Silk Road forums
Discussion => Security => Topic started by: onetimeadvice on February 21, 2012, 05:24 pm
-
I wish I could do a Q&A thing here, but it's risky enough as it is, and cybersecurity is not my specialty. This account will never be logged in again.
Do everything you can cyber-wise, but think about physical stuff too. Mail-smuggling is nothing new, and cops were making arrests for it back in the 1800s. These tips should reduce but not eliminate that threat.
For you sellers out there: a bit about the nature of US and Commonwealth law enforcement- never, ever mention on your page or listings what province/state you are shipping from. The vast majority of law enforcement is local, and they simply won't just randomly buy things in the hope that something arrives with a local postmark. Don't mention where you are from in your ads and profile (and keep an eye on your feedback/review pages to make sure nobody else mentions it either. If they do, it sucks to burn your account and your good name, but you really should just stop and start over from scratch and never, ever admit you were whatever username just got outed).
Not being identified as local eliminates the vast majority of local law enforcement.
Now, if you sell locally as well as online, you may have problems. If the local cops suspect (and sooner or later, they will if you sell any of the drugs they care about. Crack, meth and heroin are the main ones they will try to make examples of) you, they may monitor you. This does not just mean computer tapping (though, again, follow the security advice on forums and do whatever you can to protect yourself online). This could also mean walking up and looking through your window. If you are taking a piss and your monitor is visible from the window (or reflecting on a poster or mirror or something that is visible from the window), and the SR icon is visible, that is probable cause for a search. You are hosed. Sell only local or only online if you can; if you must do both then be aware that you may be under low-tech observation and be paranoid.
Lastly, read your local newspaper. Every day. If some local reporter runs a story about online drug dealing, or some small-town police chief is trying to get a raise, or a local minister is writing a letter to the editor about the evils of the Internet again, your risk factor has just risen. Police conserve their resources until they either need some good publicity or are under pressure from the public, and then they crack down. When there is local chatter, tripple your paranoia, take a vacation, warn your sources and so on.
I won't waste time with rants about using bitcoins, packing, using random outgoing mailboxes and so on; it's covered elsewhere here and is covered well. But when you are not making a necessary trip (to the mailbox five or six mailboxes away from you), DON'T CARRY STUFF AROUND. Most of the busts I have seen that were not part of a larger investigation were some kid wandering around in a Bob Marley T-shirt with a bag of weed in his pocket that he wasn't even smoking at the time. Leave it someplace safe when you are not using it, and when you do carry it, try to look boring as possible.
So that covers local cops and touches a bit on low-tech observation. The comments section should fill up with more advice on avoiding that. What about the big time cops? Feds, mounties, INTERPOL, Scotland Yard and whatnot?
Well, they have a certain financial allowance. They can't justify the massive resources it takes to bust a person who has sold 5 things on SR (most of the time). But if you go from being a small time seller to being one of those folk who have hundreds of transactions, you are on their radar. It's no longer a case of some cop in Idaho buying drugs from a seller in Vermont. It's a case of a cop in the USA buying drugs from the USA. It just became a single-agency case, and those get more action. One of the best things to do here is stop selling domestically once you get too popular (yes, I know that is exactly the opposite of what your customers want, but this is security advice not business advice. Balance the two out and make your own call). Europeans that ship to Canada and vice-versa are mainly at risk of having their shipments intercepted, not having their homes raided. The same thing that helps partially protect people shipping small quantities across local lines still works across national ones. Cops in Germany are not going to go all-out to track down the origin of a couple dozen envelopes that landed all over Australia.
And if you are shipping larger quantities than that, you are in no need of this advice at all.
BUYERS - you are the ones taking the main risk on SR. You have to give out a name and address, and then at some point either you or someone you know has to be at that place to get the package. First off: don't use an unsuspecting person's address or trick them into picking up your mail. Mainly because that is the biggest asshole move in the history of the world, but also because if the cops catch them with your drugs, they will be confused enough that the cops may believe them. And then the cops will be PISSED. They won't just be looking for a person smuggling a dime bag; they will be looking for a person who framed an innocent person into being a drug mule. They will have a lot of support and resources, and they will thus have a much higher chance of success. Don't take risks, but absolutely don't trick other people into taking risks for you.
