It was a drug racket like no other. A kingpin called the ‘LSD King’ operated it from a Karnataka prison. Raghunath Kumar sat there with laptops and phones, and like a spider he controlled the dark web’s drug market like a pro. He used Zomato, Swiggy and Amazon to deliver the so-called herbal products brought in from the UK, US, Canada, Netherlands, and Poland. Customers were drawn in by advertisements that resembled a restaurant menu and featured offers on Instagram, WhatsApp, Snapchat and Wickr Me. Payments were made with cryptocurrencies on the dark web. Telegram was the chat platform everybody used. And it involved fashion designers, engineers, a medical student, a Narcotics Control Bureau personnel and an Army officer’s son. Foreign Post department played a part too.
But the inspiration for India’s LSD King came all the way from Texas. Ross Ulbricht, aka Dread Pirate Roberts, a middle class graduate from Texas, made it to the FBI’s most wanted list and was arrested in 2013. His crime? He created and launched the notorious first-of-its-kind darknet market website — Silk Road — that sold illegal drugs in the US. Users were facilitated to transact anonymously, through cryptocurrencies. The site hidden in the dark web used ‘ToR’ – an anonymity network that hides your identity as you browse the web, share content, and engage in other online activities – to create bitcoin to escape the money trail. After Ulbricht’s arrest, the Silk Road was neutralised.
Almost a decade later, the NCB stumbled upon a similar operation. Unlike Ulbricht, who operated from libraries, the kingpin in this case, a college drop out, sat in Karnataka’s Bellary Central Jail, crowning himself the ‘LSD King’ as he dealt in drugs online.
It took NCB 11 months to investigate and bust this racket. It was a unique case. “This was an investigation first-of-its-kind, that ended with zeroing in on the LSD King,” said Gyaneshwar Singh, Deputy Director General, Northern Region, NCB.
During the course of the investigation, the team recovered Rs 23 lakh (in cash?), 25.8 kg of high-quality cannabis, 286 MDMA or Methylenedioxymethamphetamine tablets, 40 kg of heroin, 275 kg of charas, 3,449 LSD blots, 13 kg of psilocybin, a hallucinogenic alkaloid from ‘magic mushrooms’, and a cache of pills that would put a pharmacy to shame.
The most difficult part of the year-long investigation was connecting the 40 accused to the case, owing to the use of bitcoin for the deals and anonymous accounts handling the transactions. Kumar’s operation allegedly had a turnover of Rs 2 crore—all in cryptocurrencies—but the investigating agency couldn’t recover the money. Parcels couriered to India from other countries blew the lid off the entire operation.
The best kind of ‘green’
More than 1,700 km from Bellary, at the Foreign Post Office in Kolkata, security personnel were puzzled by unclaimed parcels that had come from the US and Canada. They informed the NCB.
The parcels contained a ‘green kind of cannabis’, which on further analysis, revealed a very high amount of THC or tetrahydrocannabinol. Levels of THC determine the effect of the drug on a person’s mental state.
It was the best kind of green, reportedly the world’s costliest and strongest marijuana strain, smuggled across the Atlantic into India. The NCB team realised that it was dealing with a drug operation with a global network.
“It all started with 44 (unclaimed) parcels in Kolkata’s Foreign Post Office. In a span of 11 months the agency used various online tools — darknet indexing, crawling, and cataloguing in addition to the technical and field intelligence collection and analysis for apprehension of traffickers and recovery of drugs,” Singh said.
Kumar had used every weapon in his tech arsenal, from creating anonymous accounts and single-use wallets for crypto payments to setting up new virtual drug markets and scouring old ones. The NCB had a hard time tracking each nugget of information and seeing where it led, said a source privy to the investigation.
“Once the unclaimed parcels were recovered, investigators started working backwards — locating where they had been sent from. Documents, digital footprints and other technical details were examined. Simultaneous raids were conducted to nab the culprits,” the source added.
When the investigating team started connecting the digital strands of clues, all trails led to kingpin Raghunath Kumar who was already lodged in Bellary prison. He had been arrested in connection with a seizure of LSD blots in June 2021, and charged under the Narcotic Drugs and Psychotropic Substances Act. Now, they needed to ensure that their evidence was watertight to withstand scrutiny in court.
“However, in such cases, it is a tedious task to connect the evidence to the accused. Everyone knows the story but work doesn’t end there. It has to be proved in court and hence evidence collection to documentation takes time in these cases. Even the single-use wallets and UPIs were created on fake documents,” the source said.
