Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 236 237 [238] 239 240 ... 249
3556
Security / Re: Can your ISP see that you use TOR?
« on: February 09, 2012, 09:21 pm »
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect

Running an exit relay would give you plausible deniability for normal web traffic

Not from a local passive attacker

3557
Security / Re: Can your ISP see that you use TOR?
« on: February 09, 2012, 02:24 am »
yeah, i mean, a buyer in america or EU shouldn't have jack shit to worry about. tor is a legitimate service and perfectly legal


It is perfectly legal to drive a particular sort of car as well, but that doesn't mean LE wont check DMV records when they make one of their suspect set sizes, if a certain type of car is frequently spotted near a certain type of crime scene. The rarer your car is the more prone you will be to being identified in this way. The less people who use Tor near where you ship from, the more prone you will be to being identified in this way.

After you are identified in this way, you will likely be put under various degrees of surveillance until they build a case against you from it. They will probably also watch your mail extra closely. They may manuever agents in their human intelligence networks (snitches and undercovers) closer to you and try to get you to do little illegal things. Then they might get your connection tapped and do a website fingerprinting attack to find some % probability that you are a certain user on SR (sites loaded through Tor, even though they are encrypted, have been identified with 60% accuracy with traffic classifiers, chaos computer club made the best one so far). They could bug your computers or what the fuck ever.

The thing is the more people who use Tor in your area the less likely they are going to put all of them under this sort of scrutiny. If you are the only person within a hundred miles of where the pack was sent from who is using Tor, you are an easy low hanging fruit. If there are fifty Tor users in the same radius, it will cost them a lot more to do targetted attacks against fifty people to find one person. If they go to this effort or not will depend on how valuble of a target you are : how much resources will it cost to do these attacks / surveillance etc

another thing to take into consideration though is that they are fairly effective at filtering out noise via various strategies. If they identify fifty Tor users in an area they may do other things. How many are on parole? They are easy targets and have little legal rights against search. How many have criminal records for drug charges? How many fit this profile or that profile. This isn't a perfect strategy but its one of their techniques. You would also be surprised how much profiling data is already available to LE on you, if you use facebook you pretty much make your entire social network open source intelligence. Have a lot of friends who were busted for drug charges? I wonder in your extended social network how many people have been busted for drug charges versus the extended social networks of these other fifty Tor users in your area and their social networks. Better call up a datamining company and do some database processing. Or they can add other data points to the intersections.

the intelligence is just to help them narrow in on evidence, see where to best focus their resources until they have enough resources to focus on a target. How much they are willing to put into it depends of course of the specific target. The use of intelligence often will not even come up in court. They don't need to say why they knew to target you as long as they follow the law when they go about gathering the needed information. And some times they are just crazy fanatics anyway and will break the law because they are crusading against the devil as far as they are concerned. Or they are just crooked for whatever reason. I still think the majority of LE are "law drones" though, and will act in accordance with the law, unfortunately regardless of how fucking corrupt the law happens to be. IMO they are just as bad.

3558
Feature requests / Re: Silk Road via I2P
« on: February 08, 2012, 10:40 pm »
I2P has like 5 thousand users. (Nearly) all I2P nodes route for other nodes. Adding a few high bandwidth nodes to the I2P network will allow you to enumerate almost the entire I2P network. I2P has users spread out through the entire world. I would hate to be a vendor who leaks rough geolocation via mail and uses I2P, it will probably be pretty easy for the feds to determine that the one person using I2P within five hundred miles of where the vendor shipped from is the vendor.

Not to mention I hope you have zero down time if you use I2P. Since I2P Eepsites (hidden services) are also routers. All an attacker needs to do is see if there is a down time correlation between one of the I2P nodes and the hidden service to deanonymize the hidden service. I hope SR isn't running as a relay too actually, for the same reason (busts out Tor relay history and cross references it to SR down time periods....).

I2P also sucks for various other reasons. Tor was a good choice, quite possibly the best.

3559
Security / Re: Can your ISP see that you use TOR?
« on: February 08, 2012, 10:06 pm »
See this: https://www.torproject.org/about/overview.html.en#thesolution

They can see that you are connecting to a TOR entry node (relay). As someone else mentioned, these are well known (or easily discoverable).

I don't think they can do packet inspection. At least not at the point of entry, because that link is encrypted. They can look at traffic at the exit node, but then they cannot correlate it to you (originating node). Which is why TOR folks suggest SSL (https) services, which would encrypt data end to end between you and the SR servers. But far as I can tell, SR does not use SSL (https).

