TorMarket's Response

[Romero]

Posted by Prof (Administrator) -

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good . There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

[jakeyblues1987]

hey needs a grammar lesson eh?

[sellitall99]

DUN DUN DUNNNN

[ihnZ]

confirm/deny tormarkert is responsible for SR ddos?

[Romero]

confirm/deny tormarkert is responsible for SR ddos?

He posted on a few threads after making that sticky explicitly denying that TorMarket is behind the DDOS attacks.

Edit: here are 2 other posts from Prof -

He says he has concrete proof that TM was the cause of the attacks

That's impossible. We are not behind that attacks. We was working so hard here to keep this place together and implement features that we didn't have time to attack nor sleep. Actually we tried to lower our traffic: closed vendor registration, invite-only mode, etc.

Nope, we are not in Panic. And yes, DPR make a threat to take down TM and then we get heavy DDOS.

[pK]

At first I was kind of excited.. But ultimately isn't any combat between the marketplaces ultimately bad for business for both? I understand that if one is on the other, then retaliation is necessary but I just don't know about this entire thing anymore, hopefully DPR responds to this thread.

[DoctorClu]

At first I was kind of excited.. But ultimately isn't any combat between the marketplaces ultimately bad for business for both? I understand that if one is on the other, then retaliation is necessary but I just don't know about this entire thing anymore, hopefully DPR responds to this thread.

Yes and peace is what is sought after. One side just doesn't like to agree from the looks of things.

[Yoda]

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

How is it marketing BS?  He just admitted someone hacked the DB.   Doesn't matter if he thinks SR did too or not imho...  It was hacked.

More telling though:  he waits to fix this only after DPR posts about it??? 

[DrawkwarD]

Posted by Prof (Administrator) -

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good . There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

TM admin has bad grammer just like the Sheep admin so it could very well be the same person.

[Romero]

How is it marketing BS?  He just admitted someone hacked the DB.   Doesn't matter if he thinks SR did too or not imho...  It was hacked.

More telling though:  he waits to fix this only after DPR posts about it???

According to him, he fixed it after learning about it: "There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch"

[Yoda]

According to him, he fixed it after learning about it: "There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch"

Guess I kinda interpreted that incorrectly perhaps.

So then it's down for some other reason.  I was thinking they were making improvements or something.

[pK]

How is it marketing BS?  He just admitted someone hacked the DB.   Doesn't matter if he thinks SR did too or not imho...  It was hacked.

Good point.

[Romero]

Guess I kinda interpreted that incorrectly perhaps.

So then it's down for some other reason.  I was thinking they were making improvements or something.

You mean right now? No, right now they're dealing with a DDOS:

@ Admin. Is it safe to log on Market while this DDOS attack?

Yes. We don't have server load, the traffic is not reaching the server.

He believes DPR is behind the DDOS (he's saying it started right after DPR made his announcement).

[metalmonkey]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

[Romero]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

I'd say no solely because the DDOS on TorMarket is different. Check out this post:

I can process withdraws from console. The server is up and running. You can't reach the domain as the entry nodes are under attack.

If you keep refreshing, you'll eventually get the login page. The server seems perfectly fine & Prof has been able to give vendors links that will allow them process to orders during the DDOS. So it definitely seems different than what SR had to deal with.

[metalmonkey]

So it definitely seems different than what SR had to deal with.

right i was thinking more like
3rd party ddos silkroad while claiming to be tormarket
silkroad ddos tormarket in confusion

but who knows

[Romero]

right i was thinking more like
3rd party ddos silkroad while claiming to be tormarket
silkroad ddos tormarket in confusion

but who knows

It's most definitely possible, maybe even probable due to the fact that there are so many new black markets. After Sheep shut down it seemed like half the vendors came over here and half went over to TM, so there are quite a few who would benefit from these DDOS attacks.

[nathan.burnett]

TM appears to be rather deflective

DPR posting

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will

TM posting

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

Somebody once told me if it smells like bullshit and it looks like bullshit, it's bullshit.
I applaud DPR for not stooping down to this level of bullshittery

[Romero]

I figured I should repost these 2 recent postings from Prof. Apparently he's certain SR is behind the current DDOS that TorMarket is experiencing:

The support is processing tickets right now.We have 500 unread messages and the backend is very slow due to SR attacks.

