Silk Road forums
Market => Rumor mill => Topic started by: goochihuh on July 19, 2012, 08:22 am
-
First order successful , wanted more now all his listings and previous history is gone. Click on his name there is no more feedback and you can only send his messages now can not check his profile? What happened? All happened 1 day after a relatively small order and first one from him. Crazy
-
Agreed, shame about that. Decent stuff. Shadh1 mentioned something about concern regarding express post and then gone in a puff of white smoke. Here's hoping it's just Shadh1 being paranoid and nothing more serious.....
-
How can he delete his forum acc and user acc just like that? Also It happened a day after I did my order (very small) used no pgp as he used a different program. So frustrating. In before door kicked in for a point?
-
Is a shame.... Obviously he had concerns for his safety, probably very wise move. At least he deleted everything and didnt just leave his listings up with heaps of orders going unfulfilled, like we have seen other aus vendors do.
-
How can he go from his previous feedback to none and no user profile considering that acc was a selling acc to? Also how do you delete your account off this forum like he has done?
-
Hmmm coincidence? Or something more sinister?... http://www.smh.com.au/nsw/drug-bust-1-million-ice-deals-taken-off-the-streets-20120720-22etb.html
-
http://silkroadvb5piz3r.onion/silkroad/user/0c4c79df2f
Last seen two days ago. Mebbe he's gone on holiday, mebbe he's outta gear and swamped with orders and msgs, mebbe he got busted, mebbe he was a UC scoping out how SR works. Mebbe he was too popular, his transaction count too high, decided to re-brand under a fresh new vendor name and start over... Or mebbe he just finally saw the light and found Jeebers... Mebbe we will never know.... Shame.
-
People better hope he didn't get busted, because to put it mildly, his security was worthless.
For starters, he posted his PGP PRIVATE key on his vendor page, something he could have caught with a little proofreading.
....
Even the strongest encryption is useless if you are:
- saving the decrypted content to a file. Deleting that decrypted file alone doesn't remove the information from your storage device. Sure you can use a secure wipe program after deleting, but how many buyers/sellers here guarantee that they do *and actually do it*?
- using cut+paste of the decrypted info (eg) to paste into Word for windows (or whatever) to print out the address label. The info may get saved in the word processors auto-save file, or its temp file, or the printer spool file, or your operating system's swap file - any number of places you might not know about that a forensics investigator would find...
This is a problem for all SR users. While *I* might be doing the right thing, there's no guarantee the *other* party is... :(
-
He has no feedback now how is that possible? When I click on his page it just goes to send him a message no profile shows up.
-
You can still view his profile and feedback, the link is http://silkroadvb5piz3r.onion/silkroad/user/0c4c79df2f
-
You can still view his profile and feedback, the link is http://silkroadvb5piz3r.onion/silkroad/user/0c4c79df2f
This usually happens to accounts that get banned by SR like Tony76.
-
http://silkroadvb5piz3r.onion/silkroad/user/0c4c79df2f
Last seen two days ago. Mebbe he's gone on holiday, mebbe he's outta gear and swamped with orders and msgs, mebbe he got busted, mebbe he was a UC scoping out how SR works. Mebbe he was too popular, his transaction count too high, decided to re-brand under a fresh new vendor name and start over... Or mebbe he just finally saw the light and found Jeebers... Mebbe we will never know.... Shame.
People better hope he didn't get busted, because to put it mildly, his security was worthless.
For starters, he posted his PGP PRIVATE key on his vendor page, something he could have caught with a little proofreading.
On top of that, I warned him in a SR message a little over three weeks ago. My message warned him to replace his key because he he had posted the secret key instead of the public key, that this was bad for him, bad for anyone encrypting to him and I recommended switching to GPG instead of using BCPG.
This is his response: "ive used random letters as the cypher so it doesnt matter who looks at it as its not words pertaining to me used to create the key"
I followed up by sending him a copy of the public version of his key (obviously I've had a copy of his secret key for more than three weeks) and warned him again, this time about the key size. There was no response and he deserves to go to prison for stupidity, just as long as he doesn't take anyone with him.
