Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 1 of 17

U NITED STATE S D ISTR IC T CO U RT

SO U TH ERN D ISTR ICT O F FL O R ID A

xo.14 - + 9 G 2+
UN ITED STA TE S O F A M ER IC A

RO BER T IQE NN ETH D EC K ER ,

a/k/a,RDIG ITA LPO SSl2014,''

Defendant.
/

C R IM IN A L C O V ER SH EET

Did this m atter originate from a m atterpending in theN orthern R egion ofthe United
StatesAttom ey's Oftice priorto O ctober 14,2003? Y es X No

Did this m atteroriginate f'

rom a m atterpending in the CentralRegion ofthe U nited States
A ttonw y's Office priorto Septem ber 1,2007? Yes Y No

Respectfully subm itted,

W IFRED O A .FERRER
UN ITED STATES ATTORN EY

BY :
F N CISCO .M A D E
A SSISTA N T UN ITED STA TE A TTO RN EY
Fla.Bar.N o.41481
99 N .E.4th Street
M iam i,Flolida 33132-2111
TEL (305)961-9159
FAX (305)530-7976
francisco.maderal@ usdoj.gov
 Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 2 of 17

AO 91(Rev.08/09) CriminalComplaint

U NITED STATES D ISTRICT C OURT

forthe
SouthernDistrictofFlorida

United StatesofAmerica )
M.
) CaseNo.1% <-3 UQ Q QQc
ROBERT K.DECKER,a/k/a,'DIGITALPOSSIZOIM,'' )
)
)

CRIM INAL COM PLM NT

1,thecomplainantinthiscase,statethatthe following istrueto thebestofmy knowledgeand belief.

Onoraboutthedatets)of 3/25/2015-8/11/2016 inthecountyof Miami-Dade inthe
Southern Districtof Flori
da ,thedefendantts)violated:
CodeSection OffenseDescrl
ption
Ti
tle 21,United StatesCode, Conspiracyto Distribute Controlled Substances
Secti
ons846& 841(b)(1)(c)
Ti
tle 18,United StatesCode, Conspiracyto Com mi
ttMoney Laundering
Secti
ona 1956(h)& 1956(a)(1)

Thiscrim inalcomplaintisbased on thesefacts:

SEE ATTACHED AFFIDAVIT.

W Continuedontheattachedsheet.

Complainant'
ssignature

Lilit Infante S/A DEA

# inted na eandtitle

Sworntobeforemeand signed in m ypresence.

T

Date: /-P'(
Jud e'
ssignature

City and state'

. John J.O '
Sulliva ,U.S.Ma istrate Jud e
Printed nameand title
 11 .3GQH
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 23o
3 of 17

A FFIDA V IT

1,LILITA IN FA N TE,SpecialA gentw ith the Drug Enforcem entA dm inistration,being

firstduly sw orn,hereby depose and state asfollow s:

INTRODUCTION

lam an investigative orlaw enforcementofficer ofthe United Stateswithin the

meaningofSection 2510(7)ofTitle18oftheUnitedStatesCode.Thatis,1am an officerofthe

United States who is em powered by 1aw to conduct investigations of, and to m ake arrests for,

offenses enum erated in Title 18,United States Code,Section 2516(1),and in Title 21,United

States Code,Section 878.

2. This affidavit is m ade in support of a crim inal com plaint charging Robert

K enneth DECKER , a/k/a, EEDIG ITA LPO SSIZOIZI,'' w ith conspiracy to distribute controlled

substances,in violation ofTitle 21,U nited States Code,Section 846,and conspiracy to launder

money,inviolation ofTitle18,UnitedStatesCode,Section 1956(h).

Ihave notnecessarily included in the affidavit each and every fact know n to m e

about the m atters set forth herein, but only those facts and circum stances that 1 believe are

sufficientto establish probable cause forthe Courtto sign a crim inalcom plaint.

4. The statem ents contained in this affidavit are based upon m y investigation,

inform ation provided by other sw orn 1aw enforcem ent ofscers and on m y expedence and

training as a federalagentand the experience and training ofotherfederalagents.

