Silk Road forums

Discussion => Security => Topic started by: QuickSilverHawk on October 02, 2013, 11:09 pm

Title: astor
Post by: QuickSilverHawk on October 02, 2013, 11:09 pm
Are you around? I think this community could really use your help/words right now.
Title: Re: astor
Post by: Bazille on October 02, 2013, 11:34 pm
Maybe he prefers to stay away from this forum, as it may be under FBI control. You'll most likely find him on other forums. Maybe with a different name.
Title: Re: astor
Post by: comsec on October 02, 2013, 11:43 pm
Nothing really to say anyways, DPR made some serious opsec mistakes and got busted.
There's plenty of other sites around, or you can make your own small .onion site it's dead simple if you just want a contact page and list of what you have to offer.

Title: Re: astor
Post by: Nightcrawler on October 02, 2013, 11:49 pm
Nothing really to say anyways, DPR made some serious opsec mistakes and got busted.

That's an understatement, if there ever was one. If some of what was reported in the medium.com article was correct, it's a wonder that it took so long.

There's plenty of other sites around, or you can make your own small .onion site it's dead simple if you just want a contact page and list of what you have to offer.

Now might not be the best time.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090     (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0

Title: Re: astor
Post by: Bungee54 on October 02, 2013, 11:54 pm
Nothing really to say anyways, DPR made some serious opsec mistakes and got busted.
There's plenty of other sites around, or you can make your own small .onion site it's dead simple if you just want a contact page and list of what you have to offer.

Care to explain in detail how simple?

or pm us..maybe we have an offer for you.

Cheers
Title: Re: astor
Post by: boxexpert on October 03, 2013, 12:06 am
i smell a job offer

will this be the ash from which the SR phoenix rise once more?
Title: Re: astor
Post by: Bungee54 on October 03, 2013, 12:09 am
i smell a job offer

will this be the ash from which the SR phoenix rise once more?

maybe :)  we are pondering dozens of ideas since this happened...

Does anybody know if there is a copy of the SR code-base somewhere?

Title: Re: astor
Post by: weather420 on October 03, 2013, 12:13 am
i smell a job offer

will this be the ash from which the SR phoenix rise once more?

maybe :)  we are pondering dozens of ideas since this happened...

Does anybody know if there is a copy of the SR code-base somewhere?

Damn right Bungee, glad to see that you will still be in the game. I need some pure cola!
Title: Re: astor
Post by: comsec on October 03, 2013, 12:18 am
It would be dead simple to make your own SR.
Seriously any competent developer can do this using mod_lisp, python, clojure, scala.
Securing the server is not impossible. It's also not impossible to reverse proxy traffic through a pf filter to double inspect packets, and run Snort on them looking for attack signatures. It's not hard to restrict privilege, run SELinux enforcing or go through /bin and rip out shit you don't need which could be exploited. It's not hard to find and rent the servers in Ukraine or Azerbaijan.

The hard part is running it with enough discipline to not fuck up and slip on your opsec. That means renting a safe house(s) and moving around to new one's on a regular basis. Staying off the radar and living an insane life of 24/7 tradecraft while trying to keep up with the LE anti privacy arms race. It's too difficult for one person to manage with this many users, instead it would be better to simply run the escrow. Put up a .onion that handles escrow and PGP contracts. That's all DPR was doing anyways, he was selling security through escrow.

Afterwards throw up a basic forum and let anybody who wants to sell on it for free. Advertise your escrow service like the russians do on carding forums. This is much safer, and has much less attack surface to worry about than a highly centralized market leaking data everywhere.
Title: Re: astor
Post by: comsec on October 03, 2013, 12:29 am
Oops, forgot.

Also, make your escrow a bitcoin tumbler/laundry.
If you build rep in the game, then EVERYBODY will start using it for escrow + laundry.

You could even run it with 3 well known dealers who can be used to review disputes and vote on them so it's not just you running it with claims of corruption or favoring one dealer over another.

The forum you set up could be running homomorphic encryption tied to the users password, so in the event of seizure the feds won't get everything. Just the people logged in at the time.