CaliConnect’s Private PGP Key & Account Password Was “asshole209”

Although currently free on bail, David Burchard, a.k.a. CaliConnect is now looking at a minimum of 20 counts of drug-related and money laundering charges. His lawyer tells the press that he hasn’t even been able to go through the thousands of discovery pages and is unsure as to how the case will play out.

The investigation into Burchard began almost 18 months ago, as of this article (August 2016). It started when he sold over a million USD worth of bitcoin and deposited the money in a personal account.

In an affidavit by special agent Matthew Larsen of Homeland Securities Investigations, it’s noted that CaliConnect was the 3rd largest US-based vendor on the Silk Road before it shut down. He managed to sell $1.4 million worth of marijuana and cocaine on the Silk Road alone. After the feds broke up the Silk Road, he went on to make money on other markets, including Agora, Abraxas, and AlphaBay.

Sending over a million USD to his personal bank account as an out-of-work father was far from the only aspect of his case that points to questionable opsec. He lived with his wife and three children in a California home that cost $1,350 a month in rent, yet his wife was a stay-at-home mother and Burchard had been ‘out of work’ for 6-7 years. A “2010 Jaguar XF sedan; a Mercedes S63, a 2013 Mercedes, and a 2007 Chevy Tahoe” were seized during the raid of his home.

He, using his real name, applied for a trademark on the term “CALI CONNECT” and was found with clothing bearing the same label. Interestingly enough, another marijuana vendor – who was at one point semi-popular –  trademarked the name of his own strain of weed which quickly led to his arrest.

According to his Reddit post pointing to his Alphabay profile, the last login he had was March 26, 2016. He was raided in January 2016. One could argue that law enforcement had logged in to his account to gather evidence but at the time of that Reddit post, his last feedback was on the 25th of March. Meaning he had likely been shipping products out within 10 days of that feedback. While not solid evidence, this strongly implies that he continued to sell on the deepweb after he had been raided, knowing he was under investigation. .

More recently ars technica discovered that Burchard used “asshole209” as a password for his accounts. The discovery says the password was subpoenaed from a site, possibly Greendot, and the same password was then used to decrypt PGP messages in GPG4USB. The decrypted PGP messages allowed law enforcement to match an undercover “controlled purchase” with CaliConnect’s vendor profile. The messages attached to an additional 49 orders were able to be decrypted, some of which were included in the discovery.

A single word attached to his area code.

We have already written about the 18-month investigation of CaliConnect so I will spare you the details on how else he managed to attract attention from the DEA, the HSI, the IRS, the USPIS, the Merced Police Department, and California Highway Patrol.

Anthony Capozzi, Burchard’s lawyer, who was once a federal prosecutor, told ars that the case is still in its early stages and Burchard has yet to be offered a plea deal. There’s no indication that such a deal would happen either.

“We received thousands of pages of discovery, and I haven’t gone through [them] yet,” he says.

The lawyer is surprisingly optimistic for one who has never worked a case involving digital currency before. Even with the massive investigation that took place, it’s hard to see any positive outcome for the vender but Capozzi is unsure as to what direction the case will unfold.

“It’s too early on, so many pages of discovery,” Capozzi added. “I can’t tell one way or the other which way the case is going at this point. With a case this complicated, it’s going to take a while.”

David Burchard’s case makes it clear that those who lack basic digital security should have no business selling to others on the deepweb. His customers had their freedom attached to a password that could have been bruteforced in minutes and was used in more than a single environment.

Share and Enjoy

  • FacebookFacebook
  • TwitterTwitter
  • DeliciousDelicious
  • LinkedInLinkedIn
  • StumbleUponStumbleUpon
  • Add to favoritesAdd to favorites
  • EmailEmail
mm – leading Bitcoin News source since 2012

Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.