Author Topic: Security: Why claims are dangerous to believe  (Read 17186 times)

Dread Pirate Roberts

  • Captain
  • Administrator
  • *****
  • Posts: 566
  • Karma: +552/-41
    • View Profile
    • Personal Message (Offline)
Security: Why claims are dangerous to believe
« on: December 14, 2013, 02:23:54 am »
To start, I would like to make this clear to everyone involved that Silk Road does not have malicious intentions or an anti-competition attitude, we actually require competition to keep us motivated and for the diversity of the network but in order to fulfill that function the competition must be a safe one which does not put people in harms way or subject to possible exploit. This post I hope will demonstrate to you why claims a market makes does not correlate to the true story and we would like to demonstrate this with Tormarket.

At this moment in time, I also want to clarify in light of recent events the full disclosure everyone deserves to know. This investigation started under the suspicion that Tormarket was behind the ongoing DDOS against Silk Road but has since taken another turn when we looked below the surface a little more. I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will so I won't go on about this much more as it is actually not something that matters any more since we are definitely en route to fixing it if you have watched our recent developments, but over Tor such attacks are not trivial to correct. All of this is done in the name of safety and I hope the owners of Tormarket can take this seriously, go away and rethink their strategies because as I will discuss later we didn't even put much effort in to extracting this data.

What is it I am attempting to prove?

To take it from the home page of Tormarket, I wish to publicly overturn the rumors and falsehoods of some of the below:

Quote from: TorMarket
Darknet Market done right

Secure codebase, competent operators, and common sense.

Common sense I will allow that to pass as a subjective matter and how they wish to operate their market is none of my business. Competent operators - again it would depend on your individual definition of that. Secure codebase - let us put that to the test.


Let's start with the basics

One of the most valuable pieces of any website is the database. It controls so many parts of the site and without it there could be no effective market, so we started trying to extract the information from that. Surprise surprise, it didn't take long to grab the structure:

Code: [Select]
orders table
  - id
  - price
  - status
  - qt
  - address
  - notes
  - crypto_currency_id
  - buyer_id
  - buyer_username
  - vendor_username
  - vendor_id

vendor table
  - id
  - username
  - banned
  - currency
  - location
  - messages_id
  - messages_body


Now we've had a sneak peak at their table structure, it was decided to have a trawl through the messages that vendors had sent to customers. We will list a little segment below, some vendors here might recognize their own messages with of course sensitive information removed from below.

Code: [Select]
Paulwalker : thank you.   
S0wl : has been sent.  if?   
17538 : here's a screenshot   
Strings999 : hello,i was sent an invite while   
OGCorleone : hello, thanks for your order :)   
Puntitot1 : has been sent.  if?   
Berndman : hello,  your order is ready to ship.  you have to finalize now.   
Crepuscular : hello,  did you order here or on  heep? what am i missing?   
Jackpot1875 : hello,  your order is ready to ship.  you have to finalize now.   
Spartanec731 : hello to  you as well . indeed it is the original haizenberg , and offence non taken , :)   
Dogtanian : hello my friend good to hear from you,   
Levlvov70 : hehe i was joking, but you seem cool man. i ll send you a sample of one each...   
Az12er34ty56 : hello!  i requiered a seller account here  i am matrixx on bmr with more than 180 positives feedback!   
Strom : hello,  your order is ready to ship.  you have to finalize now.   
MickeyMantle : hi there, when your product has arrived please mark as arrived and set a positive feedback on your experience   
Qwertyqazwsx : haha, won't do so brother... your order will ship asap.   
Toefia : abgemacht. dann sind 7 tage rum und dann kann ich dir reship anbieten.   
Spaniard : always verify identity using pgp key   
Gtiv : allso mit unserem shop werden wir im lauf der nexten woche online gehen. wenn du willst kanst du auch dar ber verkauf n. wegen den geb ren bist du mit 1  einverstanden?  einfach f r hosting arbeit usw. ich werde noch ein paar andere verkaufer fragen ab
JTLeary : always verify identity using pgp key
MrTrump : ah yes i just saw it! i think with out 1700 orders and 100  feedback on sheep it will be going strong! -)
Slappfisk : bare   
Piccolabesti : azi fb   
Mushinmusa : bajs fr n katter?...   


Then an order note which was from a buyer to a vendor, we'll keep this very select for obvious reasons:

Code: [Select]
From: JackCubrick
To: GodfatherNL
Purchase:  *** 1 gram pure uncut cocaine ***
Message: hey there. please ship asap as i would like to place a large order before christmas once i have confirmed weigh in and quality


Worried? So were we.



Up to this point we weren't looking for any kind of mass data extraction, but in the interest of ensuring the users of Tormarket are safe, we had to do it anyway. The summary of some of the data we went through was to see who the top buyers were, something of equal interest to law enforcement as vendors except it is more likely a buyer will have leaked personal information on the site than a vendor. So who are the top buyers:

Code: [Select]
Top 15 Buyers by number of products purchased

Buyer ID   Buyer Name
16759      icq
13621      jackcubrick
12226      shedrik
11994      dreamsage
13100      purpleextreme
12274      [redacted]
18634      [redacted]
10625      sebb66g
13572      choicethespi
16611      felsad
14731      marvel
11001      madcunt33
13127      sleep12
18308      roxas50
13132      rstevens


So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

Code: [Select]
Purchases made by jackcubrick
Vendor: Product

PureHeaven : 3 Grams of Tested 90% Cocaine...Verified Vendor!
ozconnection L 1 gram Peru Cocaine Australia
sunwu : 250mg Pure Alprazolam Powder (Xanax) - USA
tomorrowman : 3 grams tan mdma crystals 85%+ purity
demoniak : 2GR PINK Speed (dry)
sunwu : 250mg Pure Alprazolam Powder (Xanax) - UK
wilfred : 3.5g Hydroponic BUDS - HIGH THC - New Vendor Special !!
justincase : 10 regular seeds - Hindu's Shiva
uperspeedbros : 2g of Speed -- Amphetamine sulfate
godfathernl : *** 1 gram pure uncut cocaine  ***


So can this extraction be scaled up to getting entire lists of users? Well we found out:

Code: [Select]
BuyerID,BuyerUsername
10011,giveemhere
10037,brian146
10039,jayjay
10042,downlowfunk
10046,torrex
10061,minimilk
10066,mightymax
10067,screwtape
10069,datamatrix
10072,shlooky
10073,okipoki
10078,brithney85w
10081,greenjoker
10082,odyssey47
10086,magmush
10090,mxwssh
10095,gaviboy
10100,milky
10106,timtimebomb
10107,slappfisk
10108,brainman123
10113,creepers1
10127,ronaldo72
10130,ch0sen
10134,4corner
10136,posrednik
10146,lulz87
10156,cweistein
10158,afiddlerfair
10171,frankiemachi
10185,2q2
10186,skizzdaghost
10190,waltermichae
10200,violetraindr
10203,raeuberhotze
10213,parleybowl84
10215,boogersugar3
10218,reiji
10226,tjebbe
10254,quiziti_
10259,xylitol
10268,bugnine9
10282,skobeywan
10296,muggle
10298,melvvinn_
10299,hdth
10302,treemonk
10310,silvercarrot
10312,blaster2438
10313,agape
10316,gzo_
10318,crevtiae
10321,hitman
10324,bigstoners
10330,gigglebox
10370,irishjunkie4
10371,dimitriglitc
10372,factory9
10389,arya420
10399,az12er34ty56
10402,theroland
10413,meggymix
10418,monkeydust
10418,m_
10431,flipit
10433,mrviking
10437,h4rdc0r3
10453,mcg324
10455,loffer
10455,_
10461,thecrazyman1
10467,pallymally
10474,thayle
10476,twistedrx
10477,olddetleff
10496,bigone77
10498,groovetime79
10511,dimetho
10512,beardofneptune
10518,unahmedishe
10534,pretzelmaste
10554,krick75
10555,haremmac
10558,stupid123
10560,keeker34
10562,angeldemom
10567,fevolution
10593,cocacoca
10595,jackpot1875
10610,hatchet13a
10623,stimpackuser
10624,lemon714
10625,sebb66g
10627,horstschorst
10643,c17h21no4
10648,rekt
10649,snicker
10653,eltorrelo
10665,g0awayb4t1ng
10671,cilius
10704,mango420
10706,depre553
10708,hohoho
10709,sulph84
10732,davidian
10733,renniemint
10753,marcotb1287
10756,neilarmstron
10757,weedplease
10758,acid420
10769,skinnymalink
10799,sternkraft
10812,elesdee
10819,graves
10827,toplessmind
10835,peterborough
10841,bbb2
10861,slapchop
10885,needthatnow
10892,nanonyymi
10907,rator93
10908,jumboballs7
10909,gimmeabreak
10921,planb
10928,trevelyan
10947,kappagrande
10963,joe121
10967,canesnake
10968,monkey18
10976,mr2happy
10981,godsnameissm
10982,raresh
11001,madcunt33
11012,stankydanky
11016,1bigdog
11038,d1rkd1g1tal
11046,gyste1
11053,johns282
11071,trailertrash
11078,masterblaste
11100,lastresort
11102,thcbuds
11104,jeffhawkins
11114,thelionshare
11116,sournycd
11120,hobbes
11123,jameson
11126,strom
11137,ruffiee
11147,jenslover
11160,tiririca
11162,blentron
11168,5orlorn
11170,jonnoj
11175,mrmonster123
11180,sillysally
11182,deepelmo
11188,panlanwan
11200,scolopax
11204,wikid50
11222,thall
11245,methy
11256,jb299999
11262,dendrix
11268,westhebeast
11271,docbenway71
11274,moi_
11280,pinecone25
11288,phoon
11293,damane033
11296,jaystiles
11317,gagao
11320,spoot36
11352,sloppyjoe
11367,toomertoo
11369,robertfr
11377,rollin
11381,carlitolegen
11388,dogtanian
11405,catlessrugged
11413,kelevrahz
11427,mmmesopus101
11429,bubi
11452,candles
11453,goldbond
11464,blustik
11465,ballsacker
11480,thetonik
11484,boc
11498,mrmagoo
11499,tap
11500,vaan1
11508,zounce
11511,bikerbum
11524,acidroom123
11533,zeek01
11541,valueadded
11545,50fifty
11549,lionfish37
11550,trent
11564,sonicdeathmo
11566,i7847463846
11588,dr67p
11595,wingotodman
11597,brookey
11601,motibiti
11625,dack
11647,poundtownher
11651,luckycampbel
11667,vidali_
11683,potatobread
11687,shaveandahai
11693,heavyduty744
11695,fpm10
11708,rucksichlos
11710,pinkpowerran
11732,belzhikr
11736,oogaboogagoo
11737,seek3r00
11746,boringgirl
11773,jakndex
11811,bitcoinbitco
11818,red99
11819,holyghost
11820,amesghali
11821,principalway
11829,mrm
11835,dagger
11842,anonlifestyle
11848,demoniakk
11849,mortondumal
11865,dakeera
11866,xxxxman
11879,blahblah1
11886,atouttsmanne
11891,bluebossa
11905,nsimeh417
11915,hofsdiufwebk
11917,z0rfire
11918,mynameishate_
11921,elegantfile
11923,blimpy22
11924,athomebomb
11930,clobro1
11932,bluester
11939,irishaustral
11963,gentoo
11967,newchanges
11972,danimus
11973,spaniard
11980,djevans71
11985,mrsmith
11994,dreamsage
12010,soylentgreen
12016,ellisdee3
12044,testeraccount90
12048,dshas
12049,improbable
12053,h20
12078,pedro21
12085,phoenixender
12100,nickyblades
12101,getupped
12116,vbh
12128,oubaya
12133,canda
12145,tk005
12164,pipwalker
12173,namename
12176,aslanchik
12180,datz
12214,mhitchens42
12215,brownevo
12224,fts123
12226,shedrik
12240,khanbongo
12245,jinkz
12247,glycerat100
12254,dadinio3213
12264,cumknot
12269,d8jd8jd8j
12275,psytranceg
12287,swissprog
12289,ohmathea
12290,ctrlalth
12304,zeeozwei
12306,sophocles
12318,bluefox
12337,shamus68
12338,bealzebobs
12340,jeanlefebvre
12348,lostinspace
12373,herpmcderp
12382,unknown555
12388,shaft
12424,leirbag
12444,snorro119
12454,piratecannon
12457,mrtrump
12463,niall2012
12468,rossisucht
12472,stlbigkahu_
12475,hurstwok
12484,plitzein
12491,fireflyx
12499,swizzlestick
12503,kindle
12509,sourmonkey
12524,qwertyqazwsx
12543,balanter
12549,forellebabbe
12554,buffalos
12558,ctrlctrl
12566,freeparking
12570,brbdriver
12584,keneeth
12603,spaceminers6
12605,topsecnick
12606,ilovepnr
12613,dotdash
12628,rambo512
12631,herhim2009
12634,shingles
12650,headspace123
12655,fiskar
12675,boybreathran
12696,kerin28
12706,phishfan
12717,redman
12735,jellyrajah
12736,theargonaut
12748,spartanec731
12751,44xseba
12764,rs6k
12782,moz
12791,squirrelmast
12797,diddlerizzle
12824,theendall
12826,anto6901
12829,r3aliize
12834,psychonaut123
12836,django13
12838,scunkysmerf
12843,finearts
12863,casanostra25
12866,overc375
12869,byron2013
12876,nighthawk
12888,filonxhp3k59
12889,speedweed
12895,dreamfox
12903,brick888
12932,trippinf0x
12953,piccolabesti
12956,untergrundsz
12971,tmko
12985,jflynn
12986,alienthc
12991,cbozwiek22
12995,berndman
13000,traderbtc
13001,ne0ngirl
13007,nestea01
13009,johnmiller
13019,tberry
13028,778dexter778
13031,zaklinaczcip
13033,coolethan
13035,onionsoup
13050,wilbert89
13057,surfer
13070,tsm123
13073,jla
13085,whiteflight
13088,superskunk79
13090,facemelt
13093,nurse80
13100,purpleextreme
13111,dracula
13116,unknown79
13119,asdfuiops
13124,mikenewbit
13125,mtothex
13127,sleep12
13130,scunnered
13132,rstevens
13147,komaschaedel
13148,granville999
13149,levlvov70
13150,libertas1234
13154,heimderdokto
13162,akafreak
13166,svenzzon
13173,relaxedsoup
13178,mssdark
13180,fla_
13195,ahdls
13199,astrid
13208,m911j
13219,guple520
13226,wwmjax
13240,jollyrogers
13266,thisaintme89
13272,cannsument
13284,tambour
13286,dextermorgan
13294,rubberducklo
13298,turner13
13303,mrkobayashi
13312,foxcloud
13319,alligatorsmi
13324,dandan
13326,gizdog
13333,aurai
13343,rayray60
13354,zapzarap
13361,gmtmaster
13362,bluegoat
13408,whitesferry
13409,hexdebt
13411,pebbles200
13424,wiecz
13450,alfr40jd
13455,epicdick
13463,rotrier
13467,xteb112
13472,pryzak
13473,the70th
13483,stonedude
13487,happyguy72
13494,rasputin
13495,xk5910
13548,starshiptent
13571,justmarried
13572,choicethespi
13574,merlo
13583,jacofaco11
13597,aussiehq
13612,fearlessfred
13619,kronhjorten1
13621,jackcubrick
13625,uhr
13633,cloudso_
13637,pablo6666
13645,roth
13652,anonym254
13673,bushmans
13688,doctorgig
13690,following
13698,celvin
13706,gazer
13724,re3r25rw1
13725,jtleary
13733,flex
13740,guanaci
13742,redtree13
13743,annonnymous
13764,sanctiman
13795,billy1234
13819,immortalis66
13819,immortalis666
13828,frink
13829,donaldtruck
13830,toefia
13832,dizzydinosaur
13834,mott
13837,testingdis
13838,normannormal
13852,nextlegacy
13858,bool
13862,digitalluv3r
13869,rufio
13875,icho
13894,blackburn74
13897,zaszax
13901,franco21
13903,spookeemeeto
13918,lacticacid
13920,jabato
13925,tootelage
13933,spsp
13938,nickbla
13940,cuco
13944,mrmustard
13949,mariejuana
13951,tranquil
13965,lordbonk
13967,findingsolac
13974,uberstat1
13977,fooney
13980,care696
13982,a845631
13990,mongoose88
13997,scotty1278
14000,griselda
14008,vad0r
14010,barepiff
14019,googleplus
14022,suppertime
14025,snoffle
14032,fox0r
14038,lemonhaze
14047,niwatat
14075,catlicker420
14081,dimwizzle
14084,verde
14089,lovechild96
14092,mileycyrus21
14093,intothemist
14128,0verlord
14130,bigplateofcr
14134,hapticreel
14138,vermithrax
14140,cabbagetree
14143,snowflake91
14150,tvizzle88
14166,smilebob
14169,punisher
14173,virt4321
14185,meow
14202,bunnyrabbit3
14204,fatarcher
14210,mavlito
14215,darthvader
14217,kanets2
14232,spliffy420
14245,neb11
14247,zidane99
14278,esc0bare
14284,mrsimmer100
14287,coffeeblack
14292,redone1
14296,joejackson19
14300,mybuyguy2
14305,scootie2
14313,jezisjevzkri
14315,pollyanna99
14326,ata100t
14366,trampdyna
14398,atxrebel
14400,twilightprin
14403,quedlo
14411,traumarked
14415,spyguymarket
14417,ganjaman
14437,tkolts
14446,bowser
14456,shablam123
14475,bigrat2
14486,d537719
14509,icarus212121
14512,dabbb1
14525,bobdylan21
14541,sdfseg32tg2
14543,saber45
14554,diminion
14562,matix22
14566,millionaires
14567,markymark102
14576,dimon114
14580,pillpig
14585,aznlova
14587,qstrong
14596,junipergreen
14601,bruda372_
14604,mikejonas
14605,omega06
14617,jimmybuffet
14625,shrodinger
14629,gratuity
14653,davematthews
14655,jonesy63au
14661,jimbojones29
14662,4ncb
14667,arthur
14678,greengo420
14699,heaviside
14702,jabb3rwock
14716,trainwreck
14724,blackcodedog
14725,colin1
14730,yellow43
14731,marvel
14759,theheard
14762,dudeguymanpe
14769,sdgsdf
14770,paulwalker
14804,helper77777
14818,stinkybudz
14820,rexthecat
14821,jblaze
14837,badpacers
14841,mediamonkey
14844,rogalach
14845,calvin
14853,hell0
14860,shakur6pack
14875,ace619
14877,l2h2k
14883,1surg
14889,quakez
14891,lanochen
14896,silentworker
14898,grineflip
14902,luxornight
14920,krauch
14926,iknes
14985,zazoo
14986,olpalk
14990,georgeb
15002,marketman1
15005,anon7869
15011,hubihubsn
15020,septaflyer
15023,ogcorleone
15027,puntitot1
15034,harbinger168
15041,psytrance
15048,eris
15093,b13q7tey6qe3
15095,waid123
15099,pedroc5123
15112,holygrail
15121,goliat
15143,nyymi
15158,federalhero
15168,undecylic
15169,salimmk
15171,ninjadab
15182,king2000
15186,mrp
15191,strainhunter
15206,e0n
15222,senior
15237,boxn2
15255,majschmidt
15256,yuyi
15270,dreamchild
15274,dutchy
15280,mangohedgeho
15295,rezin
15296,q77uvctj
15298,smartbuyer
15317,wesmantoothh
15322,qplabr
15323,hakunamatada
15324,undergroundd
15325,ljqaq
15342,dmad
15384,qwerty123
15395,thebear
15398,formula22
15425,quickben
15426,wahamann
15439,somethingveg
15446,blkmn
15457,pinotgrigio
15472,captainpanic
15476,pineapples
15489,notrelluf
15490,ragnar
15493,wonkachole
15501,demeter
15525,neversummer
15529,lilbooseyfan
15533,h3xagon
15547,mindbender
15576,papabear
15584,1berty
15590,dickvanhinte
15594,freed
15600,walterwhitej
15613,darkdweller
15616,greatbig
15642,fiatxu454
15650,snoww
15653,craftypie
15683,cornelius23
15690,thesumofallb
15712,dolby23
15714,blank2052
15722,theaaaconnec
15739,rawrang
15747,gundy0101
15748,tracy
15755,beams
15758,bigenus
15759,zany88
15763,givemeoil420
15772,yimmy
15799,chopinnuun1
15804,happymerry
15818,looksaround
15832,hellojava
15836,smackdown
15853,liquid
15864,thefist
15867,wickedwitch6
15890,drhellokitty
15910,maryann
15920,viciousbiscuit
15951,auston
15953,crazyb
15955,charlesfarle
15961,laksmi
15984,9bibby
15986,wuzups
15995,ryobie9
15997,stickyman
16001,trainmaster
16035,bilb0
16047,st00sh1e
16054,djaybjay
16055,neverbeenbetter
16057,ronfuckingsw
16075,wanteddetnaw
16080,baang
16082,gr_
16084,seziertier
16095,seadragon
16098,g_
16098,god
16111,namekevo
16119,keram
16123,raigen
16126,carlex
16152,brudes1
16158,rhodjab
16160,mrx8552
16168,mrinnocent
16174,trancemaster
16175,sweatywookie
16183,arjuna
16204,charvo95
16206,caraboulou
16216,penguin1
16218,importsbrasi
16224,james69
16225,inspectahdeck
16235,stevo1234
16237,poizulimo
16250,hansopel
16257,herbalking
16279,kbdhro
16280,sleesh
16282,whitefish000
16288,arraki_
16294,muffyduffy1984
16303,ericcartman
16322,acervol
16331,farmhand
16343,mushinmusa
16369,alliwantisso
16377,nfw91
16397,wholebuy
16401,ezio14
16417,icansee
16429,feodorbelved
16466,pilotflying
16470,ooopdcbza
16473,boboav
16474,ggl3000
16477,misfits69
16485,rodneybusine
16490,nope
16492,3zero
16512,jonathanpric
16525,theotherguy
16528,trit
16536,gjchjr
16551,ab_
16557,snaprabbit
16579,jdjdjd
16587,jeffast
16589,libertadhoy
16603,fermion
16610,mickeymantle
16611,felsad
16643,flip36
16689,style2121
16700,taronga
16704,voracious
16718,youngmorpheu
16720,salvo77
16721,dosethrasher612
16724,upthecreek
16759,icq
16771,circussam
16792,caloway
16794,buxton
16830,livefree
16839,o0rainman0o
16858,darkstar7736
16867,paploo07
16878,kinghappy
16884,niggaz
16884,_
16892,sonabe
16908,coffeetime04
16931,sugarfree
16934,gesundheit
16938,beerman
16986,strings999
16994,dima88
16998,tampico
16999,carlosbrindi
17034,spider
17057,nickel
17064,lojin99
17066,sottodue
17095,ch3dd3rdr4g0
17100,jdobie
17106,barry21
17111,salma6
17122,transactor
17145,antoine
17146,bobtastic
17150,heroin666
17166,sennzy
17167,chickenwings
17172,raskolnikov
17175,tedblanders
17212,thedude
17214,thefunkybunc
17233,marketface20
17237,thewineohs
17251,ketchup1000
17254,soulpatch141
17265,skzap
17270,senordingdon
17277,m4lk4v14n
17288,zhangxuelian
17308,fostershome4
17319,larsiboy13
17330,glowtape
17343,supertramp
17352,ableapp1
17367,kermitthetoad
17371,dadieoo
17396,smokedoutsun
17415,ilovewater
17424,inri1010
17435,kak1828
17440,happyhippy
17446,trip78
17463,crummytits
17472,ninjaslipper
17474,rockybalboa7
17479,whowhatwhere
17491,sargas93
17494,joshdavey
17496,eric2267
17517,zeq8nxwn
17536,iigivegoodre
17574,coreyi7
17603,brucious
17613,eaststand
17621,mrbojangles
17631,rachet
17638,pansymansy
17639,jumpinforseals
17664,lazerbeam
17687,iaminnocent
17692,chattylego
17697,whitewallet
17709,cheego
17719,inpetus
17725,6singfried6
17751,xotillweover
17761,gardenhose
17773,tolly37
17781,lake1212
17786,nanjazz25
17812,sunshadow4
17815,3juanvaldez
17829,fishscale
17831,kollasx
17843,endymion
17851,fnordle
17862,s0wl
17863,81kaisa81
17879,oaxacan
17881,lakshmi
17883,memorylane
17884,usserioummer
17887,desnudito
17887,d_
17893,toxinld
17899,moosdagoose
17902,bobby178
17917,oklol
17971,lakomka
17983,marley91
17984,cogeneration
17989,mightyreal
18017,funkytown7
18022,xtcking
18026,singularity
18033,toxicmadhatt
18034,cloudsof
18047,colforbin
18048,dmtbliss
18073,soupsuser
18113,pingpong99
18152,medibird
18157,pooter
18171,wvwnl
18189,lawnmower
18190,h0ll0wfry
18210,multitox
18232,unn4m3d
18245,sanostrike
18256,gotfried
18274,killareese1
18285,mrmutto
18292,gameristo
18307,liveaction86
18308,roxas50
18336,sunflowersin
18356,shineforever
18373,finite
18419,marialionza
18425,rainbain
18426,d4fre2fmxn
18441,dah38esi
18461,tkkg
18466,physicalhatr
18521,rackyrule
18547,bum85
18560,_
18578,xyz001
18585,itistruth
18613,gunakiktomar
18620,xelab2
18627,aliasof1
18636,bitcoinsboi
18650,mdfrankie
18655,wooly8
18661,mx876
18666,bobdavis33
18669,sampson
18674,adamaisha
18703,grungygringo
18712,iqvirus
18719,larrythefalc
18730,jk4477
18739,thefinn
18754,weedman2013
18763,rezat
18785,greenfish
18795,james546
18824,suavalava
18844,happywanderi
18845,rline
18870,yp1445
18908,bee
18909,alibrite
18914,bigbee69
18918,toeknee
18934,teeveestar
18935,beaconofgod
18969,trachta
18987,dexguy20
19016,milton
19020,cain1919
19037,manasek
19046,crazybobmarley
19058,ketaminekier
19075,poiuytrewq
19079,berrabus
19080,gtiv
19082,elephant
19091,kingsizesilv
19124,derekderek
19137,mensget
19139,grasssea
19151,rgodo26
19152,b5x44
19153,bertandernie
19194,spacetravele
19204,fannybaws11
19206,sh0p
19218,crepuscular
19240,noly
19246,anaccount
19253,highasakite
19255,martinus91
19285,betelgeidze




