Into the dark web: Secret corner of the World Wide Web offers a virtual bazaar where anything goes

Law enforcement hopes for human error as U.S. postal carriers used as de facto drug mules

Writer Jason Smith viewing a listing for MDMA crystals for sale on the dark web.

Writer Jason Smith viewing a listing for MDMA crystals for sale on the dark web.

<b><b>Photo by Karlos Rene Ayala</b></b>

Raheem F. Hosseini contributed to this report.

Climbing the wooden steps of a rundown triplex somewhere on the outskirts of the Sacramento grid, I wiped the sweat from my eyes with a sticky T-shirt that felt pasted to my chest. July was bleeding into August and it was hot. The flesh around my eyes sagged and my corneas felt like they were sprinkled with sawdust, strained by a staring contest my ceiling and I had been having since the night my AC went out. I was really in no condition to be doing any work that day, but I was flat broke, behind on rent and out of cigarettes.

So there I was, chasing a ghost.

The door opened before I was halfway up the steps. Drug dealers in my experience have always demonstrated exceptional environmental awareness, so I wasn’t shocked that he knew I was there. I was shocked, however, at his appearance.

He looked like a kid, the type who could be seen on any high school campus. What he didn’t look like was what he was—a drug-smuggling cocaine dealer on the run.

His name was Jim, which is to say his name probably wasn’t Jim. I don’t know his real name.

Jim made his living in a corner of the World Wide Web called the “dark web,” something that came along after I retired from that life in 2012, meaning I was unfamiliar with it. (“Jim” is a play off his dark web ID.) Using easy-to-get encryption software, he orders his illicit product from nearly untraceable webpages, then has it shipped through the U.S. Postal Service, which screens only a fraction of its packages.

“This is the next generation of drug dealer, these dark web guys,” said William Ruzzamenti, director of the Central Valley High-Intensity Drug Trafficking Area, which is a division of the Office of National Drug Control Policy. “Thanks to them, the United States Postal Service is now the largest drug courier on the planet.”

Shaking my hand, Jim welcomed me inside his hideout, where I sat down on a black futon covered with a gray comforter that looked like it had been used recently.

“I know,” he said as he carried a laptop over to where I was sitting, placing it in front of me on the coffee table then sitting to my left. “I look young.”

That’s when he said he was 19 years old.

Anatomy of an online drug trafficker

Also known as the “darknet,” the dark web is an expanding virtual space where anything goes. Think of it like eBay designed by Caligula, where digital currency can purchase any vice or horror man has dreamed up—drugs, stolen IDs, assassins, even webcam access to child dungeons.

And all of it virtually untraceable.

Both Ruzzamenti, who works alongside state and federal agencies as part of a narcotics task force out of the Sacramento County Sheriff’s Department, and DEA Special Agent Casey Rettig suspect the dark web played a role in the mysterious fentanyl overdoses that scourged 14 lives in the Sacramento region last year. Only one person has been tangentially connected to the conspiracy. Authorities still can’t say why counterfeit Norco tablets containing the much stronger synthetic opioid fentanyl were made and distributed, or who was behind it.

It sounded like science fiction to me. I knew the old-school drug game. Late-night drives to Richmond with two hands on the wheel, praying the tail lights were functioning. I was used to sundown hand-to-hands in Oak Park. Jim was used to coffee roasters and street fairs in Oak Park.

Before his current troubles, Jim spent his days soaking up the south Florida sunshine buying uncut cocaine with Bitcoin from a seller off the dark web. Jim would spend his nights flipping the product at retail prices to college kids, spring breakers, professional athletes, businessmen and tourists, who he claimed spent “stupid money” on the drug.

“Everybody wants to get high when they vacation down there, including people who’d never sniff coke back home,” he said.

Less than a month before, Jim says, the feds kicked in the unlocked doors of his home just before sun-up. Drugs were seized, the occupants’ hands were zip-tied and the apprehended were counted:

The suspects were all there except for one.

Two days before the raid, a neighbor told Jim he’d seen some guys that looked like cops trying hard not to look like cops going through his trash. He had a feeling something was about to go down. He broke the neighbor off a gram to say “thank you,” then caught the first flight to Sacramento, where he had a friend in a shabby triplex with rickety steps.

