Darknetlive

  1. Home
  2. Posts
  3. Unsorted Notes About the RCMP's AlwaysOverWeight Case

Unsorted Notes About the RCMP's AlwaysOverWeight Case

Table of Contents

On February 13, the Royal Canadian Mounted Police announced the arrest of three suspects as part of an ongoing investigation into the darkweb vendor AlwaysOverWeight. However, online, there is a growing belief that the RCMP incorrectly identified the suspected drug dealers.

This post concerns the contents of the RCMP’s press release about the investigation into AlwaysOverWeight and is not likely of interest to the majority of readers.

After the announcement, AlwaysOverWeight (aka AlwaysOvrWeight/AO) emailed the public email address for Darknetlive. The emails contained signed messages as well as demands that Darknetlive remove the article. These emails carried very little weight at the time. If law enforcement had obtained the credentials to AO’s computers and accounts, they could have sent an email from AO’s listed email address and signed messages with AO’s listed PGP key. Regardless, here is the most recently signed message from AO:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

AlwaysOverweight
-----BEGIN PGP SIGNATURE-----


iQIzBAEBCAAdFiEECJTixOJNFgMoshZ2B0MGeSIE8xkFAl5TAaAACgkQB0MGeSIE
8xkJ5A//cgVtMHEB4qPwgmIzHnhiXtOKECTYyiImYgoy5NYeY5669MGo4opOUWzg
nf9lxOz6XXu3hgVCu4RLEhk8wqiMeEEbCDYNd896CbuXKkoxIW9KL2Msc/bPZQaX
BNNPMhZe4R6hs8JnblIr49tK8KiuxBb/HbgIXnyzo+lZMuTZHnuqcIsVJwB4qyxa
18WmYJITxXZPjpMwT54HP0+Gnqt7wKmpVQfe/EbD000VchvQBCPaTZs+2unbs9Lo
9RATQf17Eql8WuscUspdiVqa7h00ZcTMOJH6rqf8vLCCn5Y11fNfwWVs3TYFKz4O
qnayD4Z3VNYv1YkhRLoLYcCEIDTSvyL9yLXdSGpIHkE3DG4xVzLsjNB/rqrGmLZ3
0fh+AgbczoDJdB4a060uimj/eJKmmsermyBsEGywPcvgTYBh/WE9dTzHQzfgj6tP
wqluaMFDz3/VDJW3ZtJgEOoAOUZHF6a2O+Cp4WTbuOOfaVKU8/BSg7r8PsFml+C/
oRa/P1hXoPiEAdZRDiVtm2yBcfZrP10ZpTt7fxcfZS4TjwvncWJn4B/Yn9tHTN44
pH14YinSGqG1Yh/5OU1OyykOUtBrz7d0N7rbk1+2dJ6U17ATLnKL7lFf07cb9h5S
O25UqfthMNkNecUymYFm1QBkhxTWpIv9RSWAzBwmbQPEhNMZt/4=
=vGTK

-----END PGP SIGNATURE-----

The entire situation is unusual and difficult to understand. But there are some pieces of information that stand out and are worth considering. Also, the RCMP provided no additional information and directed me back to the announcement. So there are no official updates.

The Press Release

The RCMP’s press release is intentionally vague. Relevant sections are below.

Earlier this month, officers from the RCMP Federal Serious and Organized Crime (FSOC) executed search warrants at two residences, arrested three people and located and dismantled a gamma hydroxybutyrate (GHB) processing lab as a result of a year-long investigation into dark web drug trafficking in Nanaimo, BC.

In January 2019, RCMP FSOC began project EPateriform, an investigation into online drug trafficking using the dark web and bitcoin exchanges. The project targeted a prolific dark web vendor known as AlwaysOvrWeight. Using conventional and non-conventional techniques, RCMP FSOC narrowed the dark web vendor’s location to Nanaimo BC. RCMP FSOC determined AlwaysOvrWeight was also using encrypted communications to traffic drugs online as bcpremo88.

