without social support from people who have seen this stuff before
The little contact I have had with police doing darknet investigations of this nature leads me to believe they are mostly ineffective at anything international, as does last year’s operation by the police against the site.
The police have presumably learnt that ‘international is hard’ (which it is) and chosen to accept this.
In about 50% of cases I have social media links for the victims, but that is not the same as having their emails. I am working on abstracting the contact details from the messages so I could pass it for cheap bulk osint, but it isn’t that cheap when you are going after semi-hidden PII across different countries and languages with significant different postures on public records.
Per ‘Kill List’, I believe they got close to 0% hit rate emailing, messaging and phoning people. People only started to listen when journalists or police knocked on their doors.
The problem with local law enforcement is they don’t understand the complexity (bitcoin, darknet, scam but real threat), and national law enforcement is not directly available. There is nearly always an insistence on investigating on a case-by-case, and not reusing central specialist. (The US has been a little better here, but they have state level specialists, where as most countries utilise national specialists). And local law enforcement want to do everything over phone calls and treat you as a suspect / time waster / scammer.
By the way, I don’t really consider this ‘public’ safety, as it’s all based on individuals, but I guess that’s a fair comparison.
What is a reasonable response to an unsolicited message saying ‘someone has hired someone to harm you’, with scant details on who/what/when/where?
Personally, I’d read it, and the more seriously I took it, the less likely I would be to engage with the sender, I likely would not send an acknowledgement of receipt. Any additional communication from the sender, especially a message with an ‘ask’ like ‘help me figure out who’ or ‘assist me in making internet content’ would be viewed as extortion.
If someone showed up at my door, I might talk to them, and if they’re a cop, I’d tell the cop that I’m concerned about the vaguely threatening messages I’ve gotten from ‘some guy in another country’.
If you don’t have much information (‘just a social media name’), doing more ‘sleuthing’ is probably totally inappropriate. The ‘contractor’ may or may not have done more, but either way, you’re not really helping anything.
As far as law enforcement seeing you as a suspect/time waster/scammer, that’s an easy one. A cyber crime office will hear you confessing to some kind of ‘hacking’, other offices will hear that you have no actual details (so someone unknown, is threatening someone who is also unknown, no further details? Sure ok I’ll log it) and just assume you wasted their time. Calling back to ask about status as a ‘helpful tipster’ suggests that you’re motivated by something other than a desire to inform them, and let them prioritize your information. This would likely be seen as suspicious.
Most agencies have an escalation path and can do ‘international’ effectively, they just have to really want to do it. In this case, from what you’ve told us, I totally understand why you’ve gotten the response you’ve gotten.
An online murder for hire website, where the people hiring are mostly larpers, the people taking the jobs are scammers, and the victims are basically unidentified is at best a loot pinata for someone with asset forfeiture authorities. Assuming they can actually seize the crypto.
You might have better luck tracing crypto to exchanges, passing that information to national level cybercrime squads, and asking for 10% if they can seize anything (most agencies have policies like this).
The little contact I have had with police doing darknet investigations of this nature leads me to believe they are mostly ineffective at anything international, as does last year’s operation by the police against the site.
The police have presumably learnt that ‘international is hard’ (which it is) and chosen to accept this.
In about 50% of cases I have social media links for the victims, but that is not the same as having their emails. I am working on abstracting the contact details from the messages so I could pass it for cheap bulk osint, but it isn’t that cheap when you are going after semi-hidden PII across different countries and languages with significant different postures on public records.
Per ‘Kill List’, I believe they got close to 0% hit rate emailing, messaging and phoning people. People only started to listen when journalists or police knocked on their doors.
The problem with local law enforcement is they don’t understand the complexity (bitcoin, darknet, scam but real threat), and national law enforcement is not directly available. There is nearly always an insistence on investigating on a case-by-case, and not reusing central specialist. (The US has been a little better here, but they have state level specialists, where as most countries utilise national specialists). And local law enforcement want to do everything over phone calls and treat you as a suspect / time waster / scammer.
By the way, I don’t really consider this ‘public’ safety, as it’s all based on individuals, but I guess that’s a fair comparison.
What is a reasonable response to an unsolicited message saying ‘someone has hired someone to harm you’, with scant details on who/what/when/where?
Personally, I’d read it, and the more seriously I took it, the less likely I would be to engage with the sender, I likely would not send an acknowledgement of receipt. Any additional communication from the sender, especially a message with an ‘ask’ like ‘help me figure out who’ or ‘assist me in making internet content’ would be viewed as extortion.
If someone showed up at my door, I might talk to them, and if they’re a cop, I’d tell the cop that I’m concerned about the vaguely threatening messages I’ve gotten from ‘some guy in another country’.
If you don’t have much information (‘just a social media name’), doing more ‘sleuthing’ is probably totally inappropriate. The ‘contractor’ may or may not have done more, but either way, you’re not really helping anything.
As far as law enforcement seeing you as a suspect/time waster/scammer, that’s an easy one. A cyber crime office will hear you confessing to some kind of ‘hacking’, other offices will hear that you have no actual details (so someone unknown, is threatening someone who is also unknown, no further details? Sure ok I’ll log it) and just assume you wasted their time. Calling back to ask about status as a ‘helpful tipster’ suggests that you’re motivated by something other than a desire to inform them, and let them prioritize your information. This would likely be seen as suspicious.
Most agencies have an escalation path and can do ‘international’ effectively, they just have to really want to do it. In this case, from what you’ve told us, I totally understand why you’ve gotten the response you’ve gotten.
An online murder for hire website, where the people hiring are mostly larpers, the people taking the jobs are scammers, and the victims are basically unidentified is at best a loot pinata for someone with asset forfeiture authorities. Assuming they can actually seize the crypto.
You might have better luck tracing crypto to exchanges, passing that information to national level cybercrime squads, and asking for 10% if they can seize anything (most agencies have policies like this).