Encrypted Tor packets stick out like sore thumbs (for one they are all padded to 512 bytes + headers). Technically an ISP could detect that you are using Tor by looking for streams of packets like this (and various other things). It is kind of an arms race. So far no government is known to be fingerprinting Tor traffic in this specific way, although some governments have located Tor users via various traffic fingerprinting attacks. It is harder for this sort of attack to be done than detecting Tor users via the IP addresses they connect to. It might not even be feasible to scan everyones traffic arbitrarily looking for some of the fingerprints associated with Tor traffic. In other cases it can be done though, as has been shown by various governments. When governments find a way to detect Tor traffic that they can actually implement large scale, Tor tries to take counter measures.

3560
Using Tor & receiving drugs through the mail don't necessarily go together.  I saw a National Geographic special about Ketamine use the other day & the guy selling K ordered his stuff online.  But from the brief screenshot I saw I don't believe he was using Tor.  There are plenty of overseas clearnet sites selling stuff that's legal there but not legal here. 

If you're really concerned about your local ISP getting too curious about your Tor usage then use another access point.  Like the local library or coffee shop.

No, but if you use an interface that I know requires Tor and ship me drugs from a location that only has one Tor user within a hundred miles of it, even though I can't trace you through the network I can make a pretty damn good guess who you are ;).

3561
I actually retract my statement. In some ways, It is better to leave Tor running in a remote location.

It is better to leave it running because if there are not breaks of ~24 hours between Tor sessions, Tor can bootstrap at directory mirrors (of which there are hundreds) instead of directory authority servers (of which there are eight or so). This is good for membership concealment / usage concealment against an attacker who monitors the directory authority nodes.

However if you leave Tor running when you are not using your computer it is a huge indication that you are not properly utilizing FDE. Your computer is vulnerable when it is booted up.

So I guess the best answer is probably that you should use Tor enough so that it doesn't need to bootstrap at directory authority servers (your Tor client gets a list of directory mirrors from the directory authority servers the first time it bootstraps, but the Tor client considers the list stale after some fairly short period of time, I think 24 hours or so), but you shouldn't leave Tor running when you are not using it. Or you could just use a bridge and use Tor as much or as little as you want.

Of course if you use TBB you also directly connect to directory authority servers every time you upgrade. The same may be true for the regular Tor client itself, I am not sure. Also you need to keep in mind that simply by monitoring the Tor download site an attacker can quickly get a list of all IP addresses that have downloaded Tor. Hopefully they are not doing this, with you being the only one who downloaded Tor in the remote location that you ship drugs from.

3562
Off topic / Re: List all the drugs you've done!
« on: February 07, 2012, 08:46 pm »
hmm

meth (a few times, smoked and snorted)
crack (once, absolutely did not enjoy the high)
cocaine (briefly)
heroin (a few times, smoked and snorted)
LSD (very verhey avily)
MDMA (heavy for a few months, oral and snorted)
nitrous (a few times)
weed (moderate for many years, including hash and food and even THC alcohol)
2c-b (heavily)
2c-t-2 (many times)
2c-e (a few times)
2c-i (a few times)
2c-t-21 (a few times)
DXM (heavily)
5-meo-amt (a few times)
5-meo-dmt (several times)
5-meo-dipt (heavily for a while)
mephedrone (very heavily for a while)
ketamine (very very very heavily)
4-aco-dmt (a few times)
4-aco-mipt (a few times)
mushrooms (a few times)
salvia (moderately for a while)
DMT(a few times)
xanax, valium, ativan (moderate on and off)
oxycontin, vicodin, other opiates (a few times)
pharmaceutical and street amphetamine (a few dozen times)
alcohol (rarely)
nicotine (moderate)
jwh-018 (a few times)
CP 55,940 (once)
various other unknown synthetic cannabinoids (a few times)
Methylphenidate (a few times)
BZP (probably, some shit in x tabs)

probably some I can't remember

still need to try mescaline, ghb

3563


I dont remember how many counts it was against the Elysion Hearts dude over at OVDB but I do remember that they just wrote up enough to ensure he would spend LIFE in prison and let it be at that... and even if he beat some of that shit, they will just indict him AGAIN on some more NEW charges, they can pull them out of thin air basically once they decide the want you and they identify you.


Quote
What's the story behind that case? Don't really know anything about OVDB except that a few vendors were busted...

Only Enelysion was busted, although he was one of the top vendors. The department of homeland security pwnt him. They also had an on going investigation into OVDB, although I don't know if they do anymore since it is gone now.