Should I be worried?

Well let us put this forward as a simple notion. All of the above was gathered without us resorting to fancy tricky or advanced web hacks or 0-day exploits, it was something most clearnet websites run in an automated test and don't expect to find it to pull anything. It is so simple I could actually teach the masses (very easily) how to conduct their own data gathering using some of the techniques we used and still we haven't even explored the more advanced ones as we know we already have the information in front of us. This kind of attack shouldn't even work against the most primitive database driven systems, let alone an online black market and absolutely anyone can do it. If law enforcement are watching I would have no doubt they found this long before us.

The observant among you have noticed by now we haven't exposed addresses yet that is on the database table above - I trust I don't need to dox somebody to prove my point right now and so I won't be posting any dox and nor shall I ever, we deleted that information from our records when we saw it as it is outrageous. We tested TorMarket and found yes there is javascript on the page and sometimes it refuses to accept plaintext addresses, but the fact there are plaintext addresses in that database only concludes it is not effective at filtering addresses and in my opinion decreases security by taking the responsibility away from the user - the alternate explanation of this is that plaintext addresses are being kept as well as an encrypted form which is presented to vendors but the whole topic of saving addresses I won't delve in to further.

Do we have more data than the above? Yes. Significantly more, but I will only do harm by publishing more so I will leave this case study with you, the users of Tor and our spectators, do you believe that Tormarket has a secure codebase, or is it just another claim like the many others who have a "secure" reputation because they just haven't been hacked yet.

Dread Pirate Roberts
Quote 23: Criticism has plucked the imaginary flower from the chain not so that man may continue to bear the chain without consolation or fantasy but so that he may throw off the chain and cull the living flower.

DoctorClu

  • Newbie
  • *
  • Posts: 0
  • Karma: +742/-277
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #1 on: December 14, 2013, 02:30:18 am »
I love to see these things. Brilliant, Bob.
I am no longer a member of staff. Please do not PM me regarding forum or market matters.

DonJulio

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +31/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #2 on: December 14, 2013, 02:34:30 am »
*palm face*

Cirrus

  • Global Moderator
  • Hero Member
  • *****
  • Posts: I am a geek!!
  • Karma: +198/-33
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #3 on: December 14, 2013, 02:36:27 am »
Yikes!
"You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha..."

DonJulio

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +31/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #4 on: December 14, 2013, 02:37:28 am »
LMAO

So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

AliceInWonderland

  • Full Member
  • ***
  • Posts: 216
  • Karma: +54/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #5 on: December 14, 2013, 02:38:39 am »
Mindblowing! Glad I only signed up to have a peek, and left the site for good after that!
Remember to look in the knowledgebase before asking questions:
http://silkroad5v7dywlc.onion/index.php?action=kb

The Ten Commandments - http://silkroad5v7dywlc.onion/index.php?topic=15762.0

Why you should never talk to the police:
https://www.youtube.com/watch?v=6wXkI4t7nuc

Cirrus

  • Global Moderator
  • Hero Member
  • *****
  • Posts: I am a geek!!
  • Karma: +198/-33
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #6 on: December 14, 2013, 02:39:07 am »
LMAO

So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

That was petty funny. :)
"You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha..."

Cloquet

  • Hero Member
  • *****
  • Posts: 969
  • Karma: +125/-120
  • Official SR 2.0 Diplomat
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #7 on: December 14, 2013, 02:40:00 am »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.
I went down... to the SR Forums... to get my fair share of abuse...

Allustrious

  • Full Member
  • ***
  • Posts: 192
  • Karma: +17/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #8 on: December 14, 2013, 02:40:10 am »
I apologize because I'm in no way educated in these sort of computer ordeals, but what exactly is this concluding?  That DPR was able to extract all this info w/o any real effort?

online-cannabis-king

  • Full Member
  • ***
  • Posts: 107
  • Karma: +8/-21
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #9 on: December 14, 2013, 02:41:44 am »
lol

KennyRogers

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +6/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #10 on: December 14, 2013, 02:42:39 am »
Holy shit.

Haha at the porn subs.
« Last Edit: December 14, 2013, 02:44:40 am by KennyRogers »

smoke2joints

  • Sr. Member
  • ****
  • Posts: 264
  • Karma: +68/-20
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #11 on: December 14, 2013, 02:43:33 am »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

LOL

Yoda

  • Hero Member
  • *****
  • Posts: 1452
  • Karma: +260/-35
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #12 on: December 14, 2013, 02:46:20 am »
If their normal database security is that bad, makes me wonder about their Btc security...

Cirrus

  • Global Moderator
  • Hero Member
  • *****
  • Posts: I am a geek!!
  • Karma: +198/-33
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #13 on: December 14, 2013, 02:46:42 am »
I apologize because I'm in no way educated in these sort of computer ordeals, but what exactly is this concluding?  That DPR was able to extract all this info w/o any real effort?

Well, yeah, and that all its users are susceptible to exposure.  Basically if they can't even protect this information what else aren't they protecting? 

Also, your porn subscriptions are at risk to public exposure.
« Last Edit: December 14, 2013, 02:48:02 am by Cirrus »
"You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha..."

jakeyblues1987

  • Vendor
  • Sr. Member
  • *****
  • Posts: 468
  • Karma: +56/-27
  • Supply and Command
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #14 on: December 14, 2013, 02:47:53 am »
a big question DPR I have is if this can also be seen on SR?

Allustrious

  • Full Member
  • ***
  • Posts: 192
  • Karma: +17/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #15 on: December 14, 2013, 02:50:43 am »
I apologize because I'm in no way educated in these sort of computer ordeals, but what exactly is this concluding?  That DPR was able to extract all this info w/o any real effort?

Well, yeah, and that all its users are susceptible to exposure.  Basically if they can't even protect this information what else aren't they protecting? 

Also, your porn subscriptions are at risk to public exposure.

Damn, shits ridiculous...all porn subscriptions in general or just ones that were purchased from tormarket/sheep

ChemCat

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9240
  • Karma: +950/-193
  • I Stand Tall, Among the Giants of the Silk Road
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #16 on: December 14, 2013, 02:51:53 am »
;D

What a tangled web they weave, when they parctice, to decieve ;D


Yep, i'd say their security is up to par  ::)

Holiday Hugs to you All  8)


ChemCat


O0

You Don't know PGP?         :o

Go here: http://silkroad5v7dywlc.onion/index.php?topic=41104.0

Then go Here: http://silkroad5v7dywlc.onion/index.php?topic=179.0

Sink your teeth into it and Learn  ;)

If you cannot take the little bit of Time to Learn & Use PGP..Do Not msg Me
 

Hugs 8)

jakeyblues1987

  • Vendor
  • Sr. Member
  • *****
  • Posts: 468
  • Karma: +56/-27
  • Supply and Command
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #17 on: December 14, 2013, 02:52:09 am »
all....porn sites run java and are clearnet...trace the username to the person who bought it..bam motherload

Cirrus

  • Global Moderator
  • Hero Member
  • *****
  • Posts: I am a geek!!
  • Karma: +198/-33
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #18 on: December 14, 2013, 02:54:14 am »
I apologize because I'm in no way educated in these sort of computer ordeals, but what exactly is this concluding?  That DPR was able to extract all this info w/o any real effort?

Well, yeah, and that all its users are susceptible to exposure.  Basically if they can't even protect this information what else aren't they protecting? 

Also, your porn subscriptions are at risk to public exposure.

Damn, shits ridiculous...all porn subscriptions in general or just ones that were purchased from tormarket/sheep

Just the tormarket porn subscriptions... ohh and the completely idiotic plans to escape to a country where you'll likely be beheaded. 
"You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha..."

nathan.burnett

  • Full Member
  • ***
  • Posts: 109
  • Karma: +30/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #19 on: December 14, 2013, 02:55:04 am »
Wow

Allustrious

  • Full Member
  • ***
  • Posts: 192
  • Karma: +17/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #20 on: December 14, 2013, 02:55:39 am »
Ah shit, so what would you recommend doing If I just so happened to purchase one of these from sheep?

chemicals_spain

  • Vendor
  • Hero Member
  • *****
  • Posts: 1860
  • Karma: +320/-108
  • 4-mec, methylone, speed, NBOME,MDPV,FISHSCALE 90%
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #21 on: December 14, 2013, 02:57:29 am »
I have not definitely wrong community, this is the best community in the world! bowed to bob and his team. ;)
is really awesome, everyone who uses that service is fully impaired :o
chemicals_spain# (agora market)VACATION MODE!!
http://silkroad5v7dywlc.onion/index.php?topic=19861.0
http://silkroad6ownowfk.onion/users/chemicals_spain/items
( FISH  SCALE 90% )
chemicals_spain@Safe-mail.net
http://thehubaoydxrommh.onion/index.php?topic=1593.0
(thehubforum)

Cirrus

  • Global Moderator
  • Hero Member
  • *****
  • Posts: I am a geek!!
  • Karma: +198/-33
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #22 on: December 14, 2013, 02:58:02 am »
Ah shit, so what would you recommend doing If I just so happened to purchase one of these from sheep?

I'd ask for public forgiveness.... or share your subscription with others.
« Last Edit: December 14, 2013, 02:59:16 am by Cirrus »
"You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha..."

bulbazor

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +4/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #23 on: December 14, 2013, 02:58:07 am »
I was going to add that they don't even allow spaces in their passwords, but I think that's actually Agora Market.  It's either spaces or other punctuation.

nobody99

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +1/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #24 on: December 14, 2013, 02:58:58 am »
HOLY SHIT! Input validation is like day one shit. Unbelievable.

Thank you DPR for sharing this info and for doing so in a classy way. I hope they send some BTC for the free whitehat pen-test

nathan.burnett

  • Full Member
  • ***
  • Posts: 109
  • Karma: +30/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #25 on: December 14, 2013, 02:59:19 am »
This is pure neglect, people must just not care at all about what they are doing

Jones909

  • Full Member
  • ***
  • Posts: 205
  • Karma: +17/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #26 on: December 14, 2013, 03:01:36 am »
Why do they even bother with Tor. Might as well be clearnet.
And the gold rolled through his veins
Like a thousand railroad trains
And eased his mind in the hours that he chose
While the kids ran around wearing other people's clothes

throwaway1

  • Full Member
  • ***
  • Posts: 134
  • Karma: +16/-14
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #27 on: December 14, 2013, 03:11:43 am »
Ahem... attention to the people that said I was stupid for believing that LEO could access unprotected information...

Dont worry about apologizing, I still think your cops.

Magic Man

  • Vendor
  • Hero Member
  • *****
  • Posts: 653
  • Karma: +148/-45
  • Hate the Game not the Playa
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #28 on: December 14, 2013, 03:13:08 am »
Fuckin rookies!
100x 2mg Xanax bars ONLY $180!!!
Steroids/testosterone, Xanax, MDMA

VENDOR - http://silkroad6ownowfk.onion/users/magic-man

CheapestCocaine

  • Full Member
  • ***
  • Posts: 154
  • Karma: +14/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #29 on: December 14, 2013, 03:13:40 am »
Jeez, good thing ive never even visited the site
You want coke? I have it. Fire goddamn fish scale, about $92/g.

Will ship international with FE at buyers risk. Shipped intl many times and never lost to seizures. Will make exceptions with loyal aussies.

IceIceIce

  • Vendor
  • Jr. Member
  • *****
  • Posts: 55
  • Karma: +11/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #30 on: December 14, 2013, 03:15:20 am »
interesting interesting, just moved all my coins out from TorMarket.
Vendor Page:
http://silkroad6ownowfk.onion/users/iceiceice

Official Review Thread:
http://silkroad5v7dywlc.onion/index.php?topic=9622

Distantimporter

  • Full Member
  • ***
  • Posts: 196
  • Karma: +50/-8
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #31 on: December 14, 2013, 03:17:55 am »
DAMN...... I mean just Damn.

Mr. Bob you are one classy ass mutha fucka!
In Depth Vendor/Product Reviews by Distantimporter:

Vanilla Royale: .5 Gram Cocaine Sample:
http://silkroad5v7dywlc.onion/index.php?topic=3215.msg302039#msg302039

AliceInWonderland

  • Full Member
  • ***
  • Posts: 216
  • Karma: +54/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #32 on: December 14, 2013, 03:18:09 am »
interesting interesting, just moved all my coins out from TorMarket.