Unfortunately, he's not the only offender on here. There are multiple vendors with equally weak keys, and even others who have posted private keys. It's not only important for vendors to know how to properly use PGP/GPG, the buyers should be equally as informed. I don't expect either vendors or buyers to become crypto experts, but a certain level of competence is necessary. After all, your asses are on the line.
Exactly.
-
People better hope he didn't get busted, because to put it mildly, his security was worthless.
For starters, he posted his PGP PRIVATE key on his vendor page, something he could have caught with a little proofreading.
....
Even the strongest encryption is useless if you are:
- saving the decrypted content to a file. Deleting that decrypted file alone doesn't remove the information from your storage device. Sure you can use a secure wipe program after deleting, but how many buyers/sellers here guarantee that they do *and actually do it*?
For POSIX compliant systems, including Linux and OS X, srm is a good choice (see: http://srm.sourceforge.net/). Not sure what the best choice for Windows is these days, although srm should compile under Cygwin.
- using cut+paste of the decrypted info (eg) to paste into Word for windows (or whatever) to print out the address label. The info may get saved in the word processors auto-save file, or its temp file, or the printer spool file, or your operating system's swap file - any number of places you might not know about that a forensics investigator would find...
Which is why vendors should always use systems that are installed on encrypted volumes/drives at the bare minimum.
This is a problem for all SR users. While *I* might be doing the right thing, there's no guarantee the *other* party is... :(
That's always the risk of dealing with another unknown party.
-
i too ordered from Shadh1 on wednesday and he accepted my order and placed it 'in transit' 1 hour later. he didnt ask me to FE luckily so my coins are tied up in escrow. Needless to say my order has not arrived 5 days later.
there has definetely been a blitz of some sort on domestic packages, numerous peeps have now reported domestic not arriving. before this order all of my domestic packages have arrived.
With the above in mind, and knowing that Shadh even posted that he had concerns about a domestic blitz, then a few days later lifted his ban on express posting, and dropped his price by 5%, i feel there is a very good chance he may have gone rogue and was hoping to sell up before taking off with the coin.
If he has been banned, or closed his account. do we have to wait until the time limit to claim back our coins that are escrow? or is there another way to get them back?
-
I know shadh1 irl (though he isn't aware that I know he's a vendor) and I can confirm that shadh1 has found himself in quite a bit of trouble.
I doubt he'll be back anytime soon.
-
What ever has happened to Shadh1, the one lesson we all can learn from this is to never be complacent. We must continue to educate ourselves and each other on not only how vitally important security is, but the importance of keeping any current security software up to date and moving forward, implementing any new security software/techniques which will undoubtedly be developed into the future. It's nice to know we have knowledgeable people such as Guru posting some really valuable information on the Forums for all to read. From what I've read, he/she really has their finger on the pulse. 8) Safety is PARAMOUNT and IMO, one can never be too safe. :)
-
Thanks to all those who contribute to the Forums, especially those mentioned by Guru. I, like many others, love to learn and have a thirst for knowledge. :)
-
When I want to get rid of a file, I like to encrypt it first. I use ccrypt, which is like Unix crypt, except it uses AES256.. I invoke it with the 'brave' option, meaning that I don't have to repeat the passphrase, so I type randomly on the keyboard for 5-10 seconds. (ccrypt -b -e file.ext). This encrypts the files 'in place' only adding a .cpt file extent to the original file name.
Nice. I take it that's this: http://ccrypt.sourceforge.net/
Because I don't know what the passphrase is, even under coercion I could not decrypt these files, once encrypted. I finish the job invoking wipe, using the -P option to rename the files, say 35 times after wiping. I daresay no forensic investigator could make sense of the bit soup that results.
Yep, that should do the job pretty thoroughly.