Now, mailing addresses. There is already a lot of info here about using real names, not signing for packages, etc. That's all good stuff, but just like you need to change your BitCoin address as often as you can, you should also have plans to swap out your mailing address. There is a risk every time you do so, and thus you should only do it when you think it is necessary, but if you buy something from a seller that suddenly comes up compromised or just feels fishy, your address may have been leaked. Dump it.
That's really all the advice I have. As a way of buying items illicitly goes, SR is the safest idea I have ever seen (even safer from buying from friends and family). Best of luck, and as long as you are in a country where you can safely and anonymously vote, please help end the drug war. Voters and lawyers are the last hope for society in this regard.
-
Thanks for taking the time to offer some advice. I hope my favorite vendors dont quit now :P
a COP urging to end the drug war... says it all!
-
Voters and lawyers are the last hope for society in this regard.
Frankly, that's a pretty depressing thought to leave off with. :-\
That said, thank for the thoughts.
-
Good advice, the essence to me is that all our high tech TOR, military grade encryption is probably not what will compromise us. It's the low-tech, shooting your mouth off, not having separation between online/offline identity, that kind of thing which is most likely to ultimately do you in.
-
a COP urging to end the drug war... says it all!
You are absolute right. It says it all.
Is incredible the amount of police LE in europe and lawyers even judges, that are against the war on drugs. I remember seeing a documental where a policemen of Holand was speaking (shit the guy sound like social services in stead of a policeman i did mentally agreed with every thing he said). The amount of suffering that this war is imposing on farmers in third world countries. And on kids (their parents get bust it from using drugs, or the house of their parents get impound it) and families destroy because this war are so much that few years after the war on drugs is over, this is going to be commented and study for years to come (like the Inquisition deaths in europe, or the religious wars).
The ultimate reduct for the war of drugs is U.S.A. conservative polititians every time that in some country they try to bring to United Nations some coin of acction against the war on drugs or to mitigate the effects of the war on drugs the american polititians kill it.
We can see the great effects that the war on drugs is having in Mexico.
I just hope that i can see the day when all this shit is over...
chino
-
That is a major problem with SR.. you see basically powersellers who are prime targets to go after.
-
The paper trail is what'll get ya!!!
:'(
-
Amazing post, thank you for your contribution.
-
A lot of good, common sense advice in this. Thank you.
It's funny but it really is the little things that'll get you busted; exactly like someone seeing the SR logo through your window.
Just to add, it's also a good idea for operators to have more than 1 work location. Separate your online & admin work from your stash and if possible have both of these locations somewhere *other* than where you sleep. Expensive but if you're at the point you need this kind of protection, you can afford it.
Also, safety deposit / security boxes are great. The service providers really don't care what you put in them and it takes a fuckton of red tape for LE to get into 1 of these.
-
Lots of food for thought. Can this be made a stickie? But how in the hell am I supposed to change my address?
-
Lots of food for thought. Can this be made a stickie? But how in the hell am I supposed to change my address?
Move. Find a different location to get shipped to.
Sometimes this is a measure we have to take to do what we do.
-
Move. Find a different location to get shipped to.
Sometimes this is a measure we have to take to do what we do.
yea maybe this is financially possible for big time sellers/buyers. but for poor buyers like myself, who happen to only deal in small quantities, a change of address is not really as simple as fucking moving. so basically, for buyers like myself, if our addresses get compromised - by customs, or by a vender fucking up, etc etc - we are basically fucked. of course, this is all under the assumption that LE would even take the time/use resources to go after small time buyers like myself - which, I find highly unlikely - unless, they are bored, or, what the OP mentioned...pressure from local media (which, in my opinion, is really the Achilles's Heal)
-
Nice post, OP. I hope you log on every once in a long while to see words of praise on your thread.
