2086
Security / Re: Questions about LE/DPR
« on: September 18, 2012, 02:03 am »Quote
1) How worried are you about law enforcement on Silk Road?
Personally I am not that worried at all as I don't purchase drugs here, having better and more trusted connections through alternative channels with whom I have done business with for several years. From the perspective of a vendor working here, I would not feel exceptionally worried about law enforcement provided that I follow all of the suggested security protocols. It will be extremely difficult for a vendor who does not cut corners in the security department to be busted. Tor is quite decent anonymity and all indications show that the federal police and interpol are incapable of even deanonymizing hidden services, let alone regular clients. GPG offers encryption algorithms that are very widely recognized as unbreakable when proper key sizes are used. Even man in the middle attacks of key exchange are greatly frustrated due to having a publicly viewable anonymously accessible communications channel. I am not aware the specifics of how the server has been secured, however it is a Linux server and DPR at least knows how to run Tor hidden services and write php so it is probably not extremely insecure, at the least. In fact if the server is insecure it only makes a huge difference for people who do not encrypt their addresses, and security is the responsibility of the person who needs to be secure so people should not be relying on a secure silk road server nor do they really need to do so.
Additionally it is apparent that we have the knowledge to send packages without leaving forensic trace evidence on them, and with further precautions being taken we can prevent being linked to the packages via technical means (ie: not carrying phones when dropping packs off prevents location based crowd intersection attacks that rely on knowing where multiple packs were shipped from plus having access to cellphone geopositioning data). A lot can change in several decades, but even the Unabomber who was mailing explosives and killing people was not traced through the mail. Additionally several intelligence operatives have shipped package bombs to assassinate targets and I have not heard of any of them being traced. Even the Anthrax shipper, although allegedly identified, was only identified after a multiple year investigation costing hundreds of thousands of dollars, involving not only the mail but also a presumed limited crowd size and much more intelligence than was obtained via investigating the mail. Someday perhaps the feds will be able to use technology to scan large percentages of mail in the system for contraband, however even this is not a threat to vendors.
Cashing out Bitcoin anonymously is certainly the most difficult part for a vendor, and even this can be done with proper precautions. Mixing and especially blind mixing of bitcoins can at least cryptographically unlink the identity of a person cashing out bitcoins from a drug deal in which they were sent bitcoins from law enforcement. Immediately this helps in cashing out bitcoins anonymously and obtaining plausible deniability / unlinkability if ever apprehended. I would not rely on mixing alone though, as mixing does not hide that a mix was used and that is valuble intelligence indicating illegal activity in itself, even if it cryptographically unlinks the person who has mixed their bitcoins from any specific illegal transaction. Layering mixing with cashing out via fake ID and money wires or anonymously obtained debit cards will present extreme obstacles to any law enforcement attempts to follow the money to the vendors. Additional cash out techniques exist as well, layering money through multiple forms of electronic currency and exchangers in multiple countries (also through multiple types of traditional money transmission, via exchangers of course) + bitcoin + mixing + fake ID / anonymous ATM debit card cash out will be virtually impossible for law enforcement to untangle. Unfortunately adding so many layers to the cash out procedure can get expensive, but fortunately the drugs sold here are usually marked up enough that it can still be worth it to layer money through so many anonymity increasing hops. Another great technique is simply selling drugs that are cheap in your area at a markup on SR, and then using the bitcoins to buy drugs that are expensive in your area from vendors in areas where they are cheap, and then cashing out by selling the drugs locally. However that does add the risk of doing local face to face dealing.
So in summary, and to reiterate, I would not be afraid of law enforcement on SR if I happened to be a vendor here.
If I were a customer here I would be moderately more worried. Customers can take advantage of the same security enhancing technologies as vendors, but the major downside is that they can be identified by undercover vendors performing reverse sting operations and also their packages can be intercepted. There are technological solutions to prevent interception leading to arrest (in the form of interception detection technology), however this technology is not currently being utilized by the vendors here. There is no known technique (and probably no possible technique) to prevent an undercover vendor performing reverse stings from identifying customers who order from them, however the use of fake ID private mail boxes, and other techniques that create unlinkability between the customer and the point they pick their product up from, can be utilized to drain significant amounts of law enforcement resources. If we can get to the point that it costs thousands of dollars in surveillance / man hours to identify every customer ordering a ten strip of LSD then we may effectively be able to defeat law enforcements attempts to do reverse sting operations, even if we have not actually fully protected from such attacks.
