Cybersecurity , Encryption , Technology

Glove Use Key to Arrest of Alleged Darknet Drug Trafficker

Post Office Flagged Alleged Tor-Using Fentanyl Seller for How He Handled Packages
Glove Use Key to Arrest of Alleged Darknet Drug Trafficker
Chukwuemeka "Emeka" Okparaeke allegedly mailed contraband-containing envelopes from post offices such as this one in Middletown, N.Y. (Photo: Google)

A man who allegedly posted stories about a "darknet drug trafficker" on Reddit, and used a smartphone with a Tor proxy and VPN app installed, has been arrested and charged with distributing narcotics after U.S. Postal Service employees noticed that he was mailing a large number of envelopes while wearing latex gloves.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

The arrest is a reminder that investigators can still track and arrest suspects, even when they use anonymizing technologies, encryption or cryptocurrency, by, relying on trained observers to report suspicious activity, such as apparent operational security errors.

Chukwuemeka "Emeka" Okparaeke, 28, was arrested March 20 in Kearny, New Jersey, and charged with violating federal narcotics laws, according to the Department of Justice. The wide-reaching investigation included the efforts of the USPS, Department of Homeland Security, Customs and Border Protection and Virginia's Fairfax County Police Department.

Okparaeke has been charged with one count of conspiracy to distribute large quantities of a substance akin to fentanyl, a powerful synthetic opioid that's 50 to 100 times more potent than morphine. From October 2016 to this month, Okparaeke was allegedly obtaining "fentanyl analogue" from Hong Kong via the mail, repackaging it in smaller quantities, then mailing it to customers who bought his products via underground online markets.

"The defendant's alleged scheme combined one of the gravest current threats to public health - highly addictive and potentially lethal opioids - with a very modern criminal tool - the darknet," says Joon H. Kim, the Acting U.S. Attorney for the Southern District of New York. "Okparaeke allegedly sold fentanyl-like controlled substances through an online black market to conceal the nature of the transactions and his identity."

If convicted, Okparaeke faces a mandatory minimum sentence of 10 years in prison.

'Fentmaster' Sold on AlphaBay Marketplace

Authorities have accused Okparaeke of operating under the name "Fentmaster" on the AlphaBay Marketplace darknet website. Darknet generally refers to a website that can only be reached by using the anonymizing Tor browser.

Investigators became aware of Okparaeke in November 2016 when a USPS employee reported that he had learned from fellow employees "that on multiple occasions, USPS employees had observed the customer depositing a large number of USPS envelopes in collections bins at the front of the post offices in the Middletown [New York] area," and that "while depositing the envelopes, the customer had worn latex-dipped gloves," according to court documents.

Employees at the post office shared Okparaeke's name with investigators after he had presented his driver's license during a transaction, according to court documents.

JFK Customs Check Found Narcotics

In January, meanwhile, customs and border patrol agents at John F. Kennedy Airport in New York intercepted two packages, according to court documents. They found each contained "a little over 1 kilogram [2.2 pounds] of a substance that field-tested positive for an analogue of fentanyl." Both had been sent from Hong Kong and were addressed to "Emeka Okparaeke" at a United Parcel Service store in Middleton, New York.

Customs and border patrol agents alerted Homeland Security, which, in turn, alerted USPS inspectors. As part of the ongoing investigation, the narcotics were replaced with "sham packages" that were then delivered as if they were real, and investigators conducted surveillance on Okparaeke. When he picked up the packages from the UPS Store in Middleton, New York, on Feb. 1 - he had received a call stating that the packages addressed to him had arrived - he was intercepted, informed of his Miranda rights and agreed to speak with a Homeland Security agent as well as Brad Ruggieri, a U.S. postal inspector, according to an unsealed affidavit for probable cause submitted to the Southern District of New York federal court on March 17.

In his Feb. 1 interview with Homeland Security agents, Okparaeke admitted to receiving packages and forwarding them to someone named "Xavier Johnson," according to court documents, but claimed that he didn't know what was in them.

Suspect's Smartphone Browser History

Executing a search warrant on Feb. 7, investigators seized the Samsung Galaxy S5 smartphone they'd seen in Okparaeke's possession on Feb. 1. They found installed on the device the Private Internet Access VPN app, which is designed to mask a device's IP address. Also installed was a bitcoin checker app, for monitoring cryptocurrency values, and an app - Orbot: Proxy with Tor - designed to encrypt a user's traffic.

Investigators say they also found an email on the smartphone from Amazon.com confirming the purchase of 1,000 zip-lock bags of 2 millimeter size, which are "commonly used for the packaging of controlled substances for redistribution," Ruggieri writes. They also found a texting app called "TextNow" containing messages from Feb. 4 that appeared to be Okparaeke attempting to recruit someone to send "about 20 packages a month in exchange for payment." The messages would have been sent three days after Okparaeke learned that law enforcement agencies were monitoring his UPS Store mailbox, investigators say.

In addition, a review of the smartphone's browser history revealed that it had been used to visit Reddit, as well as to access posts on the site from someone using the Reddit handle "bmoreproduct1."

Bmoreproduct1 Posts to Reddit

Investigators say numerous details posted by bmoreproduct1 match Okparaeke's biography.

For example, beginning in September 2016, bmoreproduct1 posted a series of stories about "Jerome," saying that he was 27 years old, drove a Honda Accord, lived in a studio apartment, had traveled to Ghana, was a former doctor, worked with his brother "Xavier" to distribute narcotics, used bitcoin to buy kilograms of fentanyl from "Chinese vendors," and who explained that narcotics could be shipped "through the USPS while avoiding law enforcement detection by mailing packages with stamps purchased online."

Excerpt from "Darknetmarkets short story: Part 1," posted to Reddit Jan. 29 by user "bmoreproduct1."

Investigators said they found a Facebook account for "Emeka Okparaeke" that includes an album titled "Time in Ghana"; searched the motor vehicle records for the state of New York and found that "bmoreproduct1" and Okparaeke's age matched; and recovered photographs from Okparaeke's smartphone, one of which "depicts an air mattress laying on the floor of a room," while another shows him wearing a white lab coat and "student doctor" identification card for a medical services provider in Middleton, New York. An online USPS account registered in Okparaeke's name was often used to make bulk stamp purchases.

Undercover Officer Buys From Fentmaster

Meanwhile, investigators say that an undercover police officer in Fairfax, Virginia, purchased 100 grams of a fentanyl analogue from Fentmaster via the AlphaBay Marketplace on March 5 and received it on March 8, at which point the Virginia state forensic laboratory verified that it was a fentanyl analogue, according to court documents. Investigators say the return address on the shipments - listed as North Jersey Plastics Co. in Mahwah, New Jersey - matched 79 other packages that they recovered from a post office in Harrison, New Jersey, that witnesses had seen Okparaeke mailing on March 7.

According to court documents, a detective also recovered "latex gloves, along with residue of a fentanyl analogue and packaging materials," plus digital scales, from a trash bag that Okparaeke discarded in Kearny on March 7. Investigators said the chemical composition of the batch of fentanyl analogue found on the latex gloves matched precisely the sample of fentanyl analogue received by the undercover Virginia police officer the next day.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.