3564
Don't quote me on this, I am not a lawyer. But, as I understand it, the Silk Road qualifies as a Continuing Criminal Enterprise. The only thing worse than this is being an Al-Qaeda member being held in gitmo. The following applies for CCE's:

Quote from: http://en.wikipedia.org/wiki/Continuing_Criminal_Enterprise
The Continuing Criminal Enterprise Statute (commonly referred to as CCE Statute or The Kingpin Statute) is a United States federal law that targets large-scale drug traffickers who are responsible for long-term and elaborate drug conspiracies. Unlike the RICO Act, which covers a wide range of organized crime enterprises, the CCE statute covers only major narcotics organizations. CCE is codified as Chapter 13 of Title 21 of the United States Code, 21 U.S.C. ยง 848. The statute makes it a federal crime to commit or conspire to commit a continuing series of felony violations of the 1970 Drug Abuse Prevention and Control Act when such acts are taken in concert with 5 or more other persons. For conviction under this statute, the offender must have been an organizer, manager, or supervisor of the continuing operation and have obtained substantial income or resources from the drug violations.[1]

The sentence for a first CCE conviction is a mandatory minimum 20 years' imprisonment (with a maximum of life imprisonment), a fine of not more than $2 million, and forfeiture of profits and any interest in the enterprise. Under the so-called "super kingpin" provision added as subsection (b) to the CCE statute in 1984, a person convicted of being a "principal" administrator, organizer, or leader of a criminal enterprise that either involves a large amount of narcotics (at least 300 times the quantity that would trigger a 5-year mandatory-minimum sentence for possession), or generates a large amount of money (at least $10 million in gross receipts during a single year), must serve a mandatory life sentence without possibility of parole (sometimes referred to as a "living death" or "pine box" sentence, since the offender is strictly ineligible for release while alive). Anyone engaging in a continuing criminal enterprise who intentionally kills a person or causes an intentional killing may be sentenced to death. Probation, parole, and suspension of the sentence are prohibited.

In addition, they can seize all assets in anyway related to the enterprise.

Silk Road admin would certainly be charged with running a continuing criminal enterprise if not RICO. He would most likely get a life sentence, or what amounts to one. Even if he is just charged for fairly large scale money laundering (which he is clearly guilty of running a mix for drug money) he would be facing twenty five years on that charge alone.

Mods of this forum would also face similar sentences for being in authority positions. Although technically anyone who participates in illegal activity on this forum could be charged as a RICO participant, if you are charged under RICO you can get charged for the crimes of the enterprise rather than charged with your specific crimes. Participating on silk road or any other forum like this is not likely to get you a slap on the wrist, almost everyone who participates here in USA could face a life sentence if they wanted to give you one. Of course they will not give 150,000 people life sentences though. SR is kind of strange in that it is easily the largest (participant wise) named drug trafficking organization in the history of the world. Most DTO are considered large if they have a few thousand participants. The internet makes having over a hundred thousand participants operating under the same organization name much easier. The laws on the books certainly technically apply to SR participants, but the gov didn't have organizations like SR in mind when they made the laws (after all they probably don't want to give you a life sentence for ordering a gram of weed, even though by ordering a gram of weed here you are technically capable of being charged with RICO violations due to the structure of this organization).

Under the Ryan Haight act it is actually illegal for American citizens to even have an account on this forum, since it is a website with the primary goal of trafficking in scheduled drugs.

3565
Off topic / Re: Help with getting tor chat
« on: February 06, 2012, 09:58 pm »
Torchat is insecure for multiple different reasons and should be avoided if you value anonymity or security

3566
Security / Re: Vendors should always use a remote service
« on: February 06, 2012, 05:54 am »
Well I did mention a remote virtual machine as an option, but the real point is

__Vendors should not physically touch a computer sending Tor traffic, and should not even be physically near a computer sending Tor traffic.__

Note if you set up a totally private Tor bridge and try to connect to it via SSL you can still be identified as a Tor client.  You have to totally remove the Tor protocol between you and the first server you connect to (which could be a virtual machine).

I'd be willing to bet lots of vendors are using the Tor browser bundle from their own computer, which seems to be a pretty big mistake given the consequences.








VPN not safe, they all decrypt your traffic to see what awesome stuff they can find (money) wouldn't you?
Like that guy said build your own VPS bridge node or remote desktop and SSH into it.

What if a vendor bought a new computer specifically for SR work, scrubbed of all personal info, and used it from someone else's IP? Seems safe to me, and even if someone were to get the computer, everything is locked down/ hidden/ encrypted, so... yeah. I might be missing something though, advice?