When I delete with srm on the OS X system I use the -f (force), -m (medium) and -z (zero) flags. The command basically behaves like rm, so I can also use -r to recursively take out an entire directory. The -m is a little mis-named as it is in comparison to -s (simple).
A simple wipe overwrites the file with random data before unlinking it.
A medium wipe overwrites the file with 7 US DoD compliant passes (i.e. 0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random). Then it is followed by another zero pass (0x00) and unlinked.
The Linux version uses slightly different flags; -D (for US DoD compliance) instead of -m. It also has an option between -s and -D which is -E (for US DoE compliance; 2 random passes and 1 of the characters "DoE").
This is a problem for all SR users. While *I* might be doing the right thing, there's no guarantee the *other* party is... :(
That's always the risk of dealing with another unknown party.
Yep. Even if you use GPG, if the other party is cop, or turned informant, all the crypto on the planet won't help you.
Absolutely. That's the fear of everyone here.
-
I know shadh1 irl (though he isn't aware that I know he's a vendor) and I can confirm that shadh1 has found himself in quite a bit of trouble.
I doubt he'll be back anytime soon.
I made an order with him after 5pm the day he went AWOL and he msg'd me that evening quite chirpy that he would race down to ship my order that night to catch the 11am pickup. He gave me the tracking number which has never shown up as posted.
The next morning i saw his account had been de-activated, and he has never been heard from again.
Can we assumed he wont be back on SR? Why would he go through all the extra effort of deactivating his account rather that just going stealth/holiday mode?
-
When I want to get rid of a file, I like to encrypt it first. I use ccrypt, which is like Unix crypt, except it uses AES256.. I invoke it with the 'brave' option, meaning that I don't have to repeat the passphrase, so I type randomly on the keyboard for 5-10 seconds. (ccrypt -b -e file.ext). This encrypts the files 'in place' only adding a .cpt file extent to the original file name.
Nice. I take it that's this: http://ccrypt.sourceforge.net/
Yeah, that' the one.
Cheers.
-
I know shadh1 irl (though he isn't aware that I know he's a vendor) and I can confirm that shadh1 has found himself in quite a bit of trouble.
I doubt he'll be back anytime soon.
I made an order with him after 5pm the day he went AWOL and he msg'd me that evening quite chirpy that he would race down to ship my order that night to catch the 11am pickup. He gave me the tracking number which has never shown up as posted.
The next morning i saw his account had been de-activated, and he has never been heard from again.
Can we assumed he wont be back on SR? Why would he go through all the extra effort of deactivating his account rather that just going stealth/holiday mode?
This is a throwaway account by the way, so this will be the last post I make unless I hear further developments on shadh.
I think it is safe to say that he won't be back. He's stopped selling irl and has changed his number. I imagine he's not inside because he's posted bail and is awaiting trial.
That said, I'm only guessing this... he hasn't actually told me anything specific simply because I haven't asked him - as I don't want him to discover who I am on SR and be connected with him in any way... But if his place was raided, I can't think of any other reason why he wouldn't have been locked up.
As I said before if I find out anything else, I'll let you know.
One final note: just be smart about how you're doing things both on SR and in the outside world. Don't tell anyone anything... just keep quiet and stay safe!
-
sorry to bump this but I think this Q is relevant and advice would be appreciated. Dopeboyaus and now shahd1 have been confirmed as getting busted as Aussie vendors. Now there is a huge likelyhood they would tell the cops who they sold to and if there computer is taken our address's will be on there for some people who don't use pgp but that doesn't matter police have software that can really see whatever is up and been up on the pc.
Q is would the buyers get raided to or would they be only interested in his supplier? No doubt dopeboyaus and shadh1 would tell who they were selling to and happy to provide address's if they would lessen the trouble he was in and I don't blame them. So if your a buyer you reckon we will get raided?
-
sorry to bump this but I think this Q is relevant and advice would be appreciated. Dopeboyaus and now shahd1 have been confirmed as getting busted as Aussie vendors. Now there is a huge likelyhood they would tell the cops who they sold to and if there computer is taken our address's will be on there for some people who don't use pgp but that doesn't matter police have software that can really see whatever is up and been up on the pc.
