Silk Road forums
Discussion => Silk Road discussion => Topic started by: Rinaldo on July 12, 2011, 06:22 am
-
What methods do you think LE are using to try to get at this place? For example do you think they are attempting to trace bitcoin transactions from any of the major trading posts (Mt. Gox, Trade Hill) that might somehow lead back to SR? I mean where can they really start?
I can't imagine they are sitting there with their thumbs up their ass.....can any of the more techy people weigh in on what advanced strategies they might be utilizing or attempting to utilize to catch folks through the technology we are using... (TOR, BitCoin, etc...)
-
Nice try, LE.
Just kidding, at least I hope.
-
They're likely trying to identify and bust any sellers they can.
-
definitely not LE.. (I thought this thread, as I was typing it, might illicit something like that though) lol
-
I think they are going to bust the first seller tied to Silk Road they can, horribly and with publicity. Silk Road is super small in actual consequence **maybe** at best a couple of dozen orders a day. Compare this to the semi-trucks of weed and coke that cross the border, Silk Road is nothing. But LE works on mandates, press, and public perception. A couple of senators took issue last month and that may be all it takes. I don't think the officers themselves care too much, people here sell individual amounts to individual users without violence or crime <sic> but Silk Road has put itself out there.
-
They're going to bust one seller, use his login for his SR account (for lesser charges), then use his reputation to get as much info about other sellers/buyers. I heard LEA work just that way with pedo rings...
-
SRSLY LE has better things to do than to work on small drug deals out of their jurisdiction.
-
I think they will put a tap on one or more of the Tor directory authority nodes where all Tor clients bootstrap. A single tap on a single authority node will be enough to enumerate nearly every IP address that uses the Tor network as a client. Then they will place orders from many vendors and record the GPS coordinates where packages were sent from. Next they will create a radius around where the package was sent from of maybe fifty or so miles, and then they will intersect the crowd of Tor users with the crowd of individuals who live in a fifty mile radius of where packages were sent from. This will result in small crowds in each of the areas, with the vendor being one of the people in the crowd. Next they will probably use human intelligence and surveillance to monitor the small list of people looking for drug trafficking activity. After busting them they may then work downwards and get buyers as well.
-
SRSLY LE has better things to do than to work on small drug deals out of their jurisdiction.
Don't fall into that cognitive trap.
-
I think they will put a tap on one or more of the Tor directory authority nodes where all Tor clients bootstrap. A single tap on a single authority node will be enough to enumerate nearly every IP address that uses the Tor network as a client. Then they will place orders from many vendors and record the GPS coordinates where packages were sent from. Next they will create a radius around where the package was sent from of maybe fifty or so miles, and then they will intersect the crowd of Tor users with the crowd of individuals who live in a fifty mile radius of where packages were sent from. This will result in small crowds in each of the areas, with the vendor being one of the people in the crowd. Next they will probably use human intelligence and surveillance to monitor the small list of people looking for drug trafficking activity. After busting them they may then work downwards and get buyers as well.
Now you have made me go from super paranoid to fucking super paranoid. I posted a thread about a VPN. Im hoping that If I purchase a VPN ill be able to still use tor thru it. Wouldnt that solve your scenerio?
-
Now you have made me go from super paranoid to fucking super paranoid. I posted a thread about a VPN. Im hoping that If I purchase a VPN ill be able to still use tor thru it. Wouldnt that solve your scenerio?
It will make the attack more difficult at least. But it might not solve it. The primary benefits are
A. It decentralizes monitoring points (rather than monitor a single directory authority server they now must also determine who is using the VPN in the area from which shipping took place.
B. It hides the fact that you are using Tor from a local observer who can only look at IP logs
however it isn't a sure fire way to solve the problem and it could bring up issues of its own. For one, a local attacker who can fingerprint streams can still tell you are using Tor since Tor has very unique packet sizes. For two, the attack could merely switch from "all users of Tor in the area" to "all users of encrypted tunnels in the area". There is probably a bigger crowd of people using encrypted tunnels than people using Tor in specific though. However, keep in mind there is a difference between an encrypted tunnel (VPN, Tor) and an encrypted session in general (SSL). But even if it just decentralizes the attack it will be very helpful. You may also want to look into Tor Bridges, they somewhat protect from this attack although again they probably don't do enough to offer strong protection from it. At least they decentralize the attack and that by itself is a huge advantage, but they don't offer very good membership concealment just a little.
