Silk Road forums

I try to keep my association with non-drug users to a minimum. Most people know I use drugs, but pretty much nobody IRL knows the extent to which I have been involved with drugs.

They don't.

Interesting. That article is from 2010 though - surely there have been enough different forms of ghosting integrated into Tor since then to overcome those seemingly-basic issues?

Nah Tor is still just as vulnerable to this. The techniques to protect from it add significant bandwidth and latency over head and Tor tries to be fast.

I ask because I don't know. A lot of this is beyond what I know about but it sounds like you could piece together even a simple .bat file to get around these issues? Or that Vidalia's feature of changing your identity every ten minutes would all but make it irrelevant?

Changing circuit doesn't really help much from this, a ten minute sample is more than enough to get a traffic fingerprint. Plus your entry guards are persistent for 30-60 days and are reused on many circuits so they have longer than a ten minute sample over all.

Also, how would your entry node end up compromised?

By being added to the network by an attacker is the most likely way. Hackers could also pwn entry guards that are added by legit people though. Also you need to worry about your ISP doing these attacks, they can see all of your traffic flows regardless of the entry guard used and regardless of if it is malicious or not.

The main techniques for getting around this sort of attack are morphing, padding, cover traffic. Morphing tries to make one traffic flow look like another, for example a website might try to mimic googles traffic fingerprint. Padding adds dummy traffic that distorts or removes the fingerprint depending on how it is implemented (morphing usually makes use of padding). Cover traffic is pretty much another implementation of padding that pads the entire flow (Tor currently pads packets but not flows...all Tor packets have 512 byte payloads via padding, but Tor doesn't add entirely dummy packets to pad the stream). Splitting is another technique that can hide fingerprints. So can multiplexing. Tor does use multiplexing and it helps against traffic classifiers, its why loading multiple pages simultaneously over the same circuit makes it harder to pick a fingerprint out.

What's the point ?

What is the point of the entire war on drugs? Everyone who isn't brainwashed by propaganda recognizes that the entire thing is a massive failure. As far as I have been able to determine, the point is a combination of enforcing traditional religious moral standards and providing employment and funding to large segments of society (prison industry, law enforcement, rehabs, drug testing companies, pharmaceutical companies, etc). Increasing police powers and power of the state are also points.

Sending joe blow to court ordered rehab and getting him on probation paying for piss tests is effective at meeting these goals. And Joe Blow has been sent to prison for small personal use amounts of drugs. The state does not like it when its peons defy them anyway.

You have the "us and them" attitude, which is just as faulty from a cognitive standpoint. They aren't out to get you.

Well I do think they are out to get me considering they have pwnt a few friends already. And I do have an us versus them attitude because last I checked it is us versus them, we are in an arms race, and the people who fuck up or fall behind get pwnt.

Nobody really cares about your gram of weed.

They probably don't care enough to go out looking for me just because I post that I have a gram of weed. But if they intercept it in the mail they could very well pwn me for it. If they find ten hits of MDMA coming to me in the mail why is that any different than if they find it in my car during a random traffic stop? Do you really think they are going to ignore it simply because they found it in an envelope addressed to me instead of in a baggie under my seat?

 

As I've said on here before over and over, cops are just people like us, and they actually spend most of their time dealing with things like domestic disputes and stuff - things you *would* want cops dealing with.

And gang bangers spend most of their time going to the grocery store and taking shits on the toilet but it doesn't mean they wont kill you in a drive by shooting. Also there are federal agencies that spend 100% of their time on drug law enforcement. And mail enforcement. And customs enforcement. And almost any local police department is going to have an entire narcotics unit that spends 100% of its resources on enforcing drug laws.

There's no Officer out there looking for those dastardly buyers of one gram of weed. Just because it's illegal doesn't mean they are Out To Get You. It's a vice crime. Nothing more.