PROBABLE CAUSE
This application stem s from an ongoing crim inalinvestigation into drug dealers

operating on crim inalonline m arketplace w ebsites,including a w ebsite known as the A lphabay

M arket.
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 4 of 17

In the course of this investigation, 1 have learned that the Alphabay M arket

websiteisoneofmanyTheOnionRouter(t&Tor'')network or'dark web''criminalmarketplaces.

The A lphabay M arket is designed to prom ote the anonym ous sale of illegal item s, such as

narcotics,in exchange for Bitcoin and other,peer-to-peer crypto-currencies (also known as,
virtualcurrencies).
As set forth in m ore detail below , probable cause exists that DECKER is

distributing controlled substances and laundering in the proceeds of his activities using the

Bitcoin and the dark web,in conspiracy with the unknown administratorts)ofthe Alphabay
M arketand others.

1.TH E TO R N ETW O RK A N D TH E GD A RK W EB''

The Internetis a globalnetw ork of com puters and other devices. D evicesdirectly

connected to the Internetare identified by their unique IP address.This num ber is used to route

infonnation between devices.G enerally, when one device contacts a second device, the first

device m ustbe directed to the IP address ofthe second device. M oreover,when the firstdevice

contacts the second device,the firstdevice provides its own IP address to the second device,so

that the second device know s w here to direct its response. A ccordingly, the tw o connected

devices (forinstance,ahome computerand the www.google.com website server)know each

other'sIP address.

The typicaluserm ay notknow the IP address ofa w ebsiteshe visits. Typically,a

user will type the dom ain nam e of the w ebsite- which com m only corresponds to a plain-

language nam e for the w ebsite, c.g., w ww .google.com - into the Uniform Resource Locator

(tURL'')baratthetop oftheirweb browsers.ThisdomainnamewillbetransmittedtoaDomain

Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 5 of 17

Name System (DNS'') server,which then translates the domain name into the appropriate
num ericalIP address,and thereby allow sthe userto connectw ith the requested w ebsite.

10. H ow ever, if a user know s of a unique IP address for a particular w ebsite,

generallylthe user can type that IP address directly into the U RL bar and access the w ebsite in

thatm alm er.

ln addition,publicly available databases can be easily searched to obtain the IP

addressfor any know n U RL and the registered ow ner and location ofany IP address.Thus,w ith

additionalinquiry,m ostany UR L orIP addresscan be traced to itsow ner and physicallocation.z

This isproblem atic for anyone conducting crim inalactivity on the intem etand w ishing to rem ain

anonyrRous.

A .U ser A nonym ity Provided by the T or N etw ork

The Onion Router(Tor)network isa specialnetwork ofcomputersdistributed

around the w orld designed to concealthe true IP addresses of the users of the network.Every

com m unication sent through Tor is directed through num erous relays w ithin the netw ork- and

1The selwer or virtual server w ith a particular IP address can hostm ultiple w ebsites, in which
case entering thatparticular IP addresswould notdirecta userto a single website.However,if
an IP address is associated w ith a single w ebsite,entedng the IP address as described above
would directthe userto thatparticularw ebsite.
2 Private individuals operating hom e com puters usually do not ow n and register their own IP
address;instead,they subscribe to broadband accounts w ith ISPS,such as Com cast or A T& T,
whichinturnassign orleasean IP addresstothem (thesubscriber).Nevertheless,theIP address
can usually be traced to its assi> ed user ata given pointin tim e using the ISPSrecords ofw hich
subscriberw as assigned w hich IP address and w hen.

3
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 6 of 17

w rapped in a layer ofencryption ateach relay- such thatthe end recipientofthe com m unication

has no w ay oftracing the com m unication back to itstnle originating IP address.

13. ln orderto accessthe Tornetw ork,anyone can sim ply dow nload the Torbrow ser

softw are and use it to access the internet.The user sim ply inputs a w ebsite IP address or U RL

into the Tor brow ser and the Tor brow ser autom atically encrypts and routes the com m unication

through severalrelays and then outto the destination so thatthe destination w ebsite can only see

theIP addressofthelast(ort'exif')relayandnottheIP addressofthedeviceactually connecting

to the destination w ebsite.