And in response to someone who was upset with the info DPR uncovered:

Nope, it was not DPR, he just bought the leaks from a german hacker.

[pimpit]

TM appears to be rather deflective

DPR posting

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will

TM posting

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

Somebody once told me if it smells like bullshit and it looks like bullshit, it's bullshit.
I applaud DPR for not stooping down to this level of bullshittery

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.


This reall needs to stop. you cant afford the time and resources to be spend attacking TM if they did it or not... build up a working stable site and all this shit will end on its own.

[iplaynaked]

TM appears to be rather deflective

DPR posting

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will

TM posting

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

Somebody once told me if it smells like bullshit and it looks like bullshit, it's bullshit.
I applaud DPR for not stooping down to this level of bullshittery

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.

More like tormarket admins are scrambling to patch up security hole... while blaming SR for DDOS.

[Yoda]

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.

What?

I've seen no such statements from DPR.   Where are you getting this?

[pimpit]

TM appears to be rather deflective

DPR posting

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will

TM posting

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

Somebody once told me if it smells like bullshit and it looks like bullshit, it's bullshit.
I applaud DPR for not stooping down to this level of bullshittery

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.

More like tormarket admins are scrambling to patch up security hole... while blaming SR for DDOS.

OK stop with fanboy shit people, and carefully read what TM replayed with then read it again, but with out bias. No security whole, no proof of ddos originating from TM why are we still on this. DPR did not replay with more details outlining his case and tbh he should just stop this childish bs. NExt thing you know we are paying hitmen and back to arrests.... can we just do business on both sites and let the best one make more money ... we need more then one site lets learn from SR 1 going down.

[cracknback]

Posted by Prof (Administrator) -

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good . There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

I don't like you how now you talk so much like mod admin from your sheep market for place you rip off and scamm cunt 98trillion bit fuck coin bitch titts huh?
.
If it looks like a sheep, and smells like a sheep.  Its either a sheep or one of those goat things that look just like sheep.   

[Cannabis Maximus]

Well I'm no IT wiz but I would say if the list of users, orders and messages has been gained (even some of them) then in my books that is the definition of hacked.

Or are we now saying that is supposed to happen?

Anyway lets all sit down, smoke a reefer, and move on...

[Cornelius23]

And in response to someone who was upset with the info DPR uncovered:

Nope, it was not DPR, he just bought the leaks from a german hacker.

I don't know why DPR would have to do that when nationchemz found it so easy to grab the same data (http://silkroad5v7dywlc.onion/index.php?topic=8598.msg149744#msg149744).

If it looks like a sheep, and smells like a sheep.  Its either a sheep or one of those goat things that look just like sheep.

This made me titter

[CaptainWhiteBeard]

Posted by Prof (Administrator) -

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good . There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

Not quite as elegant as the poetry from Bob i am afraid

[Eduardo]

REDACTED

Information from the vendors roundtable is not permitted to be posted elsewhere.

Synergy

[Romero]

REDACTED

I'm guessing vendors will confirm that DPR sent that message advising them to withdraw their coins.

Check out this post from DPR:

There are rumours spreading Silk Road is currently DOS'ing Tor Market. These rumors are false and we are not attacking nor do we plan to. I have said what I have needed to say and I advised my vendors to withdraw their bitcoins from the site in the event the administrators closed it in panic.

Here's the link to that post: silkroad5v7dywlc.onion/index.php?topic=8617.0#msg148958

I know it might look really messed up to advise vendors to withdraw their btc from TM, but from DPR's standpoint he had no idea if TorMarket was going to shutdown & steal everyone's coins after his announcement.

[nathan.burnett]

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.


This reall needs to stop. you cant afford the time and resources to be spend attacking TM if they did it or not... build up a working stable site and all this shit will end on its own.

The DDOS attacks comes from law enforcement agencies, if you haven't already noticed there is a lot of money to be made from this war on drugs and these makeshift websites are a real threat to both the criminals and law enforcement agencies that make billions from this
Did you ever think it was strange that the FBI felt it was necessary to order a total of 1KG of heroin, 5KG of cocaine, 500G of methamphetamine and 10G of LSD for "evidence" after trying to extort DPR for $500,000 to help build a case
Weather TM believes DPR is organizing these attacks is a private matter, FBI agents will be employed to cause segregation between communities and eventually inside your own community

[Supersaurus]

So, judging by his grammar and the incorrect use of plurals and tenses - where do we think this guy is from? I have a pretty good guess.