I tracked down Jim through a matrix of online message boards where people discuss the type of things people discuss when they think nobody’s looking: sex, drugs, money laundering, credit card fraud, financial scams. Needless to say, popping in with, “Hey, I’m a writer doing a story on the dark web, would you be willing to talk?” wasn’t received with warmth. There were a lot of swings, a lot of misses and more than one, “Fuck you narc, leave us alone.”

Jim was understandably hesitant at first, but eventually warmed to the idea of talking after skimming a few pieces I’d written. He told me there was humanity in my writing. I told him I didn’t know what that meant. He said, “Exactly.”

Jim says he never ventured into the darker side of the dark web because it scared him, but he has plenty of acquaintances who did. He claims it changed them. He couldn’t say how, exactly, but it just did.

“So the first thing you wanna do,” Jim began, immediately absorbed by his computer, “is get a VPN. It’s a ’virtual private network.’ It’s like a condom for your phone or computer. Everyone needs to use one of these, even if you’re just using the surface web.”

How the darknet works

The “surface web” Jim was referring to is the internet that most of us utilize day-to-day. The terms “deep” and “surface” were cemented in a 2001 white paper written by Michael K. Bergman for the Journal of Electronic Publishing, which explained that the surface web is the portion of the internet that can be found by search engines like Google, Bing or Yahoo. Any link that pops up in a search is considered part of the surface web.

According to Bergman’s white paper, the vast majority of the World Wide Web resides below the surface, where pages and URLs are not found by search engines. These sites are part of the “deep web.” For example, your bank’s homepage is on the surface web. However, the intranet used by bank employees to communicate with each other is the deep web. There’s no way for someone to find those pages using a search engine.

These are the internet’s two neighborhoods—surface and deep. The surface is accessible to anyone, the deep is more exclusive.

But that exclusive neighborhood—the deep web—has a red light district. A dirty, shady, libertarian utopia where the black market adheres strictly to free market principles, absent of any government regulation. This is the dark web.

Media outlets often conflate the two terms, colloquially using “deep web” and “dark web” synonymously. They are not, however, the same.

To gain entry to the dark web, Jim explained, you need to download Tor, which is tech shorthand for “the onion router.” According to the book, WikiLeaks: Inside Julian Assange’s War on Secrecy, Tor was originally developed in the mid ’90s by the U.S. Naval Research Laboratory with the goal of facilitating communication between members of the U.S. intelligence community. The Naval Research Laboratory released the open-source code for Tor to the public in 2004, and it’s been maintained by the nonprofit The Tor Project since 2006.

“Tor is a mask that hides your identity,” Jim explained. “You have to be wearing the mask to get to the good shit. No mask, no entry. You can take your ass on to Kohls.”

With Tor and a VPN masking your IP address, you can then access what’s called the onion network. Here, instead of a site’s URL ending in “.com” or “.gov” or “.edu”, it ends in “.onion”.

According to Sarah Jamie Lewis, an independent privacy and anonymity researcher and dark web expert, data coming across the onion network is encapsulated by multiple layers of encryption, similar to layers of an onion.

When using the surface web without Tor, she explains, a computer requests data from a server directly from its IP, or “internet protocol,” which refers to a set of networking guidelines that allow two or more computers to communicate. This IP leaves a trace, meaning anything that’s sent or received leaves behind a device’s fingerprint, which can be traced back to the person.

Tor makes tracing someone’s movements on the dark web almost impossible, Lewis said in an email. Tor renders the user anonymous as it routes encrypted data requests through three different servers, positioned anywhere on the globe where internet access is available.

“The Tor [makes] three hops, [or in] the case of a hidden service connection, six stops—three from the user making the request, and three from the service responding to the request,” she wrote. “Each hop introduces a new layer of encryption.”

Not even the servers know what the requests passing through them are. They’re simply conduits of encrypted data. Were law enforcement able to somehow intercept the transfer of data between servers, they would still need to decode the encryption. Even then, there’d be no way of determining who made the request, since the Tor masks one’s identity and location.

In her email, Lewis called it a “robust” scheme.

Jim put it more succinctly. “It’s total privacy, total anonymity,” he said.

Preying on human error

Authorities have claimed a couple of big darknet victories, but they’re the exceptions that prove the rule.