Probably a VERY good idea.
Remember to look in the knowledgebase before asking questions:
http://silkroad5v7dywlc.onion/index.php?action=kb

The Ten Commandments - http://silkroad5v7dywlc.onion/index.php?topic=15762.0

Why you should never talk to the police:
https://www.youtube.com/watch?v=6wXkI4t7nuc

Allustrious

  • Full Member
  • ***
  • Posts: 192
  • Karma: +17/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #33 on: December 14, 2013, 03:18:57 am »
Ah shit, so what would you recommend doing If I just so happened to purchase one of these from sheep?

I'd ask for public forgiveness.... or share your subscription with others.

lol, number 2 already done man

The backbone

  • Vendor
  • Jr. Member
  • *****
  • Posts: 84
  • Karma: +13/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #34 on: December 14, 2013, 03:27:10 am »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

^^^ This made me fall off my chair! I needed that. Thank you.

Romero

  • Newbie
  • *
  • Posts: 25
  • Karma: +2/-2
  • Don't be scared homie
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #35 on: December 14, 2013, 03:35:40 am »
This is fucking amazing. Thanks SO MUCH for that information. Just fucking insane.
"They are educated, but they're educated on what's been marketed to them, just like any company does, any foods: they market, they advertise, and you better believe it's gonna work. That's why there's fat ppl. Because guess what? They ate it right up! And it was bullshit & it was poison" - Nick Diaz

Richard Nixon

  • Full Member
  • ***
  • Posts: 162
  • Karma: +24/-18
  • Hippies!
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #36 on: December 14, 2013, 03:40:33 am »
Wow, Its like they were fucked up on drugs when writing the damn site.

It just goes to show you, you cant fuck with SR and BMR.
When the President does it, that means that it's not illegal.

GanjaQueen

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #37 on: December 14, 2013, 03:46:27 am »
Guess we'll have to wait on Sr. DPR to wrap up work on this wonderful marketplace  :)

WE WILL PREVAIL !!! 8)

~GQ~

P.S. I never trusted TM!
Buy your Christmas decorated weed cookies while supplies last! Check our listings below!!

GanjaQueen's Weed & Oil Listings!
http://silkroad6ownowfk.onion/users/ganjaqueen/items

Seller Feedback for GanjaQueen!!
http://r6rcmz6lga4i5vb4.onion/index.php?p=viewUser&id=361918
~GQ~

iplaynaked

  • Jr. Member
  • **
  • Posts: 76
  • Karma: +6/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #38 on: December 14, 2013, 03:50:40 am »
I have been eagerly anticipating this bomb being dropped.

Navudenas

  • Hero Member
  • *****
  • Posts: 584
  • Karma: +96/-68
  • one in the hand is worth two in your ass.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #39 on: December 14, 2013, 03:51:36 am »
Man's gotta have his porn
Don't feel the red, man

trencher

  • Jr. Member
  • **
  • Posts: 92
  • Karma: +16/-6
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #40 on: December 14, 2013, 03:57:46 am »
Stay safe, everyone.
Thanks for the info DPR.

Navudenas

  • Hero Member
  • *****
  • Posts: 584
  • Karma: +96/-68
  • one in the hand is worth two in your ass.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #41 on: December 14, 2013, 03:59:06 am »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

HAHA! THIS!^^ THIS SHIT!!!
Don't feel the red, man

SmokesHisBroccoli

  • Hero Member
  • *****
  • Posts: 761
  • Karma: +100/-33
  • I live for a living
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #42 on: December 14, 2013, 04:10:06 am »
Wow that's a +1 boss.  I think it just goes to show that most people on Tormarket don't know what the hell they're doing or simply don't care, but probably more of the former.  I'm glad I haven't used Tormarket, and am going to have to steer clear now because of this helpful thread.  The thing that scares me is if you didn't tell me that DPR, I wouldn't have known better.  You would have to teach me in order for me to figure out how to to discover that stuff because while I know a good bit about computers, I don't know about stuff like this.  So SR2 doesn't divulge any of this information, right?  I'm assuming that it doesn't, but again what the hell do I know?  Not much I'm afraid lol.  If this isn't too difficult to do though, I'm surprised other members of our forum didn't step up and spill the beans.  I wonder why.  Surely some techies like Nightcrawler or Yoda who come to mind might have been able to discover this.  I'm shocked they weren't on top of it.  Someone ship them some adderall and send me the bill. 

Dread Pirate Roberts

  • Captain
  • Administrator
  • *****
  • Posts: 566
  • Karma: +552/-41
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #43 on: December 14, 2013, 04:15:27 am »
Silk Road is not vulnerable to the attacks used above, we receive ongoing security checks by multiple specialists to ensure we are secure.
Quote 23: Criticism has plucked the imaginary flower from the chain not so that man may continue to bear the chain without consolation or fantasy but so that he may throw off the chain and cull the living flower.

fruitjuice

  • Jr. Member
  • **
  • Posts: 77
  • Karma: +6/-11
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #44 on: December 14, 2013, 04:45:49 am »
Could this thread be why the Tor Markets Forum is down.

hobgoblin

  • Full Member
  • ***
  • Posts: 139
  • Karma: +22/-15
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #45 on: December 14, 2013, 04:50:00 am »
Writing is on the proverbial wall peeps. Now's the time to come get yo shit out of Tormarket while you can.

Jebus people! If the Sheep scammer told you to go there, what the fuck are you thinking going there? I looked and saw a bunch of peculiar things there. This just takes the cake. GTFO of Tormarket, It's shit and the admins are shit and don't give a crap about buyers over on Tormarket.
Warning: Fake Adderall being sold - Imprint AD 30 - It's meth. See Here: http://silkroad5v7dywlc.onion/index.php?topic=2583.0

pK

  • Vendor
  • Hero Member
  • *****
  • Posts: 705
  • Karma: +115/-22
  • Australian MDA Vendor.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #46 on: December 14, 2013, 04:51:14 am »
Holy shit, best sticky thus far. Eagerly awaiting a response from TM.
MultiSig -  Express Post - Seamless Communication.

Escrow available on alternative markets.

Forum Review - http://silkroad5v7dywlc.onion/index.php?topic=13368
Marketplace Profile - http://silkroad6ownowfk.onion/users/pk

d0nniedark0

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +1/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #47 on: December 14, 2013, 05:04:23 am »
So much for tormarket being any kind of competition after this!

Romero

  • Newbie
  • *
  • Posts: 25
  • Karma: +2/-2
  • Don't be scared homie
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #48 on: December 14, 2013, 05:06:46 am »
Holy shit, best sticky thus far. Eagerly awaiting a response from TM.

I'm guessing their response will be to steal everyone's coins & claim DPR hacked them. But in reality, I doubt many TM users read SR forums. And TM forums suck (plus you a need to provide a pgp key to register, which cuts down on users), so even though the forums might know, there's no telling how many users will find out. It all comes down to whether or not they're willing to wait & see how things play out.
"They are educated, but they're educated on what's been marketed to them, just like any company does, any foods: they market, they advertise, and you better believe it's gonna work. That's why there's fat ppl. Because guess what? They ate it right up! And it was bullshit & it was poison" - Nick Diaz

go4greens

  • Full Member
  • ***
  • Posts: 177
  • Karma: +14/-30
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #49 on: December 14, 2013, 05:10:39 am »
DPR2, please grow up! What you are doing is really helping no-one.

So sad to see SR.2 being fucked up by the actions of some immature admin and moderators!

ChemCat

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9240
  • Karma: +950/-193
  • I Stand Tall, Among the Giants of the Silk Road
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #50 on: December 14, 2013, 05:15:32 am »
::)
You Don't know PGP?         :o

Go here: http://silkroad5v7dywlc.onion/index.php?topic=41104.0

Then go Here: http://silkroad5v7dywlc.onion/index.php?topic=179.0

Sink your teeth into it and Learn  ;)

If you cannot take the little bit of Time to Learn & Use PGP..Do Not msg Me
 

Hugs 8)

cactuschomper

  • Sr. Member
  • ****
  • Posts: 310
  • Karma: +48/-17
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #51 on: December 14, 2013, 05:20:33 am »
Time and time again you overcome and never cease to amaze.

Thanks DPR for all you do, and all the SR staff. :)
cactuschomper@safe-mail.net            Always dabbing...

bbkf

  • Hero Member
  • *****
  • Posts: 699
  • Karma: +73/-60
  • USA: You have to be a deviant or die of boredom.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #52 on: December 14, 2013, 05:25:16 am »
For the week of bullshit we just endured, reading this post almost makes it worth it.
"I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man"

utopic

  • Vendor
  • Jr. Member
  • *****
  • Posts: 85
  • Karma: +6/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #53 on: December 14, 2013, 05:28:01 am »
DPR2, please grow up! What you are doing is really helping no-one.

So sad to see SR.2 being fucked up by the actions of some immature admin and moderators!

-1 go4greens.

He just saved everyones ass on TM. But at the same time he may have fast-forwarded what they were trying to do in the first place.
silkroad6ownowfk.onion/users/utopic/items

My Agora ~ /vendor/Utopic#

Required Referral Link -


Vending history link: /search?search_api_views_fulltext=utopic

go4greens

  • Full Member
  • ***
  • Posts: 177
  • Karma: +14/-30
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #54 on: December 14, 2013, 05:34:17 am »
DPR2, please grow up! What you are doing is really helping no-one.

So sad to see SR.2 being fucked up by the actions of some immature admin and moderators!

-1 go4greens.

He just saved everyones ass on TM. But at the same time he may have fast-forwarded what they were trying to do in the first place.

You may be right, but the whole darknet markets war is getting ridiculous imo.

Devil Weed Seeds

  • Vendor
  • Hero Member
  • *****
  • Posts: 599
  • Karma: +31/-40
  • Silk Road Cannabis Vendor
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #55 on: December 14, 2013, 05:43:30 am »
Great now we have a market that has crappy security and a market that doesn't work 90% of the time.
Pineapple Express - Restock/Relist Nov 7th.
Lemon Skunk - Sold Out.
Strawberry Diesel - In Stock.
Alien Dog X Sour Dog - In Stock.
Hash Oil - Sold Out.
SR - http://silkroad6ownowfk.onion/users/devilweedseeds/items

Also Vending @ Agora right now if you prefer this market!

CoolDrugsOnly

  • Vendor
  • Jr. Member
  • *****
  • Posts: 83
  • Karma: +9/-4
  • Silk Road Renegade
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #56 on: December 14, 2013, 05:58:21 am »
O captain my captain!


Glorious indeed yes?!?


CoolDrugsOnly stands behind DPR and Silk Road with 100% confidence.  Of course you should always act as though every marketplace is compromised from the get-go.  DPR would tell you this himself.
http://silkroad6ownowfk.onion/users/cooldrugsonly

Whole Psilocybe Cubensis mushrooms! Freshly grown and cracker dry
14 grams : $70
28 grams : $120
56 grams : $215

metalmonkey

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +5/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #57 on: December 14, 2013, 06:07:00 am »
ive never used tormarket and have no plans to, but im not sure i understand all the noise over this?  nobody can really do anything w a list of usernames and orders, right?  thats the point of connecting over tor, using an alias, and pgp encrypting yr address?  le will always image the server eventually if the site is successful enough.  i am loyal to the road but dont really understand why everyone is freaking out over this.  well anyways, back to doing drugs.

DrawkwarD

  • Vendor
  • Sr. Member
  • *****
  • Posts: 358
  • Karma: +52/-13
  • DrawkwarD.email@safe-mail.net
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #58 on: December 14, 2013, 06:07:39 am »

So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):



Hey Bob don't knock my hussle!  =p   You should try the HD porn on these pay sites its pretty awesome.   I'll hook you up for free if you can get me a vendor account  ;)     
Vending on SR and Agora now!

Netflix, Spotify, Hulu Plus, DirecTV, Xfinity, DISH, HBO GO, Brazzers, BangBros, Reality Kings, Mofos, NBA League Pass and much more!

http://silkroad6ownowfk.onion/users/drawkward/items

Agora Invite - Remove (.) http://ag(.)or(.)ahooawayyfoe.onion/register/s6PjDfTzKJ

AlbertHoffman1943

  • Vendor
  • Jr. Member
  • *****
  • Posts: 74
  • Karma: +11/-14
  • This is the end of the beginning...
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #59 on: December 14, 2013, 06:11:31 am »
I'm convinced that Tormarket is not a safe place for me or my customers.

It seems to be down now...but it don't matter.

I'm over it.

Thx for sharing DPR
Torchat
gqzozhjbb2ghczw2

SR2 Profile & Listings
http://silkroad6ownowfk.onion/users/alberthoffman1943/items

43percenter

  • Full Member
  • ***
  • Posts: 238
  • Karma: +41/-4
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #60 on: December 14, 2013, 06:18:46 am »
I like having the smart guys on my side of street hussle.    When all is said and done, the ones with the brains and the foresight will always come out on top.   Educate thyselves, know thyselves.....know thy comrades and keep them close.     

weather420

  • Sr. Member
  • ****
  • Posts: 370
  • Karma: +47/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #61 on: December 14, 2013, 06:42:41 am »
Hell of a salvo, Bob.
"live my life on fast forward, feet up on the dashboard.Hands up off the steering wheel, call that shit a crash course."

funky dingus

  • Full Member
  • ***
  • Posts: 103
  • Karma: +8/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #62 on: December 14, 2013, 06:45:06 am »
Ladies and gentleman lets have us a cyber war! If the bombardment starts again we'll dig our trenches deeper! My loyalty is to SR and the DPR until the end.

DrawkwarD

  • Vendor
  • Sr. Member
  • *****
  • Posts: 358
  • Karma: +52/-13
  • DrawkwarD.email@safe-mail.net
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #63 on: December 14, 2013, 07:00:42 am »
all i could do was laugh when i seen all that porn...

You laugh while I get mad that this n00b is stealing my sales. heh
Vending on SR and Agora now!

Netflix, Spotify, Hulu Plus, DirecTV, Xfinity, DISH, HBO GO, Brazzers, BangBros, Reality Kings, Mofos, NBA League Pass and much more!

http://silkroad6ownowfk.onion/users/drawkward/items

Agora Invite - Remove (.) http://ag(.)or(.)ahooawayyfoe.onion/register/s6PjDfTzKJ

CrazyBart

  • Guest
Re: Security: Why claims are dangerous to believe
« Reply #64 on: December 14, 2013, 07:01:24 am »
How noble of you, DPR!

hobgoblin

  • Full Member
  • ***
  • Posts: 139
  • Karma: +22/-15
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #65 on: December 14, 2013, 07:11:33 am »
DPR2, please grow up! What you are doing is really helping no-one.

So sad to see SR.2 being fucked up by the actions of some immature admin and moderators!

Check it out kid.

When Sheep did their scam thing, one of the Sheep Admins told every vendor to go to Tormarket.
For a while, numerous people said Tormarket wasn't secure. But dopes didn't believe it.

Now DPR shows proof for the stupid hold outs. Many of whom were scammed by Sheep. They are going to get scammed again if they don't heed.

So when you say, "What you are doing is really helping no-one." is appears as that you can't handle the truth.

So that begs the question... where's your head at? In the sand or in your ass?
Warning: Fake Adderall being sold - Imprint AD 30 - It's meth. See Here: http://silkroad5v7dywlc.onion/index.php?topic=2583.0

Whatthefuck420

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +19/-22
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #66 on: December 14, 2013, 07:16:51 am »
Hahahahahahaha and that's why I'm not there!!!  Wonder if that's my dad he loves his Internet porn.....

jst25

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +5/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #67 on: December 14, 2013, 07:18:17 am »
And this people is why i haven't been a "Sheep"

Thanks DPR, i didn't even consider absconding, i hope others will think twice now, too.


nicedayproject

  • Full Member
  • ***
  • Posts: 128
  • Karma: +29/-16
  • mmmmmmmhmmm
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #68 on: December 14, 2013, 07:34:23 am »
Admin of tormarket:

The current attack is just plain DDOS against our the tor entry guards. We give vendors backup addresses to process the orders. Don't worry.

Vendors: check the roundtable for backup address!

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good :). There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.
old SR forum profile: http://dkn255hz262ypmii.onion/index.php?action=profile;u=97538 (no longer active)

SM profile: http://sheep5u64fi457aw.onion/account/profile/b1fb7bce0dbf4f9c47e707ae81eb7f23 (no longer active)
:( had a lot of work built up there

Welp, you're just gonna have to trust me.

Nodnow

  • Vendor
  • Full Member
  • *****
  • Posts: 126
  • Karma: +37/-7
  • I tried to give up drugs by drinking. Lou Reed
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #69 on: December 14, 2013, 07:35:36 am »
OK, that was a fun lulz for the day. Now can we get back to enabling auto finalization, adding the features you guys have been working on, and generally improving the site? We would like to get back to vending.
agree 1000% down to the business end
Damn ye, you are a sneaking puppy, and so are all those who will submit to be governed by laws which rich men have made for their own security.
- “Black” sam bellamy (The pirate)

Thou hast the keys of Paradise, oh just, subtle, and mighty opium!
Thomas De Quincey

nationchemz

  • Full Member
  • ***
  • Posts: 147
  • Karma: +37/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #70 on: December 14, 2013, 08:48:44 am »
Went to tormarket and did a call to the database that I found in the html. Picked up on the same data; come on this is child's play.

NCZ

Nightcrawler

  • Guest
Re: Security: Why claims are dangerous to believe
« Reply #71 on: December 14, 2013, 09:14:45 am »
Holy shit, best sticky thus far. Eagerly awaiting a response from TM.

Here's his response, as of 1-1/2 hours ago:

Quote
Prof

    Administrator
    Newbie
    *****
    Posts: 164
    Karma: +10/-0
        View Profile
        Email
        Personal Message (Online)

About the data leaks (!)
« on: Today at 07:13 am »

    Quote

The current attack is just plain DDOS against our the tor entry guards. We give vendors backup addresses to process the orders. Don't worry.

Vendors: check the roundtable for backup addresses!

About the DPR situation:

No, DPR was not dumping our database. On 10 of December a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good :). There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.
« Last Edit: Today at 07:50 am by Prof »

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller

CaptainWhiteBeard

  • Certified Thief
  • Hero Member
  • *****
  • Posts: 3810
  • Karma: +260/-290
  • The Notorious Dark Net Pirate
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #72 on: December 14, 2013, 10:05:49 am »
To start, I would like to make this clear to everyone involved that Silk Road does not have malicious intentions or an anti-competition attitude, we actually require competition to keep us motivated and for the diversity of the network but in order to fulfill that function the competition must be a safe one which does not put people in harms way or subject to possible exploit. This post I hope will demonstrate to you why claims a market makes does not correlate to the true story and we would like to demonstrate this with Tormarket.

At this moment in time, I also want to clarify in light of recent events the full disclosure everyone deserves to know. This investigation started under the suspicion that Tormarket was behind the ongoing DDOS against Silk Road but has since taken another turn when we looked below the surface a little more. I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will so I won't go on about this much more as it is actually not something that matters any more since we are definitely en route to fixing it if you have watched our recent developments, but over Tor such attacks are not trivial to correct. All of this is done in the name of safety and I hope the owners of Tormarket can take this seriously, go away and rethink their strategies because as I will discuss later we didn't even put much effort in to extracting this data.

