Silk Road forums

i'm 12 and what is this

http://www.startribune.com/local/north/154340935.html

Craig Schmidt was talking about botnets, almost matter-of-factly.

A botnet is a collection of compromised computers connected to the Internet. Schmidt is the senior manager of investigation of Microsoft's digital crimes unit. And, besides the fact that Schmidt grew up in Spring Lake Park, what do botnets have to do with Anoka County?

Quite a bit, actually.

Members of the Anoka County attorney and sheriff's offices -- considered local pioneers in the investigation of cyber crime and the use of computer forensics -- met recently with investigative and crime specialists from Microsoft. The two-day closed conference at Anoka-Ramsey Community College in Coon Rapids offered strategies in fighting modern crimes with modern technology.

Topics included e-mail header analysis, social networking, instant messaging, steganography (writing hidden messages), basic encryption, anonymization techniques, Internet service providers and domain name systems. These are topics that many law enforcement officials might never have approached 10 years ago. But for a video-game-playing, text-messaging generation that has grown up wearing ear buds and considers a cellphone to be the modern-day pocket watch, using all this technology is as natural as breathing.

Check the list

"If somebody claims to have an alibi in a murder case, we check their phone to see where they've been, when and who they were contacting," said County Attorney Tony Palumbo.

"A suspected drug dealer? Check the phone and you've got their customer list."

The answers to crimes often can be found in text messages, on Facebook pages or within e-mail trails. But with new technology come new crimes: identity theft, child pornography, cyber bullying, computer viruses, on-line threats, stalking. But from the GPS on the dashboard to the black box under the hood, there are technical advances that the public now takes for granted but authorities use to solve crime.

"It's almost like organized crime," Schmidt said. "A hacker group took the FBI off the Internet."

Schmidt was a computer geek as a child who became a federal law enforcement agent before moving to Microsoft.

"What drives the creation of a botnet?" Schmidt asked. "What do the bad guys do with it?

"These are crimes that didn't exist for previous generations, but they're capable of immobilizing an entire community. We want to help law enforcement think about these crimes in new ways.

"Instead of throwing them a fish, we're trying to teach them how to fish."

Room to investigate

With its state-of-the-art sheriff's office, which includes a tri-county forensic lab, Anoka County has tools for fighting cyber crime that make other counties envious. There is an entire room, filled with devices costing between $5,000 and $7,000 each, devoted to analyzing cellphones. There is another room for video and computer forensics.

But all these tools are constantly changing.

"For most people, gone are the days of relying on a digital camera and computer at home," said Anoka County Detective Brian Hill. "Everyone has a cellphone now. And that cellphone is used to access the Internet, take pictures, send text messages and store information. Some people actually use their phones to make calls.

"If I go to the store, I can sit in the parking lot and research the product before I consider making a purchase," Hill said. "Or, you saw how the social network could help a small company like Surly Brewery spread its message.

"Unfortunately, cellphones and the Internet can be used by criminals for other reasons."

No more he said-she said

Investigators have traced text-message trails in sexual-assault cases or confiscated computers in child-porn cases. Brooklyn Park and Hennepin County investigators used cellphone records to trace the journey of murder suspect Eddie Matthew Mosley from St. Louis to Brooklyn Park, where DeLois Brown and her elderly parents were shot and killed at Brown's home daycare. Mosley has been charged with second-degree murder in the case.

"Gone are the days of 10 years ago when we had to rely on he said-she said testimony," Hill said. "Now the dialogue can be found in text messages. We still have to put a person behind the keyboard, attach these messages to individuals, but getting at the information is easier.

"There's just so much more of it!"

Detective Scott Schlender is one of a half-dozen members of the Anoka County Sheriff's Office who specialize in computer forensics. As technology changes, so has human nature, he says.

"In the old days, if you were mad at somebody, you'd call them up and let them have it on the phone," Schlender said. "Now, with technology, people sending messages believe it's anonymous because they've removed the personal interaction. They have more courage when they're not face to face. Sometimes they're more hurtful. And sometimes they create a false identity. They create personas to get other people in trouble."

Documents, music and video are pirated. Porn can be sent quickly and in great volume. Internet petitions and rallying make it easier to jump on the bullying bandwagon -- sometimes leading to suicides, Schlender said.

Sometimes, the greatest tool for a detective or prosecutor is common sense.

"You still have to have an understanding of what happened," Schlender said.

Almost everyones opinions consist of pure speculation because interceptions are very rare. There are some facts. People buying small amounts of non scheduled research chemicals in the USA are never raided. Some have been visited knock and talk style by feds of various sort including but not limited to postal inspectors, but I have not heard of charges being pressed. Even bulk importers of non scheduled research chemicals have had shipments inspected by customs and sent on their way after they tested negative for anything illegal. Non scheduled research chemicals are safe to buy, and although you should still use security measures to obtain them, it so far has not been very important.

People who sell research chemicals have more to worry about, even if they are not scheduled. There have been several RC vendors arrested and charged under the analog act, and some have received life sentences. It seems like law enforcement only target the blatant RC vendors, who have web shops with advertisements all over the place, or people organizing huge group buys / importing for completely public forums. This may be because law enforcement only cares about blatant RC dealers, or it could be because law enforcement are not very skilled at doing internet investigations against low key RC vendors. In all cases the busted RC vendors were using shit security. In at least some cases bulk research chemical interceptions did not lead to immediate arrest but rather led to the importer being put under surveillance and then arrested later on unrelated drug trafficking charges that were related to being put under surveillance for importing research chemicals, but not for importing research chemicals.

