Silk Road forums
Discussion => Security => Topic started by: 17239friendofafriend on April 28, 2012, 08:24 pm
-
It's frightening really, i mean we trust the vendors not to save names and addresses as insurance...or at all, but I was just reading on the OVDB forum on this thread [ http://dkn255hz262ypmii.onion/index.php?topic=17108.msg170210#msg170210] and I mean, I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
-
This is a legitimate concern, absolutely. You just gotta trust the person you're dealing with. Its a risk you must take to be able to use something awesome like SR.
If you decide its not worth it, then you must go back to buying on the streets and to someone who has the ability to physically harm you.
-
There is no proof they actually sent you drugs and you provided them currency. Your address is just on their computer and that is it, plus the seller is the target and I doubt they would try to snag all the small time buyers.
-
The biggest hole of all for sure! Blind trust and prison sentences are very serious indeed. Its the Cognitive dissonances thing. Thecloser29 comes to mind or as i like to call him "the ghost of SR"
-
Good point, and it's our weakest link, and nothing to be done about it, unless of course, you do what vendors absolutely *hate* and use a fake address and name, which you can control...and the 'control' part is where most of these 'other' addys fall apart...
Others, who've seen lots of tv shows, think they only go after vendors, and wouldn't bother with buyers. Nice thought, but prisons are full of people who got possession beefs. Yeah, they'd rather get the vendors, they get more attaboys...but this site, I think they just want to bring it down.
My guess is that one of these scammers--someone like agentmulder for example--will claim they have excellent dope, sell it at a good price, in small quantities, and then rack up a bunch of names, and sell the btc, and put it in the station coffee fund.
The posters are right tho, we have a defense, but many would probably freak out, and if they get search warrants, many probably have computers littered with 'evidence...'
Who knows, yeah, it's a bad thing, good reason not to buy drugs, I guess..
-
They wouldn't have enough evidence to go after buyer's just based on addresses, and the only way I see them going after buyer's is setting up a large buy and getting the people who buy the bulk deal, so they can hit them with some charges that they know they will plead down to.
There would be too many people and too much money to send agents to every person who buys a half gram of coke or something.
-
If a seller gets caught, I would think the cops would be happy enough to have him/her off the street. That seller could try to make a deal and offer buyers names and addresses, but I dont see that helping much. I mean they (sellers) are taking the risk of selling drugs for profit. Us buyers are spending our hard earned coin on drugs.
Its illegal to use drugs, but those profiting from it tax free btw are the ones who the police want. Not the occaisional user who goes to work and pays his or her taxes.
-
They wouldn't have enough evidence to go after buyer's just based on addresses, and the only way I see them going after buyer's is setting up a large buy and getting the people who buy the bulk deal, so they can hit them with some charges that they know they will plead down to.
There would be too many people and too much money to send agents to every person who buys a half gram of coke or something.
Yeah, you could be right, I mean, I *kind* of think that way myself. It's just this is such a new thing, so werid, and so interesting, that they may have new tactics and goals. The real curse is we just don't know. Spooky, to me.
-
As soon as the package leaves, I have no clue who was on there and where. I might remember stuff like the destinations. As soon as I print I delete the shit out of any addresses. That is more proof.
-
I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
Question OP: Would you grass on your dealer if you were busted IRL? Say, buying off a neighbour or something?
While I do agree that it's a concern for buyers, think about it like this: The cops have a DEALER, why waste time going for people under the dealer? Surely they'd be more concerned with who the dealer is getting his supply from and not so much who he's moving it to?
-
Surely it would be dumb for any vendor to save details of the deals he's done? He'd just be handing them evidence against himself. I can't see the cops letting him off in return for customer details. They want dealers more than they want customers, and they would probably want to follow the supply chain up, not down.
-
Surely it would be dumb for any vendor to save details of the deals he's done? He'd just be handing them evidence against himself. I can't see the cops letting him off in return for customer details. They want dealers more than they want customers, and they would probably want to follow the supply chain up, not down.
"Look buddy, we've got you nailed, why not tell us who you've been selling to"
"OK here's the list of people I sent stuff to in the mail"
2 months later in court the Prosecutor has a list of all the deals you made and you pleading not guilty is a distant memory!
-
what's to stop your local dealer from wearing a wire for half a year after he gets busted?
-
Vendors should be deleting addresses as soon as shipped. If you printed off for some sort of packing sheet, burn the fucker the second the last pack hits the last envelope. Done.
The only thing I keep i a list of usernames for buyers who I will never ever do business with, mostly gathered via the forum posts on suspicious buyers, PMs with morons, and the odd horrible son of a bitch (and I could recite all of those off the top of my head) who has actually done business with me.
-
See this is the thing. I never hear about real life dealers selling a bunch of stuff and them busting buyers. The only thing similar is cops posing as dealers and busting buyers, but when they turn a dealer he usually is used to gain information on and evidence on partners or associates, and his connection to bring down higher up and equal level people of interest, not the crack head who buys 10 dollar rocks all day long and doesn't have a regular place to sleep at night.
I might be ignorant to the facts here, but I doubt there is much proof to show otherwise. I have had friends and one recently get a wire worn on them for selling a half pound of weed, and they didn't ask her to give up who she sold to.
I guess, the only other thing close to this is when a family member and another guy went to pick up a really big shipment of weed that was driven from down South in Texas all the way up here and little did they know that the people who they arranged the deal with got busted and told the DEA about the shipment, so the DEA drove the pot up here and my uncle and another guy got busted with a few hundred pounds or attempting to purchase it, and of course they started talking quicker than the cuffs were put on and my uncle told the cops about his son my cousin selling weed in the town we lived in and he got arrested with a couple of pounds because he dad snitched on hiim.
-
Vendors should be deleting addresses as soon as shipped. If you printed off for some sort of packing sheet, burn the fucker the second the last pack hits the last envelope. Done.
The only thing I keep i a list of usernames for buyers who I will never ever do business with, mostly gathered via the forum posts on suspicious buyers, PMs with morons, and the odd horrible son of a bitch (and I could recite all of those off the top of my head) who has actually done business with me.
Yes, and you could use a hashing function for addresses (shouldn't count white-space or distinguish between upper/lowercase). A small script can do that rather neatly.
This way, you have a spreadsheet of IDs, and a counter that increments for each ID when it reoccurs.
e.g.
asdf234dfe453efe 1
23adsfw43533fda 5
aaqwergwerwera 0
0 could be an address, username or country on your black-list. Or you could use negative numbers for different meanings.
You can keep your promise to SR and it's clients, because every address is transmorphed into an ID.