For what its worth, I don't think its anyone who ever made an announcement for sheep... ?

[Nodnow]

TM appears to be rather deflective

DPR posting

I have no conclusive proof Tormarket did or did not order the DDOS currently hitting us and personally I don't believe I ever will

TM posting

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

Somebody once told me if it smells like bullshit and it looks like bullshit, it's bullshit.
I applaud DPR for not stooping down to this level of bullshittery

How is he not if he is DDOSing the shit out TM right now and admitting to it .... this is a new low.

More like tormarket admins are scrambling to patch up security hole... while blaming SR for DDOS.

OK stop with fanboy shit people, and carefully read what TM replayed with then read it again, but with out bias. No security whole, no proof of ddos originating from TM why are we still on this. DPR did not replay with more details outlining his case and tbh he should just stop this childish bs. NExt thing you know we are paying hitmen and back to arrests.... can we just do business on both sites and let the best one make more money ... we need more then one site lets learn from SR 1 going down.

Agree 1000% with the above there needs to be far  more infomation put on the table before any calls get made about this whole bullshit episode, all we now have here is he said/ I said and she implied this and that then the dog barked. A chronology of the facts is required to put this whole issue to bed where it belongs.

[nathan.burnett]

Also, as a sidenote, if TM continues to respond in this manner to the recent events then one might suggest that there is a 50/50 chance that TM is a project the FBI has come up with

[Romero]

Agree 1000% with the above there needs to be far  more infomation put on the table before any calls get made about this whole bullshit episode, all we now have here is he said/ I said and she implied this and that then the dog barked. A chronology of the facts is required to put this whole issue to bed where it belongs.

Well, as far as he said / she said: we know DPR 100% believes TorMarket was behind the DDOS & we know TorMarket believes the same of SR. As far as facts: we need to know if a German hacker stole info from a crack in TM's system that has long since been repaired OR did DPR obtain the information himself very recently? A response from DPR, or anyone who can help answer that question, would obviously progress this discussion

[nathan.burnett]

Well, as far as he said / she said: we know DPR 100% believes TorMarket was behind the DDOS & we know TorMarket believes the same of SR. As far as facts: we need to know if a German hacker stole info from a crack in TM's system that has long since been repaired OR did DPR obtain the information himself very recently? A response from DPR, or anyone who can help answer that question, would obviously progress this discussion

Could you quote this for me, I do not remember seeing DPR making such a statement

[Romero]

Could you quote this for me, I do not remember seeing DPR making such a statement

silkroad5v7dywlc.onion/index.php?topic=8470.90#msg150144
Nodnow is the one who shared the information, It looks like DPR posted it on the vendor roundtable

[Crusherhead]

TM admin has bad grammer just like the Sheep admin so it could very well be the same person.

Oh, really good point mate.
I've also bad grammer and I am not Sheep or TM admin.
There are a lot of people which doesn't have English as their mother language. But it doesn't mean that they are Sheep admins...

[CaptainWhiteBeard]

My grammar isn't great, argh i must be from Sheep

[Supersaurus]

As i said.. To my mind, it looks like a different pattern of bad grammar.

[thecatisback]

Honestly I believe it was either LE or tor market why? Because Tor market has the most to gain and LE could of also because they are pissed off the site is back already. Somebody did it with motive and it was not a simple thing it had to be something will to spend a significant amount of resources to bring the site down for that amount of time.

You want to reward the attacker if it was them go ahead keep taking your business to tor market if it was them.

[thecatisback]

9 times out of 10 the most suspected person and the one with the most motive is the person who did it.

[nathan.burnett]

Could you quote this for me, I do not remember seeing DPR making such a statement

silkroad5v7dywlc.onion/index.php?topic=8470.90#msg150144
Nodnow is the one who shared the information, It looks like DPR posted it on the vendor roundtable

That doesn't look very official to me

[Romero]

That doesn't look very official to me

Really? Are you saying that because DPR disagrees with your assumption that the FBI was behind the DDOS attack?

[Cloquet]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

None of this is reasonable, it's stupid and destructive; it harms everyone except LE who are loving the fact that users of both markets are losing faith.

