A multinational police force last week arrested eight men on suspicion of running a secret online store called “The Farmer’s Market” that sold more than $1 million worth of narcotics, including LSD, ecstasy, fentanyl, mescaline, ketamine, DMT, and high-end marijuana.
According to a 66-page, 12-count indictment that was unsealed last Monday, The Farmer’s Market provided a fully functional e-commerce experience, including a storefront, order forms, online forums, customer service, and various payment methods for the different sources of supply.
The indictment alleges that The Farmer’s Market, which was previously known as Adamflowers, hid its tracks by operating on the Tor network.
Tor, a free, open-source program, bestows online anonymity via a circuit of multilayered, encrypted connections routed through a worldwide volunteer network of servers in order to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.
The bust was led by the US Drug Enforcement Administration and was the result of “Operation Adam Bomb”, that had spanned more than two years and included help from from authorities in the Netherlands, Columbia, and Scotland; and federal, state, and local US authorities in New York, Iowa, Georgia, Florida, New Hampshire, Pennsylvania, Michigan and New Jersey.
The indictment charges that The Farmer’s Market was paid through Western Union, Pecunix, PayPal, I-Golder, and in cash.
A press release from the DEA said that between January 2007 and October 2009 alone, two of the defendants processed some 5,256 orders valued at about $1,041,244, via the gang’s multiple marketplaces.
Customers came from some 34 countries and all 50 US states.
On the morning of April 16, police in Lelystad, Netherlands, arrested the lead defendant, Marc Willems, at his home.
The day before, police in Bogota, Colombia, arrested the second defendant, Michael Evron, a United States citizen who lives in Argentina, as he tried to leave Colombia.
The other suspects were Jonathan Colbeck, Brian Colbeck, Ryan Rawls, Jonathan Dugan, George Matzek, and Charles Bigras. They were arrested at their respective homes in the US: Iowa, Michigan, Georgia, New York, New Jersey, and Florida.
According to the DEA, the marketplace operators screened all sources of supply and guaranteed delivery of the drugs, also handling all communications between their suppliers and customers.
For that, the operators charged a commission, based on order value.
Each defendant is charged with conspiracy to distribute controlled substances, which carries a maximum sentence of life imprisonment, and money laundering conspiracy, which carries a maximum sentence of 20 years imprisonment.
Willems, Evron, Jonathan Colbeck, Brian Colbeck, and Rawls have also been charged with the distribution of LSD, which carries a maximum sentence of life imprisonment.
Willems and Evron are charged with participating in a continuing criminal enterprise, which carries a maximum sentence of life imprisonment and a mandatory, minimum 20-year sentence.
Requisite law and order blurb: As Mr. Mackey’s character has said on the US cartoon South Park, “Drugs are bad. Don’t do drugs. They’re bad. OK?”
Bite of common sense: If you’re anti-drugs, that’s fine, but don’t be anti-Tor just because of this bust.
The Tor Project was awarded the Free Software Foundation’s 2010 Award for Projects of Social Benefit for enabling roughly 36 million people around the world to, as the FSF’s statement says, “experience freedom of access and expression on the internet while keeping them in control of their privacy and anonymity.”
As the FSF pointed out, the Tor network proved “pivotal” to dissident movements in Iran and Egypt.
Because of Tor, people can join chat rooms and forums to discuss sensitive, private issues, including rape, abuse or illness.
Tor is making it into the headlines about this case, but let’s not forget about the good that the network enables.
Drugs and money and drugs and keyboard images, courtesy of Shutterstock.
34 comments on “Tor-hidden online narcotics store, ‘The Farmer’s Market’, brought down in multinational sting”
What seems really lacking here is the answer of where Tor failed. I'm glad that the drug dealers have been shutdown but at the same time this shows a flaw in the Tor network. That is the nature of true freedom, if the government can find and jail these drug dealers then do you really think they can't find someone talking out against the government? This is a very real concern. People are using Tor to protect them from corrupt governments and this has shown that it may not be able to do its job.
I don’t believe Tor failed here… It only takes one slip up and you can get caught, just like Sabu. Additionally they are shipping physical products around and stuff, leaving plenty of opportunity for observation and good ol’ gumshoe work.
I don't see them being able to track all these people down due to the shipping. I imagine only one or two actually handled the shipping. I guess can agree that their were ways they could have messed up to get caught. The point I'm making though is that it would be nice to know more details about what was done tracking them down.
If they tracked the shipping and the money then it was not a flaw in Tor. It would just be interesting to know more details. Tor is being used around the world to protect people from governments that will do more than just throw you in jail. Any time Tor fails to protect someone for any reason it is important to learn what happened.
If it was them tracking the drugs and the money then those using Tor to communicate online will be able to take a sigh of relief as that would show that the issue was outside of Tor. If they were tracked through Tor though then there is a very serious issue.