What is it I am attempting to prove?

To take it from the home page of Tormarket, I wish to publicly overturn the rumors and falsehoods of some of the below:

Quote from: TorMarket
Darknet Market done right

Secure codebase, competent operators, and common sense.

Common sense I will allow that to pass as a subjective matter and how they wish to operate their market is none of my business. Competent operators - again it would depend on your individual definition of that. Secure codebase - let us put that to the test.


Let's start with the basics

One of the most valuable pieces of any website is the database. It controls so many parts of the site and without it there could be no effective market, so we started trying to extract the information from that. Surprise surprise, it didn't take long to grab the structure:

Code: [Select]
orders table
  - id
  - price
  - status
  - qt
  - address
  - notes
  - crypto_currency_id
  - buyer_id
  - buyer_username
  - vendor_username
  - vendor_id

vendor table
  - id
  - username
  - banned
  - currency
  - location
  - messages_id
  - messages_body


Now we've had a sneak peak at their table structure, it was decided to have a trawl through the messages that vendors had sent to customers. We will list a little segment below, some vendors here might recognize their own messages with of course sensitive information removed from below.

Code: [Select]
Paulwalker : thank you.   
S0wl : has been sent.  if?   
17538 : here's a screenshot   
Strings999 : hello,i was sent an invite while   
OGCorleone : hello, thanks for your order :)   
Puntitot1 : has been sent.  if?   
Berndman : hello,  your order is ready to ship.  you have to finalize now.   
Crepuscular : hello,  did you order here or on  heep? what am i missing?   
Jackpot1875 : hello,  your order is ready to ship.  you have to finalize now.   
Spartanec731 : hello to  you as well . indeed it is the original haizenberg , and offence non taken , :)   
Dogtanian : hello my friend good to hear from you,   
Levlvov70 : hehe i was joking, but you seem cool man. i ll send you a sample of one each...   
Az12er34ty56 : hello!  i requiered a seller account here  i am matrixx on bmr with more than 180 positives feedback!   
Strom : hello,  your order is ready to ship.  you have to finalize now.   
MickeyMantle : hi there, when your product has arrived please mark as arrived and set a positive feedback on your experience   
Qwertyqazwsx : haha, won't do so brother... your order will ship asap.   
Toefia : abgemacht. dann sind 7 tage rum und dann kann ich dir reship anbieten.   
Spaniard : always verify identity using pgp key   
Gtiv : allso mit unserem shop werden wir im lauf der nexten woche online gehen. wenn du willst kanst du auch dar ber verkauf n. wegen den geb ren bist du mit 1  einverstanden?  einfach f r hosting arbeit usw. ich werde noch ein paar andere verkaufer fragen ab
JTLeary : always verify identity using pgp key
MrTrump : ah yes i just saw it! i think with out 1700 orders and 100  feedback on sheep it will be going strong! -)
Slappfisk : bare   
Piccolabesti : azi fb   
Mushinmusa : bajs fr n katter?...   


Then an order note which was from a buyer to a vendor, we'll keep this very select for obvious reasons:

Code: [Select]
From: JackCubrick
To: GodfatherNL
Purchase:  *** 1 gram pure uncut cocaine ***
Message: hey there. please ship asap as i would like to place a large order before christmas once i have confirmed weigh in and quality


Worried? So were we.



Up to this point we weren't looking for any kind of mass data extraction, but in the interest of ensuring the users of Tormarket are safe, we had to do it anyway. The summary of some of the data we went through was to see who the top buyers were, something of equal interest to law enforcement as vendors except it is more likely a buyer will have leaked personal information on the site than a vendor. So who are the top buyers:

Code: [Select]
Top 15 Buyers by number of products purchased

Buyer ID   Buyer Name
16759      icq
13621      jackcubrick
12226      shedrik
11994      dreamsage
13100      purpleextreme
12274      [redacted]
18634      [redacted]
10625      sebb66g
13572      choicethespi
16611      felsad
14731      marvel
11001      madcunt33
13127      sleep12
18308      roxas50
13132      rstevens


So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

Code: [Select]
Purchases made by jackcubrick
Vendor: Product

PureHeaven : 3 Grams of Tested 90% Cocaine...Verified Vendor!
ozconnection L 1 gram Peru Cocaine Australia
sunwu : 250mg Pure Alprazolam Powder (Xanax) - USA
tomorrowman : 3 grams tan mdma crystals 85%+ purity
demoniak : 2GR PINK Speed (dry)
sunwu : 250mg Pure Alprazolam Powder (Xanax) - UK
wilfred : 3.5g Hydroponic BUDS - HIGH THC - New Vendor Special !!
justincase : 10 regular seeds - Hindu's Shiva
uperspeedbros : 2g of Speed -- Amphetamine sulfate
godfathernl : *** 1 gram pure uncut cocaine  ***


So can this extraction be scaled up to getting entire lists of users? Well we found out:

Code: [Select]
BuyerID,BuyerUsername
10011,giveemhere
10037,brian146
10039,jayjay
10042,downlowfunk
10046,torrex
10061,minimilk
10066,mightymax
10067,screwtape
10069,datamatrix
10072,shlooky
10073,okipoki
10078,brithney85w
10081,greenjoker
10082,odyssey47
10086,magmush
10090,mxwssh
10095,gaviboy
10100,milky
10106,timtimebomb
10107,slappfisk
10108,brainman123
10113,creepers1
10127,ronaldo72
10130,ch0sen
10134,4corner
10136,posrednik
10146,lulz87
10156,cweistein
10158,afiddlerfair
10171,frankiemachi
10185,2q2
10186,skizzdaghost
10190,waltermichae
10200,violetraindr
10203,raeuberhotze
10213,parleybowl84
10215,boogersugar3
10218,reiji
10226,tjebbe
10254,quiziti_
10259,xylitol
10268,bugnine9
10282,skobeywan
10296,muggle
10298,melvvinn_
10299,hdth
10302,treemonk
10310,silvercarrot
10312,blaster2438
10313,agape
10316,gzo_
10318,crevtiae
10321,hitman
10324,bigstoners
10330,gigglebox
10370,irishjunkie4
10371,dimitriglitc
10372,factory9
10389,arya420
10399,az12er34ty56
10402,theroland
10413,meggymix
10418,monkeydust
10418,m_
10431,flipit
10433,mrviking
10437,h4rdc0r3
10453,mcg324
10455,loffer
10455,_
10461,thecrazyman1
10467,pallymally
10474,thayle
10476,twistedrx
10477,olddetleff
10496,bigone77
10498,groovetime79
10511,dimetho
10512,beardofneptune
10518,unahmedishe
10534,pretzelmaste
10554,krick75
10555,haremmac
10558,stupid123
10560,keeker34
10562,angeldemom
10567,fevolution
10593,cocacoca
10595,jackpot1875
10610,hatchet13a
10623,stimpackuser
10624,lemon714
10625,sebb66g
10627,horstschorst
10643,c17h21no4
10648,rekt
10649,snicker
10653,eltorrelo
10665,g0awayb4t1ng
10671,cilius
10704,mango420
10706,depre553
10708,hohoho
10709,sulph84
10732,davidian
10733,renniemint
10753,marcotb1287
10756,neilarmstron
10757,weedplease
10758,acid420
10769,skinnymalink
10799,sternkraft
10812,elesdee
10819,graves
10827,toplessmind
10835,peterborough
10841,bbb2
10861,slapchop
10885,needthatnow
10892,nanonyymi
10907,rator93
10908,jumboballs7
10909,gimmeabreak
10921,planb
10928,trevelyan
10947,kappagrande
10963,joe121
10967,canesnake
10968,monkey18
10976,mr2happy
10981,godsnameissm
10982,raresh
11001,madcunt33
11012,stankydanky
11016,1bigdog
11038,d1rkd1g1tal
11046,gyste1
11053,johns282
11071,trailertrash
11078,masterblaste
11100,lastresort
11102,thcbuds
11104,jeffhawkins
11114,thelionshare
11116,sournycd
11120,hobbes
11123,jameson
11126,strom
11137,ruffiee
11147,jenslover
11160,tiririca
11162,blentron
11168,5orlorn
11170,jonnoj
11175,mrmonster123
11180,sillysally
11182,deepelmo
11188,panlanwan
11200,scolopax
11204,wikid50
11222,thall
11245,methy
11256,jb299999
11262,dendrix
11268,westhebeast
11271,docbenway71
11274,moi_
11280,pinecone25
11288,phoon
11293,damane033
11296,jaystiles
11317,gagao
11320,spoot36
11352,sloppyjoe
11367,toomertoo
11369,robertfr
11377,rollin
11381,carlitolegen
11388,dogtanian
11405,catlessrugged
11413,kelevrahz
11427,mmmesopus101
11429,bubi
11452,candles
11453,goldbond
11464,blustik
11465,ballsacker
11480,thetonik
11484,boc
11498,mrmagoo
11499,tap
11500,vaan1
11508,zounce
11511,bikerbum
11524,acidroom123
11533,zeek01
11541,valueadded
11545,50fifty
11549,lionfish37
11550,trent
11564,sonicdeathmo
11566,i7847463846
11588,dr67p
11595,wingotodman
11597,brookey
11601,motibiti
11625,dack
11647,poundtownher
11651,luckycampbel
11667,vidali_
11683,potatobread
11687,shaveandahai
11693,heavyduty744
11695,fpm10
11708,rucksichlos
11710,pinkpowerran
11732,belzhikr
11736,oogaboogagoo
11737,seek3r00
11746,boringgirl
11773,jakndex
11811,bitcoinbitco
11818,red99
11819,holyghost
11820,amesghali
11821,principalway
11829,mrm
11835,dagger
11842,anonlifestyle
11848,demoniakk
11849,mortondumal
11865,dakeera
11866,xxxxman
11879,blahblah1
11886,atouttsmanne
11891,bluebossa
11905,nsimeh417
11915,hofsdiufwebk
11917,z0rfire
11918,mynameishate_
11921,elegantfile
11923,blimpy22
11924,athomebomb
11930,clobro1
11932,bluester
11939,irishaustral
11963,gentoo
11967,newchanges
11972,danimus
11973,spaniard
11980,djevans71
11985,mrsmith
11994,dreamsage
12010,soylentgreen
12016,ellisdee3
12044,testeraccount90
12048,dshas
12049,improbable
12053,h20
12078,pedro21
12085,phoenixender
12100,nickyblades
12101,getupped
12116,vbh
12128,oubaya
12133,canda
12145,tk005
12164,pipwalker
12173,namename
12176,aslanchik
12180,datz
12214,mhitchens42
12215,brownevo
12224,fts123
12226,shedrik
12240,khanbongo
12245,jinkz
12247,glycerat100
12254,dadinio3213
12264,cumknot
12269,d8jd8jd8j
12275,psytranceg
12287,swissprog
12289,ohmathea
12290,ctrlalth
12304,zeeozwei
12306,sophocles
12318,bluefox
12337,shamus68
12338,bealzebobs
12340,jeanlefebvre
12348,lostinspace
12373,herpmcderp
12382,unknown555
12388,shaft
12424,leirbag
12444,snorro119
12454,piratecannon
12457,mrtrump
12463,niall2012
12468,rossisucht
12472,stlbigkahu_
12475,hurstwok
12484,plitzein
12491,fireflyx
12499,swizzlestick
12503,kindle
12509,sourmonkey
12524,qwertyqazwsx
12543,balanter
12549,forellebabbe
12554,buffalos
12558,ctrlctrl
12566,freeparking
12570,brbdriver
12584,keneeth
12603,spaceminers6
12605,topsecnick
12606,ilovepnr
12613,dotdash
12628,rambo512
12631,herhim2009
12634,shingles
12650,headspace123
12655,fiskar
12675,boybreathran
12696,kerin28
12706,phishfan
12717,redman
12735,jellyrajah
12736,theargonaut
12748,spartanec731
12751,44xseba
12764,rs6k
12782,moz
12791,squirrelmast
12797,diddlerizzle
12824,theendall
12826,anto6901
12829,r3aliize
12834,psychonaut123
12836,django13
12838,scunkysmerf
12843,finearts
12863,casanostra25
12866,overc375
12869,byron2013
12876,nighthawk
12888,filonxhp3k59
12889,speedweed
12895,dreamfox
12903,brick888
12932,trippinf0x
12953,piccolabesti
12956,untergrundsz
12971,tmko
12985,jflynn
12986,alienthc
12991,cbozwiek22
12995,berndman
13000,traderbtc
13001,ne0ngirl
13007,nestea01
13009,johnmiller
13019,tberry
13028,778dexter778
13031,zaklinaczcip
13033,coolethan
13035,onionsoup
13050,wilbert89
13057,surfer
13070,tsm123
13073,jla
13085,whiteflight
13088,superskunk79
13090,facemelt
13093,nurse80
13100,purpleextreme
13111,dracula
13116,unknown79
13119,asdfuiops
13124,mikenewbit
13125,mtothex
13127,sleep12
13130,scunnered
13132,rstevens
13147,komaschaedel
13148,granville999
13149,levlvov70
13150,libertas1234
13154,heimderdokto
13162,akafreak
13166,svenzzon
13173,relaxedsoup
13178,mssdark
13180,fla_
13195,ahdls
13199,astrid
13208,m911j
13219,guple520
13226,wwmjax
13240,jollyrogers
13266,thisaintme89
13272,cannsument
13284,tambour
13286,dextermorgan
13294,rubberducklo
13298,turner13
13303,mrkobayashi
13312,foxcloud
13319,alligatorsmi
13324,dandan
13326,gizdog
13333,aurai
13343,rayray60
13354,zapzarap
13361,gmtmaster
13362,bluegoat
13408,whitesferry
13409,hexdebt
13411,pebbles200
13424,wiecz
13450,alfr40jd
13455,epicdick
13463,rotrier
13467,xteb112
13472,pryzak
13473,the70th
13483,stonedude
13487,happyguy72
13494,rasputin
13495,xk5910
13548,starshiptent
13571,justmarried
13572,choicethespi
13574,merlo
13583,jacofaco11
13597,aussiehq
13612,fearlessfred
13619,kronhjorten1
13621,jackcubrick
13625,uhr
13633,cloudso_
13637,pablo6666
13645,roth
13652,anonym254
13673,bushmans
13688,doctorgig
13690,following
13698,celvin
13706,gazer
13724,re3r25rw1
13725,jtleary
13733,flex
13740,guanaci
13742,redtree13
13743,annonnymous
13764,sanctiman
13795,billy1234
13819,immortalis66
13819,immortalis666
13828,frink
13829,donaldtruck
13830,toefia
13832,dizzydinosaur
13834,mott
13837,testingdis
13838,normannormal
13852,nextlegacy
13858,bool
13862,digitalluv3r
13869,rufio
13875,icho
13894,blackburn74
13897,zaszax
13901,franco21
13903,spookeemeeto
13918,lacticacid
13920,jabato
13925,tootelage
13933,spsp
13938,nickbla
13940,cuco
13944,mrmustard
13949,mariejuana
13951,tranquil
13965,lordbonk
13967,findingsolac
13974,uberstat1
13977,fooney
13980,care696
13982,a845631
13990,mongoose88
13997,scotty1278
14000,griselda
14008,vad0r
14010,barepiff
14019,googleplus
14022,suppertime
14025,snoffle
14032,fox0r
14038,lemonhaze
14047,niwatat
14075,catlicker420
14081,dimwizzle
14084,verde
14089,lovechild96
14092,mileycyrus21
14093,intothemist
14128,0verlord
14130,bigplateofcr
14134,hapticreel
14138,vermithrax
14140,cabbagetree
14143,snowflake91
14150,tvizzle88
14166,smilebob
14169,punisher
14173,virt4321
14185,meow
14202,bunnyrabbit3
14204,fatarcher
14210,mavlito
14215,darthvader
14217,kanets2
14232,spliffy420
14245,neb11
14247,zidane99
14278,esc0bare
14284,mrsimmer100
14287,coffeeblack
14292,redone1
14296,joejackson19
14300,mybuyguy2
14305,scootie2
14313,jezisjevzkri
14315,pollyanna99
14326,ata100t
14366,trampdyna
14398,atxrebel
14400,twilightprin
14403,quedlo
14411,traumarked
14415,spyguymarket
14417,ganjaman
14437,tkolts
14446,bowser
14456,shablam123
14475,bigrat2
14486,d537719
14509,icarus212121
14512,dabbb1
14525,bobdylan21
14541,sdfseg32tg2
14543,saber45
14554,diminion
14562,matix22
14566,millionaires
14567,markymark102
14576,dimon114
14580,pillpig
14585,aznlova
14587,qstrong
14596,junipergreen
14601,bruda372_
14604,mikejonas
14605,omega06
14617,jimmybuffet
14625,shrodinger
14629,gratuity
14653,davematthews
14655,jonesy63au
14661,jimbojones29
14662,4ncb
14667,arthur
14678,greengo420
14699,heaviside
14702,jabb3rwock
14716,trainwreck
14724,blackcodedog
14725,colin1
14730,yellow43
14731,marvel
14759,theheard
14762,dudeguymanpe
14769,sdgsdf
14770,paulwalker
14804,helper77777
14818,stinkybudz
14820,rexthecat
14821,jblaze
14837,badpacers
14841,mediamonkey
14844,rogalach
14845,calvin
14853,hell0
14860,shakur6pack
14875,ace619
14877,l2h2k
14883,1surg
14889,quakez
14891,lanochen
14896,silentworker
14898,grineflip
14902,luxornight
14920,krauch
14926,iknes
14985,zazoo
14986,olpalk
14990,georgeb
15002,marketman1
15005,anon7869
15011,hubihubsn
15020,septaflyer
15023,ogcorleone
15027,puntitot1
15034,harbinger168
15041,psytrance
15048,eris
15093,b13q7tey6qe3
15095,waid123
15099,pedroc5123
15112,holygrail
15121,goliat
15143,nyymi
15158,federalhero
15168,undecylic
15169,salimmk
15171,ninjadab
15182,king2000
15186,mrp
15191,strainhunter
15206,e0n
15222,senior
15237,boxn2
15255,majschmidt
15256,yuyi
15270,dreamchild
15274,dutchy
15280,mangohedgeho
15295,rezin
15296,q77uvctj
15298,smartbuyer
15317,wesmantoothh
15322,qplabr
15323,hakunamatada
15324,undergroundd
15325,ljqaq
15342,dmad
15384,qwerty123
15395,thebear
15398,formula22
15425,quickben
15426,wahamann
15439,somethingveg
15446,blkmn
15457,pinotgrigio
15472,captainpanic
15476,pineapples
15489,notrelluf
15490,ragnar
15493,wonkachole
15501,demeter
15525,neversummer
15529,lilbooseyfan
15533,h3xagon
15547,mindbender
15576,papabear
15584,1berty
15590,dickvanhinte
15594,freed
15600,walterwhitej
15613,darkdweller
15616,greatbig
15642,fiatxu454
15650,snoww
15653,craftypie
15683,cornelius23
15690,thesumofallb
15712,dolby23
15714,blank2052
15722,theaaaconnec
15739,rawrang
15747,gundy0101
15748,tracy
15755,beams
15758,bigenus
15759,zany88
15763,givemeoil420
15772,yimmy
15799,chopinnuun1
15804,happymerry
15818,looksaround
15832,hellojava
15836,smackdown
15853,liquid
15864,thefist
15867,wickedwitch6
15890,drhellokitty
15910,maryann
15920,viciousbiscuit
15951,auston
15953,crazyb
15955,charlesfarle
15961,laksmi
15984,9bibby
15986,wuzups
15995,ryobie9
15997,stickyman
16001,trainmaster
16035,bilb0
16047,st00sh1e
16054,djaybjay
16055,neverbeenbetter
16057,ronfuckingsw
16075,wanteddetnaw
16080,baang
16082,gr_
16084,seziertier
16095,seadragon
16098,g_
16098,god
16111,namekevo
16119,keram
16123,raigen
16126,carlex
16152,brudes1
16158,rhodjab
16160,mrx8552
16168,mrinnocent
16174,trancemaster
16175,sweatywookie
16183,arjuna
16204,charvo95
16206,caraboulou
16216,penguin1
16218,importsbrasi
16224,james69
16225,inspectahdeck
16235,stevo1234
16237,poizulimo
16250,hansopel
16257,herbalking
16279,kbdhro
16280,sleesh
16282,whitefish000
16288,arraki_
16294,muffyduffy1984
16303,ericcartman
16322,acervol
16331,farmhand
16343,mushinmusa
16369,alliwantisso
16377,nfw91
16397,wholebuy
16401,ezio14
16417,icansee
16429,feodorbelved
16466,pilotflying
16470,ooopdcbza
16473,boboav
16474,ggl3000
16477,misfits69
16485,rodneybusine
16490,nope
16492,3zero
16512,jonathanpric
16525,theotherguy
16528,trit
16536,gjchjr
16551,ab_
16557,snaprabbit
16579,jdjdjd
16587,jeffast
16589,libertadhoy
16603,fermion
16610,mickeymantle
16611,felsad
16643,flip36
16689,style2121
16700,taronga
16704,voracious
16718,youngmorpheu
16720,salvo77
16721,dosethrasher612
16724,upthecreek
16759,icq
16771,circussam
16792,caloway
16794,buxton
16830,livefree
16839,o0rainman0o
16858,darkstar7736
16867,paploo07
16878,kinghappy
16884,niggaz
16884,_
16892,sonabe
16908,coffeetime04
16931,sugarfree
16934,gesundheit
16938,beerman
16986,strings999
16994,dima88
16998,tampico
16999,carlosbrindi
17034,spider
17057,nickel
17064,lojin99
17066,sottodue
17095,ch3dd3rdr4g0
17100,jdobie
17106,barry21
17111,salma6
17122,transactor
17145,antoine
17146,bobtastic
17150,heroin666
17166,sennzy
17167,chickenwings
17172,raskolnikov
17175,tedblanders
17212,thedude
17214,thefunkybunc
17233,marketface20
17237,thewineohs
17251,ketchup1000
17254,soulpatch141
17265,skzap
17270,senordingdon
17277,m4lk4v14n
17288,zhangxuelian
17308,fostershome4
17319,larsiboy13
17330,glowtape
17343,supertramp
17352,ableapp1
17367,kermitthetoad
17371,dadieoo
17396,smokedoutsun
17415,ilovewater
17424,inri1010
17435,kak1828
17440,happyhippy
17446,trip78
17463,crummytits
17472,ninjaslipper
17474,rockybalboa7
17479,whowhatwhere
17491,sargas93
17494,joshdavey
17496,eric2267
17517,zeq8nxwn
17536,iigivegoodre
17574,coreyi7
17603,brucious
17613,eaststand
17621,mrbojangles
17631,rachet
17638,pansymansy
17639,jumpinforseals
17664,lazerbeam
17687,iaminnocent
17692,chattylego
17697,whitewallet
17709,cheego
17719,inpetus
17725,6singfried6
17751,xotillweover
17761,gardenhose
17773,tolly37
17781,lake1212
17786,nanjazz25
17812,sunshadow4
17815,3juanvaldez
17829,fishscale
17831,kollasx
17843,endymion
17851,fnordle
17862,s0wl
17863,81kaisa81
17879,oaxacan
17881,lakshmi
17883,memorylane
17884,usserioummer
17887,desnudito
17887,d_
17893,toxinld
17899,moosdagoose
17902,bobby178
17917,oklol
17971,lakomka
17983,marley91
17984,cogeneration
17989,mightyreal
18017,funkytown7
18022,xtcking
18026,singularity
18033,toxicmadhatt
18034,cloudsof
18047,colforbin
18048,dmtbliss
18073,soupsuser
18113,pingpong99
18152,medibird
18157,pooter
18171,wvwnl
18189,lawnmower
18190,h0ll0wfry
18210,multitox
18232,unn4m3d
18245,sanostrike
18256,gotfried
18274,killareese1
18285,mrmutto
18292,gameristo
18307,liveaction86
18308,roxas50
18336,sunflowersin
18356,shineforever
18373,finite
18419,marialionza
18425,rainbain
18426,d4fre2fmxn
18441,dah38esi
18461,tkkg
18466,physicalhatr
18521,rackyrule
18547,bum85
18560,_
18578,xyz001
18585,itistruth
18613,gunakiktomar
18620,xelab2
18627,aliasof1
18636,bitcoinsboi
18650,mdfrankie
18655,wooly8
18661,mx876
18666,bobdavis33
18669,sampson
18674,adamaisha
18703,grungygringo
18712,iqvirus
18719,larrythefalc
18730,jk4477
18739,thefinn
18754,weedman2013
18763,rezat
18785,greenfish
18795,james546
18824,suavalava
18844,happywanderi
18845,rline
18870,yp1445
18908,bee
18909,alibrite
18914,bigbee69
18918,toeknee
18934,teeveestar
18935,beaconofgod
18969,trachta
18987,dexguy20
19016,milton
19020,cain1919
19037,manasek
19046,crazybobmarley
19058,ketaminekier
19075,poiuytrewq
19079,berrabus
19080,gtiv
19082,elephant
19091,kingsizesilv
19124,derekderek
19137,mensget
19139,grasssea
19151,rgodo26
19152,b5x44
19153,bertandernie
19194,spacetravele
19204,fannybaws11
19206,sh0p
19218,crepuscular
19240,noly
19246,anaccount
19253,highasakite
19255,martinus91
19285,betelgeidze