[pK]

None of this is reasonable, it's stupid and destructive; it harms everyone except LE who are loving the fact that users of both markets are losing faith.

Nail on the head.

[ManInTheMirror]

None of this is reasonable, it's stupid and destructive; it harms everyone except LE who are loving the fact that users of both markets are losing faith.

Nail on the head.

Exactly; don't participate in their PsyOps game.

[thecatisback]

Maninthemirror like the Micheal Jackson song? lol

[Cornelius23]

Well, as far as he said / she said: we know DPR 100% believes TorMarket was behind the DDOS & we know TorMarket believes the same of SR. As far as facts: we need to know if a German hacker stole info from a crack in TM's system that has long since been repaired OR did DPR obtain the information himself very recently? A response from DPR, or anyone who can help answer that question, would obviously progress this discussion

It seems that DPR did believe that at the time but now doubts that his assumption was correct.

[Dread Pirate Roberts]

I have spoken about this matter on the roundtable already but that information stays on the vendor roundtable for now. For the claims of Prof, if he believes I simply bought the information from a third party then he is gravely mistake as we still have the logs sending requests to the site and I stated several days before release we held a lot of data. It is however nice to Prof's statement in deteriorating English come through when he is under stress, that would perhaps explain where the coding from his shopping cart comes from.

Don't poke the bear, it will bite and the only person being dishonest in this situation has already been shown. If anyone doubts anything about this exploit, nationchemz has already repeated it himself after figuring out just how basic this attack is. The story about another person asking for a bounty could be true, but it wasn't us for sure and if anything only highlights Prof has been aware of the exploit for some time now and since nationchemz managed to replicate it then it is clear the "fix" of it is not true.

Protip to all other hidden services - if you are going to hardcode some guard nodes into your server then actually change them once in a while because once we know your guard nodes then it is trivial to find your IP under a DOS attack. This applies because even if you are in a virtual environment while we cannot retrieve the server IP, simply watching the guard nodes and correlating the traffic is simple work.

[metalmonkey]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

None of this is reasonable, it's stupid and destructive

well i agree it is stupid and destructive
but to me it seems there is a 3rd party involved that neither side wants to notice

[Johnny Alpha]

I just wana buy/sell and smoke some fuckin weed really lads; fuuuuck.....

[Johnny Alpha]

But thanks for the relative clarity on the issue DPR, much appreciated.
I don't know anywhere near enough abut this shit to start trying to work out whats really happening; but I'm pretty sure that with all the details you've given, someone woulda called BULLSHIT by now haha

[Whatthefuck420]

I really wanna smoke weed also .   YOU GOT THIS  DPR.   And where is the tormarket guy from checkOLSKIVIA??  His English is sad....

[nyx]

I have spoken about this matter on the roundtable already but that information stays on the vendor roundtable for now. For the claims of Prof, if he believes I simply bought the information from a third party then he is gravely mistake as we still have the logs sending requests to the site and I stated several days before release we held a lot of data. It is however nice to Prof's statement in deteriorating English come through when he is under stress, that would perhaps explain where the coding from his shopping cart comes from.

Don't poke the bear, it will bite and the only person being dishonest in this situation has already been shown. If anyone doubts anything about this exploit, nationchemz has already repeated it himself after figuring out just how basic this attack is. The story about another person asking for a bounty could be true, but it wasn't us for sure and if anything only highlights Prof has been aware of the exploit for some time now and since nationchemz managed to replicate it then it is clear the "fix" of it is not true.

Protip to all other hidden services - if you are going to hardcode some guard nodes into your server then actually change them once in a while because once we know your guard nodes then it is trivial to find your IP under a DOS attack. This applies because even if you are in a virtual environment while we cannot retrieve the server IP, simply watching the guard nodes and correlating the traffic is simple work.

I enjoy you use of the word Protip, -_- who is We? Royal we?

[Cornelius23]

… It is however nice to Prof's statement in deteriorating English come through when he is under stress …

[nathan.burnett]

That doesn't look very official to me

Really? Are you saying that because DPR disagrees with your assumption that the FBI was behind the DDOS attack?