It got me thinking. I know there's a point where you're too paranoid and have to say, 'enough is enough,' but I think we should monitor vendors and report if and when they've been compromised.
Take your favorite vendor. Once a week, or before you make a purchase, just check his profile. If something fishy happens, look into it a bit. Did his usual sporadic feedback , 3-5 out of 5s dozens of times a day suddenly drop off? Did he stop selling entirely and not detail why? Perhaps he was picked up by LE. Now if he had a keylogger on his computer (or any other "you're-fucked" program/implicator), or if he kept his clients' addresses/money spent/discount ratings (if any) in a .txt file, you, the buyer, are royally fucked. A simple phone call from one town's police station to the other with the words, "hey, we just found person X is sending person Y drugs through the mail. Mind having a dog sniff packages they get every once in a while?" means if you ever get drugs through the mail again to that address (or to that name), you risk everything. This is if the vendor kept your information, of course, which some (many? most? few?) do not. I guarantee that at least a couple do, as insurance or for other reasons (blackmail, selling the information to the police, etc.).
Perhaps a thread could be made that lists vendors, and if a vendor goes inactive or something seriously screwy happens, mention it.
Then again, it's a lot of work. It many not even prove to be at all useful. Just some thoughts.
-
Thanks for the buyer advice.
-
Nice post, OP. I hope you log on every once in a long while to see words of praise on your thread.
It got me thinking. I know there's a point where you're too paranoid and have to say, 'enough is enough,' but I think we should monitor vendors and report if and when they've been compromised.
Take your favorite vendor. Once a week, or before you make a purchase, just check his profile. If something fishy happens, look into it a bit. Did his usual sporadic feedback , 3-5 out of 5s dozens of times a day suddenly drop off? Did he stop selling entirely and not detail why? Perhaps he was picked up by LE. Now if he had a keylogger on his computer (or any other "you're-fucked" program/implicator), or if he kept his clients' addresses/money spent/discount ratings (if any) in a .txt file, you, the buyer, are royally fucked. A simple phone call from one town's police station to the other with the words, "hey, we just found person X is sending person Y drugs through the mail. Mind having a dog sniff packages they get every once in a while?" means if you ever get drugs through the mail again to that address (or to that name), you risk everything. This is if the vendor kept your information, of course, which some (many? most? few?) do not. I guarantee that at least a couple do, as insurance or for other reasons (blackmail, selling the information to the police, etc.).
Perhaps a thread could be made that lists vendors, and if a vendor goes inactive or something seriously screwy happens, mention it.
Then again, it's a lot of work. It many not even prove to be at all useful. Just some thoughts.
94 posts yet you still do not know that without any evidence of purchase, you are not fucked in the slightest? Wow.
It's unfortunate there isn't a mechanism to keep addresses safe until they are not needed - much like the escrow system.
-
Had guy who was willing to ship within US. But after he sent 2 small packages he quit on me saying money not worth of trouble
-
Nice post, OP. I hope you log on every once in a long while to see words of praise on your thread.
It got me thinking. I know there's a point where you're too paranoid and have to say, 'enough is enough,' but I think we should monitor vendors and report if and when they've been compromised.
Take your favorite vendor. Once a week, or before you make a purchase, just check his profile. If something fishy happens, look into it a bit. Did his usual sporadic feedback , 3-5 out of 5s dozens of times a day suddenly drop off? Did he stop selling entirely and not detail why? Perhaps he was picked up by LE. Now if he had a keylogger on his computer (or any other "you're-fucked" program/implicator), or if he kept his clients' addresses/money spent/discount ratings (if any) in a .txt file, you, the buyer, are royally fucked. A simple phone call from one town's police station to the other with the words, "hey, we just found person X is sending person Y drugs through the mail. Mind having a dog sniff packages they get every once in a while?" means if you ever get drugs through the mail again to that address (or to that name), you risk everything. This is if the vendor kept your information, of course, which some (many? most? few?) do not. I guarantee that at least a couple do, as insurance or for other reasons (blackmail, selling the information to the police, etc.).