Should I be worried?

Well let us put this forward as a simple notion. All of the above was gathered without us resorting to fancy tricky or advanced web hacks or 0-day exploits, it was something most clearnet websites run in an automated test and don't expect to find it to pull anything. It is so simple I could actually teach the masses (very easily) how to conduct their own data gathering using some of the techniques we used and still we haven't even explored the more advanced ones as we know we already have the information in front of us. This kind of attack shouldn't even work against the most primitive database driven systems, let alone an online black market and absolutely anyone can do it. If law enforcement are watching I would have no doubt they found this long before us.

The observant among you have noticed by now we haven't exposed addresses yet that is on the database table above - I trust I don't need to dox somebody to prove my point right now and so I won't be posting any dox and nor shall I ever, we deleted that information from our records when we saw it as it is outrageous. We tested TorMarket and found yes there is javascript on the page and sometimes it refuses to accept plaintext addresses, but the fact there are plaintext addresses in that database only concludes it is not effective at filtering addresses and in my opinion decreases security by taking the responsibility away from the user - the alternate explanation of this is that plaintext addresses are being kept as well as an encrypted form which is presented to vendors but the whole topic of saving addresses I won't delve in to further.

Do we have more data than the above? Yes. Significantly more, but I will only do harm by publishing more so I will leave this case study with you, the users of Tor and our spectators, do you believe that Tormarket has a secure codebase, or is it just another claim like the many others who have a "secure" reputation because they just haven't been hacked yet.

Dread Pirate Roberts

Excellent. Bob destroyed all paranoia and claims Tor market is superior in one fell devastating swoop. Tasty

Lets watch all the naysayers now. I can imagine all the Tor-marketers may unsurprisingly become Roaders again.
Prepare to be robbed.

gazwel

  • Newbie
  • *
  • Posts: 44
  • Karma: +5/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #73 on: December 14, 2013, 10:22:08 am »
And this people is why i haven't been a "Sheep"

Thanks DPR, i didn't even consider absconding, i hope others will think twice now, too.

The irony in that claim is astounding. Unlike yourself I trust no one on the darknet and I don't see how you can have so much faith in something you know little about.

Don't get me wrong, I love SR but this arse licking is pathetic and to be honest if I was DPR I would be suspicious of anyone acting like this.

12acrebrow

  • Full Member
  • ***
  • Posts: 218
  • Karma: +32/-11
  • No FE, ESCROW Please.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #74 on: December 14, 2013, 10:31:53 am »
Admin of tormarket:

The current attack is just plain DDOS against our the tor entry guards. We give vendors backup addresses to process the orders. Don't worry.

Vendors: check the roundtable for backup address!

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good :). There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

LoLz @ Promises of Hotfixes from Tormarket admin, might be a tad too late...
 Even if what they say is true and a German Hacker accessed this data with an impromptu pen test
 - it was still compromised!

BAD
 
"You bellend.  I can't believe we've been funked again.  Fuck it."

- Ziggy

babolat

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +3/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #75 on: December 14, 2013, 10:46:54 am »
as long as BTCs and addresses are safe, everything is fine :)

domesticdoode

  • Vendor
  • Full Member
  • *****
  • Posts: 195
  • Karma: +34/-16
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #76 on: December 14, 2013, 10:57:30 am »
A true hero.

Relentless truth, yet unyielding mercy. 
DomesticDoode - SR 2.0 / A G O R A - Vendor
Vendor Page- http://silkroad6ownowfk.onion/users/domesticdoode or @safe-mail.net

babolat

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +3/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #77 on: December 14, 2013, 11:04:31 am »
It's not full the full DB!! DPR probably bought the data from a hacker called "Zulu33" for more than 4 BTCs

Prof(admin) on TorMarket:

***

The current attack is just plain DDOS against our the tor entry guards. We give vendors backup addresses to process the orders. Don't worry.

Vendors: check the roundtable for backup addresses!

About the DPR situation:

No, DPR was not dumping our database. On 10 of December a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good :). There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

***

Nodnow

  • Vendor
  • Full Member
  • *****
  • Posts: 126
  • Karma: +37/-7
  • I tried to give up drugs by drinking. Lou Reed
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #78 on: December 14, 2013, 11:07:01 am »
Holy shit, best sticky thus far. Eagerly awaiting a response from TM.

Here's his response, as of 1-1/2 hours ago:

Quote
Prof

    Administrator
    Newbie
    *****
    Posts: 164
    Karma: +10/-0
        View Profile
        Email
        Personal Message (Online)

About the data leaks (!)
« on: Today at 07:13 am »

    Quote

The current attack is just plain DDOS against our the tor entry guards. We give vendors backup addresses to process the orders. Don't worry.

Vendors: check the roundtable for backup addresses!

About the DPR situation:

No, DPR was not dumping our database. On 10 of December a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good :). There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.
« Last Edit: Today at 07:50 am by Prof »

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller


Well said above but why cant below be implemented

Can DPR put up a locked forum in which he and only he can post ongoing information as to just what is going on. Simpler then to go to that forum or notice board for updates on the situation. DPR then has the floor to tell us all what he is doing and more importantly what we can do to assit. This is a community and we can help each other cant we?
Damn ye, you are a sneaking puppy, and so are all those who will submit to be governed by laws which rich men have made for their own security.
- “Black” sam bellamy (The pirate)

Thou hast the keys of Paradise, oh just, subtle, and mighty opium!
Thomas De Quincey

maligan

  • Vendor
  • Full Member
  • *****
  • Posts: 104
  • Karma: +28/-22
    • View Profile
    • Personal Message (Offline)
My conclusion
« Reply #79 on: December 14, 2013, 11:19:18 am »
Sex has a better market value than any drug.

I have to re think what I sell in the future :)


babolat

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +3/-12
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #80 on: December 14, 2013, 12:10:51 pm »
Don't let them fool you! This is just from the early beginning of TorMarket. DPR doesn't have the new DB and the most sold item on Deebweb marketplaces is weed with about 13% or so (a study found that out on SR1), porn should be at 1% (if I remember right).
This guy icq was probably one of 20 active customers!!! TorMarket is bigger now.

hopium

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +10/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #81 on: December 14, 2013, 12:20:07 pm »
All this drama between markets is getting absurd. If there are SQLi vulns on TM then DPR has done a service to the community by publishing that info. But these DDoS attacks are getting out of hand. I think it could be the FEDs doing these attacks and blaming them on various markets to cause division. It's the same MO as COINTELPRO, pitch certain groups against each other to cause in-fighting and sit back and watch the resulting fallout and pick off any low-hanging fruit when people inevitably slip-up. I could be wrong but what's going on is playing into the hands of our common enemy. Those who wish to see the demise of the Dark Market scene must be rubbing their hands in glee watching what is unfolding at the minute. Sad times indeed....
“If the words 'life, liberty, and the pursuit of happiness' don't include the right to experiment with your own consciousness, then the Declaration of Independence isn't worth the hemp it was written on.” - Terence McKenna

Sarge

  • Hero Member
  • *****
  • Posts: 525
  • Karma: +140/-29
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #82 on: December 14, 2013, 12:24:00 pm »
Thanks for sharing this DPR :)

It is definitely much better to let their horrible security practices become public knowledge rather than let the feds download the database in secret whenever they please.

I'm glade you spend so much time on security as opposed to UI.
I AM NO LONGER A MOD.

DO NOT PM ME IN REGARDS TO SR QUESTIONS

Berry

  • Hero Member
  • *****
  • Posts: 556
  • Karma: +131/-27
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #83 on: December 14, 2013, 12:38:43 pm »
Maybe users and vendors will now think twice b4 going to tormarket ;)
Thank you mods for not letting me have my own signature, this is called censorship :*

Beezerbuz

  • Full Member
  • ***
  • Posts: 187
  • Karma: +28/-10
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #84 on: December 14, 2013, 01:01:36 pm »
Props for the programmatic approach to mitigating effect of attacks.  Good sign to see such approaches being utilized

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #85 on: December 14, 2013, 01:43:27 pm »
OK, that was a fun lulz for the day. Now can we get back to enabling auto finalization, adding the features you guys have been working on, and generally improving the site? We would like to get back to vending.
this

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #86 on: December 14, 2013, 01:56:25 pm »
Here's a thought:  if you put as much effort into making this site work properly as you put into allegedly "hacking" tormarket (and who knows if that actually happened), maybe it would work properly.  Worry about your security here and let tormarket peeps fend for themselves.  All these markets attacking one another is ridiculous and, further more, not fair to their users.  It concerns me that you are more interested in one upping your competition than you are in having a working site. 
« Last Edit: December 14, 2013, 01:57:13 pm by charlie0711 »

ProEvo

  • Hero Member
  • *****
  • Posts: 1218
  • Karma: +308/-37
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #87 on: December 14, 2013, 02:13:01 pm »
Can someone please pm me the link to Tormarket forums, I have forgotten my password and need to get my coins out.

Cheers.
“You cannot buy the revolution. You cannot make the revolution. You can only be the revolution. It is in your spirit, or it is nowhere.”
― Ursula K. Le Guin

Cloquet

  • Hero Member
  • *****
  • Posts: 969
  • Karma: +125/-120
  • Official SR 2.0 Diplomat
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #88 on: December 14, 2013, 02:29:35 pm »
It's the same MO as COINTELPRO, pitch certain groups against each other to cause in-fighting and sit back and watch the resulting fallout and pick off any low-hanging fruit when people inevitably slip-up.

Until someone 100% proves otherwise, THIS!
I went down... to the SR Forums... to get my fair share of abuse...

DanDanTheIceCreamMan

  • Sr. Member
  • ****
  • Posts: 272
  • Karma: +70/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #89 on: December 14, 2013, 02:43:58 pm »
Where is the proof that TM was behind the DDOS? Because from what I gather all the mods and admins over at TM seem to think those claims were unfounded.
Have you joined The Hub yet? I have! It's an impartial community for all members of the Deep Web marketplaces to chat, review markets, and even regroup in the event of a market's closure. Join me here: http://thehubaoydxrommh.onion

Greengo420

  • Newbie
  • *
  • Posts: 45
  • Karma: +2/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #90 on: December 14, 2013, 02:47:26 pm »
Where is the proof that TM was behind the DDOS? Because from what I gather all the mods and admins over at TM seem to think those claims were unfounded.

Did you not read the post?

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will so I won't go on about this much more
« Last Edit: December 14, 2013, 02:48:57 pm by Greengo420 »

DanDanTheIceCreamMan

  • Sr. Member
  • ****
  • Posts: 272
  • Karma: +70/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #91 on: December 14, 2013, 02:58:56 pm »
Where is the proof that TM was behind the DDOS? Because from what I gather all the mods and admins over at TM seem to think those claims were unfounded.

Did you not read the post?

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will so I won't go on about this much more

Sooooooo he doesn't know.. then why are vendors saying he's telling everyone in the roundtable that proof is forthcoming?
Have you joined The Hub yet? I have! It's an impartial community for all members of the Deep Web marketplaces to chat, review markets, and even regroup in the event of a market's closure. Join me here: http://thehubaoydxrommh.onion

trickyt

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +1/-15
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #92 on: December 14, 2013, 03:16:12 pm »
Thats some Don Vito Corleone Shit! Woe!

SandStorm

  • Full Member
  • ***
  • Posts: 192
  • Karma: +58/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #93 on: December 14, 2013, 03:28:03 pm »
So what do we learn from this... That DPR has understanding of basic attacks, which he most likely tries out on SR before letting the public enter the sites. And that everything we write on the forum and marketplace should be treated as it were posted on www.publicforum.com.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #94 on: December 14, 2013, 04:42:35 pm »
Damn DPR u pwned them good, tormarket is gonna be a bigger escrow scam that sheep.

5thAmendment

  • Jr. Member
  • **
  • Posts: 64
  • Karma: +8/-8
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #95 on: December 14, 2013, 04:46:23 pm »
Damn DPR u pwned them good, tormarket is gonna be a bigger escrow scam that sheep.

Loki you confuse me in a lot of your post. I don't know if you are for or against SR?? ???

CaptainWhiteBeard

  • Certified Thief
  • Hero Member
  • *****
  • Posts: 3810
  • Karma: +260/-290
  • The Notorious Dark Net Pirate
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #96 on: December 14, 2013, 04:48:26 pm »
Damn DPR u pwned them good, tormarket is gonna be a bigger escrow scam that sheep.

Loki you confuse me in a lot of your post. I don't know if you are for or against SR?? ???

No one knows, that is what makes him special ;)
Prepare to be robbed.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #97 on: December 14, 2013, 04:57:21 pm »
Dpr is a douchebag with his little crony cheerleaders but at least he seems principled enough not to run off with everyones money. Of course thats not considering the big target hes placed on himself calling out politicians and having a big fucking escrow wallet. SR is a ticking time bomb like the rest of the simple escrow sites, pick a side either side you lose.

El Presidente

  • Sr. Member
  • ****
  • Posts: 288
  • Karma: +134/-5
  • Buena Mierda
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #98 on: December 14, 2013, 06:58:51 pm »
We take a couple of days off and what happens?

We can't say that we are that surprised by the Tormarket issues - these types of problem are found in most custom web applications although we note that the management at TM suggest this was a vulnerability in a third party Gem, presumably that the TM site was using for some purpose. This is largely irrelevant though as the end result appears to be mass data disclosure.