Q is would the buyers get raided to or would they be only interested in his supplier? No doubt dopeboyaus and shadh1 would tell who they were selling to and happy to provide address's if they would lessen the trouble he was in and I don't blame them. So if your a buyer you reckon we will get raided?
Your making a lot of assumptions mate which are not based on fact, but speculation. Why would a vendor tell the Police who he has sold to on SR? Both Shadh1 and DopeBoyAus both sold on SR and IRL.If they were being safe in their use of SR, there is an excellent chance the Police are not aware of them vending on SR but busted them through their activities IRL. I remember when DBA made mention of this on his home page weeks after he got done. Vendors selling on both fronts need to be even more vigilant as they are exposing themselves to outside elements which although is more profitable, carries a higher rate of risk. Unless the vendor is storing your address for a particular reason (which they shouldn't be doing), once an order from a vendor is put "in transit", the buyers address which is encrypted by SR, is destroyed and as far as I know, can't be recovered or is a virtually impossible task for the Police.
To sum up, don't assume anything, especially saying things such as "No doubt dopeboyaus and shadh1 would tell who they were selling to and happy to provide address's if they would lessen the trouble he was in and I don't blame them." As I said, DBA was busted IRL and his SR activities were never uncovered by the cops. A buyer making small, personal sized purchases of say 1g IMO, wouldn't be a prime target for Police. Too much cash and lots of resources would be needed for very little reward. They would definitely target the vendors and try to gather info on any buyers making larger purchases in an attempt to wipe out the Aust. leg of SR. It's not correct to say "if there computer is taken our address's will be on there for some people who don't use pgp but that doesn't matter police have software that can really see whatever is up and been up on the pc." We as users of this incredible site need to take some personal responsibility and educate ourselves on how to protect us from the prying eyes of the Police. You can bet your bottom dollar they will be continuing their efforts, experimenting with new methods and techniques and developing software in the hope of infiltrating this very secure site. To be honest mate, take some time to do some reading on here about using TOR safely and protecting your anonymity here on SR cause you seem very vague on some aspects which could potentially leave you vulnerable in the event of something happening. I'm not having a go at you and I hope that's not how this sounds, but our safety is paramount. :)
-
if they did get done must of been pretty big, I would still come on SR and explain what happened/apologize etc. or get someone to for me.
not just disappear and ever hear a thing?
aussies seem to be doing ok at mo, lets tone down all the hype/paranoi. int'l still a bit dicey but all aussie vendors have been exemplary for me (apart from shadhs- but i still got BT back)
-
if they did get done must of been pretty big, I would still come on SR and explain what happened/apologize etc. or get someone to for me.
not just disappear and ever hear a thing?
aussies seem to be doing ok at mo, lets tone down all the hype/paranoi. int'l still a bit dicey but all aussie vendors have been exemplary for me (apart from shadhs- but i still got BT back)
I can say with 100% certainty that Shadh1 was raided. "[A Melbourne man] was charged with 10 offences relating to the importation, trafficking and possession of narcotics and prohibited weapons, and is due to appear in Melbourne Magistrates Court on October 24. I checked the Criminal Hearing list for the Melbourne Magistrates court, and sure enough his name is there. Regarding the prohibited weapons, I don't believe he had any firearms; I know that he had some tasers and high power lasers.
I imagine he is still being monitored, which would be why he hasn't returned to explain himself - and honestly, I think that's the smartest thing he's done since becoming a vendor on SR. I don't think he was picked up from selling irl; it was probably something to do with trying to convert his bitcoins into actual money.
I have a feeling that they're going to make an example of Shadh1, and that he'll be going away for a long, long time.
-
anyone know what happened with this?
-
anyone know what happened with this?
Amazingly, this is currently being discussed here. - http://dkn255hz262ypmii.onion/index.php?topic=24187.0;topicseen
It's not due in court for a few more days.