Case File Reading

1. >Welcome to the fourth /XMR/ General weekly opsec discussion!
2. Firstly i just wanted to mention that its been a pleasure putting these together for the /XMR/ community! The feedback received so far has been overwhelmingly positive and i look forward to continuing these sessions into the future. Thank you for taking the time to read, and i hope you retain some useful information from it, as i know i have in the process of making them.
3. This weeks discussion is going to be light on original content, unfortunately i have been busier than usual, so i thought this might be a good chance to share some case files from high profile arrests, mostly based in the US. Please feel free to share any additional case documents you have as well!
4.  
5.  
6. >Previous weeks discussion
7. PGP - pastebin.com/K5uK4vvg
8. File Verification - pastebin.com/64jdYSua
9. Compartmentalization - pastebin.com/fduPVLmV
10. >OpsAnon's public key
11. pastebin.com/kiEVscyb
12.  
13.  
14. >Why do we care?
15.  
16. Having these records made available to the public is an incredibly valuable resource for us as privacy/opsec concerned users, by reading these cases over we can learn from others mistakes, and we can build a picture of the tools and tactics used by those who mean to break our opsec!
17.  
18. >What information can we scrape from these documents?
19.  
20. While sometimes these gov documents can be verbose and outside of our scope of interest, we can dissect each case into a few key questions that will relate back to our own techniques. Anyone who remembers grade school English class is familiar with the 5 W's (who, what, where, when, why), in this case, i am removing the "why" and substituting " How", since that is the real juice we are trying to squeeze out here. We can further modify this template a bit so we can extract the most useful information and ask ourselves how the circumstances in these cases relate to our own.
21.  
22.  
23.  
24. -Newpost-
25.  
26.  
27.  
28.  
29. Who - Is this case pertaining to an administrator/vendor/buyer/hacker/activist?
30. What - What was the reason for arrest? (drugs, fraud, activism etc)
31. Where - Was the person located in the same geographical area as the attacker?
32. When - When did it go wrong, and how long did it take to compromise the users opsec and how long after compromise was it actioned?
33. How - What was the mistake made that caused the initial opsec breech?
34.  
35. *Note: 9/10 times, opsec is broken by a breakdown in our procedure, not some very advanced, expensive NSA tier hack, opsec has to be maintained 100% of the time to remain secure, an attacker only needs to be lucky once.
36.  
37. >Case files
38.  
39. All that is left is to get to the reading, i tried to get a variety of cases representing different scenarios from DNM vendors to MFH honeypots. If you don't feel like reading DOJ filings, you can also head over to darknetlive where they give synopsis of all the current cases, unfortunately 4chins throws a spam filter to the site so i cannot link the interesting ones here directly. Take them with a grain of salt as many don't include the reference material, but it still makes for interesting reading.
40.  
41. >Links
42.  
43. https://www.justice.gov/media/1116921/dl?inline= cyber task force
44. https://www.justice.gov/opa/press-release/file/982821/download alphabay
45. https://www.justice.gov/usao-sdny/press-release/file/1549821/download silk road
46. https://storage.courtlistener.com/recap/gov.uscourts.waed.95157/gov.uscourts.waed.95157.1.0.pdf
47. Ronald Craig Ilg (honeypot)
48. https://www.courtlistener.com/docket/65017549/united-states-v-trainor/ Tax evasion
49.