Blog
Why Smart Plug Is Dangerous For Darknet Market Admins
Darknet market admins are always susceptible to getting caught by the LE or Law Enforcement Agencies. The dark web markets are not like the usual markets and that is the reason why the dark web vendors and the darknet market admins need to stay safe while operating their markets and vendor shops.
With the inclusion and massive usage of the smart appliances, and other tech-advanced systems, these people always find new methods to keep their work concealed. One such thing that has attracted a lot of people in improving OpSEC for the darknet market vendors is the use of a “Smart Plug”.
In this article, we will discuss what smart plugs are, how they are being advised to be used by the darknet vendors and market admins. Additionally, the main focus of the article would be to explain why smart plug is dangerous for the darknet market admins.
Table of Contents
What Is A Smart Plug?
Smart plugs are an easy way to make your home smarter by automating your wired devices. To get started, plug your smart plug into an outlet, connect it to the Wi-Fi, and then follow the instructions in the compatible application on your smartphone or tablet. Plug any wired appliance, such as a lamp or fan, into the smart plug, and you can control them from anywhere on your phone.
You can also use your smart home hub (Amazon Echo, Google Home Hub) to connect the Google Home smart plug to your smart home hub. This allows you to enable voice commands such as "Alexa turn on bedroom fan."
In addition to talking to your home and getting it to respond with actions, smart plugs can also help you save on your energy bills. By using the scheduling feature in your smart plug’s app, you’ll be able to set things like your lights to turn on only when you’re home, so they’re not wasting energy.
Smart plugs can also help protect your home against fire hazards. For example, if you use your heat-powered appliances on a daily basis, such as your curling iron and clothes iron, you can plug them into your smart plug when you use them. That way, you won’t have to worry about turning them off in the middle of the night when you rush out of the door.
Often Advised: Using A Smart Plug As A Quick Fix
An individual discovered an easy solution to the issue of LE finding DNM admins with their computer open, which they have not encountered before. The solution is none other than the use of a smart plug.
The following are the things that has been discussed or advised with the use of smart plugs:
- If you haven’t already, encrypt your computer or any sensitive information.
- If you are looking for a "smart plug" search on Amazon (Amazon smart plug).
- Buy one with wifi connectivity and support for Apple home app or Google assistant if using Android.
- Connect your computer to the smart plug and connect the smart plug to your wall outlet. (Computer -> Smart Plug -> Wall Outlet).
- Say “Setup – Lights”, “Oven”, or “TV” (anything that isn’t a computer or related to the computer you want to turn off).
If police arrest you/take you into custody, if you have your phone in your pocket/nearby, all you have to do is say “Hey Google, turn off my lights” and your computer loses power. All the information that was encrypted will be re-encrypted (unless you have stored it as plain text for a reason).
In America, this creates a gray area that has yet to be resolved because all you have to say is “turn off my light” and it would take them a long time and most likely cost a lot to decide whether or not freedom of speech is applicable in this situation.
You could also claim that you didn’t want to turn off your computer and “configured the application incorrectly” and/or that your lights plug/computer plug “confused”.
This is clearly a last resort and should be considered as such.
Why Using Smart Plugs Is Potentially Dangerous For The Darknet Market Admins
The above advice seems easy right? Well, it might be. However, this can potentially cause detriment to the dark web market admins, even with the best smart plugs.
First, let’s look at the smart plug proposal. The concept is that you can control your computer’s power supply with your voice using a smart plug, allowing you to quickly turn off your computer in the event of a raid. However, this is a flawed approach for several reasons:
1. Privacy Invasion: All smart home devices (including smart plugs) are connected to central systems that record usage information. This information could be shared with law enforcement, which could compromise privacy and operational safety. For instance, in an Arkansas murder investigation in 2016, evidence was obtained from a connected smart home device.
2. Reliability Concerns: There is no guarantee that voice commands will be interpreted correctly or executed on time in a high-pressure situation such as a police raid.
3. Legal Gray Areas and Federal Crime Risks: Using a smart plug to interfere with a law enforcement raid (shutting down your computer) could result in serious criminal charges (additional YEARS/ DECADES) if interpreted (it will damn well be) as an act of intentional destruction of evidence. This could be prosecuted as a federal offense, especially under obstruction of justice laws.
As courts become more tech-savvy, these types of actions are more likely to be caught and prosecuted. For example, in the United States, you can be charged with obstruction of justice for destroying any document, including digital files, that may be used in a formal proceeding. In this case, shutting down your computer during a raid would be viewed as an obvious attempt to obstruct justice and leave you open to additional charges beyond the scope of the original investigation. This is even if they find nothing else!
4. Network Dependency: Smart plugs need a reliable network. If your network isn’t working properly or is unstable, your smart plug won’t be able to answer your voice commands.
5. Voice Command Recognition Issues: One of the biggest issues with voice assistants is that they don’t always understand what you’re asking them to do. This is especially true if you’re in a noisy environment or if your voice has an accent. In these cases, the command might not be executed at the right time.
