Silk Road forums

Discussion => Security => Topic started by: nimbus on April 27, 2012, 10:12 pm

Title: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: nimbus on April 27, 2012, 10:12 pm
I've noticed several vendors using USPS stamps printed either using stamp software or at Post Office vending machines. These stamps contain a large barcode along with other numeric information. I can't find much information about the content of these barcodes but I must assume there is something in there that could be used to identify either the time/location of the stamp purchase at a vending machine, a stamp software account number, an order ID, etc. All of these could be combined with CCTV data, the USPS database, or software vendor database to determine the identity of the stamp purchaser.

Please be careful and use only normal stamps. Also, if anyone can find any information about these stamps or barcodes, please share it.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: ak94w on April 28, 2012, 01:22 am
Yes I think sellers purchase DCN's and stamps at those automated machines in postal offices, I dont think it would be too hard to find CCTV footage if LE ordered a package with one of those stickers, however they would need to put alot of time/effort into caching you, the only solution would be to switch up PO locations or wear a hat or something.

Ideally sellers would use stamps with no DCN, but then they can get scammed.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: Delta11 on April 28, 2012, 03:30 am
You could always wear a hat with big sunglasses or just have another person go in and buy stamps using a prepaid gift card. The best place to do it at is a small PO with the APC machine on the side away from the counter.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: rednelb1 on April 28, 2012, 04:09 am
i struggle here. i know using the apc is risky even using a pre paid card, but the idea of the package blending in better is nice.
A bunch of stamps on a priority box just seems off to me.
I have always said, even the shittiest of my ebay packing probably done while smoking pot have never had a problem when they had pre paid postage and blended in. i guess it is the risk you decide to take.

teach your kids to use the apc.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: SuperDerp on April 28, 2012, 04:25 am
I know a well known p1ponline vendor that used to generate VCC's and use anonymous prepaid cards to print barcodes off the internet and never had a problem. Switches up proxy's and credit cards
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: philter3 on April 28, 2012, 06:33 am
I know a well known p1ponline vendor that used to generate VCC's and use anonymous prepaid cards to print barcodes off the internet and never had a problem. Switches up proxy's and credit cards

Brilliant. Consider this idea stolen.   :)
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: adam420 on April 28, 2012, 09:05 am
i know there was a vendor on a carder site (dont know the name anymore) that sold usps printed stamps.

Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: rednelb1 on April 28, 2012, 02:08 pm
how would you use a prepaid without an address to "bill" it to?
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: Delta11 on April 28, 2012, 08:47 pm
how would you use a prepaid without an address to "bill" it to?
This is only a problem for online purchases which ask for a billing address but if you are just going to be swiping the card and charging it then it's okay.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: rednelb1 on April 28, 2012, 10:50 pm
THen what is a VCC
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: Delta11 on April 28, 2012, 11:41 pm
THen what is a VCC
A virtual credit card, they are simply used as an alternative credit card number to one you already have so you can shop safer online in case your information was to ever been compromised.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killerbunnies on April 30, 2012, 03:13 am
I know many vendors use the flate rate priority packaging with the prepaid labels. I wonder if they purchase many prepaid labels at the same location with the same prepaid card then are the barcodes/identifying numbers grouped together in the USPS system? And if a package were to get seized would it be easy for them to wait for the unused labels to enter the system and then seize the subsequent packages as well? I am not a USPS employee so I have no clue. Just something to think about
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killboy on April 30, 2012, 03:29 am
That is exactly why PV started keeping dcn info private.to prevent popo from getting sequential dcns and seizing shit.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killerbunnies on April 30, 2012, 03:41 am
That is the smart thing to do. I would prefer to receive things with just regular stamps on it. But given the amount of reverse scammers out there none of the vendors are really willing to send anything without a DCN. Its a shame
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: coredrive on April 30, 2012, 04:03 am
I know a well known p1ponline vendor that used to generate VCC's and use anonymous prepaid cards to print barcodes off the internet and never had a problem. Switches up proxy's and credit cards

Granted it may be a stretch, but most color printers secretly add encoded serial numbers and timestamps to each page printed... just a warning to the truly paranoid.

