Silk Road forums

I am going to talk about CP but only indirectly as computer forensics relates to it. First I need to define what I mean by computer forensics, as this title is used as a sort of catch all, applying to everything from cryptanalysis to traffic analysis to data recovery to data locating to remote hacking and spying. The goal of cryptanalysis is to decrypt encrypted data, it is not voodoo science and is actually essentially applied mathematics. The goal of traffic analysis is often to determine where a target is located, it is not really voodoo science because it can be extremely useful, especially when no countermeasures are being taken against it (however it can also be, and often is, extremely misleading).  The goal of data recovery is to obtain data that somebody has attempted to destroy, either via physical damage of a drive platter or possibly by overwriting a file. This is not voodoo science, people really try to delete or destroy electronic files and people in data recovery really do use techniques that sometimes allow them to recover deleted files. The goal of data locating is to find files that somebody tried to hide, this is not voodoo science either, an example would be using a database of fuzzy hash signatures to quickly scan a drive looking for previously identified illegal files. Remote hacking and spying is not really voodoo science either, it has the goal of penetrating a suspect computer and obtaining evidence off of it covertly. Remote hacking can give misleading results, but there are real vulnerabilities and there are real ways to exploit them.

However, all of these things taken as a whole, and coupled with the art of analyzing system logs looking for intelligence and evidence (ie: traditional computer forensics, building a timeline of activity, linking activity to a specific user, etc), are essentially voodoo science when used in the context of criminal investigations. Let me give you some examples. Let's say that Alice downloads a bunch of CP (I suppose she is a high school teacher..) , but since she doesn't want to get caught she uses her neighbors WiFi. Now the police pick up on the downloading of the CP due to traffic analysis (ie: Alice's neighbors IP address shows up in the logs of a CP site). Now the police send a team to raid Alice's neighbors house based on the intelligence their traffic analysts have gathered. Now Alice's neighbor probably doesn't have much to worry about these days, since in recent times (although not historically), the police analyze the WiFi around the modem detected accessing CP, and they will likely detect Alice if she engages in a pattern of behavior (although if she only does it once and never again, and she makes sure to spoof her MAC address, then she will likely never be identified and the buck will stop at her neighbor). Fortunately for Alice's neighbor Bob, even if Alice only uses his WiFi once with a spoofed MAC address, the police are going to very likely determine that Bob did not download CP, because they will seize his computer and send it to a forensics lab. They will scan his computer looking for illegal images and find likely none or just a few older jailbait pictures that are present on the drives of most people who look at amateur pornography, and which the police do not give a fuck about. They will analyze various logs looking for a sign that Bob accessed the CP site in question (or any CP sites at all) and they will find no evidence of this. They will look for signs that Bob wiped or deleted illegal images, such as traces in his swap space, logs of titles of known illegal images, etc, and they will find nothing. After a few weeks, Bob will get his computer back and the case will be closed.

Now let's imagine that Alice is a bit more sophisticated. She wants to prove that computer forensics are not capable of obtaining evidence beyond a reasonable doubt. So she creates a virus that infects computers through a vulnerability in Firefox. Bob goes to one of the malicious websites and becomes infected with the virus. First the virus determines that Bob is running a popular P2P file sharing program. Then it searches for some canned keywords looking for child pornography. Then it downloads the CP and stores it in Bobs shared files, perhaps hidden in such a way that Bob cannot easily detect the presence of the files. Then the virus deletes all traces of itself. Hell, it never even really needs to leave RAM in the first place! After a while the police traffic analysts discover that somebody with Bob's IP address is sharing CP. They raid Bob as before, first checking for the presence of a WiFi thief (and finding that there is none, hell Bob has his internet connection encrypted with WPA 2 even!). Now they send the computer to the forensic lab as before. Except this time, the forensics agents quickly detect thousands of CP images in Bob's shared folder! Furthermore, they find logs that Bob was active on the computer during the time the CP was downloaded in the first place! They know it must be Bob because Bob was also checking his E-mail at the same time the files were downloaded! Now Bob is charged with downloading and distributing CP. At court Bob argues that he must have been infected with a virus, but the forensic experts counter that they scanned his entire drive with every leading commercial anti virus software out there, and absolutely nothing was detected! The jury quickly sentences to Bob to twenty years in prison and lifetime registration as a sex offender, and the case is closed.

It is so easy for a skilled hacker to completely fool computer forensics, entirely, from traffic analysis all the way to the analysts at the lab. In fact, it is so easy that I would never be convinced of somebodies guilt based upon a forensic analysis of their computer system, even when accompanied with traffic analysis, hell even when coupled with cryptanalysis. Even remote hacking and spying can be misleading if there is an active agent attempting to create misleading results. Basic things like using your neighbors WiFi are not likely to get them in trouble, at least not these days, but it is still essentially trivial to frame anybody you want for a CP crime in such a way that they *will* be convicted. Computer forensics is *always* hoping that there is not such an agent, they are *always* hoping to be one step ahead of the 'bad guys' and in 98% of the cases they come to the correct conclusion with their analysis. The fact of the matter is though in those other 2% of cases they are going to come to an incorrect conclusion, and their training is not going to be sufficient enough that they can even consider it as a possibility, and certainly the jury is going to not believe the person who attributes his problems to a virus that was never detected because it literally left no trace.