6. Data Logging by Smart Device Providers and Legal Access: Manufacturers of smart home devices often keep detailed records of user interaction and device activity. These records can include data such as time stamps, usage frequency, and even specific commands entered into smart devices. This information can be used by law enforcement agencies to request or subpoena information in investigations.
For instance, in 2015, Bentonville police in Arkansas requested Amazon Echo data as part of a murder investigation. They believed the device may have recorded important evidence. Smart device data has also been used in various legal cases, including a divorce proceeding in which they were cited to prove the presence of people in a home using smart thermostats.
These examples highlight the vulnerability of utilizing smart home devices, such as smart plugs, in sensitive situations where their data logging capability can inadvertently give law enforcement incriminating evidence.
7. Delayed Execution: Some voice commands may take a while to execute. This delay may not allow you to terminate the system in a timely manner to prevent unauthorized access to sensitive data.
8. Potential for Hacking or Remote Access: Smart plugs can be hacked. If a plug is hacked, it can compromise operational security. IoT device hacking incidents, such as Mirai, are a prime example of this vulnerability.
9. Specific Legal Risks of Evidence Tampering: In this section, we specifically focus on the consequences of tampering with evidence when a smart plug is used to turn off a computer in a police raid. This is different from the broader consequences of obstruction of justice in that it focuses directly on the destruction or concealment of evidence in the course of an investigation. Many jurisdictions consider tampering with evidence to be a crime and can result in separate charges independently of the initial investigation.
For instance, according to U.S federal law, 18.C. § 1519, intentionally damaging or concealing an object with the intention of obstructing an investigation can be subject to severe penalties, including fine and imprisonment. The use of a smart plug in a police raid is viewed as an immediate reaction to the law enforcement operation and directly interferes with the gathering of evidence which can worsen legal circumstances and lead to additional criminal charges.
10. Over-Reliance On Technology: Using a single smart device for essential security purposes poses serious risks because technology is inherently unreliable. This unreliable nature can manifest itself in many different ways.
- Power Outages: When the power goes out, a smart plug stops working. For example, during the Texas power outage in 2021, a lot of smart home devices stopped working, showing how environmental factors can stop smart home devices from working.
- Hardware Malfunctions: It’s no secret that smart devices are vulnerable to hardware failure. In fact, according to a recent study conducted by Michigan University and Microsoft, almost 30% of all smart home device malfunctions were hardware-based. This statistic speaks to the danger of relying on smart home devices for critical security functions.
- Software Glitches: Bugs or glitches in the software in smart devices. A good example of a bug in a smart device is Nest. In 2016, a software error caused the Nest to drain the battery and turn off its thermostat. This caused a lot of users to have to turn off their heating systems during the winter.
- Firmware Updates: Automatic firmware upgrades can turn off the device temporarily or unexpectedly turn it on or off. For example, in 2015, an update for Philips Hue's smart bulbs unexpectedly limited third-party bulbs' compatibility, demonstrating how firmware updates can change the device's behavior without your knowledge.
- Network Dependence: Smart plugs rely on your home’s Wi-Fi network. Unfortunately, Wi-Fi in your home can be unreliable or can be affected by interference. In fact, Wi-Fi problems are so common that 90% of people reported problems with their Wi-Fi in their homes, according to a survey conducted by the wireless giant Wi-Fi alliance.
- Security Vulnerabilities: Smart devices can be hacked or compromised, as seen in the Mirai botnet attack in 2016, where thousands of IoT devices were hijacked for a massive DDoS attack. Such vulnerabilities expose users to the risk of external interference.
Each of these examples highlights the risks of relying too heavily on smart home devices for critical security requirements, especially in high-pressure situations like the ones DNM operators face. If these devices fail, the consequences can be catastrophic, rendering them unreliable as the only security solution.
The Safe Alternative: USBKill And Various Other Self-Hosted Options
Instead, use tools like USBKill, which is designed to turn off a specific USB device when it is removed. This method is more secure because it doesn't rely on external and possibly insecure smart devices.
1. No External Data Logging: Unlike intelligent plugs, USBKill does not depend on third-party networks or devices that can record your data.
2. Immediate Response: USBKill responds immediately when you remove the USB. This ensures that your system shutdowns immediately, which is very important during unplanned attacks.
3. Open Source Trust: Since USBKill is an open-source project, it is open for the community to verify its security and robustness. This level of transparency is essential for building confidence in security tools.
Here are some other options for self hosted, internet-free security:
4. Physical Kill Switches: Hidden switches that allow you to turn off the device as soon as you need to, turn off the power, or trigger a specific security response.
5. Automated Scripting Solutions: Custom scripts on local machines that are able to detect and execute specific conditions (e.g. unauthorized access) as well as shutdown or wipe commands.
6. Dead Man's Switch Software: Locally managed software that automatically deactivates (turns off or dewrites) the system when scheduled check-ins are missed or certain criteria are not met.