Buyers who have small orders of lowly scheduled drugs such as Xanax intercepted almost always only receive a love letter warning them that if they keep ordering scheduled drugs they may be charged and arrested. Some times people receive multiple letters like this and still nothing happens, but it is likely that if you get enough love letters something will come of it. You shouldn't reuse a box after you get a love letter because it could be flagged, but in practice people have continued to get shipments, including illegal ones, after having previously been sent love letter(s) to the same address. Intercepted non-specifically scheduled research chemicals have also resulted in love letters, so have marijuana seeds. People saying small personal use orders of cocaine or oxy will result in love letters are almost certainly just speculating, I would like to hear from an established person on any forum who obtained a love letter for schedule one substances of any amount because no case of this ever happening comes to mind. I can't even think of any truly personal use interceptions ever happening though. 

In Australia a person had a not quite personal use order of several schedule one drugs intercepted. If I remember correctly it contained MDMA, ketamine and LSD, a few grams for the former two items and half a sheet or so of LSD. This resulted in an armed dawn raid. The person received probation as it was their first offense, but they could have received a prison sentence.

I have heard of ounce orders of marijuana being intercepted leading to knock and talk by postal inspectors and eventual charges being filed, I believe people usually receive probation and mandatory drug rehab for this, but if it was a few eight balls of coke it is more likely jail or prison time would be involved imo.

several people on DZF were arrested for drug orders, it is not clear if the vendors they were working with were LE to begin with or were turned by LE. That forum was an FBI run honeypot. Several of the vendors on it were raided and arrested by FBI and sent to prison, and although I know several of their customers were arrested as well I am not certain the details of the size of orders they were placing or if they were also vendors. I can try to find out more about this, but I was never a part of DZF and only know a few people who were.

operation raw deal targeted the online steroid trafficking scene. They are very similar to the online recreational drug trafficking scene and there is a slight but significant membership overlap. A targeted international operation against them led to hundreds of arrests, but I believe they focused far more on producers and distributors than customers. I am not certain how many, if any , customers were arrested, although law enforcement did say in a press release that they had huge lists of customers and were considering pressing charges. I don't think they ever did against customers though. Someone from the steroid scene can probably go into more detail about the fall out of raw deal.

Obviously TFM is the most recent drug forum bust. Over a dozen vendors were arrested as well a handful of customers, although I think they were large customers. This is only what we know about though, nobody is certain how many other arrests are tied to TFM that were not part of main indictment. At least a few were though. I would imagine if LE really cared about customers a lot they could have busted more customers, and would have been more likely to do an internationally coordinated take down of the entire forum. When CP forums get busted it is common for interpol coordinated task forces around the world to carry out simultaneous raids against thousands of members, the fact that this did not happen for TFM leads me to think that either A. law enforcement was not interested in busting the majority of participants or B. Law enforcement had trouble to target the majority of participants for some reason, for one they couldn't get a vending account apparently (TFM was highly screened for vendors) and for two at least some of them were using GPG (le could only intercept communications that were not GPG encrypted). Of course they could have covertly bugged all of the targets laptops, followed them around recording the addresses on mail they were sending etc, and apparently they did not do this since only a dozen or so vendors are confirmed as busted and even fewer customers. Also, it is entirely possible that we just are unaware of the number of customers who were compromised.

Vendors clearly have much more to worry about, customer arrests are almost always from interceptions but vendors have targeted investigations against them that use technical, human intelligence, and surveillance attacks. So far the technical attacks have not been in the slightest bit impressive and in two cases consisted of Hushmail being a total fraud fed honeypot. The human intelligence attacks and surveillance attacks would also have been entirely preventable if the vendors had been using the proper security protocols.

All that said, it is technical possible for a small time customer to be royally ass fucked by law enforcement. You break a dozen different federal laws by ordering a single gram of weed here and they could try to hit you with a life sentence over it if they really wanted to. You are entirely at their mercy in this aspect. Money laundering, conspiracy, using telecommunications for drug deals, using the postal system illegally, participating in a continuing criminal enterprise, trafficking drugs across state or international lines, obstruction of justice, all of these are things that you are technically doing when you order your gram of weed here. The charges you could have put against you for ordering a gram of weed here are far more severe than you could have put against you for ordering it on the corner. But it is also extremely unlikely for such charges to be filed against you over ordering a gram of weed, and it is extremely unlikely that a domestic package will be intercepted.

At the end of the day, of course vendors have the most to worry about, and more the bigger they are. Customers have the least to worry about, and the smaller they are the less they have to worry about. I think that everyone should at a minimum be using Tor and GPG, plus mixing their bitcoins or obtaining them anonymously. Significant vendors should be using more security than that. And using more security is not going to get you busted, there is no such thing as being too secure but you can certainly not be secure enough.   

/me used drugs since I was a young teenager

also feel free to replace kidnapping with cold blooded murder, child rape, execution of innocents by slow torture, or bombing preschools, we don't have as many clear cut examples of people continuing to vote in favor of the third option but in principle it is all the same

salting is a different technique for protecting from rainbow table attacks. If the attacker has precomputed the hashes for a bazillion potential passwords, having the salt "salt" added to you password prior to its hash value being obtained will make their table worthless. Of course you would use some random string for the salt. But salting doesn't slow down the time it takes them to guess passwords like PKCS5 does, it just makes previously generated password => hash databases worthless. Both can be combined .

why would a single bust scare the shit out of anyone, people are busted for drugs all the time, someday someone who orders from SR will be arrested for it there is no doubting that

echo "message" | gpg -a -e

yayyyyy