Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 139 140 [141] 142 143 ... 249
2101
Security / Re: How governments have tried to block Tor
« on: September 14, 2012, 07:38 am »
Mostly correct or at least correct enough. Tor traffic is not consistent with normal internet traffic but it isn't inconsistent with SSL considering it uses SSL ;). That is just semantics though. DPI is pretty much the state knowing the contents of snail mail by opening it up and looking in it, but the spirit of what you said is correct. You should probably use at least two bridges but not more than three. Attackers don't need to do timing attacks at the exit node to see what you are doing, they need to do timing attacks at the entry and exit to correlate the traffic and link you to your destination though. Technically connections to hidden services are just as vulnerable to timing attacks as websites on the clearnet are, although it might be slightly more difficult for an attacker to know they are watching the entry node of a hidden service. If you run a Tor node and want to see if you are the entry guard for a given hidden service it is really easy, you can just send the hidden service a stream of packets with some pattern of modulation down a few dozen circuits and then see if you detect any streams with the same modulation passing through your relay and to a non Tor node IP address. Likewise it is easy for a passive attacker to determine if a node they are monitoring is the entry guard for a given hidden service, in the same exact way. It is also easy to trace hidden services up to their entry guards with that active attack from 06, although there are ways to greatly slow down that attack. In fact your DNS servers could go down and you can still access clearnet websites with Tor since it identifies relays by IP address only and uses the same DNS servers as the exit node on your circuit.

2102
Off topic / Re: How to rob a pharmacy?
« on: September 13, 2012, 09:42 pm »

So who wants to talk about something really interesting? Like planning the perfect murder!!!



Knife made of ice, evidence melts away. DUH.

Mini helicopter linked into cellular network and controlled from behind a proxy network + loaded with an explosive payload created in a clean room. Or mounted sniper rifle with a triggering mechanism linked to a communications network of some sort. The main goal is to maintain distance from the target, in order to avoid forensic trace evidence being left behind, eye witnesses and a potentially quick apprehension.  Trace evidence from the firing position needs to be avoided, trace evidence on the delivery device needs to be avoided.Trace evidence on the payload is something to avoid as well, sniper rifle bullets should not be touched at any stage, of course bought with cash. Bombs are harder to remove trace evidence from. Reconnaissance on the target to plan the point of attack as well as determining the best potential escape route. Professional hitmen tend to immediately drop the weapon.  All materials used should be unlinkable to the assassin. Transmitting devices should not be carried to the location the attack is launched from (the original positioning location of the UAV or remote controlled sniper rifle), identifiable vehicles should also be avoided. Depending on the specifics it may be possible to take a route that is under no surveillance to the attack launching location.

Mostly the perfect murder involves avoiding leaving trace evidence on the murder weapon, payload, scene and launch location, in addition to maintaining unlinkability to any of the utilized locations or materials. Remote control mini helicopter has the benefit that it may be difficult to pinpoint the exact launch location, but the disadvantage that the helicopter and the payload it delivers (likely explosives) need to be completely free of any trace evidence.

One technique that a few intelligence agencies have utilized is umbrellas with hollowed out stems that can shoot poisoned pellets out of their tips. Wear a raincoat and wait for heavy rain to coincide with the target being exposed, walk past them and launch the pellet into them from the umbrella. They feel a small sting at first and then die hours or days later, the umbrella is carried with the assassin and the poison pellet  immediately dissolves in the targets body.

2103
Off topic / Re: How to rob a pharmacy?
« on: September 13, 2012, 06:05 am »
Why don't you find a lab in China that will make pharmaceuticals for you, then you can get a lot more and cheap too. People who rob pharmacies and banks are dumb as fuck, 98% of them get away with a few hundred bucks worth of shit at extreme risk. If you want to risk your life there are far more profitable ways to do it. I mean, I would at least do something that would make me more money than a week working at McDonalds but hey I am not a fucking retard.

2104
Security / Re: Plain text in messeges
« on: September 13, 2012, 05:59 am »
I would tolerate a vendor who only wanted me to encrypt my address and leave everything else plaintext, even though it is preferable to encrypt as much as can be. On the other hand, I would tell a vendor who wants me to send my address in plaintext that they are out a customer.

2105
Security / Re: Australian LE Report on BC/SR
« on: September 13, 2012, 03:07 am »
he claimed that 100% of international packages are inspected but that for letter mail they can not achieve such a high rate.

"claimed" being the operative word. Customs/Borders Authorities have no motivation to claim that they screen anything less than 100% of international post, particularly given the current situation with regard to fake terror threats.

I suggest you think carefully about what you are trying to achieve before you try to make a point so vociferously. As there are no doubt some nervous Australians 1st time buyers who may think twice unnecessarily on the basis of what you've said. Not what you'd want, surely?

No, it is what I want. Australia indeed has tough as shit customs, indeed they screen 100% of incoming international mail (as I have proven with multiple citations from multiple sources including internal government agency assessment documents that were never intended for drug smugglers to look at), and if people in Australia start to only import letter sized packages due to my pointing this out to them, then there are going to be far fewer busts and interceptions of international packages going to Australians. 