What you should really do is encourage the Tor developers to
A. Decentralize the bootstrapping process by using directory authority guards (so rather than directly downloading the Tor node directory consensus from 4 out of ~8 or so total directory authorities, you build an encrypted circuit to download the consensus from them, with Tor shipping with an old consensus on the assumption that at least SOME of the nodes from it are still up and running). Currently using bridges somewhat does this as you bootstrap through a single hop bridge instead of directly to the authority servers.
and
B. Enhance membership concealment offered by bridges by
B1. Using two bridge cascades with two class of bridge (first and second) to conceal membership from the first bridges ISP and conceal clients IP from the second bridges ISP
B2. Blend in with regular SSL by mimicking multiple encrypted streams instead of a single encrypted stream which is evidence of a tunnel
B3. Have the second bridge node select entry guards into the network so that an attacker can not enumerate bridges by adding a few nodes to the network and send all the nodes it gets data from bridge requests
B4. Require a key to utilize bridges so they can't be confirmed by sending them bridge requests and see how they respond to them
and
C. Try to get Tor shipped with major Linux distributions so that they can't monitor the Tor download site / repositories looking for IP addresses that download it. Let Tor update via a Tor circuit.
Once these things are all implemented this attack wont be as serious but right now it is the most likely method of attack imo.
-
It sounds like you are much safer in Los angelas than in Boise, idaho. I'm sure that there are hell of a lot more tor users in so. cal than in idaho. This is one of the reasons I ship from another city/zipcode. In fact, I may even go into another county with a much larger city. that way, Im 60 miles away from the shipping zipcode. The bad thing is that it will be a pain for me. But it looks like that is what im going to do..
-
@Karl: that is Exactly what LE does, in everything from hackers to pedos to... xylophone smuggling rings? Anyone got one that starts with z?
This would most likely fall under the FBI's jurisdiction: it was them, not nescesarily the DEA, who did the tech stuff in the background for things like epharma. Kanekos scenario is the most likely, after attempts to force users to reveal IP with JS/flash and the like.
-
Now you have made me go from super paranoid to fucking super paranoid. I posted a thread about a VPN. Im hoping that If I purchase a VPN ill be able to still use tor thru it. Wouldnt that solve your scenerio?
It will make the attack more difficult at least. But it might not solve it. The primary benefits are
A. It decentralizes monitoring points (rather than monitor a single directory authority server they now must also determine who is using the VPN in the area from which shipping took place.
B. It hides the fact that you are using Tor from a local observer who can only look at IP logs
however it isn't a sure fire way to solve the problem and it could bring up issues of its own. For one, a local attacker who can fingerprint streams can still tell you are using Tor since Tor has very unique packet sizes. For two, the attack could merely switch from "all users of Tor in the area" to "all users of encrypted tunnels in the area". There is probably a bigger crowd of people using encrypted tunnels than people using Tor in specific though. However, keep in mind there is a difference between an encrypted tunnel (VPN, Tor) and an encrypted session in general (SSL). But even if it just decentralizes the attack it will be very helpful. You may also want to look into Tor Bridges, they somewhat protect from this attack although again they probably don't do enough to offer strong protection from it. At least they decentralize the attack and that by itself is a huge advantage, but they don't offer very good membership concealment just a little.