You are beginning to give me reason to believe that TM is a project for LE and that this persistent behaviour of yours is "part of your job"
Are you intentionally trying to cause conflict?
DPR has suspicions that the DDOS is from TM, but as he confirmed in his previous post it is also a method LE use to locate servers on tor

If you are in fact not LE then I urge you to encourage others in the TM community to be a little more discrete with this conflict and get on with minding their own business
Lets just pretend DPR is ordering the DDOS attacks for TM, stopping them wont make a difference because like DPR mentioned earlier DDOS attacks are a method LE use to locate tor servers, the DDOS attacks will not stop any time soon and DPR has no control over this

[thecatisback]

I agree with Nathan something doesn't fee right here with tormarket smells like bacon to me over there.

[CI4]

Both sites need to get along, one market place can't stand on its own.

Look at Backopy at BMR, he has ran that place professionally for years and even he encourages competition, it's how tor works it's safer.  The more active people on Tor and the more active onions on tor the safer everyone is.

Lets not forget the freedom to shop elsewhere from time to time, we need variety and we need support.  After SR1 and SMP this is not the time to be fighting.

On a sidenote
TorMarket isn't a LE sting, it's not run by the same people from Sheep, but i do reckon someone from Atlantis was involved. 

[thecatisback]

I don't hate the site I truly honestly believe that are connected with LE and won't have anything to do with them.

[Dr. Chem]

I'm probably going to get flamed for this but this was just recently posted by yoshi on the TM forum.

Everyone,

I ask that we please stop this TM vs. SR2.0 fiasco, at least on -our- market forum. If you are an SR2.0 member and wish to continue speculating and causing more disruption on a market that simply wishes to continue conducting business (because isn't that why we're here?), then feel free to do it on SR2.0's forum, so long as it's allowed over there. Do not misunderstand, we are not trying to say we are better than them or they are better than us. Feel free to utilize one or the other or better yet both!

Stop the speculation, stop the uninformed, opinionated, biased and misleading posts based on one person's statement. Stop believing the nonsense. If anyone (other market admins or whoever) has anything else to say about TM, be it a threat to our market, a claim on our security, or a snipe on our staff's competency, whatever--do not jump to conclusion and create yet another thread, this only causes more issues, doubt, and paranoia (which is exactly what it's intended to do) instead, bring it to the attention of an admin and we will actively respond to any of your concerns.

This is NOT a form of censorship, this is an attempt to get passed the disruption and continue about our way of business.

You have trusted us this far, I ask that you please continue to do so and allow us to regain any confidence that has been lost. Tormarket will not shut down, we will not participate in a "darknet war", we will not steal coins and we are most certainly not LE (lol?). And when we hit the 6 month mark and are still here providing the best possible service we can, I hope to still see a lot of you that were here from the beginning.

This is exactly how WE should be treating this issue. Why have we all become so hateful and destructive? I remember when on SR1 we were all just a bunch of friendly neo-hippies. The atmosphere here is anything but cooperative. Can't both markets exist without issues with one another?

[thecatisback]

Something tells me tor market brings it on themselves their are plenty of other markets on the dark web we get along with just fine and you never hear a peep about them. That's because they are LE!

[Dr. Chem]

Do those plenty of other markets have as many trusted vendors, sales, or general populous?

And your LE claim is the exact speculative problem that they're pointing out... Listen to yourself. C'mon man.

[Drugs]

None of you want to hear my opinion so this is what I think.

1> Silkroad hacked the crap out of TM - no doubt bout it.
2> Silkroad have been getting fucked by a massive denial of service attack - probably orchestrated by that weird cochela type who was posting messages saying he was going to ddos/dox unless he was paid off.
3> The Silkroad staff see TM as their biggest commercial rival/threat outside of law enforcement - they are probably right. They therefore wish to undermine TM
4>TM are some type of sheep scraping tha thave grown overnight into a drop-in sheep replacement - same operators I would say

I'm right so listen to me or tell me to fuck off - either way i dont care

[thecatisback]

How do you know S.r hacked the TM site no doubt about it? Your the first person I've heard say that.

[Dr. Chem]

None of you want to hear my opinion so this is what I think.

1> Silkroad hacked the crap out of TM - no doubt bout it.
2> Silkroad have been getting fucked by a massive denial of service attack - probably orchestrated by that weird cochela type who was posting messages saying he was going to ddos/dox unless he was paid off.
3> The Silkroad staff see TM as their biggest commercial rival/threat outside of law enforcement - they are probably right. They therefore wish to undermine TM
4>TM are some type of sheep scraping tha thave grown overnight into a drop-in sheep replacement - same operators I would say

I'm right so listen to me or tell me to fuck off - either way i dont care

I'm glad you at least opened up with "my opinion".