By w ay of illustration, in a standard internet com m unication, w hen a person

connectsto a w ebsite,thatw ebsite can see thatpersons IP address:

I-lomeComputtr M,
,$$.
14,
.
.google,rom
1R:l23.456.789

ln this illustration of a standard internet connection,the w ebsite w ww .google.com can see the

home computerIP address(123.456.789)and,ofcourse,theuserofthe homecomputerknew

the U RL,and therefore the IP address,of ww w .google.com ,w hich the user had to type into his

browserto connectto the website in the firstplace.Thus,each users'IP addressisknown to the

other,and the ow nerand location ofboth can laterbe traced.

15. Sim ilarly,any person m onitoring the internet traffic at a point betw een the two

w ould see the connection betw een IP 123.456.786 and w w w .google.com and know that those

tw o devices w ere com m unicating.

4
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 7 of 17

On the other hand,in the case of a Tor netw ork com m unication,w hen a person

connects to a w ebsite, the traffic is encrypted and routed through m ultiple relays, and that

websitecannotseethatpersonsIP address:

0r
IP:()0 l.00l-001

I'lomtomputtr
1P:123,
456,78t
) www .google-com

TbrRelay 2
1P:* 2-002.
002

TorRelay 3
IP:(
* 3-f)01,
003

In this illustration of a Tor netw ork connection, the website w ww .google.com cannot see the

homecomputerIP address(123.456.789))instead itonly seesthe IP addressofthe deviceitis

directly colmected to,the third (or ttexif')Torrelay,with IP address 003.003.003,which IP
addresscalm otbe traced back to the hom e com puteruser.

ln addition,any person m onitoring the internettraffic ata pointbetw een the hom e

com puter and ww w .google.com and would not know that those tw o devices w ere

com m unicating. Instead, depending on the m onitoring point, that person w ould only see the

directconnectionsbetweenthehomecomputerand first(orentry'')Torrelay,betweenthetirst
and second,or second and third Tor l-elays,or between the third (or 'Yxif') Tor relay and
ww w .google.com .

18. As w ith a standard intelmetconnection,the userm usthave know n the U RL orIP

address of the w ebsite in order to have directed a corm ection to it through the Tor netw ork.
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 8 of 17

A ccordingly,although the IP address ofthe useris hidden from the w ebsite, the IP address ofthe

w ebsitemustbeknown to theuser- theanonymity isonly one-way.

The Tor netw ork addresses this problem through a feature know n as t'hidden

Services.''

B .H idden Services:W ebsite A nonym ity Provided by the Tor N etw ork

20. To achieve tnze,tw o-w ay anonm ity,the Tor netw ork also enables w ebsites to

operate inside thenetwork in a m alm erthatconcealsthe true IP addressofthe computerserver

hosting the w ebsite. Such hidden selwices'' operating on Tor have com plex w eb addresses,

generated in a com puter algorithm ,ending in tt.onion.''U nlike a standard U RL,there is no w ay

to retrieve a w ebsite server's true IP address from itsonion Toraddressalone.

21. This alleviatesthe need fora Tornetwork user to know the true IP address ofa

w ebsite.Ratherthe user can directhis Tor brow ser to the onion address,reach the w ebsite,and

neitherthe usernor the w ebsite know s the other's IP address- two-w ay anonym ity is achieved.

Thisnetwork ofanonym oususersand w ebsites isthe t6D ark W eb.''

Crim inals have taken advantage of the D ark w eb to create w ebsites w ith online

m arketplaces dedicated to the traftk king of controlled substances and other illicit goods.

W ebsites such as ww w .deepdotw eb.com m aintain an overview of illegalm arketplaces operating

on the Dark W eb, and how -to guides such as: :l-low to Buy D nlgs Online from D arknet

M arVCtS.''5

3https://ww w .deepdotw eb.coe zols/lz/3o+ uy-dm gs-online-gom -daru etm arkets/

Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 9 of 17

C .D escription ofthe Alphabay M arket

Alphabay provides an infrastructm e that allows buyers and sellers to conduct

transactions online,in a m anner sim ilar to w ell-know n online m arketplaces such as eBay. Like

eBay:

A lphabay functions as an interm ediary betw een buyersand sellers.Sellers

create accounts on A lphabay to advertise their products,such as narcotics or hacked com puter

passw ords,and buyers create accounts to brow se sellers'products and purchase them ; in this

regard,A lphabay'sw ebsite interface issim ilarto w ell-know n online m arketplaces'

,

A lphabay perform s m oderator and m aintenance services, such as

receiving com plaints,providing technicalassistance,and allow ing custom ers to postreview s of

A lphabay vendors.A lphabay also provides a m eans by w hich its users can com m unicate w ith its

adm inistrators and operators'

,and

A lphabay charges a com m ission from every transaction as a percentage of

the sale plice.