Cybersecurity and artificial intelligence experts suggested a two-pronged approach to tackling this menace: Indian investigative agencies must invest in dark web monitoring tools, while the government should clarify what cryptocurrency is classified as, whether it is legal property, or a digital financial asset class.
“Chainalysis, a Singapore-based blockchain data platform, claims that the darknet market set a new revenue record in 2021 as it brought in a total of $2.1 billion in cryptocurrency. Over the past several years, the international community has made significant progress by improving information sharing, sharpening law enforcement’s technical capabilities to take down illicit marketplaces, and regulating the transfer of cryptocurrency transactions,” said Dominic Karunesudas, founder & chief technology officer at Cyfertxt Consulting Pvt Ltd.
With the authorities here playing catch-up, the LSD king took advantage of the system. Kumar’s time in prison had only broadened his scope of operations. Sources told The Print they suspect that his time in jail had further fed his drive to become bigger, without getting caught. “The LSD King must have thought to himself, ‘How do I avoid getting caught? What’s the best way to do this?’” said a source. Bitcoins and the dark web were his answer.
‘Guruji’ & his ‘Breaking Bad’ team
Raghunath Kumar had a clear idea of how he wanted to run his syndicate — identify trusted vendors in India and abroad, and provide a platform for them to connect with the dealers and suppliers.
He wanted as little paper trail as possible, and was canny enough to not be hampered by hubris. He wanted to recruit ‘educated’, tech-savvy and skilled Indians who not only knew their way around the virtual underworld landscape, but could also cover their trail. This is why he also had a professional financial analyst in his team.
Kumar styled himself as the operation’s ‘guru’, idolised by the other key players, or ‘main accused’ in police jargon. They obeyed his instructions the way a devotee would follow scripture. This is also why one of the pseudonyms he used was @Guruji while another was @shoppersstop. He allegedly used these pseudonyms to review drug flow on the dark web, and influence the market, all this, while he dealt with vendors.
According to sources, he even jotted down pointers on how to deal drugs on the dark web. News reports said he had circulated a ‘Gita of Darknet’, but Singh did not comment on it.
There were times, when the NCB team felt it had waded into an episode of Breaking Bad, the hugely popular series on the transformation of a chemistry professor into a sociopathic drug lord. Some of Kumar’s associates went by their favourite character names online – Jesse Pinkman, Walter White, and Heisenberg. Other names reflected the drugs they dabbled in such as Masalacoke, AuntieMarie, and Tripplylane, to name a few.
They hid behind the screens of their electronic devices and used VPN to mask their IP addresses while making discreet deals using cryptocurrencies.
As the investigation gathered steam, the NCB started making arrests, and the web of Kumar’s operations started to untangle. Guhan Sarvothaman alias Sarvo, online name @AuntiMarie, was arrested at Indira Gandhi International airport. At the time, he allegedly had 30 grams of high quality weed and 0.45 grams of ecstasy on him.
Tareena Bhatnagar was arrested for ordering consignments through Televend (an automated software programme that peddles illicit narcotics for people paying with bitcoin) on Telegram. Financial analyst, Shradha Surana, Karan Kumar Gupta – who delivered the narcotics to various locations – and Jasbir Singh were among the other arrested accused.
The NCB zeroed in on a fashion designer, Suvashish Roy, medical student Aditya Reddy and Sidharath, the son of an army officer. According to the NCB, Sarvo revealed that he had allegedly given Rs 6 lakh in cryptocurrency to Jasbir for high quality weed. Surana was allegedly using a fake Aadhaar card under the name of Simrin Singh.
But it was the arrest of a Gujarat couple, Krunal and Dixita Golwala, who were earlier involved in a bakery business that led the agency to the LSD King.
Variety of syndicates
The darknet crypto cartel operated across three different drug syndicates—the Orient Express, DRED, a dark web page for reviewing rating the internal performance of drug dealers in India, and Dark Net Market (DNM India).
“The Telegram group, Orient Express, had around 300 members. Vendors acted as sellers and dealers and had assumed virtual identities, pseudonyms. DNM was the platform used by the tier 1 of the dealers to sell and buy and also locate other suppliers,” a source said.
One module active on darknet would use pseudonyms for drug dealing, while foreign vendors used DRED ratings to choose the suppliers and then DNM was used to sell and buy the drugs, the source added.
