Well this is why the darknet market's business model is so much better than the traditional one. You cannot move up. Only down or sideways. If you augment the model with strong crypto and similar, you can produce swarming behavior that is essentially impossible to effectively combat even using technical means like DDOS or exploits. It's an entirely new business model, one the world hasn't actually seen before so far as I have read, which is what makes this so interesting.Cue PolyFront:QuoteOrganizationIntroductionBy viewing the drug forum scene as a network, we can analyze its security against various human intelligence attacks. Human intelligence is the primary means of attack used by the Drug Enforcement Administration, and consists of managing networks of undercover agents and informants as well as gaining assets (informants). The DEA has very large human intelligence networks and traditionally when a group or dealer is busted it is the result of a human intelligence operation. We manage to majorly counter human intelligence by using technical and tactical security measures. However, there is still some risk that can be partially mitigated through organizational structure. By improving our organizational structure and expanding our technical security, we can protect further from human intelligence and a variety of other attacks... stuff on product transfer..Likewise, financial transfer can be seen as taking place over a hierarchial pyramid, from bottom level consumers to top level suppliers. This is also true of all distribution networks. Financial network analysis can be hindered to various degrees by using various techniques (EX: E-currency, Fake documentation, Bitcoin + Mixing is particularly secure).Communications take place in both directions between neighbors. Communications can be secured by protecting from hackers (with correctness, isolation and randomization), communications / open source intelligence (by using encryption) and signals intelligence (by using anonymizers).Traditionally, law enforcement move up through drug distribution networks by using human intelligence. They control networks of informants and undercovers who report back to them. There are two scenarios which may result from law enforcement human intelligence operations; they may immediately do a controlled buy and potentially try to recruit the arrested individual as an asset, or they may gather raw intelligence which is then analyzed into reports which are then distributed to task forces for major operations. In general, law enforcements tends to start low in distribution networks and work their way up by compromising one node at a time on the path back to top level suppliers. In some cases, they may also use surveillance techniques to work their way up to a top level supplier.By using secure product transfer topologies, anonymizers, encryption and secure financial exchange techniques, law enforcement can be prevented from using human intelligence to move upwards in a network. Lower levels of the network are not able to compromise upwards as they do not know much or anything about the vendor they are working with. It serves little purpose to snitch on an untraceable pseudonym. This changes the threat model from the traditional human intelligence model to the more modern technical security model. Law enforcement have a far more difficult time to use technical attacks against secured networks than they have to utilize their human intelligence networks. This is for a variety of reasons, one being they are not used to operating in this way and another being technical security measures can in many cases provably ensure security from a variety of attacks.Unfortunately, law enforcement can still move down from a compromise (reverse sting) due to the fact that product must be picked up from a location known to the sender. Although it is impossible to protect from this downward movement in a network that deals with physical product, we can still consume law enforcement resources. If dead drops or packages are left to cool off for periods of time, an attacker at a higher position is forced into doing surveillance for periods of time. This consumes man hours and causes other expenses. An external attacker at a higher position (external meaning the mail facility versus the vendor, higher position meaning product goes through them first) can also move downwards in the network however this movement can potentially be detected prior to a compromise.Customers can significantly reduce their risk of being compromised in a reverse sting by working with a small number of vendors. As every vendor is potentially law enforcement, every additional vendor a customer works with presents an additional chance of them working with law enforcement. Even if a customer works with a legal highs vendor that turns out to be law enforcement, their recorded address can still be used for intelligence leading to compromise when the customer orders illegal substances. Using fake identification boxes can also protect from this risk, it is not likely that an order of a legal substance will result in the surveillance required to determine fake identification boxes, but if the same box is used for legal and illegal highs the intelligence gathered from legal high purchases can still be used to flag a box.Another way to reduce the risk of customers working with malicious vendors is via trust networks. This can be done in a decentralized fashion with GPG webs of trust, or in (usually) more centralized ways such as secure vendor review websites and internal forum trust rank systems managed by trusted staff. Vendors can increase their security significantly by compartmentalizing their operation into dealing with customers and shipping. Here the important distinguishment between intelligence and evidence comes into play. An attacker may use intelligence (for example, a series of logs leading back to the vendor) to narrow in on evidence (drugs). By compartmentalizing the operation, intelligence can be made to lead to no strong evidence (drugs) but rather a person who deals with customers (although information stealing attacks may suffice as evidence, for example if the customer support vendor has their computer bugged. These attacks can also be protected from significantly, reducing the chances that any evidence can be gathered). It is certainly better if the DEA raids a clean house than if they raid a house containing drugs. One of the best methods of communication between customer support and shipper is via steganography in a crowded channel. One example of this would be a vendor hiding encrypted orders in images and then posting the images on a popular image hosting site with many visitors. Now the shipper can get the image (blending in with the crowd of everyone else who goes to the image hosting site) and use a secret key to pull the encrypted orders out of the image. If intelligence leads to the customer support, the link to the shipper will be obfuscated making them difficult to identify. This sort of organizational construct can gain some advantages if the shipper and customer support both highly trust each other and do not use anonymizers to communicate the steganographically hidden orders. This is to prevent two sorts of attack; first it prevents the shipper from being identified out of the crowd of people who view the image due to the fact that they are the only ones using an anonymizer. Secondly, if the shipper never uses an anonymizer from their base location (safe house) it offers strong protection from membership revealment + mail geolocation attacks narrowing in on the safe house. It is worth noting that this is largely a new strategy and serious analysis of the risks and benefits should be done before vending groups choose to use this technique. One of the things to take into consideration is dragnet attacks looking for steganographically hidden data in images, although steganography can protect from a human determining there is data hidden in an image (or other data) it is usually not as robust against computer algorithms. Another obvious risk is the fact that the shipper will need to reveal their IP address to customer support. A safer option may be if the shipper uses random Wifi to download the images, they will not stick out as being part of an anonymity network and can still protect their anonymity from customer support. It is worth noting that it is not entirely accurate to look at the network as a closed two diemensional hierarchy. Many people ordering from vendors do so to supply local networks. If the local networks are not secured then there is a risk of human intelligence 'moving sideways' (either up or down, but from outside of the closed system discussed here and into it). This can be protected from to a few degrees although in the end it is not realistic for a vendor to dead drop personal use amounts of drugs. Eventually distribution will get to the point that the amounts are so small that face to face transactions are essentially required. Regardless, vendors supplying local areas are wise to begin doing so pseudonymously and via dead drops. Smaller amounts can be distributed face to face through small 'cells' of friends. Even if a cell is compromised by human intelligence, the risk of large amounts of product being seized or a dealer facing long prison terms are significantly reduced. The fact that prison terms for smaller amounts of drugs will be less also makes asset recruitment more difficult thus protecting small friend cells from human intelligence in this way. Asset recruitment is also less effective in friend networks (typically phase I of the developmental smuggling model) due to social relationships being stronger than business relationships.