If LE pick up the spreadsheet, even if they know what they have, they have to know how to reverse the hashes, and even when knowing what function you used, this is an extremely non-trivial exercise. Plus, you can't really help them even if you wanted to, since you can't reverse the hash either.
I think this is a pretty much watertight method of keeping statistics, without, ah, keeping LE relevant information. Anybody see any holes?
-
Vendors should be deleting addresses as soon as shipped. If you printed off for some sort of packing sheet, burn the fucker the second the last pack hits the last envelope. Done.
The only thing I keep i a list of usernames for buyers who I will never ever do business with, mostly gathered via the forum posts on suspicious buyers, PMs with morons, and the odd horrible son of a bitch (and I could recite all of those off the top of my head) who has actually done business with me.
Yes, and you could use a hashing function for addresses (shouldn't count white-space or distinguish between upper/lowercase). A small script can do that rather neatly.
This way, you have a spreadsheet of IDs, and a counter that increments for each ID when it reoccurs.
e.g.
asdf234dfe453efe 1
23adsfw43533fda 5
aaqwergwerwera 0
0 could be an address, username or country on your black-list. Or you could use negative numbers for different meanings.
You can keep your promise to SR and it's clients, because every address is transmorphed into an ID.
If LE pick up the spreadsheet, even if they know what they have, they have to know how to reverse the hashes, and even when knowing what function you used, this is an extremely non-trivial exercise. Plus, you can't really help them even if you wanted to, since you can't reverse the hash either.
I think this is a pretty much watertight method of keeping statistics, without, ah, keeping LE relevant information. Anybody see any holes?
Pine... Serious... Do you ever turn your brain off? Fucking hell, smoke some bud and think about fairies and wizards for an hour...
I'm starting to think you're a driod of some description, sent back from the future to ensure SR and its patrons flourish!
-
He is doing algorithms in his sleep.
-
Boolean for breakfast!
-
Vendors should be deleting addresses as soon as shipped. If you printed off for some sort of packing sheet, burn the fucker the second the last pack hits the last envelope. Done.
The only thing I keep i a list of usernames for buyers who I will never ever do business with, mostly gathered via the forum posts on suspicious buyers, PMs with morons, and the odd horrible son of a bitch (and I could recite all of those off the top of my head) who has actually done business with me.
Yes, and you could use a hashing function for addresses (shouldn't count white-space or distinguish between upper/lowercase). A small script can do that rather neatly.
This way, you have a spreadsheet of IDs, and a counter that increments for each ID when it reoccurs.
e.g.
asdf234dfe453efe 1
23adsfw43533fda 5
aaqwergwerwera 0
0 could be an address, username or country on your black-list. Or you could use negative numbers for different meanings.
You can keep your promise to SR and it's clients, because every address is transmorphed into an ID.
If LE pick up the spreadsheet, even if they know what they have, they have to know how to reverse the hashes, and even when knowing what function you used, this is an extremely non-trivial exercise. Plus, you can't really help them even if you wanted to, since you can't reverse the hash either.
I think this is a pretty much watertight method of keeping statistics, without, ah, keeping LE relevant information. Anybody see any holes?
that is a good idea, just make sure to translate all addresses to a standardized form, because the value for Address and address is different
-
require 'digest'
puts "Enter a constant salt to further protect stored address hashes:"
salt = gets.chop
puts "Remember to remove the customers name and only include the address"
puts "paste address, end with # followed by a newline"
address = gets("#").chop
address.downcase!
address.strip!
while address.sub!(/[\n*]/, '') do
address.sub!(/[\n*]/, '')
end
while address.sub!(/[" "]/, '') do
address.sub!(/[" "]/, '')
end
digest = Digest::SHA256.new
obfuscated_address = digest << salt + address
if File.exist?("#{obfuscated_address}") then
File.open("#{obfuscated_address}", 'r') do |read|
while line = read.gets
puts line
end
end
else
puts "New customer!"
end
puts "Enter any new comments you have about this address, end comments with # followed by new line"
comments = gets("#").chop
File.open("#{obfuscated_address}", 'a') {|f| f.write("\n\n" + "My Comment:" + "#{comments}" + "\n\n") } if comments.length > 0
It could be much nicer, but I wanted to not have to include any fancy gems. This takes an address, removes all new lines and white spaces, makes everything lower case, and takes its SHA-256 value. You are first asked to provide a salt, this can be a pretty simple string and still offer significant protection, it is mainly to protect from an attacker who gets the hash list comparing random addresses to hash values until they hit on one. This script should be run from a newly created directory because it creates new files named whatever the hash ends up being, and comments are stored in these files. When an address is entered for the first time the file is created and users can leave comments, every other time the comments are displayed and the user can add more comments. It's really basic but it does take care of basic formatting issues and hashing for you, it is Ruby so does require you to have the interpreter but doesn't require anything that doesn't come with the standard interpreter.
edit: hmm I guess I need to use regular expressions to find all formats data can be stored in and standardize it to make sure the hash value can not be thrown off by customers putting their address in different formats. Anyone want to help with a list of ways that the same thing can be written, in regard to addresses?
-
Thanks you guys. If I get an opportunity, I might throw a script together that would enable any vendor to easily achieve what was described. Probably as a local webpage (works offline and across all operating systems without needing special software, so it's perfectly secure) so there's a familiar GUI to work with, that would be easy and I could just put the source code here so anybody could save and operate it.
[Edit: I see kmf's already posted some code, the more the merrier :)
I should address the concept of salting with respecting to hashing, but I'm a bit tired at the moment, I'll come back and have a think about how to use it.
]
Basically:
-> copy paste in buyer's address.
-> data sanitation (stripping out whitespace amongst other things).
-> choose what hashing function you want to use.
-> you receive hash.
Then in excel or openoffice, you paste the hash into a cell, and a forumale increments a cell or the hash is added to the column of hashes. I don't know much about spreadsheet coding, but I'm sure there is a way.
Note: once you choose a hashing function, you should stick to it. Also, obviously if buyers play games with their addresses e.g. deliberate mis-spellings, then there's not a lot you can do about it. But, if you see something obviously misspelt, that is a 'red flag' for you. Doesn't mean they are scammer, it could be the buyer is trying to ensure more of the so called 'plausible denialability', but still.
One nice security feature, but possibly controversial and we should ask for a go-ahead from DPR/SR staff is this related concept because of the sensitivity of it. With SR scaling up in size, things like this could become important.
What it is, is that if people used the same hashing function (v. secure one) and they all used my exact script/spreadsheet forumale, then there is an interesting possibility to deter scammer buyers.
See, a scammer buyer is one who only pays 50% of the transaction and claims it never arrived. He thinks he's a clever fellow and eventually has to create a new account since sellers get pissed off and stop dealing with him or his account is deleted etc.
