Silk Road forums

Quote from: kmfkewm on February 19, 2012, 12:28 am

something tells me jewfro is a heavy meth user and takes anything bad said about meth (regardless of how true it is) as a personal attack on him....

telling people weed and meth are equally addictive (not that anyone would believe that) to make yourself feel better about using it isn't good

I really have nothing against meth users and have enjoyed a few times myself, but don't deny that meth is serious shit, comparing it to weed is just straight up dishonest

something tells me that you're run out of arguments, as you've resorted to adhominem attacks on my character.

man, i could be the skeevy bum from down your street, that smears his shit all over the walls of the bus shelter and tells you im the next coming of christ, but my arguments remain valid.

if you are content to wallow in your [shitty] ignorance, then do so: you're more than welcome. im offering arguments that i have found to be in conjuction with enough supporting evidence.
 
people telling me that "they know better" without doing an iota of research, proves to me that darwin was right in our evolution from simian species, as you clearly can't think father than you can chuck your shit.

goddd

Didn't you tell me to go suck a beaver in all caps? You are clearly the next evolution of man kind. Enjoy the tweak bro. I think it just may be making you behave in aggressive and asshole-ish ways though (then again amphetamine does the same to me after a few day binge )

I am of the understanding from very reliable sources, that a knock and talk or a major field investigation is the preferred route after a package is detected. My source who works for a top 10 US city police department says they have a policy prohibiting controlled deliveries.

I wouldn't be surprised if there is some truth to this. Although I know of fairly recent CD's, I also have heard of fairly recent cases where there was no CD but rather knock and talk interrogation from postal inspectors (for fairly small amounts) or field investigations leading to SWAT raids (for bigger amounts). Also heard of one case where they waited for the suspect to leave after the delivery, a full day later, and pulled him over on the road like a routine traffic stop.

Large and very interesting post. I more or less agree with most of the parts, except the LEO being able to locate SR server. Yes, they can locate it using traffic analysis if it is located in USA. Whole different story if it is located in some 3-rd world country overseas. We argued about it some time ago and I got pissed off by kmfkewm.

And I'm not comfortable to open PDF files from cia.gov

Well regardless of where it is they can trace it up to its entry guards, even if the entry guards are in China or Russia. (citation: http://freehaven.net/anonbib/cache/hs-attack06.pdf)  If they can trace it directly to its IP address depends on if they can compromise one of the entry guards or not. If the entry guards are in the USA they can do this with a trap and trace / pen register order as authorized by CALEA. This part of the process could probably be done in under 24 hours if the entry guards are in USA

(citations:
https://en.wikipedia.or/wiki/Communications_Assistance_for_Law_Enforcement_Act , https://en.wikipedia.org/wiki/Trap_and_trace_device
https://en.wikipedia.org/wiki/Pen_register)

If the entry guards are not in USA they will probably use a mutual legal assistance request (citation: https://en.wikipedia.org/wiki/Mutual_legal_assistance_treaty) through one of their political channels to request the cooperation of the overseas ISP. How long it takes the foreign nation to comply with the MLA depends largely on the particular nation. Some cooperate slowly, some cooperate very quickly. At this point they will be able to get the hidden services IP address from passive monitoring of the entry guard.

There are other things they could try as well, but they are more grey area / illegal, so I think they will just go with a MLAT if the entry guards are overseas. The entire process will likely take no more than a month even if the entry guards are all overseas. Chances are they are either in USA or a European country with fast MLAT compliance though, unless SR specifically set the entry guards himself instead of letting Tor pick them for him (Tor is blind to the legal system of a country, and also blind to how much that country cooperates with USA, and the majority of Tor nodes are in USA and USA friendly European countries).

After tracing the server they will almost certainly leave it up since they can then observe traffic arriving to it. That means that every person who connects to SR with a fed owned entry guard will be deanonymized (citation: http://freehaven.net/anonbib/cache/dsn-09-jing.pdf) . How much damage they will be able to do immediately, and over time, will depend on how many Tor nodes with entry guard flag they have. There are ~900 entry guards (citation: https://metrics.torproject.org/network.html) total and you select three at a time, the three you select change about once a month. Someone else can do the math .