Drugs seized during the raid |  RCMP

Drugs seized during the raid | RCMP

Over the course of the exhaustive, year-long investigation, investigators gathered evidence to support allegations that AlwaysOvrWeight was facilitating the online sale and shipment of a wide variety of drugs including cocaine, heroin, methamphetamine, GHB, psilocybin (mushrooms), ketamine and fentanyl to Canadians. The investigators also gathered evidence to identify persons working behind the AlwaysOrvWeight moniker.

On February 04, 2020 RCMP FSOC, with the assistance of RCMP Federal Clandestine Laboratory Enforcement and Response Team (CLEAR), executed a search warrant at a residence in the 3900-block of Hammond Bay Road in Nanaimo BC. A GHB processing lab along with evidence of drug packaging and trafficking, was found inside. On the same day, RCMP FSOC searched a residence in the 6100-block of Kiara Place in Nanaimo BC wherein evidence of drug trafficking using the dark web was located. Three Nanaimo residents were also arrested. No charges have yet been laid as the investigation remains on-going.

RCMP on scene along Hammond Bay Road

RCMP on scene along Hammond Bay Road


History

It is unclear why the announcement claims AO used the name “bcpremo88” for communication online. BCpremo is a completely unrelated darkweb vendor who also ships packages from Canada. BCpremo used the handle “bcpremo88” on Wickr and conducted business via Wickr. Both vendors have a somewhat similar history.

AlwaysOverweight

In early May 2019, Dread users noticed AO had entered vacation mode on Empire Market. Some assumed law enforcement had arrested AO or that AO had exit scammed. AO showed up in those threads to let customers know about some “restructuring.”

/u/AlwaysOverweight on June 3:

Dear Clients,

I do apologize for the sudden closure. The company needs some restructuring in order for it to continue to offer you a great all around service. I will be back better than ever. If your order was marked shipped then it should have gone out. Any orders that were paid for went out. No this is not an exit scam.

Thanks all of your business, each and every customer is valuable to us and we look forward to working with you in the future.

AlwaysOverweight


One of the users who had initially suspected involvement from law enforcement returned to the thread in June to let users know that AO had fulfilled his $700+ order. A Dread user on June 10:

Sad to say but I think AO is gone , busted maybe idk but I definitely dont think he ripped me off as he has no reason to but it’s a sad day for Canadian buyers to lose such a great vendor . I loved that man!

Five days later, the same user wrote the following in a thread about AO’s return:

Its all good, he got back to me and i recieved my order this friday past, and he threw in a few extra things for the wait, AO #1 vendor on dn in my opinion!

That user has not posted since June 15 and likely used their account only for the purpose of discussing AO.


BCPremo

BCPremo also found themselves at the center of similar discussions in the same subdread. One user created an account on June 1 and posted their concerns about a pack from BCPremo getting seized. Later, also on June 1, that user claimed the tracking had finally updated and that all was well. That user never returned (likely a burner account). The majority of the comments in the threads about BCPremo have been deleted. Many of the users removed their entire accounts.

Like AO, BCPremo showed up in the threads to explain their absence.

BCPremo, on June 3, responded to a now-deleted comment with the following:

Look I have sent the admins of Empire a request to get back in our site and they are being slow. If you want to cancel you r order go ahead! We are not here to scam anyone! We had a solid rep on Dream, we got scammed on WSM, we have 5 star on both Empire and Nightmare. We take care of all our customers and sell a1 PRODUCT! Once we gain access to Empire we can look into this order. We were not online on the 29th we lost access on the 24th.

BCPremo On Dread

BCPremo On Dread

They added additional detail in second comment in the same thread as the above comment. BCPremo stated they had lost the private key needed to decrypt the 2FA challenge on Nightmare Market and on Empire Market. They asked users to contact them via Wickr until they set up a new account under the name “Platinum888.”