[Drugs]

How do you know S.r hacked the TM site no doubt about it? Your the first person I've heard say that.

Man are you serious? How do you explain the 11 page thread started yesterday which opens with DPR disclosing intimate details of the innards of TM. It's not made up - that shit is straight from their mainframe baby. DPR hacked the Gibson.

[GayGroovyBruce]

Quote....You have trusted us this far, I ask that you please continue to do so and allow us to regain any confidence that has been lost. Tormarket will not shut down, we will not participate in a "darknet war", we will not steal coins and we are most certainly not LE (lol?). And when we hit the 6 month mark and are still here providing the best possible service we can, I hope to still see a lot of you that were here from the beginning.

What like they did with sheep? .go and get fucked you imbecile.

[thecatisback]

I guess will just have to wait and see I'm not gonna tell others how to think you guys form your own opinions I'm through debating this right now.

[Dr. Chem]

Quote....You have trusted us this far, I ask that you please continue to do so and allow us to regain any confidence that has been lost. Tormarket will not shut down, we will not participate in a "darknet war", we will not steal coins and we are most certainly not LE (lol?). And when we hit the 6 month mark and are still here providing the best possible service we can, I hope to still see a lot of you that were here from the beginning.

What like they did with sheep? .go and get fucked you imbecile.

Not every post-SMP market will be sheep, sir. :/

[tankfly]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

Sounds like the plot to Yojimbo.
I wonder if there's any credence to his claims.

[SunshineDaydream]

I'm probably going to get flamed for this but ....
remember when on SR1 we were all just a bunch of friendly neo-hippies. The atmosphere here is anything but cooperative....

+1

[MarthaQuest]

so.. someone is ddosing sr while sending messages to dpr falsely claiming to be tormarket?  so that both sides will waste energy fighting w each other?  is this the most reasonable explanation?

Sounds like the plot to Yojimbo.
I wonder if there's any credence to his claims.

Or Rashomon? Different view points？

MQ

[Dr. Chem]

Looks like the TM admin Yoshi just got doxxed... damn...

[Redacted]

[thecatisback]

Holly shit what did I miss? Don't post that where did you get that from? What does doxxed mean? You guys are mean

[Dr. Chem]

It was all over the TM board.

[Synergy]

You can speculate on all manner of theories but the facts remain, TM has more holes than a Swiss cheese as demonstrated by the information already posted. And lets be clear, that was easy so imagine what a determined hacker could do.

If you want to put your hard earned btc onto TM after reading all the warnings then that is your choice.

[thecatisback]

Yeah that shit scares me, scares me real bad. I will be shutting the fuck up right now.

[Dr. Chem]

You can speculate on all manner of theories but the facts remain, TM has more holes than a Swiss cheese as demonstrated by the information already posted. And lets be clear, that was easy so imagine what a determined hacker could do.

If you want to put your hard earned btc onto TM after reading all the warnings then that is your choice.

Nvm looks like it was a hoax. Fuck people need to stop being so childish.

Whoa, what did I miss out on?

Thank you very much for your offer, it's good to know that I have people looking out for my well-being.

But it won't be necessary because I have no clue Who this "Jason" person is and I'm not even in America. So, more FUD in attempt to scare more people into thinking our security is breached.

Thank you again.

Anyways, back to work lol.

[Cornelius23]

… Why have we all become so hateful and destructive? I remember when on SR1 we were all just a bunch of friendly neo-hippies. The atmosphere here is anything but cooperative. Can't both markets exist without issues with one another?

+1

How do you know S.r hacked the TM site no doubt about it? Your the first person I've heard say that.

Man are you serious? How do you explain the 11 page thread started yesterday which opens with DPR disclosing intimate details of the innards of TM. It's not made up - that shit is straight from their mainframe baby. DPR hacked the Gibson.

… What does doxxed mean? …

'Doxxing' is the open publication of an anonymous person's name and other real-life personal information.

[weather420]

two men enter, one man leave.

[go4greens]

Sorry, I didn't read all pages.