However, he cannot so easily, without forethought or expense to himself, change his address all the time. The address remains constant. Since it has a unique hash, more than 1 seller is going to be putting him on his personal black-list.
This means, if the vendors share their black-lists of hashes publicly, not addresses, then we have some useful info because of the black-list matches.
A: The quantity of scamming the person is doing.
B: New vendors, who have never been scammed before by this person, see that this address translates to a hash which is of ill-repute in the community. This makes scamming self correcting.
Two problems with this idea, are that somebody in that address can't 'appeal' that they're not a scammer e.g. if Mr Scammer moves out, and a legitimate SR buyer moves into the same address. The other problem is that by adapting your address in various ways, you can escape such scammer surveillance.
Nevertheless, most scammers are frankly not that smart. If they were, they wouldn't be scrounging for free stuff in the first place.
Also, in a worst case scenario in which LE manages to crack the hashing function somehow (v. unlikely) to decode these publicly available black-lists of hashes, they are only getting addresses, not names of people, and besides which who cares, it's an additional scammer deterrent.
You just got to make sure the system isn't abused by the vendors themselves, each vendor would get 1 vote each to increment the public hash black-list. You want to prevent LE using legitimate buyer hashes they might have obtained (un-decodable, but potentially useful in this context of perverting the scammer prevention system). So, you need some manner of threshold before a scammer is added to the public hash black-list. e.g. a certain number of votes.
There's probably other flaws you can spot (shout them out!), but I think the concept is essentially sound and brings more benefits than losses, it's just a matter of correctly implementing it.
-
Note: once you choose a hashing function, you should stick to it. Also, obviously if buyers play games with their addresses e.g. deliberate mis-spellings, then there's not a lot you can do about it. But, if you see something obviously misspelt, that is a 'red flag' for you. Doesn't mean they are scammer, it could be the buyer is trying to ensure more of the so called 'plausible denialability', but still.
Fuzzy hashing could help eliminate that unless the customer horribly misspells shit. Instead of hashing the entire address, split it up into chunks of say 5 bytes, then hash those chunks. Now if they make a single misspelling, there will still be a % match to the previously stored hash that will be statistically higher than normal. This will take a bit more work to do. You also generally want a big input when working with fuzzy hashes, an address doesn't really give a whole lot of data to work with (versus say a 1megabyte image that you want to be able to detect even if it has had some graphics editing done to it), and if the sections are too small it will make brute forcing easier and make salting much more required and also since it is such a small input and addresses are sometimes close it could lead to some false positives.
Right now I would like to find a list of all possible legitimate ways to write out the same address, so I can have my script standardize them prior to hashing.
edit: since it was Pines idea and he/she/it seems keen to write the script, I will discontinue mine. What language are you going to write it in Pine?
-
The main flaw I can think of in making it public is that it will give LE the ability to confirm suspected addresses, or to run through huge lists of addresses until they find matches, it is almost impossible to reverse a cryptographic hash but its trivial to get output from one with a given input and see if it matches up to listed hashes. Salting takes care of this, but if the salt is public then its worthless to protect from anything but rainbow tables, and rainbow tables are not really applicable to this anyway.
-
I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
Question OP: Would you grass on your dealer if you were busted IRL? Say, buying off a neighbour or something?
While I do agree that it's a concern for buyers, think about it like this: The cops have a DEALER, why waste time going for people under the dealer? Surely they'd be more concerned with who the dealer is getting his supply from and not so much who he's moving it to?
But you are thinking like a normal person, coppers are maggots that dont think like normal people. One of the cunts will think how great he will look if he busts 100+ people in a internet drug ring.
I can rest easy because I know any vendor that does decide to be a dog will get terrorised in prison for being a "give up" cunt, he can get bashed in main stream everyday or hide in protection with pedos and sex offenders and get raped everyday.
-
See this is the thing. I never hear about real life dealers selling a bunch of stuff and them busting buyers. The only thing similar is cops posing as dealers and busting buyers, but when they turn a dealer he usually is used to gain information on and evidence on partners or associates, and his connection to bring down higher up and equal level people of interest, not the crack head who buys 10 dollar rocks all day long and doesn't have a regular place to sleep at night.
I might be ignorant to the facts here, but I doubt there is much proof to show otherwise. I have had friends and one recently get a wire worn on them for selling a half pound of weed, and they didn't ask her to give up who she sold to.
I guess, the only other thing close to this is when a family member and another guy went to pick up a really big shipment of weed that was driven from down South in Texas all the way up here and little did they know that the people who they arranged the deal with got busted and told the DEA about the shipment, so the DEA drove the pot up here and my uncle and another guy got busted with a few hundred pounds or attempting to purchase it, and of course they started talking quicker than the cuffs were put on and my uncle told the cops about his son my cousin selling weed in the town we lived in and he got arrested with a couple of pounds because he dad snitched on hiim.
Yeah, it's the new technology that floors me, I mean, are they actually going to do all that expensive shit they'd have to do, like confiscate computers and plow thru email, and many of us use liberte or Tails, and then for what: some shit we never ordered that came to our mailbox?
I've heard of cops busting buyers, or rather, DEA doing it in FL where they'd set up stings, supposedly big shipments of weed, to bust dealers, but it was always 2nd hand info anyway, and there'd always be snitches, so who knows...
When I think of low level junky busts, what I really think of, is people that were just being stupid, and would finally get busted just when cops were sick of them, and they'd have beefs for shoplifting, burglary, possesion, DuI...and then they'd plea bargain down...
So this is just a new area. I guess we protect ourselves, best we can, and hope the vendors do the same.
-
It's frightening really, i mean we trust the vendors not to save names and addresses as insurance...or at all, but I was just reading on the OVDB forum on this thread [ http://dkn255hz262ypmii.onion/index.php?topic=17108.msg170210#msg170210] and I mean, I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
This is different. In the world of hacking + carding pretty much half the people you deal with are informants, basically hackers that were caught then cried for a Secret Service interview so they can catch more hackers. This is standard practice during any carding forum crew takedown over the years.
In the drugs world they don't give a fuck about informants unless you're a in a cartel or something. They certainly don't care about small time either. Carding + hacking = millions gone from banks and bigtime investigations. Drugs (here) = small time second income.
And yes, those ID forgery guy's are well known to hang onto people's face pics and addresses in case anything happens. Albert Gonzalez (who was an informant but still worked on the side for himself) was busted through an ID vendor who kept his picture and info as "insurance.zip" on a USB drive. It's in all the documents, books, stories and legends about shadowcrew forum.
