Drop Gangs

Cryptocurrencies, GPS, drones, and cheap beacons are driving a new evolution in illegal markets:

…[A] major change is the use of “dead drops” instead of the postal system which has proven vulnerable to tracking and interception. Now, goods are hidden in publicly accessible places like parks and the location is given to the customer on purchase. The customer then goes to the location and picks up the goods. This means that delivery becomes asynchronous for the merchant, he can hide a lot of product in different locations for future, not yet known, purchases. For the client the time to delivery is significantly shorter than waiting for a letter or parcel shipped by traditional means – he has the product in his hands in a matter of hours instead of days. Furthermore this method does not require for the customer to give any personally identifiable information to the merchant, which in turn doesn’t have to safeguard it anymore. Less data means less risk for everyone.

The use of dead drops also significantly reduces the risk of the merchant to be discovered by tracking within the postal system. He does not have to visit any easily to surveil post office or letter box, instead the whole public space becomes his hiding territory.

…Classically, when used by intelligence agencies, dead drops relied on being concealed. This lead to dead drops being hard to find even by the intended recipients without costly preparation and training. One of the results of this was that dead drops were often used repeatedly, which increased the probability of both sender and recipient being identified by surveillance.

An ideal dead drop is however used exactly once. Only then can the risks of using it be reduced to pure bad luck.

This challenge is met by Dropgangs in various ways. The primary one is that the documentation of each dead drop is conducted in minute detail, covering GPS coordinates, photos of the surrounding and the location, as well as photos of the concealment device in which the product is hidden (such as an empty coke can). The documentation however increases the risk for the Dropgang since whoever creates it would be more easy to identify by surveillance. In addition, even great documentation still requires the customer to understand it and follow it precisely, which can lead to suspicious behavior around the dead drop location (staring at photos, visually comparing them to the surrounding, etc).

A first development to mitigate the problem of localizing is the use of Bluetooth beacons. In addition to the product, the dead drop contains a little electronic device that sends a signal that can be received by a smartphone, which in turn can display the direction and approximate distance to the device. In addition to the GPS coordinates, the customer requires only a smartphone with the correct App. Beacon devices like these are available on the open market for under ten dollars.

They do however pose the risk of a non-authorized party to discover the dead drop, simply by searching an area suitable for hiding dead drops with their own smartphone.

There are first reports of using beacon devices that are not constantly sending a signal, but have to be activated first. The activation usually happens by establishing a WiFi hotspot on the customer’s phone (by using the WiFi tethering feature). Only if the beacon sees a WiFi hotspot with a specific, merchant provided, unique name will it start to send a homing signal itself. Devices like these are very cheap (<15 USD) and have gained traction in the field, but they pose risks to the customer: His smartphone becomes identifiable by observers, even over considerable distance. This can lead to tracking the customer.

…A plausible next step would be the development of markets for dead drop operators that make their living by picking up product from one dead drop and placing it in another, working as a proxy for the customer to increase his safety and to reduce his efforts. This would also make this distribution model wider spread and available to more products, which will blur the lines between the black and the legal market. On this blurred line new services and technologies will establish themselves, inherently dual use services like lock boxes that can be paid by peer-to-peer cryptocurrencies.

Looking even further into the future, it seems plausible that the whole urban environment might find itself integrated into a dynamic landscape of very short-lived dead drops that are serviced by humans and cheap drones (unmanned aerial vehicles), which are already cheaply available and likely only require one market actor to develop and spread a mechanism to pick up and drop goods. Both merchant and customer could use drones, that are available for rent through dedicated Apps, to deliver product to a meeting point on a roof, where another drone would pick it up. Chaining multiple exchanges like this will make the tracing of the delivery extremely hard, essentially leading to mixing techniques so far used only in anonymizing digital communication.

Read the whole thing.

Hat tip: Eli Dourado.


Speaking of drones delivering goods, there's also this: George Mason University is using little self-driving vehicles to deliver food to students on campus.

It seems to me that as the use of dead drops becomes more widespread, the tendency of drops to be re-used will grow. Either multiple people will pick the same drop, because it's in a "good spot," or the same person will re-use a drop, because of forgetfulness or laziness, or the "good spot" effect. So, as the market grows, there is a much higher probability that a person could just wait in an area and either watch people acting suspiciously, or just periodically search such "good spot" areas, and come away with a significant amount of "product."

I would also expect to see much more extensive video surveillance of potential drop points with increasingly inexpensive IOT video and AI activity monitoring.

And drone monitoring (think ShotSpotter for drone traffic) at least in dense areas.

Dead drops are awesome. They were awesome during the cold war and they are getting better. There is an enormous amount of new protocol and "tradecraft" being developed to increase their sophistication.

If you want to see how sophisticated, read about this:


Cicada is still somewhat mysterious but many of the strategies, "initiators", "activators" and "chains" used are for the most part modern, with some having since been surpassed (for instance the use of online avatars as a subtext and code device for dissemination).

Good dead drops, done well, are like an onion. NO ONE other than the intended recipient stumbles onto the "weenie" by accident.

If valuable stuff is being dead-dropped all over town, won't you have joggers, dog-walkers, adventurous children, homeless people and whatnot innocenbtly discovering these parcels before the customer shows up?

A recurring Hawaii 5-0 theme (my only cultural referent these days as I finish reviewing all 280 episodes of the original series) is innocent schlubs stumbling upon drug shipments, hot diamonds, ransom payments and suitcases full of mob cash -- which the bad guys want back in the worst way.

I liked watching Hawaii 5-0 but 280 episodes seems a bit much.

Random schlubs stumbling on the treasure also reminds me of this Saturday Night Live skit ... you have to remember the 1980s when the book Masquerade created a fad for novels that gave clues about a real buried treasure.