The main thing you and many others are missing is the simple fact that LE may not even give a fuck about what is on your computer. Having your computer encrypted and locked down isn't going to mean shit if you are deanonymized and they find drugs on you. Not to mention if they really want to get around your full disk encryption they wont have any trouble to do so if they don't fuck up tactically, unless you are taking exceptional security measures that probably almost nobody actually is, like using shielded equipment and carrying your laptop on you 24/7 to prevent it from being bugged with hardware keyloggers etc. They have already pwnt several carders and even a few drug dealers who used FDE simply by bugging their computers when they were left unattended. One technique they use is to make sure a person is online prior to a raid and then they storm the place and flash freeze the RAM / dump the contents of RAM to a forensics laptop, before it has a chance to lose its state entirely, which can take something like five to ten minutes after power is cut. FBI counter intelligence used transient electromagnetic pulse analysis to steal passwords from some Russian spies a bit ago, but they probably spend more resources on them than they will on you.

3567
Security / Re: Vendors should always use a remote service
« on: February 06, 2012, 05:52 am »
Being near a computer that uses Tor should be fine as long as it isn't tied to you in specific. Even using Tor once or twice is probably fine, although never using Tor from a location or device or IP address that can be linked to you is always the best bet. One of the main things you need to worry about is simply getting the Tor software in the first place, an attacker could very well just monitor the Tor project website and see who all downloads Tor. A lot more people download Tor than regularly use it though. In many cases your usage pattern of Tor will leak to an attacker who can monitor the Tor directory authorities, but your usage pattern will not leak to an attacker who monitors the Tor download site.

I don't like using remote virtual machines. The people who own the remote server can spy on your traffic as it passes through. Plus unless you use Tor to connect to the remote machine you are not going to be getting the cool encryption features of Tor. Almost all VPNs are extremely weak to website fingerprinting attacks because they don't pad their encrypted packets to all be the same size. Tor pads packets to 512 bytes and this significantly distorts fingerprints. Website fingerprinting attacks have in some cases identified that traffic has a 98%+ probability of being a certain preidentified website, even though the traffic is encrypted and can not be decrypted without the proper keys or a currently infeasible amount of computing power. I think the best anyone has done against Tor is 60%.

Tor kind of tries to disguise its traffic as SSL. Although it still sticks out. For example all packets are 512 bytes. It also used to have a unique parameter with its SSL implementation but they changed that after some country (forgot which) started using it to identify connections to bridges. Tor traffic still sticks out but it has gotten more and more disguised over the past few years, and currently it requires a significant amount of resources to passively scan large amounts of traffic looking for Tor traffic. If it was easy to do bridges wouldn't work to by pass the great firewall of China, they would just block all Tor traffic.

3568
Security / Re: Vendors should always use a remote service
« on: February 05, 2012, 10:19 pm »
You are better off to buy a VPS somewhere random and use it as a private Tor bridge

If you can't afford to do this you can always use one of the semi-public volunteer bridge nodes:

https://bridges.torproject.org
https://www.torproject.org/docs/bridges

only use ones on port 443 if you want the best membership concealment ... I suggest using no more than three bridges at any given time and try not to change the bridges you pick much. Right now bridges focus primarily on reachability and blocking resistance, but they offer membership concealment in the process. Tor plans to revamp its bridge system soon to offer significantly stronger membership concealment.

Using a private bridge you run yourself also gives you the benefit of being protected from active traffic confirmation attacks, since you know the first node you enter traffic through is not owned by an attacker it significantly increases your anonymity and membership concealment.

3569
Dead holocaust victims can't consent to images of their genocide being distributed all over the internet.. Therefore it's not a victimless crime, the victim is real and is in the picture.

Quote
Feel free to go create your own illegal porn board see what happens to it. Hope you know how to sanitize php user inputs

Why bother I don't want to aid in the distribution of CP, I just don't think it is a victim causing crime to do so. And I know how to secure servers pretty damn well but thanks for the concern.

3570
Security / Re: where the GPS dead drop networks at?
« on: February 05, 2012, 06:26 pm »
I am aware of one in the bay area although it is way above my playing level, and I imagine that of everybody else on this board save one or two people. A big problem is countersurveillance of the drop point, I am so paranoid that I would not want to work with a team when I'm picking up large amounts of drugs for various reasons (trusting others, loss of anonymity, etc.) but it is very difficult scope out a drop spot alone and impossible to perform real time perimeter monitoring.

True but it is no more insecure to pickup from a GPS location than it is to pick up from a mail box. After all mail boxes are at GPS coordinates also ;).

Some really big trafficking groups even use anonymously controlled mini UAVs + GPS systems for picking up and dropping off drugs. One technique I have heard of is dropping multi kilo orders from mini UAV onto the top of big buildings with people on the top ready to grab and vanish into the building. Shit can be well hidden before anyone gets to the top floors and it is a logistical nightmare to go through an entire building looking for a package of drugs, particularly if it is like a high rise apartment complex or something. This shit is all way above my level, but there are some smart mother fuckers out there smuggling bulk drugs.

Pages: 1 ... 236 237 [238] 239 240 ... 249