After you're done reading that, read the Cardersmarket and Darkmarket busts how the FBI pulled it off, how they had informants there running Darkmarket and how ID vendors again played a role keeping the information as a Secret Service backup plan should they ever get busted.
For all we know Operation Open Market which just happened was because one of the people listed as on the run as a fugitive is the informant. Master Splynter (FBI) listed himself as 'on the run' to preserve his fake criminal identity for awhile so did cumbajohnny aka Albert Gonzales in his legendary 'i'm on the run' post to shadowcrew inside circle he wrote from the SS headquarters
TL;DR:
Hacking, fraud, carding = they want informants.
Online drugs vending = they don't care, unless you have the goods on DPR. they aren't interested in buyers unless you're shipping precursors like 10 Kilo barrels of Ephedrine per week to a lab in the US
-
Thanks you guys. If I get an opportunity, I might throw a script together that would enable any vendor to easily achieve what was described. Probably as a local webpage (works offline and across all operating systems without needing special software, so it's perfectly secure) so there's a familiar GUI to work with, that would be easy and I could just put the source code here so anybody could save and operate it.
[Edit: I see kmf's already posted some code, the more the merrier :)
I should address the concept of salting with respecting to hashing, but I'm a bit tired at the moment, I'll come back and have a think about how to use it.
]
Basically:
-> copy paste in buyer's address.
-> data sanitation (stripping out whitespace amongst other things).
-> choose what hashing function you want to use.
-> you receive hash.
Then in excel or openoffice, you paste the hash into a cell, and a forumale increments a cell or the hash is added to the column of hashes. I don't know much about spreadsheet coding, but I'm sure there is a way.
Note: once you choose a hashing function, you should stick to it. Also, obviously if buyers play games with their addresses e.g. deliberate mis-spellings, then there's not a lot you can do about it. But, if you see something obviously misspelt, that is a 'red flag' for you. Doesn't mean they are scammer, it could be the buyer is trying to ensure more of the so called 'plausible denialability', but still.
One nice security feature, but possibly controversial and we should ask for a go-ahead from DPR/SR staff is this related concept because of the sensitivity of it. With SR scaling up in size, things like this could become important.
What it is, is that if people used the same hashing function (v. secure one) and they all used my exact script/spreadsheet forumale, then there is an interesting possibility to deter scammer buyers.
See, a scammer buyer is one who only pays 50% of the transaction and claims it never arrived. He thinks he's a clever fellow and eventually has to create a new account since sellers get pissed off and stop dealing with him or his account is deleted etc.
However, he cannot so easily, without forethought or expense to himself, change his address all the time. The address remains constant. Since it has a unique hash, more than 1 seller is going to be putting him on his personal black-list.
This means, if the vendors share their black-lists of hashes publicly, not addresses, then we have some useful info because of the black-list matches.
A: The quantity of scamming the person is doing.
B: New vendors, who have never been scammed before by this person, see that this address translates to a hash which is of ill-repute in the community. This makes scamming self correcting.
Two problems with this idea, are that somebody in that address can't 'appeal' that they're not a scammer e.g. if Mr Scammer moves out, and a legitimate SR buyer moves into the same address. The other problem is that by adapting your address in various ways, you can escape such scammer surveillance.
Nevertheless, most scammers are frankly not that smart. If they were, they wouldn't be scrounging for free stuff in the first place.
Also, in a worst case scenario in which LE manages to crack the hashing function somehow (v. unlikely) to decode these publicly available black-lists of hashes, they are only getting addresses, not names of people, and besides which who cares, it's an additional scammer deterrent.
You just got to make sure the system isn't abused by the vendors themselves, each vendor would get 1 vote each to increment the public hash black-list. You want to prevent LE using legitimate buyer hashes they might have obtained (un-decodable, but potentially useful in this context of perverting the scammer prevention system). So, you need some manner of threshold before a scammer is added to the public hash black-list. e.g. a certain number of votes.
There's probably other flaws you can spot (shout them out!), but I think the concept is essentially sound and brings more benefits than losses, it's just a matter of correctly implementing it.
Why bother when GPG, Truecrypt and dozens of other encryption algos already exist and are proven.
Prison employees break code all the time that prisoners send to each other, and if they can't it goes to the FBI code breaking lab who have broken everything except one guy http://www.nytimes.com/2011/04/01/us/01code.html
The unabomber was a PHD mathematician and they eventually broke his codes
-
It's frightening really, i mean we trust the vendors not to save names and addresses as insurance...or at all, but I was just reading on the OVDB forum on this thread [ http://dkn255hz262ypmii.onion/index.php?topic=17108.msg170210#msg170210] and I mean, I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
This is different. In the world of hacking + carding pretty much half the people you deal with are informants, basically hackers that were caught then cried for a Secret Service interview so they can catch more hackers. This is standard practice during any carding forum crew takedown over the years.
In the drugs world they don't give a fuck about informants unless you're a in a cartel or something. They certainly don't care about small time either. Carding + hacking = millions gone from banks and bigtime investigations. Drugs (here) = small time second income.
And yes, those ID forgery guy's are well known to hang onto people's face pics and addresses in case anything happens. Albert Gonzalez (who was an informant but still worked on the side for himself) was busted through an ID vendor who kept his picture and info as "insurance.zip" on a USB drive. It's in all the documents, books, stories and legends about shadowcrew forum.
After you're done reading that, read the Cardersmarket and Darkmarket busts how the FBI pulled it off, how they had informants there running Darkmarket and how ID vendors again played a role keeping the information as a Secret Service backup plan should they ever get busted.
For all we know Operation Open Market which just happened was because one of the people listed as on the run as a fugitive is the informant. Master Splynter (FBI) listed himself as 'on the run' to preserve his fake criminal identity for awhile so did cumbajohnny aka Albert Gonzales in his legendary 'i'm on the run' post to shadowcrew inside circle he wrote from the SS headquarters
TL;DR:
Hacking, fraud, carding = they want informants.
Online drugs vending = they don't care, unless you have the goods on DPR. they aren't interested in buyers unless you're shipping precursors like 10 Kilo barrels of Ephedrine per week to a lab in the US
bulllllllllshit. Don't give a fuck about informants unless you are in a cartel or something? Do you really believe that or do you just say it to sleep at night. TONS AND TONS AND TONS of people are in prison due to informants, people who are no where near cartel level. DEA doesn't bother with informants? Please they are first and foremost a human intelligence agency, managing networks of informants and snitches is the primary thing that they do.
This is standard practice during any carding forum crew takedown over the years.
This is standard practice in any sort of organized crime investigation, it shows an extreme amount of naivety to think that they don't use informants regularly against the drug trade
really it amazes me how much you know about what the DEA cares about, exact figures even. why not put that info back in your ass where it came from. But you are largely right about the carder scene.
