Silk Road forums
Discussion => Security => Topic started by: summer on January 11, 2013, 05:48 pm
-
**UPDATED**
Situation
Vendor want to make preparations so if SHTF, she can still do business even from jail. She grows more weed than she can sell right now, the excess is packed for long term storage, caches buried at random places all over the country. She got 8 usual buyers and about 100 caches if you need some numbers.
Right now the business goes like this: buyer wants to buy, contacts vendor by email, the amounts are the same every time, vendor replys with OK, sends a BTC address where she wants to receive the money, and when the payment is there she sends the coordinates for the cache, of course encrypted.
She's quite safe but wants to prepare for the worst, for example for jail.
There's no internet, mail and phone conversations are monitored.
Trusted associates might go rouge when the vendor becomes a prisoner, so even if there's a way to communicate (for example the associate can tell the vendor there's a buyer who already paid, so vendor tells one of the cache's coordinate to the associate, who forwards it to the buyer) but this would still have a major flaw, because the associate can fuck over the prisoner, telling her that the money is at her BTC account meaning the buyer already payed, and can steal the cache when he gets the coordinates.
To go around this trust problem, the associate:
- must not have a way to reach the buyer on his own, so he must not know email addresses or anything like that, but the vendor have to be able to instruct him what to do so only the right buyer who already paid will receive the coordinates.
- must not even know he's forwarding coordinates
- must not have control over vendor's accounts, but still be able to verify and monitor payments.
- the buyer must not be able to reach the associate.
The vendor have to be able to communicate everything through his associate but without the associate knowing what he's dealing with.
Buyer#3 - Associate : I want to buy x amount, you have the shit?
Associate to Vendor: Buyer#3 want's to buy x amount
Vendor to Associate: Got it mate, waiting for the sum / Nope mate, I'm out.
Associate to Vendor: Buyer#3 sent x amount of money to your account.
Vendor to Associate: Ok, here are the coordinates, tell these to Buyer#3
a.) Dead man's switch
This will send an email to a couple of friends who might become associates. If the vendor can't reset the timer every month or two then it:
- sends a reminder to the vendor that he needs to reset the timer
- sends out an email to a couple of friends describing that if they read this, the vendor might be dead or in prison, and they can help him out while earning a little money. All they need to do is to monitor a couple of BTC addresses, call the vendor if there's movement on them, then write the code they get back from the vendor at a given web address. If someone is in, write a snail mail that has a sentence with the word "mom" in it, or whatever, but it must be subtle and different for every candidate.
/Cover story can be a pyramid scheme that must be renewed with the code or whatever.
Additional barrier in case the switch goes off by accident just because the vendor forgets about it or she'a in coma, the emails can be encrypted to the friends public keys, and when the deadmans switch goes off they are sent to someone who might know more about the vendor's present condition, and if shes really in jail the encrypted emails can be forwarded to the recipients, but cannot be read by the close friend who forwards them/
b.) Communicating with buyers:
Some of the mails sent by the deadman's switch can inform buyers that the business still stands and works like this from now on:
Buyer has to send 0.000000x BTC to the given address, where x is the amount of weed he wants to buy. Every buyer gets a different BTC addy so vendor can tell them apart by BTC addys. The associate monitors these addresses and notifies the vendor which addy got what amount, for example "B5" where B is the BTC address's first character after the number 1, and 5 is the amount means 5 cache's coordinates.
Then the buyer needs to monitor that address, no answer means no business, but if the answer is 0.000001 BTC than only 1 cache is for sale.
Associate informs the vendor when the payment is on the account, then he gets the codes.
c.) The server
A webpage will deal with the codes. It obviously needs to be configured while the vendor is still out. It will contain every cache's coordinates as an email, encrypted to every buyers public key. 100 caches = 100 emails with encrypted coordinates. A code will determine which buyer's e-mail address will be the recipient of the next email that contains the coordinates. This code is given by the vendor, and written by the associate on the webpage or sent by email. whichever is easier and more secure. The codes are kept by the vendor in jail.
d.) Code keeping
It would be hard to remember 100 codes, so a scheme can be used.
A book like the Bible that can be found in every jail and kept in the cell so it's always available.
Buyer#8 will get the email if the 10 char long code is the same as the 8th, 16th, 24th, 32th...80th letter starting from page 80.
Next time this same buyer needs to be the recipient, the 10 char long code can be 8th, 16th, 24th, 32th...80th letter starting from page 88.