Yeah they are idiots beyond any doubt. It is a stupid risk to take, at least from my perspective. A lot of them don't seem to be exclusive ephebophiles or hebephiles either, although for the ones who are I guess I can understand why they would take such a risk. If they are trying to meet up with 12 year olds or 13 year olds I don't feel so bad for them, although they are still clearly no where near as bad as someone trying to fuck a 5 or 6 year old. I think the law in USA differentiates between over 12 and under 12, as well as over 16 and under 16 in the states that have an age of consent over 16. I mostly just feel bad for the ones who get busted trying to fuck 14+ year olds though, particularly so if they are 16+ considering that is legal in the majority of the USA as well as the vast majority of the world. It makes no sense that somebody doing something in one state is a sexual predator, but somebody doing the same thing just a few miles away across state lines is considered to be normal. Then again, it doesn't make much sense that somebody doing something in Spain should be considered normal while somebody doing the same thing in the USA is considered a dangerous sexual predator. It is very arbitrary and people tend to just go along with whatever their own microscopic community has predetermined for them, even if they claim otherwise. Obviously pretty close to nobody wants their 12 year old daughter to have sex with some 50 year old, but it seems strange to me that people seem to think that 12 year olds want to have sex with 50 year olds in the first place. 99 percent of the time I imagine that if a 50 year old proposes sex with a 12 year old, the 12 year old will be disgusted and probably freak out about it. Hell, in most cases a 20 year old wouldn't want to have sex with a 50 year old.

But how much priority and express mail goes through the US each week? You would have to flag a package (priority or express) that is probably out of any major sorting facilities in 48 hours and en route to rural areas.

So you specifically target and intercept one or two packages and do what with them exactly?

Open them?

Where's the warrant?

Unless your return address is flagged (from LE knowing the return address) I don't see the grounds for a lost or opened package via a warrant if the package is simply linked to being tracked with TOR. Logistically it makes no sense. If you have a dick fuck ton of orders going out and whatnot then yeah, probably not good to use TOR via USPS.

But who actually does that? You can check tracking via a third party with TOR, so now we're discussing tradecraft and semantics instead of TOR tracking flagging packages.

What about a vendor who sends one or two orders every few days and checks them 48-72 hours or even later via TOR?

The warrant is issued after the dogs hit on the package. Also, customs doesn't need a warrant to open whatever the fuck they want. Yes even the shipping address could be flagged, checking tracking with Tor is a horrible idea whether it is the customer doing it or the vendor doing it. I am thankful that I work with vendors who know not to look up my shipping address on Google Maps with Tor, or to check the tracking on my packages with Tor, but I am under the impression that a lot of noob vendors are under estimating or disregarding the extremely serious intelligence leaks caused by this sort of behavior.

There isn't much of a debate about checking tracking with Tor. Even if we stupidly assume that they do not monitor for this, it only takes a basic level of tech education to realize how trivial it would be for them to check for this and flag all packages checked with Tor. Packages checked with Tor almost certainly contain contraband, and given how trivial it is to detect packages which have tracking checked with Tor, it is obviously a trivial system that would result in a high success rate.

I think anonymous is stupid. 95% of what they have done is either nothing-related-to-hacking that they call hacking and then get the stupid as shit media to call hacking, basic script kiddie shit or volunteer botnet DDoS. They get way more credit than they are due for such trivial forms of computer mischief, and more than anything else they are just egotistical media manipulators.

Quote from: kmfkewm on June 30, 2013, 07:54 am

Another day / it's just the same as the last
Think of the past - I used to cry, now I try till' I laugh , why?
time flies fast, watched it pass by - the futures here /
Once pictured freedom in my mind / but it never appeared
only more misery and fear, but no more tears
because I'm far from lonely here, surrounded by peers
and we're on the same page, in the same cages
the same slaves just at different stages, hey,
beats wonderin' if today's the day, police take me away,
or tokin' haze - to glaze my open eyes / to our broken lives /
the product of their hopeless lies

Is that original?  I really like that one, man.  I really like that one a lot.

Yeah it is original and thanks . I would say the style is influenced by tupac though. I can rap like lil wayne too and it is actually the most fun to write rhymes in that style, but it tends to be more frivolous and just demonstrating a technical expertise of rhyme rather than meaningful from the heart. I actually wrote several poems on SR under the name poems, I can post under that name if anyone needs confirmation but just to highlight

more lyrically fun:

im a fire spidda you could call me a dragon man
im fuckin widda crew of loose cannons and baggin grams
instrumental killa - get a beat ill decapitate it
fuck spittin out whack - im calibrated
in fact i'm elevated , while hella faded collaborated with the beat
 but then I gotta fade it, cuz it cooperated, corroborated so I spit sprayed it
slayed it, that shit be weapon graded
my wits sharp , i'm quick shit i'm switch bladed
haters they some big bitches like fat ladies
im blazed up smokin that kush lookin to raise up
was aged up broken then booked and caged up

(I never found a good way to finish this. Wrapping down is a challenge. Starting is often a challenge as well but generally something that signifies genesis works the best, tho if it is just for lyrical fun then i'm --- is a good starter as well).



and more meaningful things, here is my LSD ego death

Once released,
I rose up and decayed into little pieces
then everything blew away
leaving infinite peace
revealing everywhere through space and time
unveiling the concealing by my human mind of what's whole
many bodies and kinds yet one soul
in my vision our division appeared clearly separated
then it faded away, alleviating my fear and pain


mostly I just write rhymes because it is fun and gives me something to do, and I have done it pretty consistently since I was 12 or so and that makes it fun to see improvement (tho I rarely save anything other than to memory). I never really intended to share anything. I actually wouldn't even say any of these are finished, I take from old material and redo it and mix it up quite frequently.

Oh I didn't realize it was still possible for people to delete their own threads. That is probably what happened in at least some of the cases. I think that 'feature' should be removed personally, it sucks to have a ten page thread full of great info entirely disappear because the OP saw a cop car drive by and wants to delete all traces of their account.