I think most Australians would much rather know that their customs screen 100% of incoming mail and that getting large shipments through is extraordinarily harder for them to do than it is for people in countries like U.S.A., than they would like to hear a bunch of feel good bullshit and non cited claims to the contrary. See a naive user here may not know that their countries customs is more difficult than the customs of most other people ordering drugs here, and it is good to let them know that before they try to import a kilo of ketamine (safe enough in USA) and get ass raped (very risky in Australia). Why do you think internationally sourced drugs cost five times more in Australia than they do in other countries? Ask anyone in the mail order drug game for several years which country has the most notorious customs and tell me what their answer is. Ask any vendors who have shipped to many countries for long periods of time which countries they have had the most interceptions to.

2106
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 10:32 pm »
Much like the word was spread about PGP, SR users need to start educating each other about the use of Virtual Machines, especially TorBox/aos.

Educate them about the fact that operating systems run in virtual machines are easier to hack and that instead of using them they should use mandatory access controls for isolation?

2107
Security / Re: Plain text in messeges
« on: September 12, 2012, 10:19 pm »
Encrypting addresses is probably the single most important thing for customers to do in order to increase their security, considering that Tor is already a requirement.

2108
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 10:07 pm »
"For example, compulsive users ... may become frustrated by the relatively slow speed of Tor as compared to broadband internet, which may tempt them to stray off Tor,"
Guilty as charged. That link could have been a plant to mine our IP addresses. :(

Wait, you mean to tell me that you don't use Tor to follow links posted on SR?? I hope that this is not common practice, because if it is then it would be an efficient LE technique for gathering IP addresses. And yes, they could with high probability link the IP address to a forum user name.

2109
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 09:46 am »
Still is a huge difference between 100% of mail having some screening technique applied to it, regardless of how effective, and less than 100% of mail being screened (or whatever it is in USA I am not sure) with only 100% of mail from certain high risk countries being screened with some technique, regardless of how effective.

2110
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 09:12 am »
I wouldn't be so sure that they will only go after big time importers, I knew someone in Aus many years back on a private forum who got raided by feds with guns drawn at dawn and they had intercepted something like half a sheet of acid a few grams of k and some mdma (can't remember exact order details). He only ended up getting probation, although he was likely sent to prison shortly after as another vendor sent a package to him after that ordeal and we never heard from him again (plus it was only the first part of a two pack shipment and he never claimed he got the first pack or made any new posts so).

2111
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 09:01 am »
I believe that so far all of the known SR busts have been in Aus and NZ although I am not positive on that

2112
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 08:58 am »
no known SR busts in AUS. this has been debated in the AUS shipping threads that there has yet to be any verifiable evidence of a bust related to SR even though plenty of people have had packages just "not turn up"

There has been at a minimum one confirmed bust in Aus actually I think there have been others as well but I can't recall exactly so will simply leave it at one confirmed

http://www.gizmodo.com.au/2012/07/melbourne-man-arrested-after-allegedly-importing-drugs-via-silk-road/

I will be happy for you to stop claiming that I don't know what I am talking about I am getting tired of hunting down all of these citations ;)

2113
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 08:53 am »
I remember a quote somewhere that only 30% of total mail get's scanned; but of that 100% of mail from 'flagged' counties get's at least a dog run.
 
Further 'hand inspection' is deceptive terminology, this usually just refers to sorting it into bins off the conveyor belt.

Was this in relation to Australia? I am having trouble finding exact statistics for how much international mail to USA gets scanned, but I did find a report that 100% of 'high risk' mail gets scanned. I believe I have read that 100% of mail from countries like Columbia is scanned. I would be more inclined to think 30% of all international mail 100% of international mail from specific countries is scanned applies to US than to Australia, where I can only find citations claiming 100% of all international mail or 100% of all non-letter international mail is scanned. Even 30% seems high for USA considering the amount of shit people I know have imported to there.

Quote
The NII Program seeks to match the
technology and equipment with the conditions and requirements at, and between, domestic
ports of entry and U.S. facilities that process international mail; and helps ensure CBP can
meet its goal to inspect 100 percent of all targeted high-risk shipments.

2114
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 08:49 am »
all im saying is that SR really is proof of otherwise and its not like governments to spread lies to make us do what they want is it?

How many of the known busts related to SR have been in Australia ?? How many people here in Australia have had trouble with interceptions? Also we don't know the size of international orders people are placing, but a lot are probably standard letter mail. It is not just government statistics I base my claim of Australia having difficult customs on, but the fact that I know of so many more people in Australia who had orders intercepted than I do people from any other country.

2115
Security / Re: Australian LE Report on BC/SR
« on: September 12, 2012, 08:27 am »
What I really want to find is a news article I read some years back where they interviewed an Australian customs official, he claimed that 100% of international packages are inspected but that for letter mail they can not achieve such a high rate.

Pages: 1 ... 139 140 [141] 142 143 ... 249