Buyer#3 will be the recipient if every 3rd char is the code starting from page 33.
This way the scheme can be kept in secret, there's no password list, easy to remember etc.
e.) paying the associate
If the code is right, the webpage can give the private key for one of the BTC accounts that was prefilled with a only a small amount of BTC.
Final points:
BTC exchange rate must be confirmed by multiple accounts, not just by the associate.
More than one associates can be used. (1 to verify orders and another one to verify payments etc)
Questions:
Any thoughts on server config? I'm looking for an easier solution,.
Any better way to communicate with buyers?
Any flaws?
Please share your thoughts.
-
Seriously????
:o
-
WTF are you talking about? ??? You must be joking! If not, you're off your rocker! ??? ???
-
LE ALERT LE ALERT ;D
-
LOL what a joke
-
If it helps, we can speak theoretically.
I'm not talking about vending on SR, just usual business that already works very similar if the seller is using dead drops.
The difference here is that the seller can't communicate via usual channels, can't use a computers etc.
-
You would obviously have to have somebody do it for you and speak to them over the phone don't you think?
-
All mail in and out of prisons is monitored looking for encoded communications. I have a pretty good idea for how you could securely get information out of prison, however, I am not going to share the system here :).
-
I wonder if you could smuggle in a small citrus fruit into prison.
If so, there's a way to write out small messages onto regular outbound prison mail; I'm quite confident this method would pass through the prison's scrutiny.
-
write a fake/shill message in ink to distract the screws, then write the real message with your sperm on the reverse side, get your contact to use a blacklight and goggles to read it.
-
Yeah because nobody has ever thought of writing stuff on paper with lemon juice and holding it to heat before.. I think they'd notice that one lol.
Jizz message?
:o
-
Cryptography without a computer? Shit, not even Rain Man could do that. ;D
If it helps, we can speak theoretically.
I'm not talking about vending on SR, just usual business that already works very similar if the seller is using dead drops.
The difference here is that the seller can't communicate via usual channels, can't use a computers etc.
Oh I get it, this is supposed to be a lure. And to think you originally seemed so honest and trustworthy Mr Anonymous Internet Person. :(
-
Large prison gangs sell the service of passing along messages. Can't trust them with unencoded info though can ya? Maybe just use your rectum as payment for a couple messaging lessons?
Or smuggle a secret decoder ring in your rectum? Man, rectums are so useful!
-
Large prison gangs sell the service of passing along messages. Can't trust them with unencoded info though can ya? Maybe just use your rectum as payment for a couple messaging lessons?
Or smuggle a secret decoder ring in your rectum? Man, rectums are so useful!
Most people don't realize they can be stretched to the circumference of a dvd.
-
Yeah because nobody has ever thought of writing stuff on paper with lemon juice and holding it to heat before.. I think they'd notice that one lol.
Jizz message?
:o
Lemon juice may be hard to come by. Urine, however is always available and has been used by agents for generations.
Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
-
**UPDATED**
Situation
Vendor want to make preparations so if SHTF, she can still do business even from jail. She grows more weed than she can sell right now, the excess is packed for long term storage, caches buried at random places all over the country. She got 8 usual buyers and about 100 caches if you need some numbers.
Right now the business goes like this: buyer wants to buy, contacts vendor by email, the amounts are the same every time, vendor replys with OK, sends a BTC address where she wants to receive the money, and when the payment is there she sends the coordinates for the cache, of course encrypted.
She's quite safe but wants to prepare for the worst, for example for jail.
There's no internet, mail and phone conversations are monitored.
Trusted associates might go rouge when the vendor becomes a prisoner, so even if there's a way to communicate (for example the associate can tell the vendor there's a buyer who already paid, so vendor tells one of the cache's coordinate to the associate, who forwards it to the buyer) but this would still have a major flaw, because the associate can fuck over the prisoner, telling her that the money is at her BTC account meaning the buyer already payed, and can steal the cache when he gets the coordinates.
To go around this trust problem, the associate:
- must not have a way to reach the buyer on his own, so he must not know email addresses or anything like that, but the vendor have to be able to instruct him what to do so only the right buyer who already paid will receive the coordinates.
- must not even know he's forwarding coordinates
- must not have control over vendor's accounts, but still be able to verify and monitor payments.
- the buyer must not be able to reach the associate.
The vendor have to be able to communicate everything through his associate but without the associate knowing what he's dealing with.
Buyer#3 - Associate : I want to buy x amount, you have the shit?