No but there are officers out there looking to move up supply chains and they will bust the dude with one gram of weed to get to the dude with 28 grams to get to the next dude etc. SR protects from this if you look at it as an entirely isolated network, since buyers can't flip on sellers. But if you consider the fact that people on SR might be part of IRL networks also, then it gives police the same motivation to go after buyers to move up their IRL chains of supply. And even if you don't take targeted attacks into consideration, because they are less likely to be aimed at buyers, you also need to take dragnet attacks into consideration. I have zero doubt that buyers here could get caught up in dragnet operations and that customs isn't going to just ignore the fact that you tried to import MDMA even if it was only ten hits. They will probably just forward the case on to your local police department. There actually is a substantial amount of interagency cooperation and feds give local police leads all the time.

Now if you are SELLING shit . . . Different story, because then you are involved in a bigger criminal enterprise. Think hooker vs. pimp. That's sort of what I was dancing around - I think LE would be way more likely to pose as a BUYER to try to catch a VENDOR than vice versa.

But posing as a buyer to catch a vendor isn't going to be as effective as posing as a vendor to bust buyers. And if enough buyers are busted it will cause a chilling effect. I am sure LE have had this same thought process. Also hookers and pimps and johns are all busted. Cops set up elaborate sting operations that cost tens of thousands of dollars in man hours alone, just to bust a dozen dudes paying to get their dicks sucked.

Anticipating the counter example of sting operations with cops posing as prostitutes, I have three more points to add before I stfu and gtfo    :
1- It costs nearly nothing for the police to run a sting operation like that. Think about even just the man hours involved in doing that kind of hardcore policing on SR, and remember that (like everything else), law enforcement is a business. It's just not worth it.

It costs as much as a seller account to harvest addresses on SR and forward them on to the interested local police department. Don't think that there are not communications channels in place between local police agencies because there are, especially for internet crimes, if a cop in Texas finds an IP address doing illegal shit in New York they will forward the information on to the NYPD and they know if NYPD finds such an IP address in Texas they will forward it on to them. There is substantial interagency cooperation and coordination at all levels of law enforcement.

2- LEOs aren't going to pose as a vendor then arrest You for buying One Gram Of Pot for Personal Use. Their cover would be blown right away. They'd be out to catch bigger fish. Much bigger fish.

Well they would likely gather addresses for a few months and then swoop in on everyone. It isn't like they need to immediately blow their cover. Simply knowing that you purchased 1 gram of weed from them three months ago is probably enough to get you raided today, and they will anticipate that you have other illegal drugs on you. using fake ID PO box that you rotate regularly could actually protect from this sort of gather addresses and later move in on them operation.

3- The Broken Windows theory: the reason that cops do things like sting operations as prostitutes is a law enforcement tactic to fight against this theory, which explains that a shitty rundown environment breeds crime essentially because it looks like nobody cares enough to rally against it. Counterpoint is that if you clean the area up the crime disappears. It sounds dubious but it works: it explains (at least in part) the massive reduction in crime rates in NYC within the past twenty years. Areas of NYC that were cesspools were rebuilt, repainted, remodeled and renamed and now are chic places to live. "Chelsea," anyone?
So, the idea is that if there is a known hotspot for hookers, you start running sting operations and people get caught hiring hookers, word spreads, people stop going there, hookers go away. Now while the same would be true for IRL drug deals (and, in fact, it is), the fact is that We Are Legion. Just look how many members this forum has. Look how many vendors are on SR. In simple economic terms, it's just not worth the time and resources to go after the demand-end.

This seems more like an argument for why they will target buyers than an argument against it, imo.

Sites that simply host CP are simply making a product available to people who are simply obtaining a product. If that product leads to people molesting kids, or if people molest kids and host the images on the site, that is a seperate issue. The same thing is true for weapons. Hosting a weapons site is simply making products available, if people use those products to murder people, or get rid of the tools they used for murder via that site, it is a different issue.


Producing CP is almost equal to hiring a hitman though. But I would much rather be molested than have a hit out on me. I guess I understand what the poster was saying, but to equate all of CP with intentionally getting a person murdered is absurd, and it is even a stretch to say that CP production is as bad as murder.