Hello we are currently working on gaining access to our store. We lost our private key! We are setting up a new account Platinum888 both or stores of BCPremo on NIghtmare and Empire were under the same Key. Contact us via wickr in the mean time. bcpremo88

Both vendors took “breaks” at similar times in 2019. AO returned fairly normally. BCPremo returned without their PGP key but also seemingly shipped packages as if nothing had changed. Is it possible the RCMP thought both accounts belonged to the same vendor?


Present

A number of users commented on the last AO article with some insight of their own.

i have a thought

I think it was bcprem0 theyre talking about. I had an order with them when this dropped and it all went to shit. They had just recently changed their pgp key and also theyee contact on wickr. Their comma have been weird as fuck too, much differenr than ny precious orders. I also know for a fact they are based in nanaimo and ship from there. So eother you guys made a mistake, the cops did, or whoever sent the info. Im like 99% sure its BCprem0 and not alwaysovrweight. Do with that what you will, but the guys i ordered from were NOT the same as they were before.

sfgdethg

I don’t think they caught the real alwaysoverweight as i received a package from him yesterday and was communicating with him just a couple of days ago

Uhh..

I bought from him received package at the end of january so before the bust.. but everything was fine. Than I tried buying form him again but was unaware of the exit scam by apolon and AO was the one that told me apolon was exit scamming.. this was like 4 days ago after the raid so… This is confusing as fuck

There is no way of knowing if the users leaving these comments are telling the truth about their orders or contact with AO.


Marketplace Accounts

Users continued to mark transactions from AlwaysOverWeight as finalized until Empire Market banned the account (as a precautionary measure) after the RCMP announcement. The RCMP announced the raids on February 13. According to the announcement, the RCMP conducted the actual raids on February 3.

AlwaysOvrWeight on Empire Market

AlwaysOvrWeight on Empire Market

BCPremo’s old account on Empire Market was last active the day of the RCMP’s announcement. BCPremo’s more recent Empire Market account (BCPrem0) is still active and receiving feedback as of February 25.

It seems unlikely that law enforcement would continue to use either account after announcing the arrests made in connection to the case. It also seems unlikely they would make the mistake of identifying the wrong vendor in a year-long investigation. Equally strange the press release claimed AO had used the BCPremo handle online.

BCPrem0 on Empire Market

BCPrem0 on Empire Market


The release significantly downplayed the arrests.

Three Nanaimo residents were also arrested.

It mentioned the arrests in a paragraph without any references to AO or BCPremo. The press release describes two events: the investigation into AO and the raids in Nanaimo. None of the suspects were charged with any crimes as of the announcement (and no new information has been provided by the RCMP since the announcement).


The majority of the information available online does not support the theory that the RCMP arrested AlwaysOverWeight.

  • If they had arrested AO and wanted to run an undercover operation with AO’s account, why would they announce the arrest?
  • If they had prematurely announced the arrest, why would they continue to use AO’s account?
  • If they had arrested AO and BCPremo but wanted to push buyers to BCPremo, why would they name BCPremo at all?

I have no explanation for what really happened. Best case scenario is the RCMP arrested three suspected dealers who resold drugs purchased from AO on darkweb markets and from BCPremo via Wickr. None of the suspects were arrested at the house where the RCMP discovered the GHB lab. Worst case scenario for these vendors is that the RCMP is playing 5D chess with this kind of information (or disinformation).

AO might be in control of his account. He might also be in custody and the RCMP are actively fucking with buyers.


Other Notes

AlwaysOverWeight sent three emails. The first two simply demanded the removal of the article. The third email contained actual information. All came from the appropriate email address.

AlwaysOverWeight is clearly active on Dread

AlwaysOverWeight is clearly active on Dread

A different party sent an email to the primary Darknetlive email address that made a similar demand: “Please remove all comments of people saying bcprem0 is related to the arrest and seizure of AlwaysOvrWeight.” The message came from an email address I did not recognize and the sender had encrypted the message with an outdated PGP key.

Both parties are welcome to send a signed message. Anyone from the RCMP is certainly welcome to send an email with any additional information.