Associate to Vendor: Buyer#3 want's to buy x amount
Vendor to Associate: Got it mate, waiting for the sum / Nope mate, I'm out.
Associate to Vendor: Buyer#3 sent x amount of money to your account.
Vendor to Associate: Ok, here are the coordinates, tell these to Buyer#3
a.) Dead man's switch
This will send an email to a couple of friends who might become associates. If the vendor can't reset the timer every month or two then it:
- sends a reminder to the vendor that he needs to reset the timer
- sends out an email to a couple of friends describing that if they read this, the vendor might be dead or in prison, and they can help him out while earning a little money. All they need to do is to monitor a couple of BTC addresses, call the vendor if there's movement on them, then write the code they get back from the vendor at a given web address. If someone is in, write a snail mail that has a sentence with the word "mom" in it, or whatever, but it must be subtle and different for every candidate.
/Cover story can be a pyramid scheme that must be renewed with the code or whatever.
Additional barrier in case the switch goes off by accident just because the vendor forgets about it or she'a in coma, the emails can be encrypted to the friends public keys, and when the deadmans switch goes off they are sent to someone who might know more about the vendor's present condition, and if shes really in jail the encrypted emails can be forwarded to the recipients, but cannot be read by the close friend who forwards them/
b.) Communicating with buyers:
Some of the mails sent by the deadman's switch can inform buyers that the business still stands and works like this from now on:
Buyer has to send 0.000000x BTC to the given address, where x is the amount of weed he wants to buy. Every buyer gets a different BTC addy so vendor can tell them apart by BTC addys. The associate monitors these addresses and notifies the vendor which addy got what amount, for example "B5" where B is the BTC address's first character after the number 1, and 5 is the amount means 5 cache's coordinates.
Then the buyer needs to monitor that address, no answer means no business, but if the answer is 0.000001 BTC than only 1 cache is for sale.
Associate informs the vendor when the payment is on the account, then he gets the codes.
c.) The server
A webpage will deal with the codes. It obviously needs to be configured while the vendor is still out. It will contain every cache's coordinates as an email, encrypted to every buyers public key. 100 caches = 100 emails with encrypted coordinates. A code will determine which buyer's e-mail address will be the recipient of the next email that contains the coordinates. This code is given by the vendor, and written by the associate on the webpage or sent by email. whichever is easier and more secure. The codes are kept by the vendor in jail.
d.) Code keeping
It would be hard to remember 100 codes, so a scheme can be used.
A book like the Bible that can be found in every jail and kept in the cell so it's always available.
Buyer#8 will get the email if the 10 char long code is the same as the 8th, 16th, 24th, 32th...80th letter starting from page 80.
Next time this same buyer needs to be the recipient, the 10 char long code can be 8th, 16th, 24th, 32th...80th letter starting from page 88.
Buyer#3 will be the recipient if every 3rd char is the code starting from page 33.
This way the scheme can be kept in secret, there's no password list, easy to remember etc.
e.) paying the associate
If the code is right, the webpage can give the private key for one of the BTC accounts that was prefilled with a only a small amount of BTC.
Final points:
BTC exchange rate must be confirmed by multiple accounts, not just by the associate.
More than one associates can be used. (1 to verify orders and another one to verify payments etc)
Questions:
Any thoughts on server config? I'm looking for an easier solution,.
Any better way to communicate with buyers?
Any flaws?
Please share your thoughts.
-
Just use a mobile phone dude like everyone else.
You can surely buy a mobile in prison. Hell you can get mobiles these days that are small enough to fit up one's ass :)
-
Here's an idea.. put the brakes things - remember you are in jail for a reason maybe.. slinging weed or not - but I've a my family member works for LEO and they continue to monitor friends and families after the conviction for up to 1 year.
ce
-
Well even if they monitor all the vendors friends (she never even met some of them, only kept contact over the internet) all they will see is that they are browsing the net, and writing letters to me. The codes can be concealed the letter or phone conversations somehow but seriously..., I'm a quite paranoid person but even I don't think they would dig deep enough to reveal this scheme.
Especially where the vendor lives.
And If the associate decides to rat on the vendor, all he can tell is that the vendor is sending him some codes that he have to send to a webpage and monitor someBTC addys.
Sure they could hack the webpage and see what goes in the background (finding encrypted messages),
Your points are valid, but say the vendor will be closed for more than 3-4 years. then every one of her caches will loose enough potency to become unsellable.
I think it worth a try, and it's pretty safe. Maybe even safer than selling on SR....
-
Please share your thoughts.