The Hive is pretty much the oldest drug related forum that still has members in the scene today. They were mostly for chemistry but I have heard they had an underground market area for chemistry related things. The core group of people on the Hive talked via instant messages prior to its formation in 1997. RCML was also a very old drug market, it was a mailing list though. I don't know when it was operational but it must have been one of the first research chemical market communities on the internet. As far as the modern forums (post webtryp) go I think SL gets the award for being one of the pioneer, although not the first if you count non-polydrug markets (ie: weed only markets, opiate only markets). And of course 'the holy forum' was the dominant forum for all leet people (and one of the first widely international forums post web tryp, and one of the first forums that had lots of illegals on it, and pretty much the first forum that had bulk illegals). I could write a short history of the scene up but many people would probably not be very happy with that. I personally don't see anything wrong with talking about forums that are long dead, but some people think the 'never talk about fight club' rule should apply until their death, rather than the death of fight club (or many years after). There are histories of the scene floating around / that were floating around on various private forums. These days there have been entire splits of 'forum lines' though used to be the same core group of people behind everything but these days many different groups operate groups of forums. Decentralization FTW.

SR is hands down the most popular mainstream internet drug market to ever be. It also uses some of the best security honestly, although there is room for improvement for sure . It was also the first community to embrace bitcoin and one of the first to operate openly (OVDB launching almost simultaneously and BM coming shortly after). It was also the first rug market to get major media attention, and the second drug market to be structured similar to E-bay or Amazon (the others were more like OVDB with a forum and private message system versus a market interface). TFM was the first market to have a market interface built into their community afaik, but I am pretty sure the SR interface pwnt theirs. The first drug market that was a hidden service was called The DrugsTor and was a private forum community that only lasted for a few months before the bulk of its memberbase it went back to the clearnet under a different name. It had leaked its IP address via improper configuration anyway .

Plus the device can be reused. If you don't have a trust relationship with your source they wont want you to send them back so they will probably let you keep it yourself but make you pay extra for the added security. But there are some people with connects overseas who regularly import <-> send money back in both directions, and then you would only need a single device and send it back and forth with drugs/money until one of the packs is intercepted.

If these things are heavily tested prior to being used for actual illegal packs (as they should be!) and there are no problems detected it would make importation of bulk so much more secure. I would feel totally safe having multi kilo orders of MDMA sent to me if I knew close to 100% for sure that I would be able to tell if it was intercepted. Only issue is what if they don't open the pack until they arrest you picking it up? Would be a major change to their standard operating procedure though. They can verify the substances inside the pack without a dog hitting on it via use of terahertz radiation and such, but on the other hand there is potentially nothing stopping us from being able to detect if a pack is scanned with this sort of technology too.

and more

FBI Project CARNIVORE
     Project Carnivore is part of a third-generation, online-detection software program called the Dragonware Suite, which allows the Bureau to reconstruct email messages, downloaded files and web pages. Historically, it has its origins in a 1997 program called "Omnivore" which ran on Solaris software and was incompatible with Windows (compatibility with Windows was not fully achieved until 1999). Although the FBI has provided minimal information to the public about Dragonware, and only a little more regarding Carnivore, the system is basically what is referred to as a "packet sniffer," a relatively common technology which examines or 'sniffs" packets of data streams on a network. Project Carnivore can only be utilized by the agency when a group or person is suspected of specified felonies, like terrorism, child pornography or exploitation, espionage, information warfare or fraud. Use of Carnivore is controlled under Title III of the Electronic Communications Privacy Act, so a court order is needed to utilize the tool as well as authorization by a "high-level" official from the Department of Justice before a local United States Attorney office can make an application to a federal court. However, there are "emergency" provisions whereby surveillance is permitted to proceed immediately, when high-level Department of Justice authorization is obtained, so long as a court order is filed within 48 hours.  Carnivore is not an information-gobbling monster that violates privacy.  It only allows law enforcement to read and record only that data which a court order authorizes, either "to/from" information or full email content.  It does NOT search thru the contents of every message NOR does it collect emails that contain certain keywords like "bomb" or "drugs."  It selects messages based on criteria expressly set out in a court order; e.g., messages transmitted to or from a specific account or to/from a particular user.