H owever, unlike legitim ate online m arketplaces, A lphabay is dedicated and

designed to facilitate the sale of illegal narcotics,drug paraphernalia,firearm s,and counterfeit

and fraud-related goodsand services.Forexam ple:

lllegaldrugs,such as m etham phetam ines,heroin,and cocaine,are openly

advertised and sold and are im m ediately and prom inently visible on the Alphabay w ebsite.Som e

of the item categories listed on the A lphabay w ebsite are: ttFraud,'' tDrtlgs & Chem icals,''

ff ounterfeitltem s,''W eapons,''and kfsoftw are & M alware'''

b. The A lphabay w ebsite is specifically designed to facilitate illegal

com m erce by w orking to ensure the anonym ity ofits adm inistrators,as w ellasofthe buyers and
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 10 of 17

sellers who participate in com m erce on the website.The website is designed to achieve this

anonym ity prim arily by operating asa hidden selwice on the Tornetw ork.

c. To further prom ote anonym ity,purchases are m ade prim arily in bitcoin

(orothervirtualcurrency)using Alphabay'sescrow services,i.e.,abuyertransfersfundsf'

rom
his or her ow n account or virtual-currency w allet into an A lphabay account or w allet, and

A lphabay subsequently transfers the funds to the seller's accountor w allet upon satisfaction of

the term s of sale.ln doing so,A lphabay also provides a ttum bling''or Gtm ixing''service w hich

essentially scram bles m ultiple buyer-seller Bitcoin transactions together in order to concealthe

bitcoin paym ents from buyer to seller orcom m ission paym ents to the adm inistrator.Thus,there

isno directbitcoin transaction betw een the buyer and the seller.

25. The true identity of the individual or individuals w ho control and operate the

Alphabaywebsite,i.e.,theadministratorts),isunknown.
26. O ther D ark W eb m arketplaces,such as N ucleus,D ream M arket,Abraxas,A gora

andEvolution,someofwhichnolongerexist,operate(oroperated)in essentiallythesameway.
D .GD IG ITALPO SSIZOI4''V endor on Alphabay and O ther D ark W eb M arkets

27. Since at least O ctober of 2015,agents w ith the D EA have been investigating a

narcotics vendor, known as 'CD IG ITA LPO SSIZOI4,'' appearing on several D ark W eb

m arketplaces.4 On several occasions, DEA agents have m ade undercover, online purchases of

4 On O ctober 19, 2015,D EA agents review ed blog posts on reddit.com - a social m edia and
new s aggregation,web contentrating and discussion w ebsite- and identified a reddit.com user
w ith the usernam e tCD IGITA LPOSSIZOI4''. D IG ITA LPO SSIZOI4 posted various com m ents on
reddit.com fonlm s,indicating hissale ofcontrolled substanceson variousdark w eb m arkets.

8
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 11 of 17

hydrocodone,a Schedule 11controlled substance,from ttDIGITALPOSSIZOI4,''and received the

purchased narcotics via U .S.M ail,shipped to undercover m ailboxes in the Southern D istrictof

Florida.Forinstance:

On O ctober 23,2015,DEA agentspurchased 10 hydrocodone pills from

vendor iQDIGITA LPO SSIZOI4'' on the N ucleus M arketplace for .36 bitcoins. In the

productdescription,DIGITALPOSSIZOI4,stated tt-fhese are (TEN) ...hydrocodones,

straightfrom thephannacy.These arethe w hite ones.'''
,

On M ay 25, 2016, DEA agents purchased 1 hydrocodone pill from

vendor'4D IG ITA LPO SSIZOI4''on the D ream M arketM arketplace for .099 bitcoins;and,

c. O n M ay 26, 2016,D EA agents purchased 10 hydrocodone pills from

vendorCD IG ITA LPO SSIZOI4''on the D ream M arketM arketplace for .22 bitcoins.