What you should really do is encourage the Tor developers to
A. Decentralize the bootstrapping process by using directory authority guards (so rather than directly downloading the Tor node directory consensus from 4 out of ~8 or so total directory authorities, you build an encrypted circuit to download the consensus from them, with Tor shipping with an old consensus on the assumption that at least SOME of the nodes from it are still up and running). Currently using bridges somewhat does this as you bootstrap through a single hop bridge instead of directly to the authority servers.
and
B. Enhance membership concealment offered by bridges by
B1. Using two bridge cascades with two class of bridge (first and second) to conceal membership from the first bridges ISP and conceal clients IP from the second bridges ISP
B2. Blend in with regular SSL by mimicking multiple encrypted streams instead of a single encrypted stream which is evidence of a tunnel
B3. Have the second bridge node select entry guards into the network so that an attacker can not enumerate bridges by adding a few nodes to the network and send all the nodes it gets data from bridge requests
B4. Require a key to utilize bridges so they can't be confirmed by sending them bridge requests and see how they respond to them
and
C. Try to get Tor shipped with major Linux distributions so that they can't monitor the Tor download site / repositories looking for IP addresses that download it. Let Tor update via a Tor circuit.
Once these things are all implemented this attack wont be as serious but right now it is the most likely method of attack imo.
I appreciate your thoughts on this matter. Maybe an admin should take a look...I'd love to hear opposing views.
-
Spoken from an American point-of-view, but then, I'm an American.
So far, I'm convinced that LE is doing nothing more than grinding their teeth and stomping their feet.
DEA, I'm sure, is interested. So long as SR is doing things well (and so far, I have no reason to believe otherwise), they can't go up the food-chain.
The only way they can go up the food-chain is with a stupid seller. And fuck it all... a stupid seller should be busted.
Otherwise, they're just watching now. The percentage of dope being dealt via SR vs. the percentage of dope being sold worldwide doesn't give them even a minor boner.
- Bit
-
If Schummer can drum up enough "outrage" the focus will be far more political than economical.
And if another Weinergate comes up with someone they WON'T throw under the bus SR and Tor could be just the useful distraction they need.
Anyone remember Clinton bombing Libya as Whitewater/Monicagate was about to bust?
The numbers of a few person to person transactions has no meaning to them, the right distraction t the right time does.
They will probably focus on kiddie porn and the fact that Tor makes it accessible more than anything else when the time comes IMO.
-
omigod... child porn!?!
Do you mean those sweet little pics of those fine young ladies who have very little pubic hair?
- Bit
-
omigod... child porn!?!
Do you mean those sweet little pics of those fine young ladies who have very little pubic hair?
- Bit
No those are called Jailbait (JB).
-
Spoken from an American point-of-view, but then, I'm an American.
So far, I'm convinced that LE is doing nothing more than grinding their teeth and stomping their feet.
DEA, I'm sure, is interested. So long as SR is doing things well (and so far, I have no reason to believe otherwise), they can't go up the food-chain.
The only way they can go up the food-chain is with a stupid seller. And fuck it all... a stupid seller should be busted.
Otherwise, they're just watching now. The percentage of dope being dealt via SR vs. the percentage of dope being sold worldwide doesn't give them even a minor boner.
- Bit
It's small compared to the dangerous black market in a city. A couple of pathological liars (politicians) make a statement of feigned outrage and that alerts the public to the "danger", and hopefully everyone just forgets, or the liars jump in front of some other parade.
I'm sure LE is watching, but if sellers are very smart there's really no way in. The miniscule amount of drugs moving through SR doesn't even phase the war on poverty, I mean drugs
-
The percentage of dope being dealt via SR vs. the percentage of dope being sold worldwide doesn't give them even a minor boner.
Well said - SR really is small time, and a novelty method compared to all other sources of drug dealing. If I log into SR twice, one hour apart, maybe a handful of new feedbacks will have appeared. I'll bet that there are several crack dealers in my city that do both more deals and more business per day than SR.
-
Plus getting here is no easy task. It takes a few hours to get the tor system up and running and then about a week or so to get bitcoins. You have to very motivated to buy on here. I think that there are a lot of sites that people can get to very easily that has much more drug traffic than here.
-
@Karl: that is Exactly what LE does, in everything from hackers to pedos to... xylophone smuggling rings? Anyone got one that starts with z?
I srsly just registered an account to say: zebra poaching.