Are you writing Shawshank Redemption II or is there really someone who wants to sell treasure maps to buried weed through a cloak&dagger zero-trust network that she manages from jail?
Or (most likely) are you just seeing if you get any offers here. And the sellers got a BTC address too... how conveeeeenient. ::)
Your more entertaining than the VIRWEX scam, so I'll give you that much.
-
I have nothing to add, but I think that a thread this sort of theoretical stuff is both interesting and on-topic for this forum. Makes a change from the endless stream of "HOW TO PGP?" threads anyway.
-
Are you writing Shawshank Redemption II or is there really someone who wants to sell treasure maps to buried weed through a cloak&dagger zero-trust network that she manages from jail?
That reminds me of an episode from Porridge (British sitcom) - I think it's called "Happy Release" or something similar.
Go & watch it if you haven't already (I'll wait a while before posting spoilers.)
-
Ideally you would want to have preagreed upon ciphers that all people on a need to know have the same codes. (You could smuggle your ciphers up your ass) And you would want the cipher to be in plain text so it looks like a normal letter.
-
Ok, I will cut this bullshit.
First of all this is not a scam, I live in a country most of you never even heard of so no, I'm not looking for buyers, I'm just looking for thoughts while sharing mine.
I already grow more weed than I need, so there's an excess and I don't want to keep it near my property, for obvious reasons. I break down the excess into smaller batches, and put the double vacuum packaged weed inside a PVC pipe, the pipe is sealed and buried. A picture is taken of the exact place, then the location is marked on a map (digital map). These pipes are scattered around the country, where my usual buyers can pick them up without to much hassle.
The oldest batch is 3 years old now and still good to sell, there are no complaints at all. Lost a couple earlier due to excess moisture, since then I dry the weed until it's bone dry. The pipe keeps out water and light, it's sturdy enough the bear with the elements and the juices of earth while the vac bags keeps the moist air outside.
I thought it'd be a good idea to have complete control over these stashes even under extreme conditions, like when I'm in jail. With a system like this I'd be still able to continue my business with my usual buyers, or barter the coordinates with cellmates or guards for whatever I want to have inside.
I have people I could trust with the business or the coordinates, but I don't want them to get involved, or if it's a must, then it needs to be on a need-to-know basis so they don't get in serious trouble because of me. It's better for everyone if they don't know what they are dealing with.
Ideally you would want to have preagreed upon ciphers that all people on a need to know have the same codes. (You could smuggle your ciphers up your ass) And you would want the cipher to be in plain text so it looks like a normal letter.
This is what the dead man's switch is for. No need to preagree so noone knows that I have stashes or BTC, but when I get in jail and the dead man's switch is triggered, the likely candidates will receive an email that clarifies the situation. See my posts above for the details.
Thanks for the great suggestions about writing with piss or cum, although I think I will try to hide in plain sight, and disguise the passwords as a set of lottery numbers, or "my favorite quotes from the bible for this week", or my poems, or something similar.
Can anyone understand the system I tried to sketch up in the 1st post?
Maybe there is a language barrier and it's not clear?
Or is this a plain stupid idea and system?
-
Large prison gangs sell the service of passing along messages. Can't trust them with unencoded info though can ya? Maybe just use your rectum as payment for a couple messaging lessons?
Or smuggle a secret decoder ring in your rectum? Man, rectums are so useful!
+1 ;D ;D ;D
-
yes I guess my rectum gonna come in handy in multiple ways.
-
yes I guess my rectum gonna come in handy in multiple ways.
Yup - you can slip a mobile phone up your rectum - and the charger, but use another plug from your radio or whatever.
And emails are monitored in jails - in those jails which allow email. But - any encrypted email would just be spotted and the guv would ban you from using internet due to suspicions you are up to no good!
Most dealers use mobile phones to carry on biz in jail - or you could get a carrier pigeon and go old school.
So whilst your rectum can come in handy in jail - make sure its for your own personal use!
Mobile phones were smuggled up the ass even going back 15 years - that would be a lot of lube!
Even guns have been smuggled in, up the ass.
My advice to anyone going into jail is to stash your goods, tell nobody, inform customers your going away for a while so last orders are being taken.
Burying weed is ok - but make sure that its well dried!! And use good material to keep it water proof. Some use GPS but I prefer old school - find a land mark - walk 25 paces to the north, 12 to the south, 5 steps to the west then dig up the goods!