Each of these solutions focuses on providing operational security in a private, isolated environment, without relying on third-party networks or internet access.
Expert Opinions And Real Case Studies
Here are a few examples from the real world that demonstrate the value of strong operational security:
Case Study |
Individual(s) Involved |
OpSEC Lesson Learnt |
Silk Road |
Gary Davis |
Extradited because of insufficient opsec precautions; insufficient digital security precautions to prevent evidence collection. |
Stratfor Hack |
Jeremy Hammond |
Arrested with unsecured laptop; immediate shutdown or data wipe required. |
Dark Web Blackmailer |
Matthew Falder |
Captured because of weak opsec and laptop vulnerabilities; tools such as USBKill may have identity protection. |
Silk Road 2.0 |
Dread Pirate Roberts 2 |
Caught because of inadequate opsec and insecure devices; immediate remediation could have prevented the risk. |
Wirecard Scandal |
Jan Marsalek |
Digital security failures revealed; better operational security (OpSec) could have protected sensitive information. |
Mafiaboy |
Michael Calce |
The lack of a fast response system to protect or erase systems resulted in capture. |
OxyMonster |
Gal Vallerius |
He was arrested with an unlocked and unsecured laptop; simple automated security protocols could have prevented him from accessing evidence. |
In each of these cases, we are looking at a real world situation where sophisticated operational security, like USBKill, could have made a big difference in protecting sensitive data and keeping users anonymous.
If talking ‘in code’ worked like the original poster said in the second topic, we could use that instead of encryption, but the truth is, it doesn’t.
Also, it’s highly immature to openly try to destroy evidence before the federal agents who arrested you. Here are a few other people who tried to destroy evidence, in dumb ways, and got caught.
Individual |
Action Taken |
Additional Time Served For Evidence Destruction |
Martha Stewart |
Lying to law enforcement and obstructing a federal investigation into insider trading. |
5 months of prison sentence as well as 5 months of home confinement. |
Oliver North |
Document Shredding for Iran and Contra. |
Sentenced to a suspended sentence of 3 years’ imprisonment, a fine of $1,000 plus community service, convictions were overturned. |
Richard Scrushy |
The individual instructed employees to destroy documents related to a fraud investigation against HealthSouth. |
He was sentenced to 6 years for corruption, not directly for destroying evidence, but for his role in the case. |
Frank Quattrone |
Deliberate attempt to impede justice and witness intimidation by sending an email urging co-workers to destroy documents. |
The original sentence was 18 months to life in prison, but the sentence was commuted after a plea deal was reached. |
Michael Cohen |
Accused of lying to Congress regarding a Trump real estate development in Moscow, as well as other allegations. |
3 years in jail, though not just for destroying evidence. |
Paul Manafort |
Tampering with a witness is the act of trying to persuade a witness to lie about lobbying activities; it is part of a larger case including tax evasion and bank fraud. |
7.5+ years in prison. Witness tampering is an aggravating factor. |
Don’t blow the whistle on federal evidence. Be smart.
Security Comes First!
Using a smart plug may sound like a neat and tidy concept, but it’s a gross oversimplification of what operational and information security are really all about.
What Is Operational Security?
Operational security is the process of safeguarding critical information from unauthorized access by adversaries. It’s critical to the success and safety of any sensitive operations.
What Does Operational Security Mean?
It’s the process of understanding the threats, determining what information is at risk, and taking steps to reduce the risk of exposure.
For example, relying on smart plugs to perform critical security tasks does not solve the multi-layered problems of OpSec. Smart plugs can leave significant security gaps, making them susceptible to exploitation. Effective OpSec requires a holistic strategy that includes secure communication processes, data security, access controls, physical security, and incident response plans.
Operational security isn’t just about using one tool or method. It’s about having a multi-layered defense strategy that includes multiple layers of defense against a wide variety of threats.
In InfoSec, it’s about protecting the confidentiality, integrity and availability of information. This includes things like regular security audits, end to end encryption, and the use of trusted, trusted security tools such as USBKill and physical kill switches that act quickly and safely in critical situations.
Utilizing these tried and tested approaches and staying up-to-date on best practices in the fields of Open Source Security (OpSEC) and Information Security (IS) is essential. It’s about being ready, keeping an open mind, and adapting to the ever-evolving threat landscape. Always put secure, holistic strategies first, and never settle for simple solutions that may look good on paper but don’t provide robust security.
Bottom Line
Using your home network as well as a smart plug being a DNM admin is a serious risk. Home networks can be easily tracked and monitored. Using your home network for a DNM site admin is a fundamental operational security flaw. Additionally, using smart anything, even including the smart plugs, can cause a potential threat to the darknet market admins and there are a lot of chances to get caught. Plus, the real world case studies are an eye-opener on how they get caught and what they should have done. If you are a dark web market admin or a darknet vendor running a successful darknet vendor shop, this important article is a gem.
Published at : 03/01/2024