-
@Karl: that is Exactly what LE does, in everything from hackers to pedos to... xylophone smuggling rings? Anyone got one that starts with z?
I srsly just registered an account to say: zebra poaching.
+1
I wanted to say zopiclone smuggling rings...
-
The most interesting paper/post I've seen about attacking Tor is at www.usenix.org/event/leet11/tech/full_papers/LeBlond.pdf
It will unmask you when you open it (maybe?) so don't open in Tor; do it when you're not on here.
AFAIK, that's the only verified successful attack on Tor. BUT...that said, it's way too strenuous even for LE with their usual crew.
Until A. someone famous or rich has a kid who dies from something bought at SR or
B. DEA gets some much smarter guys
C. NSA has a functioning Tor monitoring unit
the only busts of SR people, buyers or sellers, will come from human error; not technological failures.
The canary in the coal mine will likely be a slew of CP busts. Watch the news for those! That could well mean that Tor has a new vulnerability.
-
The most interesting paper/post I've seen about attacking Tor is at www.usenix.org/event/leet11/tech/full_papers/LeBlond.pdf
It will unmask you when you open it (maybe?) so don't open in Tor; do it when you're not on here.
AFAIK, that's the only verified successful attack on Tor. \
The tracking mentioned in the paper only applies if you're running a "bad apple" P2P application like BitTorrent. If one P2P stream can be traced to your browser, then other streams from the same exit node may also be attributed to you.
Here's the abstract:
Abstract: Tor is a popular low-latency anonymity network. However, Tor does not protect against the exploitation of an insecure application to reveal the IP address of, or trace, a TCP stream. In addition, because of the linkability of Tor streams sent together over a single circuit, tracing one stream sent over a circuit traces them all. Surprisingly, it is unknown whether this linkability allows in practice to trace a significant number of streams originating from secure (i.e., proxied) applications. In this paper, we show that linkability allows us to trace 193% of additional streams, including 27% of HTTP streams possibly originating from ``secure'' browsers. In particular, we traced 9% of Tor streams carried by our instrumented exit nodes. Using BitTorrent as the insecure application, we design two attacks tracing BitTorrent users on Tor. We run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor users. Using these IP addresses, we then profile not only the BitTorrent downloads but also the websites visited per country of origin of Tor users. We show that BitTorrent users on Tor are over-represented in some countries as compared to BitTorrent users outside of Tor. By analyzing the type of content downloaded, we then explain the observed behaviors by the higher concentration of pornographic content downloaded at the scale of a country. Finally, we present results suggesting the existence of an underground BitTorrent ecosystem on Tor.
The moral of the story: don't cross the streams! :)
-
Oh, and if you do want to use BitTorrent or another "leaky" application with Tor, there's a not-too-difficult fix: run Tor and the app inside a VM, then set up your physical machine as a Tor relay, as described in here:
https://www.schneier.com/blog/archives/2011/03/identifying_tor.html
-
Hi-tech is more interesting to speculate on, but most busts come thru stupidity and informants. Some seller will get caught coming back from the dope house, and try to sell *this* to the DA, or buyers are already getting caught because of bad packaging...mostly what I read is understanable paranoia...people talk, they tell their pals what they are doing...their pals get busted...
I don't think it will be hard to get us...what will be hard will be to make a legal case. I don't want to get busted...but I'm definitely a 'don't do the crime if you can't do the time' kind of bloke, and if worst came to worst, it'd be a hell of case, and probably get some publicity and might be fun...if you're really worried, go make arrangements with a bail bondsman and an attorney....show common sense, and if you're a seller don't *ever* give out information, even if 'she' says she is young beautiful and rich, and *so* wants to meet you...