    The Internet represents a vast "honey pot" of information for the government.  It has been trying for years to get Internet search engine providers (e.g., Yahoo, Google) to turn over their records, on fairly shaky legal grounds such as claiming to enforce the Child Online Protection Act (COPA) of 1998.  Such records would provide a window into the personalities of users -- what they want, what they dream about, etc.  Places on the Internet where a user has visited are kept in "cookies" that the search engines retain a record of.  Electronic privacy advocates recommend using software such as Tor and Anonymizer which hide a user's IP address (the string of numbers that identifies a user's computer) from search engines by routing search requests through a maze of servers.

    As opposed to Internet spying, when places or people themselves are wired for sound, this is usually called "bugging," and it is an entirely different subtype of surveillance than telephone taps, pen registers, and trap-and-traces.  For example, surreptitious entry or some degree of stealth are usually involved, the kinds of things we think about in terms of espionage. The U.S. Supreme Court in Dalia v. United States 441 U.S. 238 (1979) found nothing inherently prohibitive in bugging a premises as long as both the surveillance and surreptitious entry were judicially approved.  Wiretapping is the covert interception of communications content from telephones, telegraphs, fax machines, computers, pagers, wireless devices, and any circuit or packet switch. It is distinguishable from eavesdropping, another type of electronic surveillance, which involves intercepting conversations in rooms or between individuals in person.  In the United States, a pen register or trap and trace is authorized by the Electronic Communications Privacy Act of 1986 and similar statutes at the state level.  Pen/traps are easy to obtain and do (with telephone company assistance), very useful in a criminal investigation, and only have to meet a low legal hurdle, effectively relegating the role of the court to a ministerial function.  Full wiretaps are authorized by Title III of the Omnibus Crime Control and Safe Streets Act of 1968 and a smaller number of similar statutes at the state level. Wiretapping is also authorized under the Foreign Intelligence Surveillance Act of 1978. Pen registers are used the most frequently, followed by trap and traces as second in frequency of use, and full all-content wiretaps as the least frequently used.  In terms of numbers, there are about 75,000 pen/traps a year and only about 3,500 CALEA/FISA intercepts.  The USA Patriot Act of 2001 makes all Internet communications subject to pen register authority.  Authorization for a full all-content wiretap requires a proportionality test (the benefits outweigh the harm) and a bona fide intelligence purpose.  Authorization for a pen register or trap and trace requires relevance to an ongoing investigation, and in many cases, a judicial order is served on a service provider instructing them to cooperate with authorities.

    Wiretap law contains its own exclusionary rule. First of all, no wiretap can be used for quasi-judicial or administrative law purposes. This ensures that wiretaps remain a tool of last resort for serious crimes only, mainly felonies or activities that resemble organized crime, espionage, or terrorism.  Secondly, any application for a wiretap must be reviewed and signed by a politically accountable official before going on to a judge for approval. The case of U.S. v. Giordano 416 U.S. 505 (1974) made it perfectly clear that any rubber stamping of a political official's signature by their assistant would result in suppression of evidence.  Thirdly, there are documentation and notification requirements. Judges must be kept informed of progress, and upon completion, a full wiretap requires notifying all parties, at the time of charging with an offense, that their conversations have been intercepted. A judge, however, has discretion to decide whether other parties should be notified, and which other parties should be notified. The practical effect of this rule has implications for the number of civil lawsuits filed by other parties over the shock at finding out they were wiretapped.  Finally, there are executional and minimization requirements. At the time of executing a wiretap order, a professional effort should be made by officials to minimize the interception of irrelevant conversation. This goes beyond the standard protections afforded to privileged communication, such as that between husband and wife, and requires officials to ensure that irrelevant portions of the conversation are deleted and the most relevant portions are retained, all without being done in a manner that suggests the recording has been altered or fabricated in any prejudicial way.  Rules of evidence subject wiretap information to the authentication rule and best evidence rule. Unlike wiretaps, pen registers and trap and traces require no notice to persons that their communications have been intercepted. Nor is there any provision for judicial supervision of a pen register in progress. Also, there is no minimization rule. 

