[OPSEC/Computer] How unsafe is using home wifi with tails on isolated machine (as a vendor)?

Lets hypothetically say you are a vendor using tails on a laptop not linked in any way to yourself. If your opsec is excellent except you are using your own WIFI, would it be a lot easier for police (not talking about the USA) to ''catch'' you than if you used a public wifi?

I ask this because it looks like most people who get caught are making horrible OPSEC mistakes and are not caught because of things like evil exitnodes etc./ the wifi they used (with TOR). Besides that, public wifi also has its downsides and limitations.


Comments


[2 Points] None:

[deleted]


[2 Points] oroszorszag:

I'm in no position to give advices here, but I always thought that if your house is clean and your pc is clean/encrypted and all they got was your IP, it's a pretty weak case.

Of course when they obtain your IP they would probably tap your phone and put a surveillance team first. So they could get smth incriminating on you even before you know you were compromised.

But since you are a vendor, that means you are always around drugs, which means using your home IP is a bad idea.

Just having your IP can't help them much if you are careful about all other stuff.


[3 Points] sapiophile:

None


[3 Points] sharpshooter789:

There is no definitive one size fits all answer to this question. Firstly, the vendor would have to development an accurate threat model. This model is then used to develop the security polices that will most effectively protect the individual/group/organization.

For example, larger vendors need to take the most precautions because their adversary is federal LE. As we know the feds have more money, a more intelligent staff, and conduct long thorough investigations. I'm too lazy to look it up at the moment, but I remember reading that the feds targeted the top 5% vendors. If you look through vendor criminal complaints you will see that the feds obtain logs from ISPs. Once they have this information they begin subpoenaing all third party services (amazon, [looking for vendor supplies like MBB or scales], gmail, all social media, etc). Therefore, its a very good idea for large vendors to use hacked or public WiFi. Additionally, a wise vendor(large) would compartmentalize their real life activities and their darknet activities. Basically, this means having multiple accounts on services and using a different connection for each (a different name and address is advisable too).

All of the other vendors biggest threat is the post office and local LE (possibly state). Consequently, these vendors can potentially use their own WiFi (over Tor of course). Depending on the location of the vendor, tails maybe optional for them.

edit: I was bored so I gathered a list of US vendor arrests (SR1) and summarized how they were arrested. If you want more details about the arrests due the research yourself.

Here is the list of US vendors arrested for their part in SR1:

digitalink
alllove
davidd
TrustusJones
Casey Jones
SourDieselMan
edgarnumbers
NOD
deezletime
UnderGroundSyndicate
MDPro
hammertime
BTCKing
Caligirl

I used /u/gwerns site as reference for arrests.

I wanted to see the rankings of these vendors so I obtained the vendor profiles from antelope.cc

Based on those profiles:

Casey Jones - top 78% [I think his arrest was based on IRL dealing; also his name references a grateful dead song and he was a fan of theirs]
BTCKing - top 87% [he was the biggest financial vendor so target of federal investigation]
digitalink - unranked [arrest due to poor opsec; he posted in the SR1 forums about one of his packages being seized and described how he was going to retrieve it]
hammertime - top 3% [top vendor so target of federal investigation]
edgarnumbers -unranked [he purchased from digitalink who as noted above was arrested for poor opsec]
UnderGroundSyndicate - top 1%[top vendor so target of federal investigation]
deezletime - top 3%[top vendor so target of federal investigation]
Nod - top 2%[top vendor so target of federal investigation]
caligirl - top 51% [profile is old; he was a [top 5% according to justice.gov](http://www.justice.gov/usao-mdfl/pr/texas-business-executive-sentenced-prison-illegally-selling-oxycodone-silk-road) so target of federal investigation]
mdpro - top 16% [terrible opsec she was a doctor and used MD in her handle and she offered medical consultation as a listing; she was low hanging fruit]

No profiles for allove, davidd, and SourDieselMan. I know SDM was arrested for IRL issues (he had someone buy jewelry for >$10,000 and that person snitched on him which resulted in an investigation). I’m not sure about the other two.

The take away is don't be a top vendor because then you attract federal attention and its highly unlikely you will escape arrest from them. Also, don't use common sense and don't post operational details on a public forum [and don't buy from those idiots]. Further, compartmentalize your RL identity from your darknet identity. Finally, be mindful of your IRL actions [its recommended you don't deal IRL and on the darknet].

edit: fix formatting


[2 Points] Kazaa99:

Ross Ulbricht used a public wifi.

As far as I know of, no vendor has been caught through their internet setup. Neither javascript disabling, using vpn, mac spoofing or similar has made that number of 0 vendors change to lower..

So it should probably be fine, but if you use all these suggestions people posted here, it won't of course make things worse. Just more time consuming for you to use.


[1 Points] DOZENS_OF_BUTTS:

Remember that our friend Ross was arrested in a public library full of undercover agents. They created a distraction, then took his laptop away. This tactic bought them a treasure trove of evidence, all because Ross didn't have the few seconds he needed to lock his shit down.

My recommendation is to use TAILS installed on a CD-R at home. TAILS will immediately wipe the RAM clean if the media it's installed on is removed from your computer. Make sure you can quickly eject the CD, and put as many locks between you and any entry points to the house as possible.


[1 Points] Vendor_BBMC:

Its about this unsafe.

Oh, you can't see my hands, can you?

Get a pay-as-you-go phone, never make a phone call from it, and use it as a portable tethering hotspot.


[1 Points] Mayniac182:

If it's a public WiFi you can use within your own home, then you can change your MAC address and use it without any serious issue, especially if the network is fairly secure. However I would still rather have control over the network (monitor connected hosts, security logs etc)

That said if you're actually outside in public, I wouldn't do anything on a DNM. By the end of the silk road, everyone knew what the homepage looked like from news articles. If an off-duty cop spots the green bar off the reflection of some shiny wood behind you (or your glasses if you wear them) and checks you out your OPSEC is useless. It sounds incredibly stupid but you'll be amazed how many people reveal confidential information because they aren't aware of their surroundings.


[1 Points] immortaIis:

you guys are horrible theoretical vendors here. step it up theoretically.


[-1 Points] lrpaterson:

It depends on lots of factors. There are thousands of vendors spread across just a handful of marketplaces, the markets are basically the crown jewels as far as LE is concerned.

That being said vendors get busted all the time, and (if you don't believe in parallel construction) its always because of bad OPSEC, not l33t NSA H4x0r5 r00t3n y3r 80x.

Your best bet if you want to vend from the comfort of your own home is to:

1.Use a burner notebook bought for cash

2.Use a virtual machine to isolate whatever OS is running TOR

3.'Borrow' WIFI using a long range antenna


[-2 Points] WHispyBumCake:

Don't do it from home. Bad vendor. No cookie. I know it's harder to schlep to the library, but do it. Mix it up. Alternately, buy a burner phone that supports mobile wifi with cash.