28. In all three instances, the controlled substances w ere shipped via U nited States

Priority M ailw ith M ichigan retul'

n addresses.

In addition, on August 2016, DEA agents purchased Dilaudid

(hydromophone)pillfrom vendor'DIGITALPOSSIZOI4''on the Alphabay M arketplace for

0.04 bitcoins to be shipped via United States Priority M ail to an undercover m ailbox in the

Southel'n D istlict of Florida. A fter accepting the U C order, D IG lTA LPO SSl2014 wrote the

follow ing m essage:t-fhisw illbe shipped outtoday. A lw ays,D p2014.''

30. E:DIG ITA LPO SSIZOI4'' has conducted thousands of transaction on num erous

D ark W eb m arketplaces, som e of which are no longer in operation,including:A lphabay,w ith

10,738 transactions; N ucleus, w ith 2,373 transactions; Dream M arket, w ith 96l transactions'
,

Abraxas, w ith 200 transactions; and, A gora and Evolution, w ith an unknown num ber of

9
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 12 of 17

transactions.s On a11 of these m arketplaces, CCDIGITALPOSSIZOI4'' advertised dangerous

opioids and Schedule 11 controlled substances for sale, including'

. hydrocodone, oxycodone

(Percocet),oxycontin,morphine,andhydromorphone(Dilaudid).
E.DE CK ER & D ecker R esidence A ssociated w ith CCD IG ITA LPO SSIZOI4M

31. A tor near the tim e ofthe first controlled purchase from CCD IG ITA LPO SSIZOIZS''

on October23,2015,D EA agentsbegan to unravelhistrue identity.

32. Prior to the tirst controlled purchase, agents perform ed an internet search for

username DIGITALPOSSIZOI4.The search revealed an advertisement for mari

juanaposted
byD1GlTALPOSSl2014 onwv .michigan.budtrader.com- a medicalmarijuana markemlace.
The advertisem entwasposted on June 8,2014 and listed the location G'L.A .Chocolat''in Detroit,

M ichigan. The advertisem entstated the follow ing:

E6-fhis issom e fire shizit!!!!The buds are tight and dank as hell!!! 1'11bring it to
you as long as you have yourhard card. l've gota lotofstrains. Textm e and 1'11
letyou know whatl gotat the presenttim e and 1etm e know how m uch you are

5 D EA was able to confirm thatCED IG ITA LPO SSIZOI4''is the sam e vendor across allofthese
D ark W eb m arketplaces by confirm ing that in each instance 6ED IG ITA LPO SSIZOIZS'' w as
advertising the sam e public encryption key.Persons w ho are involved w ith D ark W eb narcotics
trafficking utilize public key encryption to com m unicate w ith otherpurchasers and sellers on the
m arketplace in order, for instance, to provide inform ation such as a shipping address. If the
m essage w as not encrypted, it would be visible by the adm inistrators of the D ark W eb
m arketplace,and by law enforcem ent,if the m arketplace server w as ever located and seized.
Public key encryption allows the sender of a message to encrypt thatm essage using a long
passcode know n as a public key,w hich the recipientofthe m essage publicly provides to anyone
w ishing to com m unicate w ith them .Thatm essage,in turn,can only be derypted by the recipient
using a corresponding private key know n only to them .The m ost com m only used encryption is
thatknown asPrettyGoodPrivacy(PGP)encryption.Almostal1Dark W ebmarketplacevendor
profiles advertise a public PGP key forthis purpose;the PG P key,therefore,doublesas a unique
fingerprintvisible acrossdark w eb platfonns.
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 13 of 17

looking forand lw illtry to accom m odate your needsatthe presenttim e. Iaim to

please. l'm on the dark w eb and l sella 1ot on there. l have nothing but great
review s.''

The advertisem entprovided atelephonenum ber,and a search ofpublic databases

revealed thatthe num beris a V elizon W ireless cellphone num ber registered to D EC KER atthe

address5745ArtesianStreet,Detroit,M ichigan48228(thetr eckerResidence'').