I don’t think it’s Tor that’s failed. They are selling via payment processing companies which often require address and accounts which deposit the money into. Since majority of the defendants are living in the US so I could assume they would use banks operate in the US for their money deposit into. In the US, you must provide ID when you open an account under the new regulations from Patriot Acts.They also have cameras in the banks and ATMs. There is always a way to get to the bad guys as long as our police forces and FBI put their efforts on it.
Hushmail spilled the beans. That and the cash drop addresses and paypal. They didnt break tor, they infiltrated the site
Tor was not the cause of demise of The Farmers’ Market. If anything, their move to Tor was simply too little, too late. The authorities already had them under surveillance prior to that. For one thing, the perps employed Hushmail, which as we all know, waste no time rolling-over on their users to the authorities. Between Hushmail and Paypal, they literally had no secrets left.
Tor did not fail.. Hushmail gave up the encryption keys and thus were infiltrated.. In the indicment where it says ' in a coded massage'.. those messages were supposed to be encrypted. Unfortunalty Hushmail is a canadian based web service and coroperates with the feds. They stil might be around if it wasnt for hushmail
It would be interesting to know how they got arrested despite their use of the TOR network…
A minimum of 20 years in jail for this. I guess that's supposed to serve as an example that provides a deterrent to others who might want to try such activity, but it sure didn't deter these guys.
Don't get me wrong; I think what they did is pretty stupid. But they didn't steal anything, damage any property, or injure anyone. I dunno…it just seems like there ought to be a more constructive way of handling this.
They didn't hurt anyone? I'm not on the inside track of the lives of those who purchased these drugs, but it seems to me that someone with a drug problem might very much hurt themselves, their family and friends, not to mention if they are broke and had to steal to afford to pay for the drugs. So, YES, these people can do lots of damage.
The same could be said of legal drugs as well. Alcohol, for one. Should we give bartenders 20 years?
Any and all drugs can do lots of damage. They can also do good, or be inconsequential. The issue is that drugs are classified as bad or good on a relatively arbitrary basis. Cannabis was once an esteemed painkiller the medical establishment heartily recommended, ditto cocaine. Alcohol was once so reviled the cops would come for you with machine guns and sledgehammers.
i agree with beth in that there was a distinct possibility that harm was done. but then again, i don't believe government should decide these things for us. the only thing that bothers me is that it was very likely that minors had access to these drugs. that is the only crime committed in my mind. i guess it comes down to greed and knowing when to shut down. i wonder if anyone on the business end was getting suspicious about being found out….
If you heard about date rape cases that the rapists used LSD, ecstasy, ketamine to commit their crime, you wouldn’t say that didn’t harm anyone.
Those “party” drugs are often used by bad guys who spike the drinks of unsuspected women. I personally know a few girls whose drinks got spiked and had sex with a stranger. The worst part is that they are afraid to going to the police as they will be test positive for illegal drugs.
Are you still think what they did cost no harm to no one?
It’s obvious to anyone who has ever tried any of “these party drugs” you listed that you are full of shit. You have no idea what you are talking about.
Drinks do not get spiked with ketamine, ecstasy, or LSD. And these drugs do not make you “sex zombies”. If your friends had sex while on drugs that was their choice, but don’t say that the drugs made them have sex.
The reason drinks don’t get spiked is because you would see the powder floating in your drink and it would taste horrible.
It would appear that the "multilayered, encrypted connections routed through a worldwide volunteer network of servers in order to conceal a user's location or usage" is not so concealing after all.
As Chester said, we really don't know how they slipped up. Such an expansive operation, spanning so many suppliers, in so many countries and in all US states, with that many customers and a slew of market operators, could have had a leak anywhere. Some drug supplier could have gotten busted and ratted out the operation, who knows? The DEA didn't hand over the details, understandably. There's not enough information to surmise that they got busted because of a Tor flaw.
As others have pointed out, they were primarily busted because they used Hushmail. This investigation started some time before the DEA’s “Operation Raw Deal” in the fall of 2007. It appears that, in both cases, the decrypted emails provided by Hushmail were the linchpin in the criminal cases brought against the defendants.
In both cases, if the defendants had not been so slothful, and had learned to use PGP/GPG, building a case against them would have been considerably harder, if not impossible.
The other thing that has to be remembered is that eveyrone using a supposedly-secure provider causes two things to happen:
1) Since they believe their communications cannot be intercepted, they tend to be more frank, and less guarded in their communications.
2) Hush served as an evidence smorgasbord for the DEA; it served as “one stop shopping” when all the suspects used the same service for their communications.
If the suspects had used different email providers, or changed them frequently, as well as changing their PGP keys, the feds would have had a much harder time gathering evidence.
They got arrested because of Hushmail, not TOR. Just like many hackers in the past have for relying on services like Hushmail, which only protect you until they see a badge.