-
The main flaw I can think of in making it public is that it will give LE the ability to confirm suspected addresses, or to run through huge lists of addresses until they find matches, it is almost impossible to reverse a cryptographic hash but its trivial to get output from one with a given input and see if it matches up to listed hashes. Salting takes care of this, but if the salt is public then its worthless to protect from anything but rainbow tables, and rainbow tables are not really applicable to this anyway.
This. If vendors assume that saving hashed addresses is fine, some won't just save scammer addresses but also legit buyers' addresses.
Why bother when GPG, Truecrypt and dozens of other encryption algos already exist and are proven.
Prison employees break code all the time that prisoners send to each other, and if they can't it goes to the FBI code breaking lab who have broken everything except one guy http://www.nytimes.com/2011/04/01/us/01code.html
The unabomber was a PHD mathematician and they eventually broke his codes
You obviously have no clue what pine has proposed. Also: PGP is working just fine. Even if an agency would have cracked it, they can't use it many times. As soon as an agency uses information from an encrypted PGP message, we will know and stop using PGP.
-
The level of sheer brilliance by some members of this forum never ceases to amaze me - and I do mean that, I hope we can discuss Pine's suggestion at length another time.
Having said this to go back to the OP's comments there are several legal and practical barriers which prevent a seller keeping a list of addresses as insurance being a real worry.
In the first instance, there's the usual issue of how a seller would come to the attention of LEO. Vendors are not stupid and make sure to use mixers and pseudonymous methods to withdraw their proceeds. As such, an analysis of the block chain would almost certainly fail to link their identity to a specific vendor account.
Let's say for argument's sake though a vendor were to luck out and LEO decided to raid their premises on the basis of large amounts of funds showing up in their bank account or they're spotted on a security camera shipping off some drugs at a Post Office.
The first barrier for LEO to overcome in this instance is that most vendors are prepared for this possibility and have encrypted any incriminating information on their hard drives and (hopefully!) hidden any equipment related to manufacturing narcotics.
Let's say once again this is a very imprudent seller and they actually do keep commercial quantities of controlled drugs at their address, LEO would already have enough to convict them - there'd be no need to marry up this information with a vendor's clients as ownership of the drugs themselves would be a crime.
However, let's assume once again our imprudent seller is at the mercy of an extremely overzealous LE Agent who wants to cover all their bases and tries to force them to hand over the password to their machine as well as their seller ID on Silk Road.
Even if the seller cooperates and doesn't "Pleade the Fifth" as you say in America, if they're smart enough to keep a list of addresses as insurance, they will probably also be smart enough to keep that list in a separate place in order to use it as a bargaining chip.
However, let's go further into the realms of improbability yet again and assume it is somehow in the seller's interests to admit to having sold drugs as well as possessing them and hands over a list of addresses, our overzealous LEO Agent still has very little to go on.
Firstly, there's no way he can know whether the list the seller has just handed him as some sort of plea bargain really represents former clients or simply has been ripped from a phone directory.
Let's say though the LEO has everyone on the list arrested and interviewed. A check of their bank records might well show that these people have bought Bitcoins but it would be a far cry from this to satisfy the local DA / CPS that this proved they had bought a specific amount of drugs on a given date as would be required in order to bring charges. The list of course would relate to historic transactions so the drugs themselves would have been long since consumed!
So as you see, the only scenario in which a buyer would be at risk is if the seller was some kind of consummate masochist who wanted to incriminate themselves further, and had handed over not only the passwords to access their machine but their ID and password for SR and PGP private keys too - it seems a touch implausible!
V.
-
Vendors most likely realize that when/if they get caught, the Five-O will most likely ask who he's getting/giving from/too with potential to be released. Don't believe them, they just want more out of you! Also I'm pretty sure vendors giving away addresses and information will most likely get them a lower rep for I'm positive people would let others know what kind of person they're buying from..
-
Vendors most likely realize that when/if they get caught, the Five-O will most likely ask who he's getting/giving from/too with potential to be released. Don't believe them, they just want more out of you! Also I'm pretty sure vendors giving away addresses and information will most likely get them a lower rep for I'm positive people would let others know what kind of person they're buying from..
I just can't see it as forming a likely part of a plea bargain as in essence a vendor would have to admit to committing yet more crimes in order to receive a more lenient punishment for a different offence. As you say, they also would have to risk the wrath of SR users.
V.
-
Pine and kmfkewm,
Many fucking thanks. I will toss this to the Code Monkey for implementation for my own Op. Out-fucking-standing.
News we can USE. I really got to work on getting as smart as you fellahs.
-
When LE busts dealers on the streets do they sqeeze the dealer for the names of the buyers? Nope.
They sqeeze him for a bigger dealer, someone futher up the food chain.
-
Vendors most likely realize that when/if they get caught, the Five-O will most likely ask who he's getting/giving from/too with potential to be released. Don't believe them, they just want more out of you! Also I'm pretty sure vendors giving away addresses and information will most likely get them a lower rep for I'm positive people would let others know what kind of person they're buying from..
I just can't see it as forming a likely part of a plea bargain as in essence a vendor would have to admit to committing yet more crimes in order to receive a more lenient punishment for a different offence. As you say, they also would have to risk the wrath of SR users.
V.
no but the thing is Police offer not to charge them as hard, and people believe them. They think they can benefit by doing so. People believe it, especially when they're nervous they might try anything. Put yourself in their shoes.
-
no but the thing is Police offer not to charge them as hard, and people believe them. They think they can benefit by doing so. People believe it, especially when they're nervous they might try anything. Put yourself in their shoes.
Any vendor who saves a list of their past transactions, whether for blackmail, or to use as a plea bargain, deserves everything they get. Only an idiot would hand over evidence of their crimes to the police, and only a nasty fucker would have retained the evidence in the first place.
Either way, the buyers would probably be safe in this scenario, and the idiot vendor would have sealed his own fate.
-
If LE acts on SR, im pretty sure they will nab both sellers and buyers. This isnt a traditional street op. Their goal will be to impliment fear and hysteria among everyone here.
-
It's frightening really, i mean we trust the vendors not to save names and addresses as insurance...or at all, but I was just reading on the OVDB forum on this thread [ http://dkn255hz262ypmii.onion/index.php?topic=17108.msg170210#msg170210] and I mean, I guess if I was a vendor and I got caught I would do whatever I could to get out of things, you know? scary
This is different. In the world of hacking + carding pretty much half the people you deal with are informants, basically hackers that were caught then cried for a Secret Service interview so they can catch more hackers. This is standard practice during any carding forum crew takedown over the years.