If you don't frequently change the physical location of your hidden service it is only a matter of time until a moderate level attacker (able to afford flooding two dozen or so nodes into the Tor network....assuming VPS cost <$100 a month this shouldn't cost more than about $4,800, giving the attacker two months to slowly add the nodes to the network so they don't get removed after triggering the 'node flooding attack' detection algorithms that the Tor directory authority servers use to prevent people with botnets from adding a thousand nodes to Tor all at once....) finds its entry guards. If the attacker can get past the entry guards or not is a different story, but a federal law enforcement agency is pretty much certainly able to do so in the vast majority of cases (I think that 187 different countries have mutual legal assistance agreements with the USA, and the ones that do not probably don't have much internet infrastructure lol).

imo clean acid feels weaker than dirty acid, but at higher doses it is clear win. No comment on FF or his acid though as I do not have experience with either. I have experience with blotter laid with crystal of differing purity though.

This research seems to confirm my growing belief that the most effective way to participate in this sort of system is if you're living a nomadic lifestyle. This would especially be true of vendors. Consider if you had a trusted partner, bulk access to drugs, an RV, a small plane, and no geographically concentrated obligations. Never stay in a single location you're operating from for more than a couple weeks. Live in the RV and rent an office for a couple weeks in whatever new city you're in to do order prep. Fly the drugs from place to place to minimize the risk of random traffic stops (general aviation is surprisingly unregulated). Set up shop, use random wifi on a disposable device, ship heaps of orders, destroy the wifi device and then bounce. Take a couple week vaca before the next round . You'd need a solid way to launder BTC -- but tell me that wouldn't be a ballin lifestyle that wouldn't keep you awake at night wondering about geographic profiling...

then I would stay awake at night worrying that I would leave a pattern in license plate scanning databases or cellular geopositioning databases that could be correlated with my pattern of shipping. Des used to use RV and travel around USA. FBI still managed to find her location some how. She used complete SHIT security though, so isn't that good of an example. They probably just triangulated her phone, she gave many of her customers her phone number lol.

You don't see this place getting roasted on CNN, or politicians actively rallying against it

Actually at least two politicians asked DEA to shut SR down, and it has been in the news multiple times.

You might be right, but if it's so easy for LEOs to trace the SR server, and it could be done within a few weeks of trying with minimal resources, how is it that we are all still here?  They've certainly had more than a few weeks to try it.  It seems logical to me that if they could do it so easily, then they have already done it, and thus they would know where the SR server is and the proverbial shit would be hitting the proverbial fan.  If that's the case, why allow it to continue running?  SR isn't going to lead the DEA to the cocaine kingpins of Mexico - shutting it down would be a much bigger win for them than, say, busting Pharmville.

Why would they take the server down when it would just be put up again in a new location and then they would need to trace it again? They would rather passively observe traffic to the server so they would be able to deanonymize clients with correlation attacks.

What you are describing, the type of systems and algorithms, may sound simple in theory, but will require a massive amount of computing power.

No they wont. There are 200 billion pieces of mail through USPS every year. I ask a database management specialist how hard it would be to query that database looking for an address that got package from X location in Y time and also from Z location in T time. He said that an entry level laptop computer could return the list of addresses that fit this pattern in less than a day, a powerful network cluster could return results like this without even justification of a coffee break.

Not to mention, they couldn't be completely accurate. They can't just go off of, who recieves packages from drug states.... Every state in the country more than likely recieves thousands of packages from every other state in the country every day. There is so much mail in the system. They can't profile just on state-state.

Sure but I am also certain that there are fingerprints that stick out as worthy of further investigation. Assholeoutlaw pointed out one I had not thought of, profiling for addresses that only started getting a lot of mail / international packs after SR launched. There are probably a lot of interesting patterns that can be searched for, and to search a total of 200 billion entries for such patterns would require a trivial amount of computing power.

And as far as profiling packages on how they look.... that's pretty hard for a vendor who knows what they're doing. Anyone vendor who knows what they're doing will package it like the millions of other legit mail parcels in the mail system.

Well they do profile mail based on how it looks all the time,but yeah smart vendors use good packaging that doesn't stick out. This thread is more about traffic analysis though, it is interested in patterns in routing data nothing else.

As far as tracking this stuff based on when the feedback was left, there are way too many probability and chance of false results coming up. They may narrow the results to a few thousand or few hundred packages... but understand this. There are so many packages in the mail system. They do not have the time, resources, or man power, or will for that matter, to 'redflag' all of these possible suspects, because that would mean checkings hundreds or possibly thousands of packages all over the country.

The point I made in the original post is that all of this address routing information is potentially being stored already. In some countries *every single routing address: return address, to address, date sent* is recorded by the machine that sorts the mail. It is entirely possible for this to happen in USA as well and probably already is happening since the technology to do it is integrated into a lot of mail sorting technology and it isn't illegal for the feds to access such databases of routing information. USPS sends 200 billion packages a year about, searching a database of 200 billion entries for patterns is not computationally expensive. There is no man power involved, it is all computing power.