This thread is a perfect example of why web applications get security tested - and that does not mean running Nessus or a web application security scanner. It means testing, done by a person or persons. Anyone who is serious about protecting the security of a web site will generally undertake security testing commensurate with the threat environment. And lets face it running a site like TM, SR puts you very much a the high end in terms of threat.

A quarterly PCI scan by Qualys is not going to cut it. We do not know what TM had undertaken in this regard but obviously it was not enough.

Again, if you ever needed to be reminded, do not place trust in machines, websites or systems you do not directly control and understand fully. Encrypt all addresses and messages, always. If you are a buyer and you can afford the occasional loss of buyer stats then periodically cycle accounts (and PGP keys if need be). if you are a buyer of different things then again consider having one account for buying A (or ordering from a particular vendor/location/product) and another account for buying B and so on.

We are trying to get some more information and may look to do a post-mortem post over on security later.

But we very much echo some of the other voices here by saying, lets put this behind us duly noting what we need to and get on with business.

love

EP
=================================================
The All Market Vendor Directory - http://directory4iisquf.onion
=================================================

Fluffhead!

  • Sr. Member
  • ****
  • Posts: 365
  • Karma: +60/-45
  • My banker sure has some powerful pills
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #99 on: December 14, 2013, 07:02:43 pm »
Way to go Bob!

Shank!!

My eyes are clear and pure, but my mind is so deranged.

JohnTheBaptist

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +112/-230
  • 16 Stone Of Steel And Sex Appeal...
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #100 on: December 14, 2013, 07:12:53 pm »
DPR I apologize profusely for any insults I've flung your way.Please don't tell anyone about me as I have no doubt you have gleaned a lot, I know you don't dox thankfully so I'll pack it in.

@Loki have you read the first page?


In other words don't fuck with SR or you know what will happen Tormarket.

Ahh methylone & brazzers a match ,made in heaven...ICQ you dirty dog.
« Last Edit: December 14, 2013, 07:21:03 pm by JohnTheBaptist »
“Yeah, I love being famous. It's almost like being white, y'know?”
― Chris Rock

I hate the local silverbacks!

SupremeTeam

  • Vendor
  • Full Member
  • *****
  • Posts: 206
  • Karma: +31/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #101 on: December 14, 2013, 07:25:55 pm »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

Lol! +1
High-Grade Cannabis & Concentrates  ▪  silkroad6ownowfk.onion/users/supremeteam  ▪  supreme@lelantos.org

sildenafil

  • Vendor
  • Full Member
  • *****
  • Posts: 208
  • Karma: +43/-12
  • **GERMAN** VENDOR OF FDA APPROVED PHARMACY
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #102 on: December 14, 2013, 07:27:55 pm »
nothing more to say... ;)
Vendor account:
http://silkroad6ownowfk.onion/users/sildenafil

FE VERIFIED VENDOR DIRECTORY:
http://directory4iisquf.onion/key/d6ab38a0

StringerBell

  • Hero Member
  • *****
  • Posts: 556
  • Karma: +132/-39
  • We don't need to dream no more
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #103 on: December 14, 2013, 07:39:07 pm »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

Lol! +1

This shit had me laughing so hard!

+1!

As for TM I kept myself away, I am happy about that decision today.


charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #104 on: December 14, 2013, 08:06:00 pm »
Dpr is a douchebag with his little crony cheerleaders but at least he seems principled enough not to run off with everyones money. Of course thats not considering the big target hes placed on himself calling out politicians and having a big fucking escrow wallet. SR is a ticking time bomb like the rest of the simple escrow sites, pick a side either side you lose.
and this too

project4

  • Vendor
  • Jr. Member
  • *****
  • Posts: 63
  • Karma: +8/-3
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #105 on: December 14, 2013, 08:45:20 pm »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

Lol! +1



This shit had me laughing so hard!

+1!

As for TM I kept myself away, I am happy about that decision today.


LoOooL  that Shits funny !! along with how Tm got taken the piss out off,well worth the downtime to be able to read this...after SMP, can't see any other place other than S/R and BMR ever being trustworthy.

ACE

  • Full Member
  • ***
  • Posts: 248
  • Karma: +256/-72
  • SR2 here we go!
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #106 on: December 14, 2013, 08:59:26 pm »
Holey Moley,
Tormarket just got plunged with no lube, that shit wouldn't even go down well in bestiality porn.

Take a moment to share with me the fact that I find most entertaining.  The TM sellers that are usually here by now to scream about how tor-market is fucking amazing and secure and fuckable, are currently no where to be seen. Where the devil are they in TormMarkets hour of need? Well considering most of them were high profile vendors there. I should think they are currently donning goat costumes and booking one way tickets to Azaybyjan. It was fun whilst it lasted, but now seriously The FBI are currently checking every single BTC deposit out of your accounts, every associated buyer account you ever sent coins to and the addresses used by them, every message you ever sent.. Lets hope you were really careful, and have fun as you live the rest of your live trying to hide amongst the mostly indigenous population of mountain goat.
Throw me to the wolves and I will return leading the pack.

Vendor profile http://silkroad6ownowfk.onion/users/the-scurvy-crew

therealmightyboosh77

  • Jr. Member
  • **
  • Posts: 79
  • Karma: +4/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #107 on: December 14, 2013, 09:06:06 pm »
wonderfully humorous read - thanks bob!

sniffsniff

  • Vendor
  • Jr. Member
  • *****
  • Posts: 81
  • Karma: +32/-9
  • sniffsniff@safe-mail.net
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #108 on: December 14, 2013, 09:08:06 pm »
icq is currently on a beach in Mexico watching his porn subscriptions through his Xbox One and rolling hard on methylone.

We know this because TorMarket told us so.

Nothing wrong with a little porn, I'd say it's the most popular listing here on SR. Not sure what that's saying about the crowd here :)
Premium Account Seller -- Games, Live TV, Movies, Music, Porn, Satellite Radio, Sports, VPNs, Wi-Fi Hotspots, and more!

Vendor Profile: http://silkroad6ownowfk.onion/users/sniffsniff

Reviews & FAQ: http://silkroad5v7dywlc.onion/index.php?topic=7060.0

the g0dfather

  • Vendor
  • Hero Member
  • *****
  • Posts: 661
  • Karma: +51/-60
  • ReSpEcT mY gAnGsTeR.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #109 on: December 14, 2013, 09:32:41 pm »
lol DPR a straight thug <3
If you're afraid - don't do it, - if you're doing it - don't be afraid!

― Genghis Khan

CHEAPEST COMMERCIAL REGGIE BRICK WEED AROUND & BEST QUALITY SHROOMS!

My Listings:
http://silkroad6ownowfk.onion/users/the-g0dfather/items

Also vending @ agora

email: the_g0dfather@safe-mail.net

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #110 on: December 14, 2013, 09:35:49 pm »
Did you ring the FBI as well DPR you dog.
What's this shit you lagging rat.
Lol what a dog, all credibility must be gone now.
You have informed on people in a public forum.
Some people get on my nerves

skrilly

  • Sr. Member
  • ****
  • Posts: 315
  • Karma: +71/-11
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #111 on: December 14, 2013, 09:43:17 pm »
mufukkin DRAMA!!

icq

  • Full Member
  • ***
  • Posts: 136
  • Karma: +1/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #112 on: December 14, 2013, 09:45:57 pm »
THAT'S ME!

icq

  • Full Member
  • ***
  • Posts: 136
  • Karma: +1/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #113 on: December 14, 2013, 09:50:37 pm »
Ok first I'ld like to say FUCK that fake-ass vendor "positive" trying to scam me into FE. I was was so fucking mad. DPR2 I invite you to post the conversation that I had with that guy.

Secondly, DAMN the SexArt lifetime subscriptions were out of stock :(

Sir William Wonka

  • Hero Member
  • *****
  • Posts: 1667
  • Karma: +227/-81
  • shitty titty jelly belly
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #114 on: December 14, 2013, 09:51:52 pm »
haha how have you not beat ur dick raw icq?
. . . it is a corrupting thing to live one's real life in secret. One should live with the stream of life, not against it.
-Orwell

Machine Maid

  • Vendor
  • Newbie
  • *****
  • Posts: 28
  • Karma: +6/-2
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #115 on: December 14, 2013, 09:57:41 pm »
@go4green


He did the right thing. Even if TM was not responsible for the last week of problems here, this information should be made known to buyers and vendors. Also TM were biggin them selves up about their UI and security standards.  He called their bluff. TM obviously couldn't care less about standards

skrilly

  • Sr. Member
  • ****
  • Posts: 315
  • Karma: +71/-11
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #116 on: December 14, 2013, 10:11:21 pm »
i didnt see my TM username on that list 0_o

parisproject

  • Hero Member
  • *****
  • Posts: 535
  • Karma: +194/-104
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #117 on: December 14, 2013, 10:11:54 pm »
THAT'S ME!

prove it by changing the following feedback from "right on" to "spot on"

http://[REDACTED - SPAM ADDRESS]/products/2b30591a-592f-11e3-8a10-bb9eb8a1624d

AnTa2f6y

  • Full Member
  • ***
  • Posts: 159
  • Karma: +21/-13
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #118 on: December 14, 2013, 10:30:17 pm »
+1    you sir a a LEGEND
i cant believe what i am reading its a joke of some sort right????
and to make it even better im back buying and everythings running smoothly
thank you guys for all you work

dpr+ all staff = kings among men!! :)
 
pub key: http://silkroad5v7dywlc.onion/index.php?action=profile;u=1579

Richard Nixon

  • Full Member
  • ***
  • Posts: 162
  • Karma: +24/-18
  • Hippies!
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #119 on: December 14, 2013, 10:40:50 pm »
Holey Moley,
Tormarket just got plunged with no lube, that shit wouldn't even go down well in bestiality porn.

Take a moment to share with me the fact that I find most entertaining.  The TM sellers that are usually here by now to scream about how tor-market is fucking amazing and secure and fuckable, are currently no where to be seen. Where the devil are they in TormMarkets hour of need? Well considering most of them were high profile vendors there. I should think they are currently donning goat costumes and booking one way tickets to Azaybyjan. It was fun whilst it lasted, but now seriously The FBI are currently checking every single BTC deposit out of your accounts, every associated buyer account you ever sent coins to and the addresses used by them, every message you ever sent.. Lets hope you were really careful, and have fun as you live the rest of your live trying to hide amongst the mostly indigenous population of mountain goat.

I, Richard Nixon, approve this message. Stupid TorMarket Hippies!
When the President does it, that means that it's not illegal.

spaceshit

  • Full Member
  • ***
  • Posts: 170
  • Karma: +24/-20
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #120 on: December 14, 2013, 10:46:06 pm »
I thought the point of a successful market was to not have all eyes on you and have competition? Where is the competition now?
"Remember what happened to you last time? You started seein illusions and hearin shit." "Man, I aint had no illooosions in about four hours man I'm alright....GOD DAMN WHAT WAS THAT?!"

JohnTheBaptist

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +112/-230
  • 16 Stone Of Steel And Sex Appeal...
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #121 on: December 14, 2013, 10:46:59 pm »
Ok first I'ld like to say FUCK that fake-ass vendor "positive" trying to scam me into FE. I was was so fucking mad. DPR2 I invite you to post the conversation that I had with that guy.

Secondly, DAMN the SexArt lifetime subscriptions were out of stock :(
I'm glad you find it funny.
“Yeah, I love being famous. It's almost like being white, y'know?”
― Chris Rock

I hate the local silverbacks!

nicedayproject

  • Full Member
  • ***
  • Posts: 128
  • Karma: +29/-16
  • mmmmmmmhmmm
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #122 on: December 14, 2013, 11:13:28 pm »
Ugh, I'm facepalming all over this thread. It's like no one knows the history of SR or any of the advice anyone ever gives when doing this type of business online.

Oh look, TM's database is accessible... did you guys forget what happened to the Silk Road? The FBI accessing the database? Any of that crap? So tell me now, is Silk Road secure? The site that was built up for multiple years?

Alright, now let's see SR 2.. do you guys have any idea about the security of THIS infantile site? And if any admin or mod gives you an answer, never trust them! Who the hell are you to trust one group of strangers over another regardless of how good they are at avoiding looking suspicious?

What about the biggest advice? Treat every marketplace like it's already been compromised by the authorities. All we need is a search engine for drugs, an escrow, and that's it, that's all a marketplace is. Yes community blah blah, then what the hell are you guys doing just attacking each other? Holy shit what's with the hostility towards TM and vice-versa? As far as I'm concerned, my money can vanish at any second from SR OR TM (I don't have money on either of them).
old SR forum profile: http://dkn255hz262ypmii.onion/index.php?action=profile;u=97538 (no longer active)

SM profile: http://sheep5u64fi457aw.onion/account/profile/b1fb7bce0dbf4f9c47e707ae81eb7f23 (no longer active)
:( had a lot of work built up there

Welp, you're just gonna have to trust me.

NordicShrooms

  • Vendor
  • Sr. Member
  • *****
  • Posts: 353
  • Karma: +68/-9
  • unity/balance/peace
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #123 on: December 14, 2013, 11:18:53 pm »
Very impressive indeed. Well done DPR and crew for coming out strong.

All in all, its sad to see such a debacle occurring amongst people that surely would stand to profit a lot more from working together, but it gives us real hope to see that there are at least some clear professionals holding their end up and leading in the field. Lets hope things work out for the best.

It feels great to be involved with the SR team right now.

As for the rest, well; nothing to see here people, just the free market doing its thing... move along now... move along...
-- New B+ cubensis available! --

5g: €20 | 10g: €35 | 20g: €60 | 50g: €130

ALWAYS FREE SHIPPING, WORLDWIDE :D

http://silkroad6ownowfk.onion/users/nordicshrooms

Find us also on Agora :)

LTPLUS

  • Newbie
  • *
  • Posts: 30
  • Karma: +0/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #124 on: December 14, 2013, 11:20:07 pm »
Saved the html, this post is great. People need to see and know the risks involved.

Encrypt Evey-thing

"Security Through Obscurity"

icq

  • Full Member
  • ***
  • Posts: 136
  • Karma: +1/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #125 on: December 14, 2013, 11:34:54 pm »
THAT'S ME!

prove it by changing the following feedback from "right on" to "spot on"

http://[REDACTED - SPAM ADDRESS]/products/2b30591a-592f-11e3-8a10-bb9eb8a1624d

not that i need to prove anything to anybody, but i don't see an option that allows me to change my feedback.

but i'll go ahead and post the timestamps of my oh-so-large list of orders to give everyone an idea of when the database info was leaked

3e4e2260    An Idiot's Guide to Fleeing to Mexico    1    Arrived    dipsycards    2013-12-08 12:07:00 UTC    Yes    
a193bac0    Xbox One Console!    2    Cancelled    positive    2013-12-08 12:02:37 UTC    No    
d790724c    Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Cancelled    moneysell    2013-12-08 11:42:39 UTC    Yes    
cda9f8a2    Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:42:23 UTC    Yes    
c448b974    Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:42:07 UTC    Yes    
bb293db4    Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:52 UTC    Yes    
b0d16706    Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:34 UTC    Yes    
a6fb2b86    3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:18 UTC    Yes    
986d89d8    PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Cancelled    moneysell    2013-12-08 11:40:53 UTC    Yes    
b5230bbe    INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity    1    In transit    rainbowbear    2013-12-07 07:53:49 UTC    Yes

Sir William Wonka

  • Hero Member
  • *****
  • Posts: 1667
  • Karma: +227/-81
  • shitty titty jelly belly
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #126 on: December 14, 2013, 11:39:18 pm »
why do you buy so much porn?
. . . it is a corrupting thing to live one's real life in secret. One should live with the stream of life, not against it.
-Orwell

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #127 on: December 15, 2013, 12:10:10 am »
How bout we all start posting how ,where, and how many parcels we are getting eent , who is successful in beating customs and how. Let's make the job easier for le, I'm sure special agent DPR won't mind, he has set the ball rolling. Better still how bout through vending accounts mine included we just send them out with product of silkroad on them? Its the same shit.
See ya later you all think this is OK you are all complicit in informing. Pack of dogs bye
Some people get on my nerves

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #128 on: December 15, 2013, 12:11:35 am »
How bout we all start posting how ,where, and how many parcels we are getting eent , who is successful in beating customs and how. Let's make the job easier for le, I'm sure special agent DPR won't mind, he has set the ball rolling. Better still how bout through vending accounts mine included we just send them out with product of silkroad on them? Its the same shit.
Some people get on my nerves

Cheese on Toast

  • Sr. Member
  • ****
  • Posts: 455
  • Karma: +66/-32
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #129 on: December 15, 2013, 12:16:49 am »
How bout we all start posting how ,where, and how many parcels we are getting eent , who is successful in beating customs and how. Let's make the job easier for le, I'm sure special agent DPR won't mind, he has set the ball rolling. Better still how bout through vending accounts mine included we just send them out with product of silkroad on them? Its the same shit.
See ya later you all think this is OK you are all complicit in informing. Pack of dogs bye
you speak more shit than over on the "when was the last time you shit yourself thread "

revolution

  • Full Member
  • ***
  • Posts: 230
  • Karma: +23/-23
  • "Sweet Lincoln's mullet." Ron Burgandy
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #130 on: December 15, 2013, 12:38:59 am »
huh my account is on there, god damn you DPR :@. haha only joking am not daft enuff to shop in a place where a scammer directed people to :P
"The only sure bulwark of continuing liberty is a government strong enough to protect the interests of the people, and a people strong enough and well enough informed to maintain its sovereign control over the goverment."
Franklin D. Roosevelt

revolution

  • Full Member
  • ***
  • Posts: 230
  • Karma: +23/-23
  • "Sweet Lincoln's mullet." Ron Burgandy
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #131 on: December 15, 2013, 12:40:09 am »
Aaaaaand this why i shop in silk road :D
"The only sure bulwark of continuing liberty is a government strong enough to protect the interests of the people, and a people strong enough and well enough informed to maintain its sovereign control over the goverment."
Franklin D. Roosevelt

MK ultra

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +15/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #132 on: December 15, 2013, 01:29:30 am »
This is precisely why my allegiance is with DPR and the gang!   

Great work and thank you!


Now shipping Mylar bags and Micro-G hash oil pens
http://silkroad6ownowfk.onion/users/mk-ultra

FriendOfTheDevil

  • Sr. Member
  • ****
  • Posts: 473
  • Karma: +79/-22
  • -Our thoughts create reality-
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #133 on: December 15, 2013, 01:30:22 am »
Great work DPR. My confidence in you grows with every post.

btw


JackCubrick sounds like LE
"The written laws of the United States of America do not supersede the natural laws of economics (supply & demand)." -[vendor]brownpurple
Proof of knowledge of the contents of a package is absolutely necessary to convict. -DrMDA http://silkroad5v7dywlc.onion/index.php?topic=3509.0

dirtybit

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +8/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #134 on: December 15, 2013, 01:36:57 am »
LMFAO!!!  All i can say is WOW!  Anyone who doubts the current administration can eat a dick.
 
Thank you for keeping us safe!








JohnTheBaptist.