Quote
Printer steganography is a type of steganography produced by color printers, including Brother, Canon, Dell, Epson, HP, IBM, Konica Minolta, Kyocera, Lanier, Lexmark, Ricoh, Toshiba and Xerox brand color laser printers, where tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps.
https://en.wikipedia.org/wiki/Printer_steganography
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: daveh0we on April 30, 2012, 11:00 am
So much paranoia.   not one thought to the fact the USPS is a private company.  Not one thought to the USPS public books saying they are near broke.     

Another Words  If your package is not suspicious youve got nothing to worry about. 

So many superstitions.    "The government knows everything in your mailbox"  "The USPS is the government" "The USPs gives a damn about joe schmoes oz of pot, or nancys bag of molly."  As long as the molly isnt leaking out of the package and it doesnt smell like a medicine cabinet (putting UsPS employees at risk) Then their is no concern.

OMG Tor a package?   Does anyone have proof of packet sniffing at USPS.         When Im receiving an order my entire house wreaks of Marijuana Ive got bongs, pipes, roaches all over my living room, Ive got my silkroad account open to the orders page.        My Lawyer told me the best way to get busted for drugs is to get busted using them.     I skipped 3-7 years in jail for a short stint in drug counseling and some probation, all because I could prove that i was a user.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killerbunnies on May 01, 2012, 02:26 am
If the package isn't suspicious there really isn't anything to worry about. As long as it was shipped properly there will not be any problems. This thread is mostly talking about whether or not they can trace the origin of a package or where its labels were purchased in the event of a mishap such as seizure of products or arrests of receivers.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: brutusk on May 01, 2012, 04:42 am
i have been researching those bar coded stamps. They are encoded with IBI, information based indicia. it was developed by the po specifically for stamp technology. The info encoded in the pdf14 bar code is encrypted. The po is very cagey about what info is included on the stamp. I am currently trying to get a definitive answer on this. The stamps may or may not include sorting info, date/time of purchase, sending and receiving zip  codes. Everything i have found so far skips around stating exactly what is on the stamp. I can realistically se a time whenthe digital pic snapped at the machine is encoded into the stamp as well.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: nimbus on May 01, 2012, 12:39 pm
i have been researching those bar coded stamps. They are encoded with IBI, information based indicia. it was developed by the po specifically for stamp technology. The info encoded in the pdf14 bar code is encrypted. The po is very cagey about what info is included on the stamp. I am currently trying to get a definitive answer on this. The stamps may or may not include sorting info, date/time of purchase, sending and receiving zip  codes. Everything i have found so far skips around stating exactly what is on the stamp. I can realistically se a time whenthe digital pic snapped at the machine is encoded into the stamp as well.

Thanks for looking into this. I also found it very difficult to find information about this. It's easy to find tons of information about the simpler barcodes used for POSTNET, Planet, Intelligent Mail, etc, but almost nothing about IBI. It would be great if we had an inside source with access to some internal documentation.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: brutusk on May 01, 2012, 05:56 pm
i have been researching those bar coded stamps. They are encoded with IBI, information based indicia. it was developed by the po specifically for stamp technology. The info encoded in the pdf14 bar code is encrypted. The po is very cagey about what info is included on the stamp. I am currently trying to get a definitive answer on this. The stamps may or may not include sorting info, date/time of purchase, sending and receiving zip  codes. Everything i have found so far skips around stating exactly what is on the stamp. I can realistically se a time whenthe digital pic snapped at the machine is encoded into the stamp as well.

Thanks for looking into this. I also found it very difficult to find information about this. It's easy to find tons of information about the simpler barcodes used for POSTNET, Planet, Intelligent Mail, etc, but almost nothing about IBI. It would be great if we had an inside source with access to some internal documentation.

yeah, it would. I have been poking around the deepweb hoping to come across something. It is an ongoing project, but I will update when I have more info. The fact that the data is encrypted sucks. You can read the codes with a pdf417 reader (pdf14 is incorrect, was hitting the bong last night hehe) but you get back encrypted data.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: nimbus on May 01, 2012, 08:11 pm
i have been researching those bar coded stamps. They are encoded with IBI, information based indicia. it was developed by the po specifically for stamp technology. The info encoded in the pdf14 bar code is encrypted. The po is very cagey about what info is included on the stamp. I am currently trying to get a definitive answer on this. The stamps may or may not include sorting info, date/time of purchase, sending and receiving zip  codes. Everything i have found so far skips around stating exactly what is on the stamp. I can realistically se a time whenthe digital pic snapped at the machine is encoded into the stamp as well.