Indeed if you truly want your article to be fair and balanced you should point out that Silk Road and actually the entire online drug scene is/are great examples of how futile the war on drugs is. Law enforcement will never be able to identify or apprehend vendors taking the proper security measures, their best hope will be to bust small time personal use customers, after spending thousands of tax payer dollars on it. So essentially the war on drugs will eventually boil down to a bunch of thugs in the federal government spending thousands of taxpayer dollars (for their own paychecks) to bust mostly educated harmless people who contribute to society, in order to prevent them from privately enjoying in many cases entirely harmless (and in some cases even religiously/spiritually used) drugs. Your article should be about how the DEA is the worst organized crime syndicate in the world, and how its members should be charged with committing crimes against humanity and sentenced to long prison sentences (for which they should feel lucky to get!). The war on drugs is a complete disgrace and the people of the United States need to purge from positions of power all people who have contributed to the ongoing atrocities linked to it, preferably holding them accountable for their actions by severely punishing them. Even though this is unlikely to happen, at least know that we will never be defeated and that if SR is taken down twenty more sites will pop up in its place. Indeed the online drug scene will grow exponentially over the coming years until it becomes the standard channel through which drugs are trafficked. In an ideal scenario from an Agorist point of view, the profits created by this will lead to extremely sophisticated private defense agencies which will hopefully overthrow the police regardless of popular support.
Quote
2) What worries you more - Tor leaks, your Bitcoins being traced, or inflitration of SR?
I am worried that Tor hidden services are not as anonymous as many think, however I am not as worried about Tor clients. Additionally the police are apparently quite far behind the better security folks on this forum , and recently obtained internal law enforcement documents indicate that they can not trace hidden services. The tracing of the server would not be particularly bad although it could spell disaster for people who do not use GPG to encrypt their messages. It would also complete half of a timing attack against the participants of the server, however half a timing attack is not enough to deanonymize anyone and the attackers abilities to deanonymize users would still be largely frustrated.
SR is of course thoroughly infiltrated, it is after all a public market. This is not at all concerned for vendors, the money of the feds is just as good as the money of anyone else after all. For customers it is a concern, however hopefully it is not worth the feds time to attack small personal use customers. it is conceivable that they may do so in an attempt to disrupt the market, however thankfully the charges they could get to stick against these users are likely to be far less than the charges they could get to stick against the actual vendors (although you never really know, it seems that the state has complete control and they can essentially give someone as much time in prison as they like simply by adding more and more charges from a never exhausted supply of laws that must be broken in order to commit any individual crime. Also, the laws of today are severely outdated compared to the crimes of today, they could probably call all of SR one big conspiracy if they wanted to).
The anonymity of vendors cashing out is something that concerns me, however there are certainly several ways to securely and anonymously cash out bitcoin.
Quote
3) What do you think of Dread Pirate Roberts?
I think that he is fine , he has done nothing that I see as bad and additionally we are both Agorists.
Quote
4) Do you think buying on SR is preferable to buying them in real life?
I hate buying drugs IRL. I much prefer internet sourced drugs. They tend to be higher quality and cheaper. Also the people selling them tend to be much more professional. Historically it has been far less risky to source drugs online than IRL, however with LE starting to focus more attention towards the online scene things could start to change a little here. Law enforcement can also take advantage of the anonymous nature of the internet, thankfully we are way ahead of them. One of the biggest concerns I have is nym flooding attacks, however I believe that we can even mitigate this sort of attack.
Quote
*If you could tell me if I could quote you, (either anonymously or by handle), that would be appreciated. My aim here is accurate reporting.
Quote away by pseudonym or anonymously I don't care.