UNDERCOVER WORK

    There are about 50 different types of work which a police officer can be assigned to, and almost all of them rely or depend upon the authority of a uniform.  One of the most notable exceptions to uniformed duty is undercover work, arguably the most problematic area of law enforcement.  Undercover work is one of the most unique investigative techniques available to law enforcement.  The theory behind not wearing a uniform is that it removes any impediments to acquiring information.  It's part of the same intelligence-gathering function as surveillance, eavesdropping, use of informants, and espionage.  It typically involves an assumed identity for a defined and considerable amount of time.  Undercover work requires secrecy.  It allows the police officer to circulate in areas where the police are not ordinarily welcome.

    The job of the undercover officer is to "make cases", in other words, to gather enough information to enable a successful prosecution.  The purpose is not so much to obtain proof of criminal intent, the personalities or lifestyles involved, but to obtain physical evidence (by purchasing drugs or other contraband) and become the complainant seeking an arrest warrant.  Once the warrant is served, the officer's identity is usually revealed.  Ordinarily, a large number of arrests are made because the undercover officer has maximized their contacts as much as possible (e.g. with the drug or crime ring) on their own or by "converting" one or more of their contacts into informants.  A typical three-month operation may yield as many as 60 arrest warrants.

THE EARLY STAGES

    Although there are many ways to initiate the undercover role, a typical pattern is to bring the undercover officer in as an acquaintance, business associate, or girlfriend/boyfriend of an informant, and then to distance themselves from that informant.  Once it's clear to all the parties involved that the officer is single again, another undercover officer is brought in as the boyfriend or girlfriend of the first undercover officer.  The key here is managing the informant because you don't generally want to take extra risks with an informant around when you don't really need them.  The ideal targets are the "big" dealers or criminals, but most officers usually start by going after the "small" fries, accumulating suspects and case material as they go.  The police supervisor, and sometimes, the prosecutor make a decision early on about whether enough "mid-level" or "big" cases have been made so that the operation can be terminated.  In most cases, the critical factor is continued safety of the officer(s).  Training of the undercover officer is sometimes nothing more than on-the-job training. Additional training may involve a few short hours of instruction on how to identify drugs, contraband, terminology, and prices.  Sometimes, a refresher course in criminal law and procedure is added.  A system is usually put in place for the officer to turn over evidence on a systematic basis or en masse at one time.

THE MIDDLE STAGES

    Undercover officers usually are allowed to create their own cover stories, and depending upon the type of crime involved (drugs, guns, contraband, gambling, "subversive" groups), will eventually need more support from the department.  The need may arise, for example, to create false documents or computer records for the undercover officer.  This is not ordinarily done with minor cases.  The need may also arise for creating various kind of setup situations in which the undercover officer "proves" their criminality or loyalty by engaging in a staged showdown with regular police officers or other brush with the law.  The staged encounter may also be an opportunity to supervise the undercover officer.  Since supervision and continued surveillance becomes more difficult as the operation progresses over time, undercover officers are often "busted" to give a progress report and let management know if they need more or less supervision.

THE LATE STAGES

    Of all the kinds of police assignments, undercover work puts you at most risk of corrupting your integrity.  At some point, the undercover officer may begin to lose perspective, and become emotionally attached to this type of work.  This does not mean they become emotionally attached to the suspects, and become more criminal than cop.  It simply means that the department overall must think about maintaining its integrity by calling in anyone who has been doing this kind of work so that they can salvage their usefulness as a regular police officer.  Danger and temptation play roles in the late stages.  Undercover officers tend to get paranoid after a while, feeling like they have "cop" written across their foreheads.  They will begin to feel insecure and anxious about regular work and continued employment with the department.  They will often be amazed and astonished as some of the things they have experienced and the dangers they have faced.  Usually, they're carrying their own gun at this point for personal protection or they've arranged some other form of their own private surveillance and protection from real or imagined dangers.

