Home » Featured » Timeline: Arrests of AlphaBay Vendors AREA51 and DARKAPOLLO
Click Here To Hide Tor

Timeline: Arrests of AlphaBay Vendors AREA51 and DARKAPOLLO

Although much of the information has been redacted, a sworn affidavit by a DEA agent helps break down the investigation of two recently indicted AlphaBay heroin dealers.

The sworn affidavit by the agent who is only identified as ‘John Xxxx,’ details the work in his role as part of the Central California Darknet Strike Force, where he was trained to track down darknet vendors. He described learning to “operate an undercover dark marketplace account.” He also learned how to purchase narcotics with the accounts and how to utilize PGP and bitcoins.

January 2016:

John began investigating the top heroin dealers on AlphaBay. In his analysis, he came across AREA51 and DARKAPOLLO. He determined that both accounts were operated by the same person based on each vendor profile. Both vendors advertised that their heroin was directly imported from Afghanistan and both accounts offered the same products in the same quantities. He deduced the accounts were operated by the same individual(s).

area51

March 2016:

A full investigation into AREA51 and DARKAPOLLO was initiated. John discovered, through forums discussing darknet markets, that customers of both vendors received packages that originated from Brooklyn, New York.

July 2016:

After reviewing AlphaBay transactions by methods that were not entirely disclosed, John was able to determine the quantity of heroin and their alleged uncut Peruvian and Colombian cocaine sold as of July 25th. The quantities advertised on each vendor’s profile ranged between one and five grams, both for the heroin and cocaine.

DARKAPOLLO sold approximately 610 grams of heroin and approximately 25 grams of cocaine and made approximately $139,594 from both drugs on AlphaBay.

AREA 51 sold approximately 810.5 grams of heroin and approximately 47 grams of cocaine.

John analyzed the public PGP key on each vendor’s profile and discovered both keys were registered to the same email address: [email protected]___.com. Social media searches including the phrases “Adashc31” and “Adashc,” led to Twitter, Instagram, and Facebook accounts linked to “Ahmed Farooq.” Farooq’s Facebook account made it clear that he was located in Brooklyn, New York.

April 2016:

John submitted a grand jury subpoena to Facebook, requesting subscriber information on Farooq’s Facebook account.

May 2016:

Facebook released the requested information on Farooq. A verified phone number was revealed. An internal DEA search indicated that the user of the telephone number, Farooq, was involved in an on-going investigation for selling heroin in Brooklyn, New York.

John purchased .451 bitcoins on May 11th  to use in a heroin deal from either DARKAPOLLO or AREA51. Using his undercover AlphaBay account, the DEA agent purchased approximately one gram of heroin from AREA51 for $165. He included a message telling AREA51 to send the package to a predetermined undercover address. The package was to be addressed to “Alex Mendoza.”

On the 18th, the DEA received a notice from an unnamed US Postal Service Inspector that a package had arrived to the undercover address provided to AREA51. The package was retrieved on the 20th. The package was addressed to the name provided to AREA51, “Alex Mendoza,” and the return address of the package was to “Jessica Brown” in Brooklyn, New York. The tracking number was identified. Hereby referred to as UC PARCEL #1.

UC PARCEL #1 was brought to the Fresno Resident Office to begin processing it into evidence. The package contained a silver Mylar envelope and within the Mylar envelope was a ziplock bag containing white powder. The powder tested positive for heroin. All contents of the package were then submitted to the DEA Western Regional Lab to analyze for fingerprints. John then finalized the transaction by releasing the funds held in escrow.

May 2016:

The same process was repeated resulting in a second package dubbed UC PARCEL #2.

The return address was the same as the address on the initial package and the tracking number was also identified. Contents were shipped off to the Western Regional Lab for fingerprinting and drug analysis.

On May 31st, the lab results for UC PARCEL #1 came in, testing positive and verifying the white powder was indeed heroin. Three latent fingerprints were also discovered and all positively identified as belonging to Abudullah Almashwali.

June 2016:

The lab analysis of UC PARCEL #2 identified the white powder also as heroin. A single latent fingerprint was found on the Mylar envelope and three prints were found on the USPS envelope. All fingerprints also belonged to Almashwali.

