Cyber security journalist Brian Krebs got an unexpected piece of fan mail this week, when a gram of heroin fell through his letterbox, taped to the cover of a magazine.

Silk Road
Heroin and other drugs are openly sold on the anonymous Silk Road website. (Credit: Brian Krebs)

A prominent blogger on cyber crime, Krebs knew the package was coming and had informed local police in advance of the special delivery, but he hadn't placed the order himself. Instead, the would-be smear campaign to tip off police and catch Krebs in possession of Class A drugs was orchestrated by a Russian fraudster calling himself Flycracker.

Administrator of a cyber crime forum, Flycracker hatched a plan to buy heroin from the Silk Road website, which openly sells all manner of drugs and delivers them to your front door. Silk road is however hidden in the murky world of the Dark Web, a part of the internet only accessible via the Tor network, and where all payments are made anonymously with Bitcoin.

Must Read: What is Bitcoing and how does it work?

Once bought, Flycracker planned to have the heroin delivered to Krebs' house, then phone the police pretending to be one of Krebs' neighbours with a tip-off that the journalist was in possession of drugs.

As for how Flycracker found the right address, Krebs told IBTimes UK: "In America you can find almost anyone's address very easily, or if not you can always purchase it along with just about every other precious piece of personal data from one of several sites in the underground."

A day after the heroin arrived, Krebs' blogged: "Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery."

Exclusive, closely guarded forum

The Russian-language forum is described by Krebs as a "exclusive and closely guarded" message board "dedicated to financial fraud and identity theft.

On 14 July, Flycracker posted a new discussion thread called 'Krebs Fund' in which he laid out plans for his smear campaign. He asked members to donate Bitcoins to the fund, which would be used to buy a small amount of heroin in Krebs' name and have it sent to his Northern Virginia home.

Krebs is no stranger to this type of attack, having previously seen a 20-year-old hacker send a SWAT team to his home.

Silk Road buyer feedback
Buyers of heroin from Silk Road leave positive feedback. (Credit: Brian Krebs)

Members raised around two Bitcoins (£130) and Flycracker then tried to buy heroin from a Silk Road trader called Maestro and bought a dozen bags (buy 10, get two free) of heroin for 1.65 Bitcoins, or about £107.

On 29 July a package was delivered by Krebs' local postal company, inside of which was a May 2013 copy of Chicago Confidential magazine with 13 plastic bags taped to the back cover. "I guess the seller in this case was worried that 12 packets didn't quite meet the one gram measurement," Krebs assumed. "So he threw in an extra one for good measure."

Krebs called the police again, who took the substance away for testing to find out if it is as "high and consistent quality" as described in the advert.

Shopping on Silk Road

As all Bitcoin transactions are public - and can be seen through the BlockChain website - it is easy to track the currency as it is being spent, but the sender and receiver remain anonymous, and adding a further layer of anonymity is the fact that purchases on the Silk Road are handled by a second set of internal buyer and seller accounts.

Graduate student Sara Meiklejohn helped Krebs to chase down the heroin purchase. "All Silk Road purchases are handled internally by Silk Road," Meiklejohn told Krebs, "which means money trades hands from the Silk Road account of the buyer to the Silk Road account of the seller.

"These accounts aren't visible on the Bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set addresses that represent the collective account balances of all Silk Road users."

Impossible to track

Put simply, Silk Road shoppers must first open a Bitcoin wallet and a Silk Road credit account. Bitcoins can then be transferred to the Silk Road account via a number of Bitcoin wallets operated by the Silk Road marketplace.

The currency is then impossible to track until a seller transfers money back to his Bitcoin wallet, and from there he could withdraw it as a real-world currency like dollars or pounds via a Bitcoin exchange such as Mt. Gox.

Krebs told IBTimes UK this was his "first real venture into the Silk Road" and added that browsing the site was incredibly slow. "It took me several hours worth of refreshing web pages to actually get the screenshots."

The former Wall Street Journal blogger also told us that he estimates the number of Silk Road users to be "probably in the hundreds of thousands, if not millions" yet none of the police he spoke to during this incident had heard of the website.

Krebs now hopes to find out more about who Flycracker is and will reveal this on his blog at a later date.