In July of this year, one month before I found Jim, Attorney General Jeff Sessions took a victory lap for shutting down a group of dark web marketplaces, the biggest of which was a site called AlphaBay. These sites sold drugs, guns, child pornography and offered services ranging from hacking someone’s Facebook to ordering a hitman. The investigation involved the FBI, Drug Enforcement Administration, Dutch National Police and Europol.

Sessions praised law enforcement for what he called good, old-fashioned police work. But according to Phil Muncaster, an information technology journalist for the MIT Technology Review, traditional police work is only a factor once human error has occurred.

“Law enforcement has been able to capitalize on basic mistakes made by some of the perps,” Muncaster wrote in an email. “[I]f they all used Tor and anonymizing services correctly, police would stand no chance.”

The first and most (in)famous dark web marketplace was Silk Road, launched in 2011. Wired magazine called it the “Amazon of contraband,” but investigators were only able to track down the site’s founder after the real IP address, unmasked without Tor, was accidentally broadcast. Investigators were tipped off by a Reddit thread attempting to alert users of the breach.

AlphaBay founder Alexandre Cazes was discovered after password resets for the site were sent directly from his hotmail account,” That email was connected to his LinkedIn account for a computer repair service in Canada, leading investigators to his real identity and, eventually, his residence in Bangkok, Thailand. Cazes was found last July hanging in his jail cell, dead from an apparent suicide.

“We should remember that it still takes some skill to turn those rookie mistakes … into a concrete conviction,” Muncaster said.

Law enforcement has reacted by getting creative, which both the American Civil Liberties Union and the Electronic Frontier Foundation claim raises constitutional concerns.

In February 2015, a dark website that hosted child pornography called Playpen inadvertently revealed its IP address, giving the FBI the physical location of its server. According to the FBI’s website, the agency said it used “court-approved investigative techniques” for a joint investigation named “Operation Pacifier.”

But some government watchdogs believe the feds may have gone too far.

Court records show that the FBI hijacked the Playpen server and ran the site for two weeks, distributing child pornography but using a custom malware that exploited a hole in the Firefox browser, allowing the FBI to infect the computers and identify those who were downloading their illegal bait.

U.S. Judge Robert Bryan, a federal magistrate in Tacoma, Wash., ruled that Jay Michaud, one of the defendants caught in the Operation Pacifier sting, had a right to see the malware code that infected his computer as part of the case’s discovery. Federal prosecutors in Seattle chose instead to drop the charges and protect the code’s secrecy.

Annette Hayes, a federal prosecutor for the Western District of Washington, wrote in a motion following the judge’s decision that, “Disclosure is not currently an option.”

Light amid the dark

Despite being a professor of computer science at Sacramento State University, June Dai said the dark web is a place he chooses not to visit.

Dai, also the director for the Center of Information Assurance and Security, did point out, however, that the dark web is also used by political dissidents to organize in countries with strict censorship, and where real-world political activism risks a prison sentence.

“The dark web anonymity can be used for things other than bad things,” he said in an interview in his Sac State office. “It is also used for protecting rights and speaking out against governments in places where such things are not permitted.”

Cindy Cohn, executive director of the Electronic Frontier Foundation, told The Guardian in August, “We see Tor use go up whenever a dictatorship takes over or a coup occurs. Tibetans, United Arab Emirates, Tunisia, Egypt. The list goes on and on.”

The journal Survival: Global Politics and Strategy published a study last year that found 40 percent of the dark web was used for illicit purposes. Cohn points out that, therefore, 60 percent is not.

Many newspapers, including USA Today, the New York Times and the Guardian, have launched their own secure drop servers for whistleblowers to upload documents using Tor and the dark web. The Panama Papers and recent FIFA scandals both came to light thanks to whistleblowers utilizing these tools to protect their identities. SecureDrop is an open-source submission system used by media outlets to gather information from sources whose identities cannot be revealed, protecting both the source and the journalist.

Jim doesn’t concern himself much with political activism, but he does think the dark web has its public safety benefits.

Retrieving a package from the closet with markings indicating it was shipped via the U.S. Postal Service to a P.O. box, he sits down and peels it open. Inside the cardboard envelope is a paper envelope, and inside that paper envelope are two vacuum-sealed packages: one containing white powder, the other containing a dozen pink pills.