As a result of John’s undercover purchases, the Postal Inspector was able “to conduct comparative analysis on these parcels to identify who purchased the postage for them.”

The time, date, and location where the postage was purchased were all identified. The postage for the first package was purchased via a USPS Self Service Kiosk (SSK) at the Homecrest Post Office in Brooklyn, New York on May 18, 2016. The Post Office was less than a mile from both Farooq’s and Almashwali’s residences. The Postal Inspector identified five transactions using the same credit card number at the self service kiosk that amounted to a total of 25 postage labels, including the postage for UC PARCEL #1.

The SSK takes photos during each transaction; these photos were pulled and John positively identified the individual in the photo as Almashwali. With this information, the Postal Inspector was able to identify additional postage purchased with Almashwali’s credit card.

An identical process was replicated for UC PARCEL #2 yielding nearly identical results. The one exception is the postage was purchased at the Farley Post Office in New York. Five additional express labels were purchased at this post office on May 4th.

August 2016:

Both men were arrested on August 2nd, and indicted on August 11th of federal charges for heroin and cocaine distribution, as well as federal conspiracy.

You can read the full affidavit here.

14 comments

  1. One would think if you where going to peddle smack on the dark web you would at least engage your brain and implement a good opp sec. Everyone that gets nabbed by the feds has been the author of their own downfall.

  2. How can someone be such an idiot to use an email address registered to fb, twitter and other shit for the PGP key that anyone sending him PGP msg can see??? Especially being a top vendor, so stupid!!!

    Also, how can he leave fingerprint in the package he is sending?? They deserve it for being so stupid. This proves people who get caught it’s because they are idiots, with good opsec cops cant do anything at all unless they use the full power with fbi, nsa and everything, but this only happens for big things not individual buyers/sellers.

  3. “John analyzed the public PGP key on each vendor’s profile and discovered both keys were registered to the same email address: [email protected]___.com. Social media searches including the phrases “Adashc31” and “Adashc,” led to Twitter, Instagram, and Facebook accounts linked to “Ahmed Farooq.” Farooq’s Facebook account made it clear that he was located in Brooklyn, New York.”

    HEY COPS I LIVE AT 1111 GRAND STREET, I SELL SHITLOAD OF HEROIN, IM DUMB, COME & GET ME

  4. Government heroin vendors cannot suffer competition.
    Competition and competence share the same root.
    DEA are incompetent thugs.

  5. Where he went wrong:

    PGP key was linked to his email.
    He mailed all the packages from Brooklyn, NY instead of traveling to mail them.
    He used his real credit card to purchase the postage stamps.
    He used a username similar to the ones he used on the clearnet.
    He got his finger prints on the inside of the package.

    How can someone be this stupid? Also, the article acts like the feds accomplished some amazing feat, yet anybody with a bit of spare time and social engineering skills could likely accomplish the same thing.

    • not a moron

      If he were really smart, he would have sent someone else, someone random to buy stamps, and someone else to mail them. It really isn’t too hard if you value your freedom.

  6. It’s artificial selection at work here, mates! Those who are foolish perish, while the wise prosper.

    Do NOT post on social media accounts, ever! You also need to have a lab, a clean-room, if you will, where there can be NO DNA and/or fingerprint evidence of any kind. Wear gloves, a lab coat, goggles, etc. The room should be sealed at all times, which means no windows. It should be clean, disinfected and climate-controlled, which means that it should be dry. When not in use, everything needs to be sealed.

  7. Who sells heroin using a Gmail account that they also register a Facebook with?

  8. If you actually bothered to read the indictment instead of just reading reddit like a lazy redditor and reposting it here, you’d realize that the DEA agent identifies himself directly as Special Agent John T. Rabaut.

  9. Pure stupidity. Why register a key to the same email address as your social networks

  10. This guy didn’t sell drugs for bitcoin he bought bitcoin with drugs.
    Bitcoin go up and down with the stock market so it a investment.

  11. This guy bought bitcoin with drugs. Bitcoin is a investment it go up and down with the stock market.

  12. Lmao using real adress on your pgp key, not suprised this retarded sandnigger got caught

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *