Let me begin with a rhetorical question and an obvious answer:
“Who is the largest drug dealer in any developed country in the 21st century?”
Yeah, that’s right.
That country’s postal service.
Buying drugs from either dark web marketplaces or via communicators apps such as Telegram, Signal, Wickr or Wire is now the safest and the most certain way of acquiring illegal substances.
And delivering them by post is the most effective shipment method.
This is despite the fact that law enforcement globally has had some success stories with taking down dark web markets, which disrupts the drug trade, albeit only with temporary effects.
(more on conducting OSINT on .onion sites here)
Dark web vendors often scam customers and dark web marketplaces often scam both vendors and customers by conducting exit scams.
This means the dark web markets just stop shipping any fulfilled orders and that they abruptly take down their website while also taking any cryptocurrency that was stored on the website by both the vendors and the customers.
And yet, this manner of sourcing illegal drugs is still considered less risky than buying them on the streets, for cash, with very little anonymity while risking getting robbed / ripped off during the drug deal or getting arrested by law enforcement.
So let’s explore some details on how both buyers and vendors are using postal services.
1. Dark web education - opsec manuals
There are a number of manuals available on the dark web that concentrate on “operational security” or “opsec” when it comes to sending and receiving packages (examples mentioned here). They can be found with a bit of effort and I have gained access to some of them for research purposes.
I decided against posting them here as this could be misconstrued as promoting or enabling access to these resources.
Such manuals are written by seasoned users and often include learning outcomes derived from successful law enforcement actions, package interception, controlled delivery stories and so on.
Key points of focus include:
- stealthy packaging
- safety and precautions during the posting process
- strategies for effective drops
- actions by law enforcement and postal inspectors
- controlled deliveries and strategies aimed at disrupting them
Criminals, like everybody else, value continuous development and learning…
Comparing older documents to the more contemporary ones gives an interesting insight on how the knowledge and awareness of disguising packages has evolved throughout the years.
2. Domestic vs international shipping
In a nearly unanimous decision, everybody on the dark web agrees that domestic shipping is easier and less risky than the international one.
International mail goes through at least two customs inspection facilities: one from the country of origin, and the other in the country of destination.
This exposure to additional scrutiny leads to vendors adopting tactics like travelling to border regions (for instance between the Netherlands and Germany) and crossing the internal EU borders so that they can ship their packages from a destination that is not considered “elevated risk”.
Counties identified by dark web markets communities as having very strict customs inspections of incoming mail include:
- Singapore
- Australia
- New Zealand
- Israel
- Norway
- Sweden
- Finland
Equally, the list of countries described as “elevated risk” is a hot topic discussed on dark web forums. The general advice given to beginner buyers is not to order illegal merchandise from countries commonly associated with drugs, such as Colombia, Peru, Bolivia, Venezuela, the Netherlands, and so on.
3. Packaging and shipping
The most important aspect for the criminals feeding dark web drugs packages into the national or international postal service is “stealth”.
The meaning of stealth is twofold:
- External examination of the package (x-ray, sniffer dogs, etc.) does not determine that the package contains illegal drugs;
- If the customs officials or postal inspectors decide to open a given package, it should not be immediately obvious that it contains an illegal substance.
The most commonly used packaging materials (the presence of which the authorities should always pay attention to, if at all possible due to the volume of post coming through every day) are moisture barrier bags, such as those below:
The stealth process begins at the early stage of packing the product and it often includes measures such as vacuum packing (considered one of the basic requirements) and ensuring no fingerprints or DNA gets on or remains on any of the packaging.
Types of stealth and disguise depends on the type of merchandise that is getting shipped. In general terms, we can distinguish three main methods of product concealment:
- ITEMS CONCEALED WITHIN OTHER ITEMS – using cheap and typically disposable objects like cigarette lighters, sweets or coffee packaging with some of the original content still present allows drug vendors to ship drugs in disguise. Other examples include using containers with hidden compartments, double lids, etc.
- ITEMS DISGUISED AS OTHER ITEMS – broadly speaking, this includes anything that can be made appear likes something else. For instance: THC infused edibles that look like innocent gummy bear sweets, cannabis sold as cigars, ecstasy pills labelled as dog worming tablets, LSD strips made look like a SIM card, and so on.
- DECOYS – these are items placed into the parcels in order to appear like they are the most substantial content that is shipped, while diverting any potential attention from a smaller, illegal item also contained within. This is best illustrated with a actual testimonial from one dark web buyer:
“It was a letter that said some bs about thank you for entering our Pokemon contest but sadly you didn’t win. Here is a complimentary gift. Inside was a sealed pack of pokemon cards and the k [ketamine] was in a bag taped to the back of one of the cards.”
4. False leads
There are a number of false leads that dark web markets vendors utilise in order to throw off postal inspectors or law enforcement investigators. False leads are created deliberately and often prolong or impede an investigation, because by their nature most police services are very meticulous in their approach where everything should be followed up and checked out thoroughly.
Some examples of false leads that the criminals use to confuse investigators:
- Posting packages from remote locations, or from very busy central post offices that have a lot of footfall. Dark web vendors are prepared to travel far, if it means minimising their chances of getting identified and caught.
- Marking a package with a return address located in an area where levels of crime are high (where they DO NOT live), to divert the attention and the focus of investigators somewhere else.
- Paying other individuals to conduct deliveries or shipping on their behalf. This type of “outsourcing” is similar to hiring money mules or drug mules who are not directly connected to a criminal enterprise and have a clean record.
5. Concluding thoughts
Shipping dark web drugs won’t stop. It will only get bigger.
It’s unrealistic to expect postal services to be equipped with on site mini-labs that can test the chemical composition of every package that might look suspicious and that is labelled as dog worming tablets, homeopathic medicine, herbal tea and so on.
The only real, utilitarian solution is to pick the lesser evil and decriminalise, regulate and tax the drug market or at least some segment of it (the so called “soft drugs”).
This is far from ideal, but so is the current status quo which despite considerable efforts and investments is very inefficient.
The process of purchasing drugs on the dark web is relatively easy and the scale of these drug dealing activities reflect on the popularity and the demand.
And with every dark web market takedown, two spring up in its place…