34. Subsequently, agents conducted a search of DECKER'S public social m edia

accounts and discovered thatDECKER utilizesthenam es RobertDECKER and ''DIGITALLY

PO SSIBLE''on Facebook.com . Both Facebook accountsare active and postphotos ofD ECK ER

and DECKER'Sw ife atvarious places in D etroit,M ichigan. O n D ecem ber25,2014,D ECK ER'S

DIGITALLY POSSIBLE Facebook profileposted aphotoofa cultivated marijuanabud with a

com m ent,6Elwook w hatsanta brought.''

35. In addition,the shipping labelforeach package containing the opioids purchased,

by D EA from D 1G 1TA LPO SSl2014,''listed the follow ing return address:

Rob's M icrochipdiode Store

P.O .Box 361
D earbonz,M ichigan 48127

36. Postal analysis revealed thatthe aforem entioned package originated in D earborn

Heights,M ichigan,near Detroit,and thatthe shipping labelwas initiated by Stamps.com an

online com pany w hich allow sitscustom ersto printtheir ow n stam ps and shipping labels.

37. ln addition, according to the United States Postal Selwice, the P.O . Box was

opened on N ovem ber 14,2014 and listed DECK ER as the only individualauthorized to receive

m ail.

38. On Febnzary 26, 2016, D EA agents observed a 2013 M aroon Honda, bearing

Florida license plate EM GF78 parked in the drivew ay of the D ecker Residence.A query of
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 14 of 17

Florida Highw ay Safety and M otor Vehicles revealed that Florida license plate EM GF78 is

registered to DECK ER and hisw ife.

F.Tor N etw ork A ctivity from the D ecker Residence

39. In order to detennine whether DECK ER,ancl/or som e othernarcotics-trafficking

co-conspirator,w as accessing crim inal,D ark W eb m arketplaces from the D eckerResidence,1aw

enforcem entbegan m onitoring the intenzettraffic to and from the IP addressassociated with the

DeckerResidence.

40. A s discussed above,because ofthe anonym ity provided by the Tor netw ork such

m onitoring w ould not revealthe ultim ate IP address of devices com m unicated w ith through the

Tor netw ork. H owever, such m onitoring could reveal connections to com puters generally

associatedwiththeTornetwork asrelays(ort-f'orNodes'')which arethecomputersandservers

designated by the adm inistrators of the Tor netw ork to route com m unications through the

encrypted Tornetw ork.

For exam ple, m onitoring the IP connections of a com puter connecting to

A lphabay through Tor,w illnot reveal any specific IP address associated w ith Alphabay.Rather

such m onitoring couldf reveal connections to com puters generally associated w ith the Tor

network as tt-f'
or N odes,''w hich are the com puters and servers designated by the adm inistrators

ofthe Tornetw ork to route com m unicationsthrough the encrypted Tornetw ork.

6 This w ould not necessarily be the case if the person w as adding an additional layer of
anonymity,such as a virtualprivate network (VPN) colmection,between them and the Tor
netw ork.

12
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 15 of 17

A com puterattem pting to connectto the Tornetw ork m ustknow how to contact

a TorN ode in order to initiate a Tor network session,and Tor N ode IP addresses are publicly

available,open sourceinformationon websitessuchas:htls://exonerator.toproject.org.

43. Therefore,m onitoring the traffic ofthe IP address ofsom eone suspected ofusing

the Tornetwork could revealconnectionsto IP addressespublicly associated w ith com putersand

servers know n to operate asTorN odes.

44. On M ay 25,2016,the D EA obtained a pelftrap orderfor a11internettraffic to and

from the Com cast IP address associated w ith the D ecker Residence.The pen/trap order results

obtained through July 23, 2016 reveal frequent internet connections from the D ECK ER 'S

residence IP address to know n Tor N odes and,therefore,the Tor netw ork,w hich is consistent

w ith som eone logging on to the crim inal,D ark W eb m arketplaces, such as A lphabay,through

the Tornetw ork,from a com puterlocated w ithin DECK ER 'Sresidence.

A lthough D EA has ceased m onitoring the IP routing inform ation from the Decker

Residence,the D ECKER vendoraccountw asseen active on A lphabay as ofAugust9,2016.