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +12/-21
  • Gay as fuck
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #135 on: December 15, 2013, 02:03:16 am »
How bout we all start posting how ,where, and how many parcels we are getting eent , who is successful in beating customs and how. Let's make the job easier for le, I'm sure special agent DPR won't mind, he has set the ball rolling. Better still how bout through vending accounts mine included we just send them out with product of silkroad on them? Its the same shit.
See ya later you all think this is OK you are all complicit in informing. Pack of dogs bye

You're a fucking clueless twat, you truly are!
John

Why is it that, as a culture, we are more comfortable seeing two men holding guns than holding hands?  ~Ernest Gaines

Cornelius23

  • Hero Member
  • *****
  • Posts: 1350
  • Karma: +219/-56
  • On the whole, I'd rather be part of the problem
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #136 on: December 15, 2013, 02:11:50 am »
i didnt see my TM username on that list 0_o

I saw mine!

In my defence, I only made the one order :D
Connect at The Hub: http://thehubaoydxrommh.onion

QoinPro referral: http://www.qoinpro.com/a15a9244da423d15119457abb4040f1c

Reality is merely an illusion, albeit a very persistent one.
[Albert Einstein]

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #137 on: December 15, 2013, 02:25:53 am »
Your an impersonator you probably are in witness protection as well if this is your style.
@cheese on toast why would I be worried kid? I don't use the site. I just despise rats that help le. Should we all disclose peoples info?
So clever and its a contradiction of everything that this place says it stands for.
Look at the quote in DPR signature.
No the site isn't going as good as it should so let's try and fuck it up for everyone.
If I can't have it no one can.
Thank fuck THE REAL DPR doesn't help le like thus one.


If you guys think this is OK your delusional.
Try write something about packaging and see how long it lasts. So what's the diff? Is it OK in the pursuit of market share to assist le? Don't just carry on you ask yourself if your happy assisting le.( don't give me they would have known) that's assuming something and we all know what happens then.

Some people get on my nerves

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #138 on: December 15, 2013, 02:45:02 am »
All hail the Captain,you have exceeded all expectations,genius and true class.I salute you Sir :)
The bar has been set very high indeed,greatest respect has been earned!!!!
As for all the doubting thomas's out there,well?????
We are all puppets.I am just a puppet who can see the strings!

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #139 on: December 15, 2013, 02:47:29 am »
I dare say a lot of vendors SHITTING THEIR PANTS right about now,and a few punters too :)
We are all puppets.I am just a puppet who can see the strings!

Trevor

  • Full Member
  • ***
  • Posts: 248
  • Karma: +87/-35
  • We all love drink and drugs, pal.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #140 on: December 15, 2013, 02:59:29 am »
Your an impersonator you probably are in witness protection as well if this is your style.
@cheese on toast why would I be worried kid? I don't use the site. I just despise rats that help le. Should we all disclose peoples info?
So clever and its a contradiction of everything that this place says it stands for.
Look at the quote in DPR signature.
No the site isn't going as good as it should so let's try and fuck it up for everyone.
If I can't have it no one can.
Thank fuck THE REAL DPR doesn't help le like thus one.


If you guys think this is OK your delusional.
Try write something about packaging and see how long it lasts. So what's the diff? Is it OK in the pursuit of market share to assist le? Don't just carry on you ask yourself if your happy assisting le.( don't give me they would have known) that's assuming something and we all know what happens then.

You're making out as though DPR just DOXED someone. Which he categorically did not do. Hush with the fearmongering for a moment son.
OPSEC: Collection of Tutorial & Research Info:
http://silkroad5v7dywlc.onion/index.php?topic=494.0

The OPSEC reading list:
http://silkroad5v7dywlc.onion/index.php?topic=696.0

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #141 on: December 15, 2013, 03:08:27 am »
DPR I apologize profusely for any insults I've flung your way.Please don't tell anyone about me as I have no doubt you have gleaned a lot, I know you don't dox thankfully so I'll pack it in.Tail well and truly between your legs now,big boy!!

@Loki have you read the first page?


In other words don't fuck with SR or you know what will happen Tormarket.

Ahh methylone & brazzers a match ,made in heaven...ICQ you dirty dog.
We are all puppets.I am just a puppet who can see the strings!

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #142 on: December 15, 2013, 03:19:50 am »
 "The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he who, in the name of charity and good will, shepherds the weak through the valley of the darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy My brothers. And you will know I am the Lord when I lay My vengeance upon you!
We are all puppets.I am just a puppet who can see the strings!

jm

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +10/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #143 on: December 15, 2013, 04:19:25 am »
THAT'S ME!

prove it by changing the following feedback from "right on" to "spot on"

http://[REDACTED - SPAM ADDRESS]/products/2b30591a-592f-11e3-8a10-bb9eb8a1624d

not that i need to prove anything to anybody, but i don't see an option that allows me to change my feedback.

but i'll go ahead and post the timestamps of my oh-so-large list of orders to give everyone an idea of when the database info was leaked

3e4e2260    An Idiot's Guide to Fleeing to Mexico    1    Arrived    dipsycards    2013-12-08 12:07:00 UTC    Yes    
a193bac0    Xbox One Console!    2    Cancelled    positive    2013-12-08 12:02:37 UTC    No    
d790724c    Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Cancelled    moneysell    2013-12-08 11:42:39 UTC    Yes    
cda9f8a2    Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:42:23 UTC    Yes    
c448b974    Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:42:07 UTC    Yes    
bb293db4    Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:52 UTC    Yes    
b0d16706    Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:34 UTC    Yes    
a6fb2b86    3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Arrived    moneysell    2013-12-08 11:41:18 UTC    Yes    
986d89d8    PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]    1    Cancelled    moneysell    2013-12-08 11:40:53 UTC    Yes    
b5230bbe    INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity    1    In transit    rainbowbear    2013-12-07 07:53:49 UTC    Yes


Dude, really which do you need best, porn or drugs - seems unclear from this post? And, really, you're addicted to porn and drugs, but you have no transactions between august and december? Hahahaha, that is clearly not a complete record....

However, while I've never actually used Tormarket for a an order, I do have an account over there - which did not show up in the list that DPR posted, so really not sure if that was a recent dump or not. The Tormarket Prof (I'm sure that guys is Chinese based on his written English) has challenged the Pirate on this exact point - is the data recent, or a bunch of old stuff...

Not that I really give a shit, MARKET WARS are simply not helping the customers, so keep it frickin real, and focus on the important thing - creating an effective marketplace for the users - period... 

WARS bad - pumping transactions - GOOD... Done.

« Last Edit: December 15, 2013, 05:23:26 am by jm »

burn your fucking flag

  • Hero Member
  • *****
  • Posts: 609
  • Karma: +127/-35
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #144 on: December 15, 2013, 05:18:16 am »
subbing.
“We view ourselves as rational creatures. But is it rational to wait like sheep in a pen as [they] steer us to mass extinction? Why continue to obey the laws and dictates of our executioners?” — Chris Hedges

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #145 on: December 15, 2013, 05:31:07 am »
And DPR bough the hack info off the hacker, tell the truth now DPR.
If your fair dinkum and not lying go get the msg I just sent over there.

He won't get it ,because he can't ,and he is a liar.

Come clean I can see the writing on the wall now.
Credibility? I bet you say that to protect peoplesprivacy you won't disclose more.

Fanboys you have been duped. DPR your not the only one offered things by hackers.



@trev doesn't matter now but if true he has done work for le.
But its shit and he can't be forgiven for the lie.
Challenge him to get a current msg
I'm not your son kid
« Last Edit: December 15, 2013, 05:41:10 am by aussieoutlaw »
Some people get on my nerves

pathfinder13

  • Sr. Member
  • ****
  • Posts: 405
  • Karma: +98/-47
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #146 on: December 15, 2013, 05:54:28 am »
I don't know why I'm not on this user list (have another name over there, but cannot find it)??
I registered nearly in the beginning (don't ordered yet) so this cannot be an actual DB-Download.
Perhaps from the very start?
I don't know much, but this list cannot be up to date, that's for sure.

Regards,
pathfinder13

Cornelius23

  • Hero Member
  • *****
  • Posts: 1350
  • Karma: +219/-56
  • On the whole, I'd rather be part of the problem
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #147 on: December 15, 2013, 07:28:15 am »
However, while I've never actually used Tormarket for a an order, I do have an account over there - which did not show up in the list that DPR posted, so really not sure if that was a recent dump or not. The Tormarket Prof (I'm sure that guys is Chinese based on his written English) has challenged the Pirate on this exact point - is the data recent, or a bunch of old stuff...

It's presumably fairly recent as I only registered on Tormarket about a week ago. Could it be that the list posted here was only of people who've made purchases?
Connect at The Hub: http://thehubaoydxrommh.onion

QoinPro referral: http://www.qoinpro.com/a15a9244da423d15119457abb4040f1c

Reality is merely an illusion, albeit a very persistent one.
[Albert Einstein]

Public Enemy #1

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +18/-6
  • Louder than a bomb
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #148 on: December 15, 2013, 11:11:17 am »
There is no german hacker. No Zulu33.

The data was extracted over a couple of days last week.

A massive vulnerability was found in the search function of the site which allowed access to everything in their back end database.

The affected 3rd party Ruby gem is called Ransack.

All information relating users back to real-life identities was destroyed to ensure it could not be used against anyone.

Very possible that others less well intentioned also found this bug, I hope not but it is quite possible, as has been stated it was not some 0-day exploit. Just poor coding and lack of testing.

Only enumerated users between ID 10000 and ID 20000 for brevity and yes only buyer accounts with 1 or more orders.

Shame it came to this.


PE#1

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #149 on: December 15, 2013, 01:36:25 pm »
I don't know why I'm not on this user list (have another name over there, but cannot find it)??
I registered nearly in the beginning (don't ordered yet) so this cannot be an actual DB-Download.
Perhaps from the very start?
I don't know much, but this list cannot be up to date, that's for sure.

Regards,
pathfinder13
I am not on there either and if the list is current I should be.  Not sure where "DPR" got it or when.

12acrebrow

  • Full Member
  • ***
  • Posts: 218
  • Karma: +32/-11
  • No FE, ESCROW Please.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #150 on: December 15, 2013, 01:57:00 pm »
Perhaps it is not a complete list...

Just a sample

 ::)
"You bellend.  I can't believe we've been funked again.  Fuck it."

- Ziggy

StringerBell

  • Hero Member
  • *****
  • Posts: 556
  • Karma: +132/-39
  • We don't need to dream no more
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #151 on: December 15, 2013, 02:57:03 pm »
@ aussieoutlaw,

GTFO, seriously. You are still butt-hurt and trolling EVERYWHERE because your "STATE OF THE ARTZ BRANMD NEW TOUCH SCREEN HYBRID 2800 DOLLAR PC STRAIGHT FROM THE SHOP OMG" won't allow you to copy and paste BTC addresses from within SR utilizing the touch screen feature.

Piss off "mate," and while you are busy pissing off, purchase a three dollar mouse so as to be able to copy and paste - that way your panties will become un-bunched and we can all go about our business without listening to your dingo-jizz fueled rants.

I literally "lol" at the image of some hunched over, chain smoking old aussie repeatedly poking his finger at his touchscreen while screaming obscenities about "Dread Pirate Roberts."

Chill out, seriously. Go have a xanax and sleep for a few days. The community at large will thank you.

Cheers.

This

holysmokes

  • Newbie
  • *
  • Posts: 13
  • Karma: +2/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #152 on: December 15, 2013, 04:48:56 pm »
wow.  as a user of both markets i feel like i just got peanut butter spread between my legs while a czech german shephard tickles his fancy.


BlueBox

  • Full Member
  • ***
  • Posts: 213
  • Karma: +54/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #153 on: December 15, 2013, 05:28:45 pm »
I see no reason for SilkRoad/DPR to comment on anything regarding other markets. Regardless of the truthiness of DPR's post, I think it should have gone unsaid. This can only create more animosity between the markets. Nothing good will come from this, only drama...

Worry about this market and let those who are trying to catch up bad mouth you, not vice versa.

Just my opinion.
« Last Edit: December 15, 2013, 05:29:27 pm by BlueBox »
I cannot be trusted. Darknet rule #0.

pathfinder13

  • Sr. Member
  • ****
  • Posts: 405
  • Karma: +98/-47
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #154 on: December 15, 2013, 05:34:35 pm »
There is no german hacker. No Zulu33.

The data was extracted over a couple of days last week.

A massive vulnerability was found in the search function of the site which allowed access to everything in their back end database.

The affected 3rd party Ruby gem is called Ransack.

All information relating users back to real-life identities was destroyed to ensure it could not be used against anyone.

Very possible that others less well intentioned also found this bug, I hope not but it is quite possible, as has been stated it was not some 0-day exploit. Just poor coding and lack of testing.

Only enumerated users between ID 10000 and ID 20000 for brevity and yes only buyer accounts with 1 or more orders.

Shame it came to this.


PE#1

That's a good explanation, would be imho better if DPR would have state this in his opening post.
But not a big issue at all.

Regards,
pathfinder13

BuckshoT

  • Sr. Member
  • ****
  • Posts: 356
  • Karma: +19/-17
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #155 on: December 15, 2013, 06:53:31 pm »
Good shit DPR
-----------------------BuckshoT------------------------

holysmokes

  • Newbie
  • *
  • Posts: 13
  • Karma: +2/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #156 on: December 15, 2013, 07:36:51 pm »
I see no reason for SilkRoad/DPR to comment on anything regarding other markets. Regardless of the truthiness of DPR's post, I think it should have gone unsaid. This can only create more animosity between the markets. Nothing good will come from this, only drama...

Worry about this market and let those who are trying to catch up bad mouth you, not vice versa.

Just my opinion.

honestly, i disagree.  this shit needs to be exposed.  regardless if it was the SR crew or some other sweedish pretty boy that dumped the info, we are entitled to know what the hell is going on out there.  i'd expect the same to happen if SR was getting hax0red. 

this is only good for the community as a whole.. TM will tighten their shit up.. SR will also. 

aussieoutlaw

  • Full Member
  • ***
  • Posts: 208
  • Karma: +27/-102
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #157 on: December 15, 2013, 08:42:16 pm »
Nero its good to see you blindly follow. Put the fiddle away its on fire.
Some people get on my nerves

BlueBox

  • Full Member
  • ***
  • Posts: 213
  • Karma: +54/-5
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #158 on: December 15, 2013, 09:35:21 pm »
I see no reason for SilkRoad/DPR to comment on anything regarding other markets. Regardless of the truthiness of DPR's post, I think it should have gone unsaid. This can only create more animosity between the markets. Nothing good will come from this, only drama...

Worry about this market and let those who are trying to catch up bad mouth you, not vice versa.

Just my opinion.

honestly, i disagree.  this shit needs to be exposed.  regardless if it was the SR crew or some other sweedish pretty boy that dumped the info, we are entitled to know what the hell is going on out there.  i'd expect the same to happen if SR was getting hax0red. 

this is only good for the community as a whole.. TM will tighten their shit up.. SR will also.

I agree that transparency is a good thing, but DPR's post had more of an agenda than a simple sharing of information.

I would rather have DPR spend his time building up SilkRoad than worrying about other markets.
I cannot be trusted. Darknet rule #0.

TheWeeMan

  • Full Member
  • ***
  • Posts: 182
  • Karma: +30/-9
  • Well there is US and there is THEM.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #159 on: December 15, 2013, 09:47:48 pm »
Freakin heck. That is most worrying and very scary. The stuff nightmares are made from. Eeek

holysmokes

  • Newbie
  • *
  • Posts: 13
  • Karma: +2/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #160 on: December 15, 2013, 11:06:13 pm »
I see no reason for SilkRoad/DPR to comment on anything regarding other markets. Regardless of the truthiness of DPR's post, I think it should have gone unsaid. This can only create more animosity between the markets. Nothing good will come from this, only drama...

Worry about this market and let those who are trying to catch up bad mouth you, not vice versa.

Just my opinion.

honestly, i disagree.  this shit needs to be exposed.  regardless if it was the SR crew or some other sweedish pretty boy that dumped the info, we are entitled to know what the hell is going on out there.  i'd expect the same to happen if SR was getting hax0red. 

this is only good for the community as a whole.. TM will tighten their shit up.. SR will also.

I agree that transparency is a good thing, but DPR's post had more of an agenda than a simple sharing of information.

I would rather have DPR spend his time building up SilkRoad than worrying about other markets.

word up. 
i still am noided for all the TM users. 

Cornelius23

  • Hero Member
  • *****
  • Posts: 1350
  • Karma: +219/-56
  • On the whole, I'd rather be part of the problem
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #161 on: December 15, 2013, 11:47:06 pm »
I am not on there either and if the list is current I should be.  Not sure where "DPR" got it or when.

Did you make a purchase?

Also, did you read the post directly above yours?:
Only enumerated users between ID 10000 and ID 20000 for brevity and yes only buyer accounts with 1 or more orders.
Connect at The Hub: http://thehubaoydxrommh.onion

QoinPro referral: http://www.qoinpro.com/a15a9244da423d15119457abb4040f1c

Reality is merely an illusion, albeit a very persistent one.
[Albert Einstein]

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #162 on: December 16, 2013, 12:08:50 am »
Yes, Cornelius, I did.  But what's important is that the DDOS attacks on both sites have stopped now.

holog1n

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +125/-22
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #163 on: December 16, 2013, 01:43:06 am »
Brutal, i cant belive this, i mean, i dont even went there, just fake/quick account to check the site, but never imagine that so easily and the sec is so bad.

Respect DPR, the ultimate boss
Death is just another point of view
b4kerluna@safe-mail.net
torchat > 5fupjdb6xvispoyr

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #164 on: December 16, 2013, 01:50:03 am »
Yes, Cornelius, I did.  But what's important is that the DDOS attacks on both sites have stopped now.

Thats because DPR put a fucking stop to it,at great cost im sure!!!!
We are all puppets.I am just a puppet who can see the strings!

Dread Pirate Roberts

  • Captain
  • Administrator
  • *****
  • Posts: 566
  • Karma: +552/-41
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #165 on: December 16, 2013, 01:52:18 am »
There is no german hacker. No Zulu33.

The data was extracted over a couple of days last week.

A massive vulnerability was found in the search function of the site which allowed access to everything in their back end database.

The affected 3rd party Ruby gem is called Ransack.

All information relating users back to real-life identities was destroyed to ensure it could not be used against anyone.

Very possible that others less well intentioned also found this bug, I hope not but it is quite possible, as has been stated it was not some 0-day exploit. Just poor coding and lack of testing.

Only enumerated users between ID 10000 and ID 20000 for brevity and yes only buyer accounts with 1 or more orders.

Shame it came to this.


PE#1

Looks like we are not the only ones to find how easy that was.
Quote 23: Criticism has plucked the imaginary flower from the chain not so that man may continue to bear the chain without consolation or fantasy but so that he may throw off the chain and cull the living flower.

Dr,Manhattan

  • Hero Member
  • *****
  • Posts: 586
  • Karma: +128/-119
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #166 on: December 16, 2013, 01:57:39 am »
Where is the proof that TM was behind the DDOS? Because from what I gather all the mods and admins over at TM seem to think those claims were unfounded.

Why on earth would they possibly admit it,would make no sense at all!!
We are all puppets.I am just a puppet who can see the strings!

holysmokes

  • Newbie
  • *
  • Posts: 13
  • Karma: +2/-0
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #167 on: December 16, 2013, 02:18:18 am »
well shit.  hopefully almost EVERYONE that took a crack at it just got a bunch of PGP scramble.