In the drugs world they don't give a fuck about informants unless you're a in a cartel or something. They certainly don't care about small time either. Carding + hacking = millions gone from banks and bigtime investigations. Drugs (here) = small time second income.
And yes, those ID forgery guy's are well known to hang onto people's face pics and addresses in case anything happens. Albert Gonzalez (who was an informant but still worked on the side for himself) was busted through an ID vendor who kept his picture and info as "insurance.zip" on a USB drive. It's in all the documents, books, stories and legends about shadowcrew forum.
After you're done reading that, read the Cardersmarket and Darkmarket busts how the FBI pulled it off, how they had informants there running Darkmarket and how ID vendors again played a role keeping the information as a Secret Service backup plan should they ever get busted.
For all we know Operation Open Market which just happened was because one of the people listed as on the run as a fugitive is the informant. Master Splynter (FBI) listed himself as 'on the run' to preserve his fake criminal identity for awhile so did cumbajohnny aka Albert Gonzales in his legendary 'i'm on the run' post to shadowcrew inside circle he wrote from the SS headquarters
TL;DR:
Hacking, fraud, carding = they want informants.
Online drugs vending = they don't care, unless you have the goods on DPR. they aren't interested in buyers unless you're shipping precursors like 10 Kilo barrels of Ephedrine per week to a lab in the US
bulllllllllshit. Don't give a fuck about informants unless you are in a cartel or something? Do you really believe that or do you just say it to sleep at night. TONS AND TONS AND TONS of people are in prison due to informants, people who are no where near cartel level. DEA doesn't bother with informants? Please they are first and foremost a human intelligence agency, managing networks of informants and snitches is the primary thing that they do.
This is standard practice during any carding forum crew takedown over the years.
This is standard practice in any sort of organized crime investigation, it shows an extreme amount of naivety to think that they don't use informants regularly against the drug trade
really it amazes me how much you know about what the DEA cares about, exact figures even. why not put that info back in your ass where it came from. But you are largely right about the carder scene.
All the public online mail order is small time, they don't seem to care. Did they turn Ene as informant? They just arrested him. Adam to rat out his biggest customers for leniency? Nope just arrested him and released charges immediately. The Eurphorik guy? No. They could've kept Adam 'on the run' and had him sell huge shipments to dealers in the US to round up but didn't. In the carding and hacking scene, Adam would be still online right now like Sabu trying to bring down every other ring he knows about, trying to get in here and cozy up to DPR using his established undergroudn credentials.
The guy who brough down cardersmarket had limited funding, and they almost gave up on him numerous times because you can only afford so many operations they have to be worth it. It was only because he himself wanted a promotion and stayed up all night pretending to be a master criminal. His only assistance in the beginning was a postal inspector the other agents didn't even give a shit. and this was for multi millions being stolen every day. It's all in his book. It was only when Iceman started talking to the press and usurped the entire black market that they really took notice of him.
They didn't appear to round up any Operation Adam Bomb importers or Ene's customers. Actuallivingmathematics? Just busted, when they could've used him to find out who his source was by ordering more with cash in mail or traceable payments or use his credentials to run a bigtime network to rope in other vendors. They didn't.
Mail order virtual trafficking is small time. IRL drug trafficking is bigtime with billions in cash and hyper violence.
Look up The Datalocking company. It was an ecstasy import ring disguised as a secure service. They cracked it and busted everybody. Could they have kept the owner around to use it as a permanent sting like Sabu? For sure. Advertise the service at a discount to every online drug vendor they can find and get all of them. They didn't. Remember the Dutch guy busted when he ratted out his own distribution people in the US because he thought they were ripping him off? Dutch cops could've kept him on a leash and had him advertise huge trafficking amounts or network with other EU manufacturers and exporters he surely knew. Didn't happen.
You can't say the same with hackers and carders. They all end up busted then becoming snitches, and even taking a salary from the Secret Service. Besides biker gang or mafia and cartel informants never heard of anybody becoming a paid DEA snitch, let alone for mail order. If they did news would've already reported about it once it went down, books written... nope.
Seems to me like every 5 years or so they round up all the low hanging fruit on the internet for the news to prove they should still get way too much tax payer funding then go back to busting Phase III smugglers and gangsters. This is small time. Even Tony's sales here is not even a drop in the ocean of the real trafficking that goes on every day across the Mexican border.
If you were in charge of the DEA, would you committ significant resources to going after small time online dealers with everything you have or would you instead make some token busts to scare everybody away and save funding to stop organized ruthless cartel militia from killing your agents, shooting customs officers, setting off bombs, broad daylight assasinations, shooting prosecutors....
Everybody here should remain paranoid of course but you can guarantee Zetas, Sinaloa, Gulf, Colombian, Guatemalan and other billionaire organized smugglers take priority over this site. When the DEA spread their FUD about how they cracked 'anonymous networks' during the Op Adam bomb case it screamed to me they are more interested in scaring off people from using this site than they are actively trying to take it down because it isn't worth it to them unless it keeps showing up in the press and DPR keeps making interviews, which he does. So I guess we're all fucked anyways lol
tl;dr we're all fucked, except for small time buyers they won't care and there's no evidence to show they ever have cared except for whenever customs or postal inspectors catch a shipment in progress. No rounding up of addresses and busting previous customers for small time personal use.
-
no but the thing is Police offer not to charge them as hard, and people believe them. They think they can benefit by doing so. People believe it, especially when they're nervous they might try anything. Put yourself in their shoes.
Any vendor who saves a list of their past transactions, whether for blackmail, or to use as a plea bargain, deserves everything they get. Only an idiot would hand over evidence of their crimes to the police, and only a nasty fucker would have retained the evidence in the first place.
Either way, the buyers would probably be safe in this scenario, and the idiot vendor would have sealed his own fate.
Absolutely, I completely agree. Regardless, that doesn't mean it won't and doesn't ever happen.
-
anybody who is zerg rushed by the feds here will be asked to give up their own suppliers lol cops don't care about dope consumers. they may care about weapons consumers on that other site. could be prudent to keep a list around of potential terrorists you shipped weapons as a get out of life sentence free card.
-
Note: once you choose a hashing function, you should stick to it. Also, obviously if buyers play games with their addresses e.g. deliberate mis-spellings, then there's not a lot you can do about it. But, if you see something obviously misspelt, that is a 'red flag' for you. Doesn't mean they are scammer, it could be the buyer is trying to ensure more of the so called 'plausible denialability', but still.