Perhaps a thread could be made that lists vendors, and if a vendor goes inactive or something seriously screwy happens, mention it.
Then again, it's a lot of work. It many not even prove to be at all useful. Just some thoughts.
94 posts yet you still do not know that without any evidence of purchase, you are not fucked in the slightest? Wow.
It's unfortunate there isn't a mechanism to keep addresses safe until they are not needed - much like the escrow system.
And when the cops show up with a warrant after you accepted your third straight package that contained drugs, open TOR and access your SR account, I'm sure they'll just thank you for your time and be on their way.
-
this guy just seems like a cop gone drunk....oooh but slimes beware...
-
Good advice, the essence to me is that all our high tech TOR, military grade encryption is probably not what will compromise us. It's the low-tech, shooting your mouth off, not having separation between online/offline identity, that kind of thing which is most likely to ultimately do you in.
Whether around cops, in a bar or just with your friends.
Rule 1- Shut the fuck up!
Rule 2- Shut the fuck up!
Rule 3- Shut the fuck up!
Obviously don't use anything even close to personally identifying online, no nicknames, don't mention anything about location and keep your clearnet/darknet identities totally separate!
-
coptevo....ur a mad cunt thanks
-
yea maybe this is financially possible for big time sellers/buyers. but for poor buyers like myself, who happen to only deal in small quantities, a change of address is not really as simple as fucking moving. so basically, for buyers like myself, if our addresses get compromised - by customs, or by a vender fucking up, etc etc - we are basically fucked. of course, this is all under the assumption that LE would even take the time/use resources to go after small time buyers like myself - which, I find highly unlikely - unless, they are bored, or, what the OP mentioned...pressure from local media (which, in my opinion, is really the Achilles's Heal)
Well if you are so screwed that you have to move to a new house, moving to a new house probably won't help. But the idea of "burning" an address or identity can mean simply asking a friend if you can use their place for shipping instead of yours. Toss them a bit of what you buy for the favor. Sellers don't need to burn an address because they should be dropping shipments from random places anyway, so really only buyers have to worry about it.
It's unlikely that anyone would ever need to, but if your address becomes risky you should stop using it. Maybe stop using Silk Road, or use a friend's address, or get a PO box or something like that. Anything is better than continuing to use an address that may have been exposed.
We all hope sellers delete our addresses after they mail stuff, but we all know some of them may not. The solace there is the fact that sellers are the safest people on SR. There is really no way to track SR purchases back to them, so the odds of them getting busted and turning over a notebook full of names & addresses is pretty remote.
-
94 posts yet you still do not know that without any evidence of purchase, you are not fucked in the slightest? Wow.
It's unfortunate there isn't a mechanism to keep addresses safe until they are not needed - much like the escrow system.
In the scenario described, (seller A is caught, your address found, police on alert, product from seller B intercepted,) they have a pretty strong case against you, and will keep building it until you ARE fucked - like if they get a warrant to bug your computer and get evidence against you, proving you are buying the drugs.
As for the mechanism you describe - there is. Silkroad encrypts your address, through tor, shows it to the vendor, (who is supposed to keep no physical record of it beyond what goes on your package) and then as soon as the vendor hits "in transit", your address is deleted forever. Sure, the seller could keep a physical history if they had future malicious intent (or they might remember it if you're a frequent buyer and they don't move much product) - but there's nothing SR can do about that, its already been set up so the site itself is near-impossible to get evidence from if you use it correctly.
-
Portugal's decriminalisation shows how wrong "War on drugs" is to solving drug abuse. Of course there is a problem with drug abuse, but not all users are abusers. I hate the term functioning addict. Its a ridiculous term that is totally false. An addict cannot be functional by definition.
http://www.bbc.co.uk/news/uk-11454671