D.STORM

  • Full Member
  • ***
  • Posts: 113
  • Karma: +13/-24
  • ★= Welcome =★
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #168 on: December 16, 2013, 02:23:22 am »
DPR : your are not Captain, but the king of cosmos deep-web ..

stay in security all body .. closed this bad address , agreed 200 / 100 %..
i am sure ! you have possibility .. it time to come back to home .
I was sure .. trust only your home !! here its family !

who is the best of the best ?? !!!


For custom orders or requests, or if you have any questions,
feel free to contact me.

~ D.Storm™ ~

silkroad6ownowfk.onion

http://silkroad6ownowfk.onion/users/d-storm

nicedayproject

  • Full Member
  • ***
  • Posts: 128
  • Karma: +29/-16
  • mmmmmmmhmmm
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #169 on: December 16, 2013, 05:10:45 am »
DPR : your are not Captain, but the king of cosmos deep-web ..

This is the type of worship that I'm scared of on this forum and it's really deterring me.
old SR forum profile: http://dkn255hz262ypmii.onion/index.php?action=profile;u=97538 (no longer active)

SM profile: http://sheep5u64fi457aw.onion/account/profile/b1fb7bce0dbf4f9c47e707ae81eb7f23 (no longer active)
:( had a lot of work built up there

Welp, you're just gonna have to trust me.

polyphemusperception

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +17/-2
  • Wisdom begins in wonder. - Socrates
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #170 on: December 16, 2013, 06:24:34 am »
DPR : your are not Captain, but the king of cosmos deep-web ..

This is the type of worship that I'm scared of on this forum and it's really deterring me.

I know right?
These grandiose statements are quite obnoxious.... I appreciate all of the hard work that goes into the maintaining the site... but this is still a capitalistic enterprise...with many goals in mind...

DPR you are my Jesus, will you please have sex with my girlfriend, boyfriend, father and mother while I pray to you........   giggle, giggle, toil, and drivel

« Last Edit: December 16, 2013, 06:26:25 am by polyphemusperception »
The roots of education are bitter, but the fruit is sweet. - Aristotle

Tor

  • Newbie
  • *
  • Posts: 48
  • Karma: +10/-0
  • Tor - my world.
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #171 on: December 16, 2013, 08:07:19 am »
Well, DPR that was quite amusing.  Thanks for the entertainment, hah.

I feel bad for anyone who has ordered from that site, no, even made an account even.  That security is absolutely atrocious.

TorMarket - the reason we can't have nice things.


-T
- Viscosity is the key.

ChemCat

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9240
  • Karma: +950/-193
  • I Stand Tall, Among the Giants of the Silk Road
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #172 on: December 16, 2013, 08:16:11 am »
::)
You Don't know PGP?         :o

Go here: http://silkroad5v7dywlc.onion/index.php?topic=41104.0

Then go Here: http://silkroad5v7dywlc.onion/index.php?topic=179.0

Sink your teeth into it and Learn  ;)

If you cannot take the little bit of Time to Learn & Use PGP..Do Not msg Me
 

Hugs 8)

James Frazer

  • Jr. Member
  • **
  • Posts: 90
  • Karma: +20/-11
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #173 on: December 16, 2013, 11:14:59 am »
A significant number, perhaps a majority, of the larger SR2 vendors and regular buyers also trade on TM. Therefore it is likely at least some of the TM transaction details posted here are those of members of SR2. Posting transaction details publicly affects the security of everyone on both markets. That's no way to run a railroad.

« Last Edit: December 16, 2013, 11:35:43 am by James Frazer »
The stupidity of the question is less important than the intelligence of the answer.

anontoker

  • Hero Member
  • *****
  • Posts: 1137
  • Karma: +214/-33
  • Resident Anonie
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #174 on: December 16, 2013, 11:41:44 am »
@James Frazer In my opinion, I am sure they edited out any real usernames in case there was any connection to actual users. (Note my awesome avoidance of FUD)

I've had allot of issues the past few weeks not concerning this issue but other accusations about a Vendor friend of mine (friend as in anonie friends).

It's been pretty tough since I cannot prove anything either way. It's possible the account was hacked.

You know, its hard to trust and speak from that trust without any data to support why I  trust DPR and The Team.

Is it wrong to assume I know things, at least as far as what I believe The Team will/would do out of trust for DPR & Crew without constantly coming here and posting or bothering them with useless PM's?

I believe an attack on SR is an attack on its users and I don't give a fuck what people think. If they attack you, they attack us.

Edit: For a bit of clarity. I'm out of weed.
« Last Edit: December 16, 2013, 11:49:26 am by anontoker »
-=Supported vendors=-
NwNugz
 Items:http://silkroad6ownowfk.onion/users/nw-nugz/items
 MoodyMayhem: http://silkroad6ownowfk.onion/users/moodymayhem/item

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #175 on: December 16, 2013, 01:27:20 pm »
A significant number, perhaps a majority, of the larger SR2 vendors and regular buyers also trade on TM. Therefore it is likely at least some of the TM transaction details posted here are those of members of SR2. Posting transaction details publicly affects the security of everyone on both markets. That's no way to run a railroad.
Agreed.  I have decided that after the holidays I will probably be done with both TOR or SR.  They are both too unstable.  Plus, I get the feeling from all of this that "DPR" is far more concerned about his own grandiosity than actually running a business successfully. 

DanDanTheIceCreamMan

  • Sr. Member
  • ****
  • Posts: 272
  • Karma: +70/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #176 on: December 16, 2013, 05:01:05 pm »
A significant number, perhaps a majority, of the larger SR2 vendors and regular buyers also trade on TM. Therefore it is likely at least some of the TM transaction details posted here are those of members of SR2. Posting transaction details publicly affects the security of everyone on both markets. That's no way to run a railroad.

+1
Have you joined The Hub yet? I have! It's an impartial community for all members of the Deep Web marketplaces to chat, review markets, and even regroup in the event of a market's closure. Join me here: http://thehubaoydxrommh.onion

GGGreenbud

  • Full Member
  • ***
  • Posts: 189
  • Karma: +50/-9
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #177 on: December 16, 2013, 08:41:07 pm »
    DPR, this may make enemies for you, but it will also win you friends. 
   I was REALLY close at one point to making a Tormarket account, and I didn't.
   Fuck Tormarket, its obviously a honeypot if they have a grab function like that. 
  The only reason it would be set up like that, is so if LE grabs a computer with PGP already loaded,
  all they have to do is run the pull/grab function after accessing the site from their base and decrypt on
  the compramised machine.   There are too many agencies to ask for a warrant, not like they give a fuck,
  in this day and age, so it makes sense if you want a honeypot that you just let it run smooth, harass the
  competitors, and fuck over everyone on the DL, then blame it on the security/coding.  You can be the    owners/operators of Tormarket are shaking in their boots right now, knowing that we know that they know what we know that they know that other people COULD know that we know that they know we know.
  Am I making myself clear?

 -GGGreenbud
"I have Zero Tolerance for Pan-Fuckery and Ass-Grabbery @Tormarket."
     
G to those that know me, Mr. G to everyone else.

D.STORM

  • Full Member
  • ***
  • Posts: 113
  • Karma: +13/-24
  • ★= Welcome =★
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #178 on: December 16, 2013, 10:21:21 pm »
There is no german hacker. No Zulu33.

The data was extracted over a couple of days last week.

A massive vulnerability was found in the search function of the site which allowed access to everything in their back end database.

The affected 3rd party Ruby gem is called Ransack.

All information relating users back to real-life identities was destroyed to ensure it could not be used against anyone.

Very possible that others less well intentioned also found this bug, I hope not but it is quite possible, as has been stated it was not some 0-day exploit. Just poor coding and lack of testing.

Only enumerated users between ID 10000 and ID 20000 for brevity and yes only buyer accounts with 1 or more orders.

Shame it came to this.


PE#1

Looks like we are not the only ones to find how easy that was.



" Criticism has plucked the imaginary flower from the chain not so that man may continue to bear the chain without consolation or fantasy but so that he may throw off the chain and cull the living flower. "

grow the best seed ..
For custom orders or requests, or if you have any questions,
feel free to contact me.

~ D.Storm™ ~

silkroad6ownowfk.onion

http://silkroad6ownowfk.onion/users/d-storm

sillywabbit21

  • Full Member
  • ***
  • Posts: 156
  • Karma: +57/-6
  • to be or to be
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #179 on: December 17, 2013, 07:10:01 pm »
LMAO

So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

That was petty funny. :)

yeah. Methylone and all that porn ...damn ,that's allot of cum! must be nice to get high and wank all day :)
Love and Light :)
sillywabbit21@Safe-mail.net

charlie0711

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +5/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #180 on: December 17, 2013, 07:14:59 pm »
    DPR, this may make enemies for you, but it will also win you friends. 
   I was REALLY close at one point to making a Tormarket account, and I didn't.
   Fuck Tormarket, its obviously a honeypot if they have a grab function like that. 
  The only reason it would be set up like that, is so if LE grabs a computer with PGP already loaded,
  all they have to do is run the pull/grab function after accessing the site from their base and decrypt on
  the compramised machine.   There are too many agencies to ask for a warrant, not like they give a fuck,
  in this day and age, so it makes sense if you want a honeypot that you just let it run smooth, harass the
  competitors, and fuck over everyone on the DL, then blame it on the security/coding.  You can be the    owners/operators of Tormarket are shaking in their boots right now, knowing that we know that they know what we know that they know that other people COULD know that we know that they know we know.
  Am I making myself clear?

 -GGGreenbud
"I have Zero Tolerance for Pan-Fuckery and Ass-Grabbery @Tormarket."
   
no

CaptainWhiteBeard

  • Certified Thief
  • Hero Member
  • *****
  • Posts: 3810
  • Karma: +260/-290
  • The Notorious Dark Net Pirate
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #181 on: December 17, 2013, 07:15:51 pm »
LMAO

So user icq has the highest amount of products purchased. We investigated a little further to see precisely what he bought (and we could do this for every buyer I would like to point out):

Code: [Select]
ID      Buyer      Vendor      Product
16759      icq      moneysell      Brazzers.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      rainbowbear      INTERNATIONAL 100 grams bulk methylone M1 moonrock 99.9% purity
16759      icq      moneysell      Teenpornopass.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      PornPros.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Asiansexdiary.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Babes.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      dipsycards      An Idiot's Guide to Fleeing to Mexico
16759      icq      positive      Xbox One Console!
16759      icq      moneysell      3dxstar.com - [LIFETIME PORN PREMIUM ACCOUNT]
16759      icq      moneysell      Sexart.com - [LIFETIME PORN PREMIUM ACCOUNT]


Somebody tell him you don't need to pay these days. Let's try another (jackcubrick):

That was petty funny. :)

yeah. Methylone and all that porn ...damn ,that's allot of cum! must be nice to get high and wank all day :)

Sounds like me in my mephedrone days !
Prepare to be robbed.

Cornelius23

  • Hero Member
  • *****
  • Posts: 1350
  • Karma: +219/-56
  • On the whole, I'd rather be part of the problem
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #182 on: December 17, 2013, 09:36:26 pm »
A significant number, perhaps a majority, of the larger SR2 vendors and regular buyers also trade on TM. Therefore it is likely at least some of the TM transaction details posted here are those of members of SR2. Posting transaction details publicly affects the security of everyone on both markets. That's no way to run a railroad.
@James Frazer In my opinion, I am sure they edited out any real usernames in case there was any connection to actual users. (Note my awesome avoidance of FUD)

My name was there, as was icq's, but I saw nothing in DPR's post that would compromise our security.
Connect at The Hub: http://thehubaoydxrommh.onion

QoinPro referral: http://www.qoinpro.com/a15a9244da423d15119457abb4040f1c

Reality is merely an illusion, albeit a very persistent one.
[Albert Einstein]

Haycelem16

  • Sr. Member
  • ****
  • Posts: 278
  • Karma: +35/-16
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #183 on: December 18, 2013, 12:00:59 am »
People must forget the others marketplaces, when SR will be back it will be better and stronger than ever!
SR need competitor like BMR, moreover the community forgets this last one too fast.
We don't need the others marketplaces so let them know who is the most powerful and where is the best place to make business.

D.STORM's team.
« Last Edit: December 18, 2013, 12:03:28 am by Haycelem16 »
"Even the genius asks questions"- 2Pac

D.STORM

  • Full Member
  • ***
  • Posts: 113
  • Karma: +13/-24
  • ★= Welcome =★
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #184 on: December 18, 2013, 12:47:29 pm »
STAY INTO SECURITY .. warning, if Captain have this type info, DEA too .
« Last Edit: December 18, 2013, 12:48:01 pm by D.STORM »
For custom orders or requests, or if you have any questions,
feel free to contact me.

~ D.Storm™ ~

silkroad6ownowfk.onion

http://silkroad6ownowfk.onion/users/d-storm

Timex

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
  • I think; therefore I am.
    • View Profile
    • Email
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #185 on: December 19, 2013, 12:36:07 am »
...let's simplify. dark web is like the streets. you can believe who ever you want, the final issue is money.

WHO WILL BE A BITCH FOR MONEY?

ALMOST EVERYONE.

....DPR..WILL YOU RUN FOR THE MONEY ON TIME LIKE EVERYBODY ELSE?

...OF COURSE NOT, YOU HAVE VALUES!!! (other than money)

RIGHT?...........

Greengo420

  • Newbie
  • *
  • Posts: 45
  • Karma: +2/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #186 on: December 19, 2013, 04:48:30 pm »
@ aussieoutlaw,

GTFO, seriously. You are still butt-hurt and trolling EVERYWHERE because your "STATE OF THE ARTZ BRANMD NEW TOUCH SCREEN HYBRID 2800 DOLLAR PC STRAIGHT FROM THE SHOP OMG" won't allow you to copy and paste BTC addresses from within SR utilizing the touch screen feature.

Piss off "mate," and while you are busy pissing off, purchase a three dollar mouse so as to be able to copy and paste - that way your panties will become un-bunched and we can all go about our business without listening to your dingo-jizz fueled rants.

I literally "lol" at the image of some hunched over, chain smoking old aussie repeatedly poking his finger at his touchscreen while screaming obscenities about "Dread Pirate Roberts."

Chill out, seriously. Go have a xanax and sleep for a few days. The community at large will thank you.

Cheers.

+1 LOL

Greengo420

  • Newbie
  • *
  • Posts: 45
  • Karma: +2/-2
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #187 on: December 19, 2013, 04:54:30 pm »
A significant number, perhaps a majority, of the larger SR2 vendors and regular buyers also trade on TM. Therefore it is likely at least some of the TM transaction details posted here are those of members of SR2. Posting transaction details publicly affects the security of everyone on both markets. That's no way to run a railroad.
@James Frazer In my opinion, I am sure they edited out any real usernames in case there was any connection to actual users. (Note my awesome avoidance of FUD)

My name was there, as was icq's, but I saw nothing in DPR's post that would compromise our security.

Agreed, as was mine.

greenfields1

  • Sr. Member
  • ****
  • Posts: 268
  • Karma: +18/-40
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #188 on: December 20, 2013, 12:04:24 pm »
all a bit sketchy if you ask me .... Fed heaven    :'(
Scammed? NEVER F.E & TRUST NO ONE ON Sr2 its full of Law enforcement - BE CAREFUL

Do not give up your authority and follow blindly the will of others.This way will lead to only delusion."
"Find out for yourself what is good & bad & embrace the good" The Buddha

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #189 on: December 20, 2013, 06:42:43 pm »
Shit sr2 just got hacked.

Public Enemy #1

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +18/-6
  • Louder than a bomb
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #190 on: December 20, 2013, 07:05:09 pm »
Shit sr2 just got hacked.

Has your marketplace been put to the test yet Loki - are you feeling confident?

DanDanTheIceCreamMan

  • Sr. Member
  • ****
  • Posts: 272
  • Karma: +70/-7
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #191 on: December 20, 2013, 07:14:52 pm »
The title of this thread seems a bit ironic now, no?
Have you joined The Hub yet? I have! It's an impartial community for all members of the Deep Web marketplaces to chat, review markets, and even regroup in the event of a market's closure. Join me here: http://thehubaoydxrommh.onion

Dr. Chem

  • Jr. Member
  • **
  • Posts: 82
  • Karma: +39/-25
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #192 on: December 20, 2013, 08:57:57 pm »
The title of this thread seems a bit ironic now, no?
Was thinking the same thing. And after reading TM's statement to all that's happening. All I wonder is why our admins and staff couldn't have responded in the same way... Such a shame.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #193 on: December 20, 2013, 10:13:14 pm »
Shit sr2 just got hacked.

Has your marketplace been put to the test yet Loki - are you feeling confident?

No and yes.

This_is_not_NCA

  • Newbie
  • *
  • Posts: 43
  • Karma: +13/-1
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #194 on: December 20, 2013, 10:53:31 pm »
Shit sr2 just got hacked.

Has your marketplace been put to the test yet Loki - are you feeling confident?

No and yes.

Right. I'll take your word for it then.
« Last Edit: December 20, 2013, 10:54:50 pm by This_is_not_NCA »

NoAddedSugar

  • Sr. Member
  • ****
  • Posts: 277
  • Karma: +25/-18
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #195 on: December 22, 2013, 10:24:14 am »
How come lots of the user messages from TM at the begining of the post were exactly the same, from different users?

FriendOfTheDevil

  • Sr. Member
  • ****
  • Posts: 473
  • Karma: +79/-22
  • -Our thoughts create reality-
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #196 on: December 26, 2013, 12:56:30 am »
@ aussieoutlaw,

GTFO, seriously. You are still butt-hurt and trolling EVERYWHERE because your "STATE OF THE ARTZ BRANMD NEW TOUCH SCREEN HYBRID 2800 DOLLAR PC STRAIGHT FROM THE SHOP OMG" won't allow you to copy and paste BTC addresses from within SR utilizing the touch screen feature.

Piss off "mate," and while you are busy pissing off, purchase a three dollar mouse so as to be able to copy and paste - that way your panties will become un-bunched and we can all go about our business without listening to your dingo-jizz fueled rants.

I literally "lol" at the image of some hunched over, chain smoking old aussie repeatedly poking his finger at his touchscreen while screaming obscenities about "Dread Pirate Roberts."

Chill out, seriously. Go have a xanax and sleep for a few days. The community at large will thank you.

Cheers.

HA
"The written laws of the United States of America do not supersede the natural laws of economics (supply & demand)." -[vendor]brownpurple
Proof of knowledge of the contents of a package is absolutely necessary to convict. -DrMDA http://silkroad5v7dywlc.onion/index.php?topic=3509.0

StringerBell

  • Hero Member
  • *****
  • Posts: 556
  • Karma: +132/-39
  • We don't need to dream no more
    • View Profile
    • Personal Message (Offline)
Re: Security: Why claims are dangerous to believe
« Reply #197 on: December 27, 2013, 04:34:06 pm »
Oh boy. Forgot I wrote that little gem to my best friend aussie.

Well damn, he was going on about it as if it were the end of the world. Buy a mouse!

I still hold that this singular, stupid issue the the reason behind all of his pent up hatred and trolling for the past week.

Buy a mouse, mate! They even sell really cool ones that will go with your $2800 hunk of crap quite nicely.


lol

That original thread have me laughing to this day! Must be the thread of the fking decade! Thank you Nero for making me laugh about it once again! :D