Fuzzy hashing could help eliminate that unless the customer horribly misspells shit. Instead of hashing the entire address, split it up into chunks of say 5 bytes, then hash those chunks. Now if they make a single misspelling, there will still be a % match to the previously stored hash that will be statistically higher than normal. This will take a bit more work to do. You also generally want a big input when working with fuzzy hashes, an address doesn't really give a whole lot of data to work with (versus say a 1megabyte image that you want to be able to detect even if it has had some graphics editing done to it), and if the sections are too small it will make brute forcing easier and make salting much more required and also since it is such a small input and addresses are sometimes close it could lead to some false positives.
Right now I would like to find a list of all possible legitimate ways to write out the same address, so I can have my script standardize them prior to hashing.
edit: since it was Pines idea and he/she/it seems keen to write the script, I will discontinue mine. What language are you going to write it in Pine?
Fuzzy hashing seems like a superior idea, thanks for that. It was intending to write the code in Javascript, it's a small language but it's powerful enough for something like this. Really we ought collaborate on the idea , many eyes make bugs shallow and all. Although the actual code is relatively trivial and short, a lot of thought needs to go into it to make it right. Also I haven't done much work on the Javascript API, but it looks easy to learn.
What I'll do, is write up an initial draft with the bare bones functionality. Then I'll come back here and yourself and the other guys can critique it. That way I can get feedback and people can pose problems/logical errors I haven't thought of, as well as making nicer code and so on. After 2 or 3 drafts, it ought to be good.
On the issue of public hash black-lists, I think we ought to wait to brainstorm it until this is implemented. This little project shouldn't take too long anyway. Better to have something concrete first. Still, if anybody has any sudden insights, pop them onto the coding thread anyhow just in case you forget them later on.
Also, on the issue of address formatting, there's a handy webpage posted here called "frank's compulsive guide to postal addresses" that might prove handy (was one of the first threads on this forum).
-
Why bother when GPG, Truecrypt and dozens of other encryption algos already exist and are proven.
Prison employees break code all the time that prisoners send to each other, and if they can't it goes to the FBI code breaking lab who have broken everything except one guy http://www.nytimes.com/2011/04/01/us/01code.html
The unabomber was a PHD mathematician and they eventually broke his codes
Ah, but this isn't an encryption algorithm. It may appear to be similar, since in both cases you're turning plaintext into incomprehensible junk, but a hashing algorithm and an encryption algorithm do not serve the same purpose.
With an encryption algorithm, you are turning plaintext into ciphertext. Should you have some special information, then you can find the pattern and reverse the ciphertext into plaintext.
With a hashing algorithm, you are turning plaintext into a hash. You cannot turn the hash back into plaintext. Although that hash uniquely identifies the plaintext, you cannot easily derive the plaintext. Your receipt from a shop could be using hashes so it can be proved you used your credit card to buy those bags of groceries. However, don't be collecting all those discarded shopping receipts in order to extract credit card numbers just yet, because you won't be able to reverse the hash.
You can however, very easily turn the plaintext into a hash. So, if you have a list of suspect addresses, then you could turn them into hashes and compare them to any public hashes on a black-list. That's a bit of a problem even if they are all scammers (could affect the reputation of the Silk Road because the media wouldn't distinguish between scammers and legitimate buyers, they'd just say "darkweb drug users busted by their own drug website!"), so that's why we need to do some more brainstorming on that issue.
First, we enable vendors to use hashes in a private list so that buyer security (even if scammer) is stronger, then think about the possibility of public lists later.
On the issue of CSI or whoever breaking hash algorithms, it's like somebody cracking the Tor network or PGP, it's possible, it's just not very likely. Most threats are hypothetical rather than actual.
-
If a seller gets caught, I would think the cops would be happy enough to have him/her off the street.
You mean off the road right? I have every intention to point at my screen and say yeah its pot2peer catch him he has a random hash tag, he has no ip address. get him boy get him. oh poor piggly wiggley cant find him... oh poor piggie... whose a good little piggy piggy pig. ooh good piggy.... heres a donut and an oz of weed fuck off.
-
I'm seriously amazed. I love anyone who can turn a difficult problem that everyone complains about into a serious solution.
On the one note about LE being able to view the hashes and play "guess and check" to turn address and match them, why not just make the hash list private so that only established venders could see them? Like you have to have a set number of transactions and then you can view the blacklist hash page? This way LE would have to actually be working and selling drugs in order to view the page. The low level sellers generally don't have to worry about scammers nearly as much because A) their product isn't proven to be good yet and B) even scammers worry about a new vender being a scammer or even LE.
Just a thought
-
I like how this topic is turning out :)
-
I actually did think of a problem with the system. College buyers probably provide a large market for the venders and are also probably scammers in larger numbers as well. The people that live in rental houses for a year could blacklist that house for every new person who rents there and choose to buy. I'd imagine that college kids buy in bulk and resell in college as well so this might be an issue with the system. I think the addresses should also have some sort of voting system as well since one hot headed vender could blacklist someone if they claim a product didn't arrive once, when in reality it was taken by customs or something. I'd say any address that doesn't have product arrive to it more than 3 times is an issue.
To fix this maybe reset the blacklist address every 2 or so years after its been added? This way we can ensure rental houses and apartments aren't forever doomed.
-
anybody who is zerg rushed by the feds here will be asked to give up their own suppliers lol cops don't care about dope consumers. they may care about weapons consumers on that other site. could be prudent to keep a list around of potential terrorists you shipped weapons as a get out of life sentence free card.
Like I said earlier when Im waiting for a package. I have my orders page opened right up. Go ahead get mr Humboldt. Get mr NorCal. Oh wait no IP Address, and a fictious sending address. Oh No.
Ive been grilled before about my supplier, I didnt say anything and paid my fines, did the drug counseling BS (Rehab for weed LOL, i was in there with meth and opiate addicts.)
"Well let you go, it will be like this raid never happened just tell us who." This was when I delt w/ humans in person. Now I can point at my laptop, and say Time Warner is involved in trafficking, and the banks who take bitcoin deposits are involved in laundering. I know people in the media and I will get my message out.
-
why does everyone just think cops want sellers.
They are also after the Buyer this guy is the guy that has all the knowledge think about it he shops everywhere you,neigbors,bars,clubs.malls,schools anywhere there is a deal to be had for good drugs (that is common sense and facts)
the cops really want guys like this because they know everyone that sells everything some guys get busted by narc's for coke so next you here 3-5 coke dealers are popped then 5 weed dealers 2 others selling pills who do you think gets these guys pinched ( the buyers ).They get so messed up on shit they start feeling comfortable doing this that they don't see the cops following them or just figure it's not for them all the time they are being survailled.
Sellers are just that they know some dealers but mot alot because they stay away from them for fear of the cops linking them together and making a RICO case most dealers are secluded once the game starts paranoia sets in and it gets stronger and stronger as their client base grows.
They will bust Buyers just as fast as dealers so don't ever think different.