Thanks for looking into this. I also found it very difficult to find information about this. It's easy to find tons of information about the simpler barcodes used for POSTNET, Planet, Intelligent Mail, etc, but almost nothing about IBI. It would be great if we had an inside source with access to some internal documentation.

yeah, it would. I have been poking around the deepweb hoping to come across something. It is an ongoing project, but I will update when I have more info. The fact that the data is encrypted sucks. You can read the codes with a pdf417 reader (pdf14 is incorrect, was hitting the bong last night hehe) but you get back encrypted data.

The pdf417 examples I see look like the wide ones used on pre-printed Priority Mail labels, but the ones on the stamps I've seen are "Data Matrix" according to this example: http://easesoft.net/skin/barcodeexample.gif I'm sure it's all still encrypted though, I need to play with some reader software...
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: Serenity on May 01, 2012, 09:48 pm
I know a well known p1ponline vendor that used to generate VCC's and use anonymous prepaid cards to print barcodes off the internet and never had a problem. Switches up proxy's and credit cards

Granted it may be a stretch, but most color printers secretly add encoded serial numbers and timestamps to each page printed... just a warning to the truly paranoid.

Quote
Printer steganography is a type of steganography produced by color printers, including Brother, Canon, Dell, Epson, HP, IBM, Konica Minolta, Kyocera, Lanier, Lexmark, Ricoh, Toshiba and Xerox brand color laser printers, where tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps.
https://en.wikipedia.org/wiki/Printer_steganography

Printers have a giant grid of ink that they use to print, and the printing itself is just coordinates. Theoretically, someone could prove a label was printed by a specific printer by matching the ink blots on the label to the used ink/toner coordinates in your printer.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: flipside on May 02, 2012, 10:14 am
There's a fucking CAMERA "built into" these machines! Like an ATM.

If you truly "must", have a "friend" buy your labels at least, wear a "disguise" if need be at a 24 hour PO lobby (if available), with anon/pre-paid CC of course.

But cash is truly king.

Just rotate between local post offices and buy stamps with CASH...and...NO worries! :)

Small town PO's with no cameras are the best way to get these labels if you "really" need them. But plain old stamps work just dandy. Just ONE single $5.15 Priority Mail stamp (and 75 cent stamps worth for DCN, if need be)...for example...dur... ;)

Regular stamps suffice just fine.

Though we REALLY do like the "pro-look" of those "printed" labels...indeed! ;)

[and we intend to post the best anon/online method of purchasing/printing them]

[EDIT] When we actually have a phreakin moment to do so, lol... :)

Peace

TFC

Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: brutusk on May 02, 2012, 07:16 pm
There's a fucking CAMERA "built into" these machines! Like an ATM.

defeating the cameras is pretty easy.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: flipside on May 02, 2012, 07:33 pm
Oh, for sure! Just making suggestions for the "average" buyer/vendor who might not know these things.

That's all. ;)

Peace

TFC
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killerbunnies on May 03, 2012, 06:47 am
You can just cover the camera with something while making the purchase with an anon debit card. Problem solved.
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: brutusk on May 03, 2012, 07:02 am
You can just cover the camera with something while making the purchase with an anon debit card. Problem solved.

In a njtshell, yes. They are finicky, and if the item you use is too close to the camera the machine will give you an error message saying ti can't complete the transaction. Once you get the technique down, though, it works great. I do this ijn the busiest part of the day when there are too many people to keep track of. I don't want to give away too much about my location, but out local apc station has no cameras in the 24 hour lobby, so I did a lot of experimenting nights and weekends to get the technique down. It works, but ymmv
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: killerbunnies on May 03, 2012, 07:20 am
I actually saw one of these APC machines a few weeks ago that had the plastic/glass that covers the camera completely scratched up. It looked like someone attacked the camera on the machine with a knife. I doubt they could get anything more than a blurred and distorted image from the camera on that one lol
Title: Re: Vendor warning: Usage of printed USPS stamps with barcodes
Post by: flipside on May 03, 2012, 10:19 am
Indeed you can quickly "cover" the camera or "scratch it up" (lol to whoever did that!) :)

But...just make sure there are no other physical camera's, in the corner, or wherever watching you walk-in.

Again, small town PO's are the least likely to have camera's in general.

Peace

TFC