One of moderators on TM posted this, claiming to be from DPR:


"It has come to my attention that Tormarket is accusing me of purchasing the information from a third party and this is why the information is slightly old by 2-3 days. I would like to remind everyone I posted days ago I had such information and issued a clear warning about the whole situation. Furthermore, the attack was carried out by one of our own staff on my payroll.

It also seems only one fix out of the 40+ exploits we found has been fixed. In response to Prof's stance at trying to discredit our attack and make out they are still safe (yet another claim since our forum members have figured the attack our and are doing it themselves right now), I would like to therefore issue a second reminder to everyone who may still be using Tormarket.

If what I posted earlier was not sufficient to make you very concerned for their security, we will be monitoring their activities over the next few days and if it is found they still have serious flaws, an actual attack and not just a warning will be made on a far greater level of severity."


We need some clarification here, did DPR really made those threats?

[Eduardo]

I mean we are on a pirate ship. 

Go DPR the most dreaded pirate in and beyond the cyber ocean. 

It's not borring like watching countries claiming they didn't start the fire but going out retaliating with all out war.
hm.

[inanna]

Doesn't matter if DPR said that or not. If DPR can pay someone a couple thousand euros to get a database or root a server you know LEA's are doing the same if not more. Most of these new markets don't have any knowledge of this and don't devote money to hire pentesters and pay for exploit disclosure. If they don't secure their server someone will own it and it is inconsequential who does it. Same thing with SR2 but I can guarantee you that this place is more secure than TM.

Sorry, I didn't read all pages.

One of moderators on TM posted this, claiming to be from DPR:


"It has come to my attention that Tormarket is accusing me of purchasing the information from a third party and this is why the information is slightly old by 2-3 days. I would like to remind everyone I posted days ago I had such information and issued a clear warning about the whole situation. Furthermore, the attack was carried out by one of our own staff on my payroll.

It also seems only one fix out of the 40+ exploits we found has been fixed. In response to Prof's stance at trying to discredit our attack and make out they are still safe (yet another claim since our forum members have figured the attack our and are doing it themselves right now), I would like to therefore issue a second reminder to everyone who may still be using Tormarket.

If what I posted earlier was not sufficient to make you very concerned for their security, we will be monitoring their activities over the next few days and if it is found they still have serious flaws, an actual attack and not just a warning will be made on a far greater level of severity."


We need some clarification here, did DPR really made those threats?

[Cornelius23]

We need some clarification here, did DPR really made those threats?

Umm... A simple forum search would indicate that he didn't

[Dr. Chem]

We need some clarification here, did DPR really made those threats?

Umm... A simple forum search would indicate that he didn't

Not everyone has access to that particular forum.

[GrammarNazi]

Posted by Prof (Administrator) -

About the DPR situation:

No, DPR was not dumping our database. On 10/12 a german hacker "Zulu33" contacted me that he can retrieve some user datas from the DB and he wanted to sell it for us. The price was 4 bitcoins. We asked for proof but he disappeared. It seems that he get a better price somewhere else.

We checked the logs and find out that a 3. party gem could lead to data leaks (name it DPR if you are so good . There was no full DB dump, the attacker just collected datas to prove his point. TM take down that part of the site and we rewrited it from scratch. Also we notified the gem author.

Just ask DPR for up-to-date data or anything else that is not in his hands. He will not answer "to protect the users".

The addresses are encrypted on client side. Even we can't decrypt them. Yes some user is stupid and they send plain text address over private messages OR they copy encrypted message to the address box + their plain text address to bypass the PGP verification.

The current situation is a marketing bullshit. They try to sell this data leaks as they hacked TorMarket and SilkRoad started DDOS Tormarket to keep us quit.

It will not work.

Aside from the numerous errors in usage, this is pure bullshit.

[Dr. Chem]

I meant the vendor roundtable...

[Cornelius23]

I meant the vendor roundtable...

Good point. I didn't think of that as I didn't see any claim that it was written there.

Looking at the mistakes GrammarNazi has highlighted, though, (and DPR is not above the occasional error) the statement would appear to have been written by someone who has not fully grasped the English language

[nathan.burnett]

Everyone,

I ask that we please stop this TM vs. SR2.0 fiasco, at least on -our- market forum. If you are an SR2.0 member and wish to continue speculating and causing more disruption on a market that simply wishes to continue conducting business (because isn't that why we're here?), then feel free to do it on SR2.0's forum, so long as it's allowed over there. Do not misunderstand, we are not trying to say we are better than them or they are better than us. Feel free to utilize one or the other or better yet both!