And as daveh0we said kind of hard to trace a NO IP Address and get legit addresses if you use fake names and addresses.You can almost guarantee that everytime they remove a suspicious package out of the mail they are going to run the name and address sure they might get a couple hundred names that match but the addresses don't well then where do they go from There I would say they red flag the name and everytime a parcel with that name appears in any state or province they seize it and open it for verification.
I have noticed that I used my real name three times when ordering and some expected shit happened My first order was .001 scales never received them (scammed )
2nd order was set of scales (from Netherlands package was opened and resealed) I received them late but still got them.
Order 3 (was 50g hash never received used my real name as some people on here state use your real name LESS likely to get busted WRONG) never arrived so I use a clean alias name for last 6 orders and guess what the packages all arrive with out incident the name is clean and there is no CRIMINAL RECORD associated with the name or address.
I figure the cops are going after Buyers more because they need the Info so they can do the raids and busts so they look good and get increased funding without buyers they are almost lost in the woods like everyone else
-
why does everyone just think cops want sellers.
They are also after the Buyer this guy is the guy that has all the knowledge think about it he shops everywhere you,neigbors,bars,clubs.malls,schools anywhere there is a deal to be had for good drugs (that is common sense and facts)
the cops really want guys like this because they know everyone that sells everything some guys get busted by narc's for coke so next you here 3-5 coke dealers are popped then 5 weed dealers 2 others selling pills who do you think gets these guys pinched ( the buyers ).They get so messed up on shit they start feeling comfortable doing this that they don't see the cops following them or just figure it's not for them all the time they are being survailled.
Sellers are just that they know some dealers but mot alot because they stay away from them for fear of the cops linking them together and making a RICO case most dealers are secluded once the game starts paranoia sets in and it gets stronger and stronger as their client base grows.
They will bust Buyers just as fast as dealers so don't ever think different.
And as daveh0we said kind of hard to trace a NO IP Address and get legit addresses if you use fake names and addresses.You can almost guarantee that everytime they remove a suspicious package out of the mail they are going to run the name and address sure they might get a couple hundred names that match but the addresses don't well then where do they go from There I would say they red flag the name and everytime a parcel with that name appears in any state or province they seize it and open it for verification.
I have noticed that I used my real name three times when ordering and some expected shit happened My first order was .001 scales never received them (scammed )
2nd order was set of scales (from Netherlands package was opened and resealed) I received them late but still got them.
First off bill you can purchase milligram scales off ebay. If it is an anonymous worry, get over it. digital scales are legal and have several legal purposes. I will never take a charge for a scale again, I will argue till the judge wants to call it a day.
Second. I am only a Visual Basic Programmer yet I have the skills to query a database for a name and address, and then query that name based on other spellings and uses "Andy"it is a girl or boys name, it could be andrew, drew, andrea, etc. My program would pull one of these addresses with one of these names that can be said differently or spelled differently K instead of C, kn instead of n stuff like that. The Instant I picked up my first SR package, I pictured my SR vendor running a similar application or doing it manually. I have had telephone, address lookup cd sets that private detectives purchase.
Compatible DB APIs, custom query software, and some custom reports and it could all be automated.
-
Vendors most likely realize that when/if they get caught, the Five-O will most likely ask who he's getting/giving from/too with potential to be released. Don't believe them, they just want more out of you! Also I'm pretty sure vendors giving away addresses and information will most likely get them a lower rep for I'm positive people would let others know what kind of person they're buying from..
I just can't see it as forming a likely part of a plea bargain as in essence a vendor would have to admit to committing yet more crimes in order to receive a more lenient punishment for a different offence. As you say, they also would have to risk the wrath of SR users.
V.
snitches generally get limited immunity, so they can't be charged for some types of other crimes they admit to when they give information after a plea
-
I agree davehOwe they cross reference names with either spelling I am just saying I have had 3 packages lost from Netherlands that were in my name Now I use a clean alias and they get received at all of my pick up points I just think the use buyers more for the info than most vendors believe.With out them informing it makes their job a lot harder.
I keep my SR business computer in a seperate building so it is only used for SR,BMR & Tormail Thats it I don't surf download or anything with it small netbook so I can use it mobile if need be like Starbucks or Subway
I am very paranoid about getting caught and people cracking my computer
-
I agree davehOwe they cross reference names with either spelling I am just saying I have had 3 packages lost from Netherlands that were in my name Now I use a clean alias and they get received at all of my pick up points I just think the use buyers more for the info than most vendors believe.With out them informing it makes their job a lot harder.
I keep my SR business computer in a seperate building so it is only used for SR,BMR & Tormail Thats it I don't surf download or anything with it small netbook so I can use it mobile if need be like Starbucks or Subway
I am very paranoid about getting caught and people cracking my computer
What I am trying to say is that the return addresses are real addresses with names changed or mispronounced. Everytime its a random address in the area. Change the name from Kris to Christine or andy to andrew. So if it gets returned the person receiving it says no not me WTF?
As for your SR rig. LOLZ. I got it on my 40" Telli in the living room right where the maine entrance is. the same entrance where the mail drop is. Hey im a ronpaul man and I will blow the whistle as loud as I can. check my profile and scroll back to my first posts. My life is an afterschool special, made for television movie.
-
I wouldn't be on SR, if I wasn't convinced I could do a stretch, if worse came to worse--selling or buying, or getting cracked for money laundering or whatever other beefs they came up with. I learned a long time ago, and know from experience, that you shouldn't be here if you can't keep your mouth shut in a pinch.
The best thing going for us, is the extreme difficulty they'd have in proving any of this in a court of law. They could arrest us, but I've talked to a lawyer, and she said they probably couldn't even explain bitcoins to a jury, much less TOR. Of course they'd bank on inexperienced frightened people giving it all up, but giving *what* up? Some addresses? That doesn't prove a thing.
I encourage everybody to have a good bondsman's number, if shit hits the fan, keep quiet, get a lawyer, and these cases would be fun as hell to watch. Try to get a conviction. No way.
-
The last thing they want on the front page of the Times is that they busted some Schedule IV users who probably have legit prescriptions that just ran out a little early. Customs does nothing about Schedule IV except send you a letter telling you that you are a bad little boy.
They want the flashy drugs, so they can tell the soccer moms that the internet is safe for their children again. They want to make an example of the dealers, hang a bunch of federal mail fraud, money laundering, distribution charges over their head, unless they flip on their source.
Standard shit, and we will see it here. Someone will get lazy, and it will happen. As far as the actual topic of the thread, I doubt they will spend too much time on any addresses they find, unless there are large customers, who they will then pretend to make a sale to, and then it is controlled delivery time.