on sourcing drugs online with out doing sub-threat models for the security techniques. Each of the techniques I mentioned also has direct,indirect,active,passive,side channel ETC attacks on it that also have their own defenses. To do a proper threat model for internet drug sourcing would result in probably a forty page analysis, but tbh I am not very up for it as hardly anyone would read it and most of the sub-threat modeling involving technique countermeasures/measures has already been done on the blackopsecurity.net wiki.

The flow and masses of packages is only one face of a multi-facted threat model. If they can't passively detect the package in transit means nothing if they are doing targeted surveillance on the vendors E-mail address and observe the order and shipping address when you send that information to him unencrypted. And it actually semi-secret mass surveillance is done on and off the internet. Data mining and intelligence agencies working beyond the confines of law = powerful.

Now it is highly doubtful anyone here is going to be actively targeted by intelligence but to counter your claim of government inability to find needles in haystacks, read about narusinsight and data mining before you say that millions of people can not be monitored. Hmm or read about the new project from DARPA that wants to use UAV drones to do imaging of large geographic regions and send the visual data for analysis to detect patterns associated with known behavior (terrorism to drug dealing could be detected in real time this way). Narusinsight is a SIGINT program, the DARPA project IMINT. Read about intelligence disciplines, primarily SIGINT IMINT and OSINT. And I think you will find that the government has no problems monitoring the many to gather data on the few.