Also you are not understanding how an intersection attack works. At any given time there are probably tens or hundreds of thousands of packages in route from location X. At any given time there are probably tens or hundreds of thousands of packages in route from location Z. But during those two time frames, there is probably not much cross contamination. If you know someone has a pack from location X coming to them in a certain time frame, and know this same person then has a pack from location Y coming to them in a different time frame, you can query the database for everyone who had packs from location X in this time frame and from location Z in this time frame. Then you intersect the crowds and remove addresses that are not in both of them. The resulting crowd is not likely going to be very large, and every single additional query that you add is going to likely reduce it by a lot.

Not to mention, checking a single package isn't the quickest thing. For a dog to pinpoint a package, it can take up to a minute. They don't have the time to have a dog check and recheck multiple packages over and over again that they suspect. This would put a MAJOR slow down in the mail system, and would cost way way to much to hire the additional man power to do it.

You are not understanding the attack. The attack identifies a pseudonyms real identity, at which point that persons mail can be more closely screened. The attack is not "Okay we know this person ordered a package from roughly X location, let's scan all packs from X location looking for drugs!". It is "We know this pseudonym ordered from X location in this time frame and Y location in this time frame, according to mail logs only this shipping address falls into this pattern, so this pseudonym is tied to this shipping address". That is how the intersection attack works anyway, the fingerprinting attack works more like "This address gets a lot of packages from netherlands and california, lets automatically flag it".

The only thing they can reliably go off of, is hoping stupid criminals package their drugs in stupid ways so they can profile the exterior.

I think traffic analysis will be pretty effective personally.

You must realize the steps required, the time required, the man power, and cost required, to effectively utilize a system as you describe. Even if they do use this algorithm, to pin point people POSSIBLY recieving drugs, based on the states they recieve from(still an incredibly inaccurate way to track it as packages are recieved everywhere from everywhere everyday)... they would need 10-100 dogs, and trained handlers for those dogs are each mail hub in the country, since it takes so long for a dog to pinpoint a drug package from a legit one.. this is because they have to lay multiple legit packages next to suspect ones and allow the dogs to sniff it over and over again before they can get a warrant.

Well we should assume the USA already is storing all routing information of all mail that passes through it, since it is technically possible to do with mail sorting equipment that is already on the market and since other countries are known to be doing this. We can also assume that such an algorithm exists, I mean it is really just a basic intersection attack it exists to be targeted at E-mail and other internet communications, "porting" that to work against real mail would be trivial. Also they would be identifying the shipping address that is likely tied to drug trafficking, so they could just have the dog smell packages when they make it to the post office that delivers it to the target. That would make it pretty simple. You also need to keep in mind that if they do this they will probably start intercepting a lot more packs than if they just have drug dogs randomly smell mail.

It's completely unrealistic for them to go to this length as it would cost WAY WAY too much funding. The only reliable and affordable method they have presently to stop drug traffickers in the mail are by teaching mail sorters to spot suspicious packages from idiotic criminals.

They apparently already have most of what is required to be doing this.

Your idea would be an effective solution to the drugs in mail problem, only if the united states put forth massive amounts of employees, trained dogs, trained handlers, at every hub in the country. It takes a lot time to effectively train a drug dog. This being said, this task would require way too much effort and way too much funding and would massively slow down the mailing system. A slowed down mailing system would adversely effect the economy and this is something we can't afford now.

You have kind of lost me at this point but it seems you entirely misunderstood how this attack works . The information needed to perform these attacks is ALREADY probably being recorded and stored in USA, it is in use in other countries.

It's incredibly unlikely they would ever implement something like this. It's a simple solution. But remember there are a lot of simple solutions the government could do, but they all have cost.... money, time, effort, manpower, invasion of privacy, etc. If the government jumped on every solution they had to every problem and ignored all of those above concerns, the US would be the worst country on the planet, highly regulated, with very little freedom.

The USA is a shitty highly regulated country with very little freedom....we are using the same technology that Chinese and Iranian dissidents use, so that we can avoid being thrown into re-education camps and prisons....sorry if you were brainwashed into thinking you are free.  You are free to do what the state tells you you can do. The only reason average Americans think that people in China are not free is because the Chinese State says that Chinese citizens can't do things that the American State doesn't say American Citizens can't do.