Stop the speculation, stop the uninformed, opinionated, biased and misleading posts based on one person's statement. Stop believing the nonsense. If anyone (other market admins or whoever) has anything else to say about TM, be it a threat to our market, a claim on our security, or a snipe on our staff's competency, whatever--do not jump to conclusion and create yet another thread, this only causes more issues, doubt, and paranoia (which is exactly what it's intended to do) instead, bring it to the attention of an admin and we will actively respond to any of your concerns.

This is NOT a form of censorship, this is an attempt to get passed the disruption and continue about our way of business.

You have trusted us this far, I ask that you please continue to do so and allow us to regain any confidence that has been lost. Tormarket will not shut down, we will not participate in a "darknet war", we will not steal coins and we are most certainly not LE (lol?). And when we hit the 6 month mark and are still here providing the best possible service we can, I hope to still see a lot of you that were here from the beginning.

Now, let's get back to business?

This is from an Administrator on the TM forums

I hope my pasting doesn't cause too many issues

It may be a little opinionated but at least it's something

Lets hope this starts something, lets hope that this is TM's effort in ending this cyber-war!

[Merde222]

You can speculate on all manner of theories but the facts remain, TM has more holes than a Swiss cheese as demonstrated by the information already posted. And lets be clear, that was easy so imagine what a determined hacker could do.

If you want to put your hard earned btc onto TM after reading all the warnings then that is your choice.

TorMarket is fully functional, don't allow FE and have mandatory encryption.

Nobody is keeping money anywhere in the markets. If people aren't transferring exactly the amount needed to make a lightning fast purchase then they deserve to lose it.

Even if they're compromised; SR is too probably. LE aren't after the small fish too. This whole bias to a certain market doesn't make sense. If u truly believe in the idea of liberty and freedom then competition should be encouraged and embraced.

[nathan.burnett]

I wouldn't mind seeing TM remove invite codes
It exposes buyers in a nasty way
It provides LE an easy way of tracking relationships between participants on the market

[Merde222]

I wouldn't mind seeing TM remove invite codes
It exposes buyers in a nasty way
It provides LE an easy way of tracking relationships between participants on the market

PS: The day I joined TM (day of sheep scam). I didn't have an invite. Just put NONE to try and gain access and I was in. No idea what that was but didn't get an invite from anybody lol

[nathan.burnett]

Invites are now required
Be careful with invites, should NOT be required and are a sign of LE or stupidity

[Mephistophiles]

You have to be invited even to register as a buyer? That must have been recently implemented.

[rustyshackleford]

Nobody is keeping money anywhere in the markets. If people aren't transferring exactly the amount needed to make a lightning fast purchase then they deserve to lose it.

Even if they're compromised; SR is too probably. LE aren't after the small fish too. This whole bias to a certain market doesn't make sense. If u truly believe in the idea of liberty and freedom then competition should be encouraged and embraced.
[/quote]
Exactly well put especially the second part +1

[thecatisback]

Honestly I don't know what to think anymore theirs so many rumors and finger pointing back and fourth that's why I just stopped.

[Cornelius23]

TorMarket is fully functional, don't allow FE and have mandatory encryption.

Nobody is keeping money anywhere in the markets. If people aren't transferring exactly the amount needed to make a lightning fast purchase then they deserve to lose it.

All markets which implement escrow systems keep all the money involved in a transaction for its duration, regardless of whether users employ on-site wallets or not. I understand that the vast majority of money lost/stolen/confiscated after each of this year's market disappearances has been that which was in escrow.

[Sir William Wonka]

I do not see how implementing invite codes for buyers provides any protection.  It seems more like a marketing gimmick like when Cartmen said no one could use his theme park.  If anyone can shed some light on why invite keys for buyers is beneficial, please let me know.

[CaptainWhiteBeard]

I do not see how implementing invite codes for buyers provides any protection.  It seems more like a marketing gimmick like when Cartmen said no one could use his theme park.  If anyone can shed some light on why invite keys for buyers is beneficial, please let me know.

Agreed