SNL skit: https://www.nbc.com/saturday-night-live/video/book-beat/n9220

Masquerade: https://www.dailymail.co.uk/news/article-1208827/Return-golden-hare-It-captivated-Britain--epic-treasure-hunt-beautiful-jewel-buried-cow-field.html

(The treasure was found by a person who did not solve the puzzle but instead used a sort of social engineering hack to get the necessary clues -- from the author's ex-girlfriend.)

The classic TV dead drop would be the weekly envelope left in some quirky location for Mission Impossible's Peter Graves -- containing tape player and self-destructing tape to explain the mission, plus 8 x 10 glossies of the evil Balkan dictators to be scammed that week.

MI was too deadpan to ever have Graves wrestling with some dopey kid who somehow found the tape player first.

Oh, man, I always wanted that episode.

Random schlub reaches the dead drop first and grabs the mission details, but doesn't realize it. Graves and team chase after the schlub, trying to get the details back. Random bad guys also find the schlub getting the mission details, and tries to get them for themselves. Graves has to fight off the bad guys and protect the schlub while still trying to recover the sensitive info, all without the schlub realizing it.

By the end of the episode, Graves finally gets the details back and listens. He chooses not to accept the mission.

I like it, sort of like "The Man Who Knew Too Much" or "North By Northwest" but from the opposite perspective. Instead of the protagonist being the schlub who stumbles upon an espionage ring, the protagonist is the IM force trying to get the McGuffin, beat the bad guys, and protect the schlub ... undetected, so it has a "Men in Black" vibe too!

The Ukrainian tv show Orel i Reshka has the travel hosts hiding a hundred dollar bill in a bottle in a dead drop that the audience knows about in cities they visit. It would be interesting to know how many of these were picked up randomly by non-show watchers. They could monitor this by giving an extra reward tied to viewing a later show.

Another interesting question is how this will effect gang turf wars. I'm not sure it is that feasible to police territory anymore if your drop area is no longer restricted to a few corners in bad neighborhoods and, even if you find a few drops, you have no idea who is behind the deliveries. Does this reduce the crime associated with drug dealing or does a growth of the illegal drug scene swamp this effect?

I don't see what the advantage is. Adding one (paper even suggests TWO!!) layers in the distribution from warehouse to customer seems terribly inefficient. The seller either chooses public property or private. In neither case do I understand what the LEGAL status of such litter is. Isn't it abandoned? IDK. If the property owner had approved of it, what is their liability/responsibility? And do they owe sales tax if they're compensated for the space? This seems to me a wildly impractical and perhaps more importantly unscale-able idea. Lockers - where volume justifies it, seems useful...I think they call these "stores". Think about the meanings of that word: "store".

The advantage is rather apparent when applied to transfer of illegal goods

This is the funniest comment.

"... a new evolution in illegal markets " ////

well, maybe -- 'Black Markets' (illegal markets) have been around as long as governments & rulers have been interfering in free markets. Dead-Drops for stealth commercial exchanges/barter likely date back a couple thousand years... but without the hi-tech twist.

These days governments want a cash cut (sales taxes, etc) of all commercial transactions & approval power over what may be bought/sold and how it may be bought/sold.
U.S. government has now assumed authoritarian powers to track all bank transactions & credit-card transactions... and vacuum up all phone/text/email/internet traffic.

"illegal markets" is a highly subjective term.

So .. nobody noticed above that the last gasp of the Great Border Wall is in a race condition with personal transportation drones?


Let's hurry up and build it, so we can get a couple years use before it is just scenery below your passenger drone.

Second funniest comment of the day.

This is silly. Properly packaged personal quantities of drugs have a 99.9% success rate in domestic mail. (One of the largest LSD vendors on the darknet has never had a package seized in over 30,000 shipments.) And even if they are detected, the vast majority of time the drugs are just destroyed and no legal action is pursued. And even if that's not the case, there's no legal liability for having drugs delivered to your address unless the prosecution can prove intent to receive (i.e. don't be stupid and sign for packages or talk to the police).

Prancing around a public field looking for a mysterious box is almost certainly more likely to arouse suspicion and poses more risk.

Next: drone delivery.

Thomas Pynchon postulated the existence of a secret private mail service available to those in the know, in The Crying of Lot 49.

We await silent Trystero's empire.

Why isn't the 'plausible next step' simply admitting defeat in the failed drug war?

50-70k fatal opiod overdoses/yr?

You're making my point for me. Just let the poor people have their pharmaceutical grade pills, no one dies on oxy, it's only the black market opioids (that people switch to because the drug war is dumb and failing) that are dangerous.

you say "no one dies on oxy"
that is a ridiculous misstatement
despite what sociologists claim
a lotta people die from oxycontin

Am I getting this right, that the entire operation is conducted via online communication between buyer and seller?

And is everyone aware that since 9-11, the NSA has installed taps on all phone switches, and has software scanning every single communication looking for keywords and patterns?

And that we already have evidence that the wall between foreign espionage and local law enforcement has been breached, with information sharing between them?

This idea that getting away from the physical Post Office will somehow provide a shield from government surveillance seems ludicrous.

In fact the USPS seems like the most oblivious bunch you could want, even though they supposedly now photograph every piece of mail

Geocachers have been doing this for decades, albeit open to a semi-public group.

There's a short story that's very related: https://zerohplovecraft.wordpress.com/2018/05/11/the-gig-economy-2/

"Devices like these are very cheap (<15 USD)..."

For that price, I think I'd just drop in a burner cell phone + give the buyer the phone number.

What are the inventory costs? Why not use consignment?

Comments for this post are closed