Several of those arrested were admins of Orient Express. A total of 43 cases were lodged in the matter. “While foreign vendors were paid in crypto currency, payments from vendors were received through single use wallets — UPI transfers. This was again converted to crypto currency and transferred through exchanges,” DDG Singh said.
Roadblock for investigating agency
Such cases are becoming more and more frequent. Hyderabad Narcotics Enforcement Wing has also busted a racket involving two darknet kingpins and six peddlers who dealt in transactions of around Rs 30 lakh in cryptocurrency.
“In a sea of web pages, finding a particular dark web page is a herculean task. It requires a set of specialised tools,” said a senior Hyderabad police officer. And when the transactions are completed, more often than not, the wallet is closed. “Even if we get the front and the receiver’s end, the intermediaries are difficult to locate. When the origin and the end receiver’s wallet is based abroad, the investigation ends in limbo.” For law enforcement agencies, it’s a frustrating experience.
Officers with the narcotics enforcement wing and local police explained that in the virtual drug market, a single search and access through ToR, of keywords like ‘weed’, ‘ecstasy’, etc, leads the user to the right place. In most cases, the dealers and buyers don’t know each other’s identity, which also acts as another roadblock for the investigating agency.
“In cases where the money is attained through UPI, and then converted into crypto and moved into exchange wallets outside the country, it becomes impossible to trace as most of the exchange companies don’t share the KYC addresses,” a Delhi Police officer explained, the frustration was evident in his voice. “The only thing left with investigative agencies is the algorithm — the alpha numeric code of the wallet and the address continues to remain anonymous.”
Sex stimulating drugs, politics & potholes
From Kolkata to Karnataka to Kerala, crypto is fast becoming the currency of choice among criminals.
Kazim Rizvi, a digital policy expert and founding director of The Dialogue, stressed on the importance of regulators classifying cryptocurrency as legal property and digital financial asset class to tackle illegal finance transactions.
“Some international best practices suggest working closely with private players to ensure they are aware of the existing regulations that would apply to the crypto ecosystem and the risk associated with illicit financing. In addition, the government could consider conducting an illicit finance risk assessment on decentralised finance, like in the case of the US, to understand the landscape better and mechanise appropriate enforcement tools,” said Rizvi.
The NCB arrested ‘India’s first narcotics vendor’ on the dark web in February 2020. The accused, 21-year-old Dipu Singh, was the son of a retired Indian Army officer. The hotel management graduate, from Alambagh, Lucknow, allegedly used the dark web to find buyers for psychotropic drugs, which he then couriered to clients in the US, UK, Romania, Spain and some other European nations under the guise of sex stimulation medicines. Payments were made in Bitcoin and Litecoin. The same year, the agency arrested a student from Kerala, Fahim K Faizal, and three of his associates, for allegedly using bitcoins for purchasing and dealing in MDMA.
And there was the infamous Karnataka bitcoin drugs scam case that created a political ruckus with the opposition going all guns blazing at the ruling government.
It began rather innocuously with the Central Crime Branch (CCB) of Bengaluru police arresting two people in a drugs case. At the time, police announced the seizure of 500 grams of “hydro marijuana” that was procured via the dark net using cryptocurrency. But it was the third arrest of a hacker from Bengaluru, Srikrishna Ramesh or SriKi that opened a can of worms.
SriKi claimed to have hacked and stolen thousands of bitcoins from various exchanges. He gave a statement claiming he had stolen over 5,000 bitcoins and was involved in the 2016 hacking of Bitifinex, one of the largest cryptocurrency heists in the world. However, the police have not charged him for these specific claims as there was no evidence. Opposition Congress demanded the probe be handed over to Enforcement Directorate and CBI.
Things turned embarrassing for the Bengaluru Police after they announced that they had accessed around 31 bitcoins worth Rs 9 crore from Srikrishna’s personal electronic wallet, only to later say that they were ‘deceived’ by him. They clarified months later, saying that it was a live exchange wallet and the accused didn’t have a private key to it. The ED is probing accounts held by SriKi’s family members for alleged money laundering.
But it’s not just drug dealers who are turning to the dark web. In a new trend of cases seen by cyber cops across the country, cryptocurrencies are being used to camouflage dealings, in Chinese instant loan app scams that end up with blackmail and extortion.
The network is like a multi-headed hydra. For every crypto king brought down, another one rises and thrives.
(Edited by Tarannum Khan)