Emil Babadjov, the person behind the vendor aliases “Blime-Sub” and “BTH-Overdose,” was arrested and made his initial court appearance on December 14 2016, in San Francisco. According to the indictment he sold heroin, fentanyl, and methamphetamine on Alphabay with both accounts having combined over 2300 sales.
This article will focus on how law enforcement investigated and eventually caught Babadjov. Since the complaint is quite lengthy the article will outline the key parts of the investigation and tell them in a structured order.
The leading DEA agent investigating this case, John Rabaut, is part of Central California Darknet Strike Force which is dedicated to combating the use of dark web marketplaces and digital currency to distribute narcotics and launder money. He began analyzing and investigating top heroin vendors on Alphabay in January 2016. Since Emil Babadjov started vending under the name BTH-Overdose in November 2015 he was one potential target for the agent.
However it wasn’t until September 2016 when Rabaut initiated a full investigation into the vendor BTH-Overdose. Since users mentioned in a forum that he was shipping from the west coast, possibly somewhere in California, the Central California Darknet Strike Force found their perfect target.
The agent took a look at the public PGP key of the vendor which revealed that it was tied to the email address “[email protected]***.com”. A quick social media search returned a Facebook account that contained the vendor’s real name, Emil Babadjov, but written backwards.
On November 14th 2016, Rabaut sent a subpoena to Coinbase to get any information they have about said email address. Coinbase replied promptly and provided useful data: in November 2015 the email address was used to create an account for Emil Babadjov. Furthermore, in March 2016 someone attempted to create another account, again with the name Emil Babadjov, but using the email address “[email protected]***.com”. The agent now suspected that the vendors BTH-Overdose and Blime-Sub are somehow connected.
The DEA agent also found out Babadjov’s address through his drivers license and discovered that he was arrested in 2013 for possession of controlled substances, although the charge was dismissed later. Because of the previous arrest, his fingerprints were already recorded which would later be another nail in his coffin.
On October 19 Rabaut bought $800 worth of bitcoins, to buy 3g heroin from Blime-Sub on the next day. When the parcel arrived a few days later, he was able to get it’s return address and tracking number. The content of the parcel was submitted to the DEA western regional lab for fingerprint and drug analysis.
After two weeks he got a response from said lab, which stated that it was a mix of heroin and fentanyl. Furthermore, due to the Postage Validation Imprinter (PVI), a US postal inspector was able to see that the postage was bought on September 18 2016 via a Self-Service Kiosk (SSK) less than a mile away from Babadjov’s known address.
Since the SSK systems automatically make photos of the people using them, the postal inspector forwarded a photo of the man who used it during the transaction to the DEA agent. Rabaut was then able to identify the person in the photo as Emil Babadjov, according to the drivers license and social media photos he gathered.
On November 16 2016 the agent received another response from the DEA western regional lab, that stated that two fingerprints belonging to Babadjov were found on the exterior of the submitted parcel.
This was enough evidence to arrest Emil Babadjov. If convicted, he faces a maximum statutory penalty of 20 years in prison and a $1 million fine. It is also noteworthy that this case has much similarities with the bust of Area51 a.k.a DarkApollo.