    If paranoia develops, the undercover officer may start having dreams about engaging in criminal activity.  They can't help it because subconsciously they succumb to temptation.  The problem is worse in drug cases because the officer may not be unable to decline the inhalation, ingestion, or injection of controlled substances, although by strict policy, they should make every attempt to avoid illegal consumption, even alcohol, during the operation.  However, if consumption occurs, one runs the risk of addiction, and the real possibility of neurological changes.  Anyone who engages in participant-observation runs the risk of "going native", and it takes tremendous self-discipline to keep from doing so.  Many officers end their undercover assignment when they feel "burned out" or express their first concern about being "made" or express a desire to surface and become a regular officer.  Supervisors normally do not try to talk anyone into staying undercover, although there is some concern for whether or not the appropriate cases have been made.  Most departments allow a "debriefing" period of time to help them adjust after coming off undercover assignments.

SELECTION OF UNDERCOVER OFFICERS

    In many cases, the undercover officer is new to the department, and something about their "looks" makes supervisors feel they are right for the job.  They may have been interviewed and identified for such duty while attending the training academy or while waiting on some civil service eligibility list, but generally, they finish up a rookie year or two first as a regular officer.  In rare cases, an applicant is sworn in secretly by the Chief and Personnel Officer the first day on the job.  The department may have some special need in an ongoing operation for someone who fits the "mold" and a new recruit may fit the bill.  Recruits from out of town are sometimes preferred, as are ethnic-looking recruits with foreign language skills and the occasional female.  The reason for using new, inexperienced officers is that you may not want someone who thinks, looks, and acts like a cop, especially for internal affairs operations or certain political targets.  You want someone who has still got a civilian mindset.

HOW TO AVOID BEING "MADE"

    Just as some officers have the uncanny ability to spot criminals, some criminals have the uncanny ability to spot undercover officers.  Two things that will automatically tip any drug dealer off are: (1) familiar customers introducing strangers who want to buy drugs; and (2) small-time users who suddenly want to buy large quantities.  The idea behind requests for large quantities is to force dealers to contact their "connection."  Most professional criminals are keenly aware and ready for attempts to "flip" them over into becoming informants.  They will be prepared for this with bail money set aside and a lawyer on retainer to set up an entrapment defense, guarantees of immunity, and/or a written salary agreement.  Intermediate level criminals are also the group least likely to have addictions of their own.  Top level criminals hardly ever make mistakes.  The importance of combining undercover testimony with tape recordings or video recordings cannot be overstated, especially when dealing with a sophisticated criminal.

    At the other end of the spectrum, you have perpetrators who are easily caught up in a "reverse" operation where the police officer is the one selling the product.  Perps who usually get caught up in these kind of undercover operations are the small fries or "connections" who make stupid mistakes.  Almost always, the mistakes are made while intoxicated, high, or fatigued in some way.  However, even at this level, the criminal may make some attempt to "verify" someone's story, or check the undercover officer's cover out.  Two of the most common things checked out are family history and employment; these, and perhaps, an acquaintance or two.

    How the undercover officer dresses and what they drive are also factors.  The clothing of drug addicts always doesn't fit right because they're constantly losing or gaining weight.  By contrast, most undercover officers can't simulate this particular "fit" of clothing; they'll only look sloppy and carry themselves like they have their "street uniform" on.  Scraggly beards that look recently grown also are a dead giveaway.  The cars they drive are also too well-maintained. A dope addict's car usually has three different types of tires, a bunch a hamburger wrappers all over the inside, and screaming kids in the back.  There's also the way undercover officers give themselves away with their eyes.  Their eyes are too full of life, and they seem to wear sunglasses all the time.  A dope addict, on the other hand, will often stubbornly or masochistically blind themselves by not wearing sunglasses even when they should, and their eyes will look sunken, like they haven't slept in days.  Other cover-blowing moves include: being too sure about the price; constantly making phone calls during a deal; being too overeager to buy; offering sex in exchange for doing business; being too familiar; and being too unfamiliar.