Thank you TOR for providing normalcy a chance! In my opinion LSD and psychedelics have been a major source of anti-war movement of 20th century, reason for female emancipation in the 60's, inspiration for greatest novels of 20th century and cause of modern spiritual liberation. Yet establishment has successfully managed to demonize them as "drugs". Out the substances mentioned only fentanyl is questionable..
Naked Security has fallen into same pit mainstream media almost always does, that is associating all related to mind-altering substances with wrongdoing and thus being another mouthpiece of establishment or just plain weak journalism.
I think you're confusing the comments with the story. I didn't get into grandstanding against drugs, and I hardly think this piece constitutes being "a mouthpiece of establishment or just plain weak journalism." Honestly, isn't it a bit lazy to fall into the trap of calling journalists "mouthpieces?" Unless you're referring to my tongue-in-cheek quoting of Mr. Mackey, and if you take that as a serious anti-drug pitch, well, I wouldn't be surprised if you think South Park is a venue for news documentaries.
Well, I surf around and am always getting offered drugs from some on-line supplier. I actually had a script, but purchased on-line. Got a nasty note from the Government (USA) to not use "out of country" pharmacies. I didn't know it was out of country! I don't see them stopping those people. How many of you have had that happen? Also I know we have laws against 'stealing' or 'hacking' into another computer, but I see adds all the time for adult stuff that says "Hacked Facebook", "Stolen personal cell phone photos". This is either lies, or they are breaking the law. If it's true, how many are underage? I'm just saying there is enough that's out there in the open, why are they spending lot's of money for a 2 year sting? Yea, I do understand but the other are still operating and making big bucks…
It would be nice to know if there was a failure in Tor, it seems like it would be or how else would they know how it was operated? If by tracking, there would be no mention of the Tor system, so?? Just MHO…
if you read the full document you'll notice their emails were one of the main reason they were caught. along with meeting up with dealers and acceping payments in paypal etc. it has nothing to do with tor
I actually missed that, so thanks to all of you who pointed out the email connection.
from Tor site:
"Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit."
How is this important? The only means of this would be if the police knew where your randomized circuit connection end-point was (and you can configure TOR to switch circuits every 15 mins if you wish) and had a sniffer on your box. The former being extremely, if not impossible for current law enforcement to be able to do effectively.
Remember don't go online and let it safely get delivered through your door, just go down your local dark ally way and make friends with the shady characters down there. . . if anything this is preventing something which although incorrect legally is both safer and more reliable than any street dealings people may opt for.
just saying on the outside looking in it is clear here tor had no problems it was just the transit but seriously they are clamping down on the one place where people can buy these illegal items in a way which has user feedback, a good community, few liars cheats or con men and no risk of being "dragged" into worse things through the general illegal status.
either that or i am one of the only people who blame the "Gateway drug" concept on something being illegal forcing people to meet people who will push it forward rather than listening to a community.
somebody may argue drugs ruin lives but if you ask me getting dragged into the world socially, through fear of prosecution and the risks in the world associated to it makes going online not just seem safer but a smarter option…
A few years ago, I wrote a book with online drug smuggling in it; I thought I was making it up. Hm.
The DEA can be very smart sometimes; they probably did set up a sting and that’s how they caught them. Or someone ratted them out, as someone said above. Also emails and the payment options they were using (paypal, for God’s sake) can’t be that hard to track back to the source. I’m surprised these guys got away with what they got away with for as long as they did.
It's a good point, TFM was one of the smaller markets for this stuff, and Adam flowers did not take precautions. PayPal and WU to named accounts? Hushmail = fedsmail.
Tor is still clean and trusted. Surely SR and BMR are more of a target and they are still ok!
did someone really expert knows the answer? Tor has failed or not in this situation? if he has failed in its use is not safe … and there is more reason to use it …..
Read the affidavit. Tor didn’t fail; they were already done-in by Hushmail and PayPal by the time they switched their operations to Tor.
Guys they didn't get busted because of TOR itself. There was a 2 year investigation including an undercover. In that amount of time with the right resources, you can find out where people are mailing you things from, and pretty much everything… Even I knew the basics without actually investigating…. It's not that hard. Plus, they used a few not very smart payment methods, and before using tor, Adam used hushmail. I knew this site would get busted eventually. I sincerely thank all the people that ran it…. And I am truely sorry that it came down to this. They were good, honest people. Just trying to survive comfortably, while offering a harmless service.
RIP Farmers Market!
"The indictment charges that The Farmer's Market was paid through Western Union, Pecunix, PayPal, I-Golder, and in cash"
Must be the help of those payment processors/exchangers/payment methods, or on the server itself (vulnerability) within the CMS.
Blocked resources, it’s easier to go through online services “valhallaxmn3fydu.onion.vin”