Although much of the information has been redacted, a sworn affidavit by a DEA agent helps break down the investigation of two recently indicted AlphaBay heroin dealers.
The sworn affidavit by the agent who is only identified as ‘John Xxxx,’ details the work in his role as part of the Central California Darknet Strike Force, where he was trained to track down darknet vendors. He described learning to “operate an undercover dark marketplace account.” He also learned how to purchase narcotics with the accounts and how to utilize PGP and bitcoins.
John began investigating the top heroin dealers on AlphaBay. In his analysis, he came across AREA51 and DARKAPOLLO. He determined that both accounts were operated by the same person based on each vendor profile. Both vendors advertised that their heroin was directly imported from Afghanistan and both accounts offered the same products in the same quantities. He deduced the accounts were operated by the same individual(s).
A full investigation into AREA51 and DARKAPOLLO was initiated. John discovered, through forums discussing darknet markets, that customers of both vendors received packages that originated from Brooklyn, New York.
After reviewing AlphaBay transactions by methods that were not entirely disclosed, John was able to determine the quantity of heroin and their alleged uncut Peruvian and Colombian cocaine sold as of July 25th. The quantities advertised on each vendor’s profile ranged between one and five grams, both for the heroin and cocaine.
DARKAPOLLO sold approximately 610 grams of heroin and approximately 25 grams of cocaine and made approximately $139,594 from both drugs on AlphaBay.
AREA 51 sold approximately 810.5 grams of heroin and approximately 47 grams of cocaine.
John analyzed the public PGP key on each vendor’s profile and discovered both keys were registered to the same email address: [email protected]___.com. Social media searches including the phrases “Adashc31” and “Adashc,” led to Twitter, Instagram, and Facebook accounts linked to “Ahmed Farooq.” Farooq’s Facebook account made it clear that he was located in Brooklyn, New York.
John submitted a grand jury subpoena to Facebook, requesting subscriber information on Farooq’s Facebook account.
Facebook released the requested information on Farooq. A verified phone number was revealed. An internal DEA search indicated that the user of the telephone number, Farooq, was involved in an on-going investigation for selling heroin in Brooklyn, New York.
John purchased .451 bitcoins on May 11th to use in a heroin deal from either DARKAPOLLO or AREA51. Using his undercover AlphaBay account, the DEA agent purchased approximately one gram of heroin from AREA51 for $165. He included a message telling AREA51 to send the package to a predetermined undercover address. The package was to be addressed to “Alex Mendoza.”
On the 18th, the DEA received a notice from an unnamed US Postal Service Inspector that a package had arrived to the undercover address provided to AREA51. The package was retrieved on the 20th. The package was addressed to the name provided to AREA51, “Alex Mendoza,” and the return address of the package was to “Jessica Brown” in Brooklyn, New York. The tracking number was identified. Hereby referred to as UC PARCEL #1.
UC PARCEL #1 was brought to the Fresno Resident Office to begin processing it into evidence. The package contained a silver Mylar envelope and within the Mylar envelope was a ziplock bag containing white powder. The powder tested positive for heroin. All contents of the package were then submitted to the DEA Western Regional Lab to analyze for fingerprints. John then finalized the transaction by releasing the funds held in escrow.
The same process was repeated resulting in a second package dubbed UC PARCEL #2.
The return address was the same as the address on the initial package and the tracking number was also identified. Contents were shipped off to the Western Regional Lab for fingerprinting and drug analysis.
On May 31st, the lab results for UC PARCEL #1 came in, testing positive and verifying the white powder was indeed heroin. Three latent fingerprints were also discovered and all positively identified as belonging to Abudullah Almashwali.
The lab analysis of UC PARCEL #2 identified the white powder also as heroin. A single latent fingerprint was found on the Mylar envelope and three prints were found on the USPS envelope. All fingerprints also belonged to Almashwali.
As a result of John’s undercover purchases, the Postal Inspector was able “to conduct comparative analysis on these parcels to identify who purchased the postage for them.”
The time, date, and location where the postage was purchased were all identified. The postage for the first package was purchased via a USPS Self Service Kiosk (SSK) at the Homecrest Post Office in Brooklyn, New York on May 18, 2016. The Post Office was less than a mile from both Farooq’s and Almashwali’s residences. The Postal Inspector identified five transactions using the same credit card number at the self service kiosk that amounted to a total of 25 postage labels, including the postage for UC PARCEL #1.
The SSK takes photos during each transaction; these photos were pulled and John positively identified the individual in the photo as Almashwali. With this information, the Postal Inspector was able to identify additional postage purchased with Almashwali’s credit card.
An identical process was replicated for UC PARCEL #2 yielding nearly identical results. The one exception is the postage was purchased at the Farley Post Office in New York. Five additional express labels were purchased at this post office on May 4th.
You can read the full affidavit here.