G .Bitcoin A nalysis

46. Analysis of D ECK ER 'S financial records revealed that DECK ER has a bitcoin

account w ith Coinbase- a bitcoin wallet host and exchanger. Coinbase records revealed that

D ECK ER 'S Coinbase usernam e is D IG ITA LPO SSIZOI4. The em ail listed on D ECK ER 'S

Coinbaseaccountisdigitalpossizol4@yahoo.com.Thetelephonenumberlisted on DECKER'S
Coinbase account m atched the contact num ber that D lG lTA LPO SSI2014 listed in the

aforementionedwww.michigan.budtrader.com marijuanaadvertisement.
47. A preliminary analysisofthe bitcoin block chain revealed thatthe majority of
D ECK ER 'S incom ing bitcoin transactions in his Coinbase account originated from dark net
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 16 of 17

m arkets such as A gora M arketplace,N ucleus M arket and Evolution M arketplace. In addition,

outgoing bitcoin transactions w ent to Local Bitcoins- a peer-to-peer bitcoin exchange often

utilized by dark w eb vendorsto anonym ously exchange bitcoin drug proceeds fortiatcurrency.

48. Analysis of D ECK ER 'S bank accounts revealed that D ECK ER spent over

$15,000 on Stamps.com and atthe United StatesPostOfticesince M arch 2014.

G .O verdose D eath Possibly Linked to D EC K ER

August4,2016,DEA agents leanw d from the United States PostalInspector that

a death in A rkansas had been linked to DECKER 'Snarcotics trafticking activities.

On Ju128,20l6,tw enty-one-year-old victim ,$6N .I.,''w asdiscovered by hisfam ily

non-responsive and lying on the flooroftheirhom e.N .lw as laterpronounced dead.

51. A form aldetennination ofdeath has notyetbeen m ade by the coroner.H ow ever,

according to the victim 's fam ily, N .l. strtzggled w ith opioid drug abuse, and there w as no

apparentcause ofdeath otherthan overdose.

The day after N .l.'s death,his fam ily discovered a torn-open and em pty U .S.

priority m ailpackage in N .l.'s room .D ECKER was listed as the return addressee and the D ecker

Residence w as listed as the retul'

n address.A ccording to the tracking data, the package w as

shipped from Dearborn heights M ichigan on July 22,2016 and picked up at a Post O ffice in

Scott,A rkansas on July 25,2016- three days before N .I.'s death.N o pills or other narcotics

w ere found rem aining in the package.

Later that sam e day after N .1.'s death,a new package w as delivered to N .I.'s

hom e w ith DECKER 'S P.O .Box listed as the return address.Inside the package,N .l.'s fam ily

discoverednine(9)hydromorphone(Dilaudid)pills.Accordingtothetracking data,thepackage
w as shipped from Dearborn heightsM ichigan on July 27,2016- the day before N .1.'s death.

14
Case 1:16-cr-20769-DMM Document 3 Entered on FLSD Docket 08/15/2016 Page 17 of 17

C ONCLUSION

Based on the foregoing,probable cause exists that:

Robert Kenneth DECKER,did,at least from M arch 25,2015 through

August 2016, conspire with the unknown administratorts) of A lphabay, to distribute

controlled substances, including hydrocodone, oxycodone (Percocet), oxycontin, m orphine,

hydromorphone (Dilaudid),in violation of Title 21,United States Code,Sections 846 and

841(b)(1)(c);
Robert Kenneth D ECK ER , did, at least from M arch 25, 2015 through

August 11,2016,conspire with the unknown administratorts) of Alphabay,to knowingly

conduct financial transactions, in bitcoins, involving the proceeds of unlaw ful narcotics

trafficking activities, know ing that the transaction was designed to conceal and disguise the

nature of the proceeds, in violation of Title 18,United States Code,Section 1956(h) and
1956(a)(1).

R espectfully subm itted,

LIL A INFAN TE,SPECIA L A G EN T

D RU G EN FORCEM EN T A DM IN ISTRA TIO N

The contents t s w ritten affidavit w ere subscribed and

swornbeforemeon gu ?
P- 016.'

H ON ORA B E JO J.O 'SU LLIV A N

UN ITED ST TES A G ISTR ATE JU D G E