Many prisoners who go to jail discover who their freinds really are. A lot of dealers are dishonest so if you had a few pounds of bud they would steal it! It takes timne to know who you can trust. Also, test people out for honesty with small amounts. Its worth 20 dollars to find out someone is a non payer and untrustworthy.
I'd use jail for education. Dealing in jail is just too risky on a lot of counts. Its ok if your in some gang maybe, but mostly its family firms that can deal in jail using relatives to carry on as usual and keep the profits for the jailbird when he or she gets out.
So, read a lot, try to get on some study courses, work out - stay away from drugs also. Never take a gift of drugs off another prisoner. In some areas - the dealers prey on prisoners, and they can threaten your family if you do not pay extortinate prices for heroin thatr is likely 10% or so pure.
Too many junkies and informants in jails these days to trhink about dealing from jail!
I'd keep the stash till I got out - or unload most before I went in - maybe invest in bitcoins which I think could hit 30 - 40 dollars or more. Makes no difference to prices here as a 90 dollar gram of coke ought to be 90 dollars even if a bitcoin is worth 50 dollars!
Oh to have been in on the original first creation of bitcoins when a computer could make 50 coins with ease! In a day!
Good luck in jail.
Keep your nose clean, stay off any class A and even weed is not worth it as its easy to test and you get extra days for it.
-
We did things like the mafia. When one person goes to jail/prison every one else in the click picks up the slack of their business. So said vendor needs to find someone she can trust and let them handle her business for a little bit. It worked for me and my crew and will work for her.
-
@ OP!
If this system is perfected we would like to trade something for the information or buy it.
very very interesting...
-
The locatoins are in a country you never even heard of.
The server that hands out a coordinate for a correspondent password is just a concept.
What information do you mean?
-
The locatoins are in a country you never even heard of.
The server that hands out a coordinate for a correspondent password is just a concept.
What information do you mean?
the whole concept for continuation of business from jail.
of course small changes have to be made dependant on ones personal situation / country / product.
But an detailed manual and even the scripts for the website could be worth a lot.
Please work it out to the full extent possible...thats a gem.
-
Well I'm glad you liked the idea.
I think this whole system can be automated and can be done even without using an associate. A script periodically checks a BTC address, and if it was raised with a given amount of BTC-s it sends an encrypted email with the coordinates/map to the corresponding buyer.
Determining who's the buyer is easy, because every buyer needs to pay to different addys, so if BTC address "A" got paid then buyer "A" gets the mail.
Determining the current price and amount is still fairly easy, the script can check the exchange rates through an API, calculate the net worth, then sends the coordinates of one or multiple stashes if needed.
The API can change with time, therefore the script will stop working correctly. This can be solved by hiring someone to maintain a site that always shows the exchange rates in the same format, no matter what, and the script will get the values from this site.
The BTC addy's current balance can be read straight from the block chain, or can be listed on this site by the hired programmer.
I tend to miss important things so please let me know if I missed something.
So we need help with:
Dead man's switch
(The easy way is to use services like boomeranggmail.com and others (google: scheduled email sender)
harder way: own mail server with cron job
This script needs to
- send multiply emails to multiply addresses on a given date
- easy and quick way to reset the date, like visiting a webpage and using the code "1month" will delay the trigger to the end of the next month.
- it wouldn't hurt to store the e-mail addresses encrypted
Notes:
- sending one personal message for every single buyer ( "encrypted message A" to "buyer A" and "message B" to "buyer B") might be better than encrypting only one message with multiple public keys and sending this to ALL the buyers, because the number of the recipients is still encoded in the message even if the --throw-keyid option is used, so if a buyer checks he can tell how many other people (other buyers) got the same message. This is unnecessary information.
- failsafes are important. A number of reminder email gets sent to my personal email address 10 days before the other mails are sent to the buyers, so there are plenty of time and reminders to reset the timer, maybe use email-to-SMS servies to get reminders on my phone too
- and/or use someone, maybe a relative who most likely knows about my whereabouts and will work as a remailer, "hey dude if I'm in jail, please send these emails to the given addresses (or visit a website and trigger a script that sends the messages so the the associate won't know shit about the emails), if I'm OK pls call me up and disregard this email."
The password site is like this:
- Simple script, if the input is "password A" it sends a prewritten "email 1" to "buyer A"
Password B sends email 2 to buyer B
There might be a better system than this, but bear in mind that the list of passwords can be long and you need to be able to recollect it in jail.
Any help would be appreciated.
I will try to dig deeper into this topic, now that I'm not the only one whose interested.