“These were freebies,” he said, pointing to the pills. “My coke guy hooks me up. Once you make reliable connects on here, they start giving you better deals and sending you free shit. It’s like Yelp. They need a good rating to survive.”

He pulled up the site where he placed the order for the cocaine. Vendors indicate everything from purity of the drug to the methods they use for shipping. Most state they’re willing to walk first-time buyers through the process to mitigate the risks of shipping. When a vendor says their cocaine is uncut, previous buyers leave reviews either confirming or disputing the claim of purity. It’s easy to see from the outset which vendors deliver on the product they promise, and which do not.

The DEA’s Rettig strongly disagrees with Jim’s assessment that these rating systems reduce harm for addicts or for the community. “You cannot apply a rating system that works in the regular world, and apply it to an illicit substance,” she told SN&R.

“A person ordering on the dark web still has no idea what they’re getting,” she added. “I don’t think reviews by a bunch of drug addicts are going to make it safer.”

Jim seemed to disagree.

“The people I order from, I know them and they know I test what they send me,” he said. “This is 10 times safer than buying something that was cut with God knows what.”

In the meantime, there may be no stopping the dark web.

When AlphaBay was shut down, it had 10 times the number of users that Silk Road had. More than 400,000 users shopped the 369,000 listings spending $800,000 per day, according to Deep Dot Web, which monitors dark web frequency. Every expert interviewed for this story agreed that shutting down the dark web is not realistic. Like it or not, they all agree, the dark web is here to stay.

“It’s not a civilized world, this underground market,” Professor Dai said. “There’s no way to shut it down or regulate it.”

Asked if this was the future of the internet, he paused. “I don’t know,” he said, still considering the question. “Nobody can answer this. Maybe. Maybe not.”

Ghost of a chance

Jim had disappeared. He stopped responding to emails and I couldn’t find his username on any message boards. I remember him saying he’d lived in eight different states since 2012. That restless trait hadn’t diminished, it seemed.

Ghosts. They never say goodbye when they go.

Summer begrudgingly yielded to fall, with winter looming on the other side of Thanksgiving. Inside a squat building in Oak Park, a woman took down Halloween decorations as a mother, with her child tucked in a car seat, spoke with a case manager.

Here at Harm Reduction Services, they treat Jim’s former customers.

As its name suggests, the clinic meets drug users where they are in their addiction—providing resources to those who want to get clean, and overdose prevention training, clean syringes and other harm-reducing tools to those who are not yet ready.

But the clinic’s biggest export, it seems, is a little bit of human kindness.

For instance, when a homeless woman walks in, crying hysterically because all of her belongings have been stolen, three different staff members give her hugs, rub her back and tell her it’s going to be OK.

The place is an island in America’s rekindled drug war, which is expanding to new frontiers thanks to both Sessions and criminal innovation. In Sacramento, however, that war is still being waged the old-fashioned way.

On November 3, sheriff’s deputies searched a 52-year-old man sitting on a park bench after discovering he was on probation. Deputies booked the man into jail after finding around eight grams of methamphetamine in two plastic baggies and a lock-picking kit. Earlier that same day, deputies contacted a 44-year-old man because he was walking through a residential neighborhood at night. He was allegedly found to be holding an unspecified amount of the crystal narcotic and a glass pipe. He was also wanted on an outstanding felony warrant, according to an incident summary. And on November 2, a vehicle stop led to the seizure of 113 grams of methamphetamine and 26 bucks. The 37-year-old male suspect was taken to jail and his vehicle towed.

Meanwhile, guys like Jim proceed to order Schedule I narcotics online the same way the rest of us will order Christmas gifts for our families.

There’s a tragic disconnect here that no one seems to be acknowledging.

On the morning of November 9, sheriff’s deputies rolled up on a car stuffed with personal possessions, parked in a lot belonging to an unidentified business. There they found a 25-year-old woman named Jade, barefoot, scabs on her face and “not properly clothed for the weather,” an incident summary states.

Jade was holding her 1-year-old child when she admitted to being on probation out of Placer County. That led to a search of her vehicle, which led to the discovery of less than a gram of heroin, a hypodermic needle and smoking pipe inside of her makeup bags.

Jade was taken to jail and her baby was taken somewhere else.

Two more ghosts who left without warning.