This site protects the buyers from the sellers...that's the real strength of it, because no matter what people tell you, cops know that most people who get busted, give up their dealers in a hearbeat as they are usually scared to death of a little jail time...but here it can't happen...they can get the buyers, but harder to get the sellers...and most buyers are buying small amounts...so be careful...don't worry...be happy :) (use tails)
-
i would like to say something to hopefully stop all the newbies from being an idiot like me :) pgp can be REALLY confusing to set-up first time. DONT use your real fucking email. i made that mistake once, without any consequences THAT IM AWARE OF except that one seller had/has my actual email address and could instantly identify me. i STILL wince at how compromising that is. if u have ur real email, it would be insanely easy to trace your real identity... should go without saying, but hell, a newbie is a newbie... things that seem obvious now arent so obvious at first. newbies, in case you missed the moral in all that: ENTER A FAKE AND CLEVER EMAIL ADDRESS THAT IS OBVIOUSLY FAKE WHEN SETTING UP YOUR PGP KEYS FOR THE FIRST TIME! right then, carry on... :P ~smod
-
WARNING: Walls of text appear from nowhere and CRIT you for 10,000; you are stunned.
I think Kane has the right idea. He's either LE, or a comp sec expert or both. He knows his shit.
My answer would have been more like phubaiblues's. I'd come to this answer from personal knowledge and my personal thoughts. What I mean by this is , the way I consider foolproofing something from LE is if I can think of a way to compromise it *they* can as well.
I assume this because they have unlimited time, money and even though officer dipshit who pulled you over didn't find your clever hiding place or you fooled him somehow doesn't mean all cops are idiots. Even assuming 99% are they probably will have the ones that are not idiots working more complex cases. You only need 1 of them to be smarter than you or to use techniques devised by someone smarter than you and you might as well think in terms of "they are smarter than me".
If they are smarter , all those little worries? Yeah, they are thinking of them too. You just read about SR on a few sites that mentioned it, or perhaps on wiki (the way I found it a few hours ago)? Guess what, at worst they found out and accessed it just as quick, more likely contacts in top/bottom level private sites that are informants told them about it before it became mainstream and they've "been known" about this place. Bet you dollars to donuts they are reading this now.
But yeah, basically they flip someone unrelated or related, they snitch then give everyone else up. They are going to try to slam the first one they catch, I agree with that. Did you see the fucking articles? One shows a collage of drug pics, one of them I know for a fact is a multi year old picture where one bag of coke is pink, in other words they aren't just breaking the story they are adding shit to it to make it sound worse.
Small time? That's not a problem, 30-40 active people - can hardly call that a huge market but maybe instead they Shadowcrew you and portray the whole site as a syndicate.
They'll turn it into whatever they want. That Ryan Hate dude or however the shit spelled his name, and I say that half joking since he was a kid and died, I mean thats sad shit but still after that happened. Dr Friendlander or whatever one of the most popular OP docs get popped and gets I think got a decade or two, then the OP scene folds shortly after that. OH yeah, and they passed a law named after the kid. Another oh yeah, at the time the OP scene was legal, the law just called for a relationship to exist to receive the scripts they were writing but the law didn't saw what a relationship was so medical pioneers had docs doing phone consults without ever laying eyes on the patient. The point is , it was legal.
Reading some of the listings I can tell they are bogus , and they are extremely humurous. Problem solver...lol seriously,he doesn't give a shit who it is or why , just point him in the guys direction and he'll solve the problem, anytime, anyhere. Come on. But the joke isn't funny any more when you read about Sr in the newspaper as:
"A mysterious, dangerous hidden crime syndicate who trades drugs, guns, murder-for-hire with eachother in return for Bitcoins, a virtually undetectable, tax evasion currency that can be transferred anywhere instantly" toss in a dead kid or two and you got a story.
Long and short of it. Someone will snitch, it happens 99% of the time and if you don't believe me you aren't living the life or just haven't lived it long enough yet.
So in short, when they pop one of you sellers or buyers (yeah buyers, you receive a certain amount in some states and you are looking at a mandatory minimum, In FL you get caught with 6(ish) vicodens without a script in your pocket just walking? That's trafficking and you get 3 years regardless of if you never have been arrested before and the judge and SA want to get you a deal, yer done.) get roped off just hope to god you did enough homework on your end where you can beat it.
Wall of text over, sorry - just feeling good after rolling some fire up and enjoying a nice glass of Patron silver and pineappple juice.