Silk Road forums
Discussion => Security => Topic started by: kmfkewm on May 08, 2012, 01:04 pm
-
http://www.scribd.com/doc/92797476/FBI-Bitcoin-Report-April-2012
-
thanks will read later
-
Very interesting. Looks like they are making a case to require identification for all bitcoin transactions. Also interesting that they specifically cite Lulzsec and SR...
-
Why can't they just leave us alone?
Noone is dying.
Nothing bad is happening.
Can't they see that the world of bitcoin/sr is absolutely fine as it is?
-
terrible quality.. but reading
-
Quite an interesting read; it would seems that people really ought to be looking into new bitcoin services as often as possible as the FBI won't have ins with them yet.
~Digi
-
Posting this so I remember to check back later, post your thoughts if you've read it. Definitely interesting. Will read when I have time, I skimmed.
-
Great link kmfkewm! Your a life saver.
[Would someone sticky this to the top of the security forum for a few days? This info is gold]
-
http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf
Non Scribd link. (I can't stand that site.)
-
Just remember to open your untrusted PDFs in a clean virtual machine that you can shred after closing. PDFs have a multitude of security vulnerabilities that could allow malicious code execution of your machine. Scribd converts the data to nice clean images and html.
And I don't know about you but if I were going to infect a bunch of computers that are used to buy drugs I would include a bunch of information that would seemingly help out the criminals to deliver my malware. Think back to the Iliad, the first Trojan Horse in history was great gift for the people that it was meant to attack.
-
Just remember to open your untrusted PDFs in a clean virtual machine that you can shred after closing. PDFs have a multitude of security vulnerabilities that could allow malicious code execution of your machine. Scribd converts the data to nice clean images and html.
And I don't know about you but if I were going to infect a bunch of computers that are used to buy drugs I would include a bunch of information that would seemingly help out the criminals to deliver my malware. Think back to the Iliad, the first Trojan Horse in history was great gift for the people that it was meant to attack.
Malware, LEOs, doubtful.
Also, i am not aware of pdfs being such a security risk. I don't have acrobat on my machine, but would preview do malicious things?
-
The preview is still parsing all of the pdf data on your local machine. I find it unlikely that it would be the same vulnerabilities but there are still most likely security holes. And it is doubtful that LEOs would use malware.
If I may refresh your memory on the subject of HBGary developing rootkits for the US government. And when you read the document watch out for a line that states
-
Very interesting. Looks like they are making a case to require identification for all bitcoin transactions. Also interesting that they specifically cite Lulzsec and SR...
The FBI doesn't always get what it wants. As for Lulz... that was their own work, now wasn't it? And we can all thank Wired for the notoriety of SR. It would also seem that LEO's are using weaselly scripting - not necessarily malware, but certainly spyware for IP reporting - to snag the pedos.
Ah. Hello to you all, I'm new here. In the interest of avoiding newbie shit, perhaps I should resist emoticons.
Relevant data:
DoC: I'm a prescription tweaker. Just not a crazy one.
Please feel free to flame me to a crisp for any breach of local etiquette. I bear no acrimony for a well-executed flame.
Yes, I really do talk and type this way.
Love amongst us all!
-
http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf
Non Scribd link. (I can't stand that site.)
Thank you indeed. The URL and file both come up clean on VirusTotal, incidentally.
-
link to the wired article for those who don't want to read the doc.
http://www.wired.com/threatlevel/2012/05/fbi-fears-bitcoin/
-
Thanks for posting that. I am sure it is not coincidence that the report came out around the time of the 420 sale. I believe btc would pretty much die without SR supporting it. Just look at how the BTC fluctuated that week.
-
I found this part interesting - the FBI of course in discussing methods used to identify users have inadvertently revealed methods by which people can frustrate their efforts:
But the FBI helpfully lists several ways that Bitcoin users can protect their anonymity.
Create and use a new Bitcoin address for each incoming payment.
Route all Bitcoin traffic through an anonymizer.
Combine the balance of old Bitcoin addresses into a new address to make new payments.
Use a specialized money-laundering service.
Use a third-party eWallet service to consolidate addresses. Some third-party services offer the option of creating an eWallet that allows users to consolidate many bitcoin address and store and easily access their bitcoins from any device.
Individuals can create Bitcoin clients to seamlessly increase anonymity (such as allowing users to choose which Bitcoin addresses to make payments from), making it easier for non-technically savvy users to anonymize their Bitcoin transactions.
Sounds about on the money - of course they missed out the obvious one which is paying for BTC in cash which gets around all these issues of bank accounts being traced. :-)
V.
-
I believe btc would pretty much die without SR supporting it.
I could not disagree more.
-
Hmm, Dwolla made me send in a picture of my drivers license the other day so I could buy Bitcoins from MtGox. I haven't read the PDF but now I'm a bit worried.
-
Are you kidding me? And you sent it? The general consensus on this forum is to avoid Mt. Gox and Dwolla as if they were the DEA.
-
It's either those two or nothing. I've been using it for almost a year now without problems.
-
It's either those two or nothing. I've been using it for almost a year now without problems.
My advice is to stop and find another solution. There are ways to acquire the coins anonymously, and Dwolla->Mt.Gox is not one of them.
-
Are you kidding me? And you sent it? The general consensus on this forum is to avoid Mt. Gox and Dwolla as if they were the DEA.
They are the DEA, or at least they're working hand-in-hand with the DEA. If you bought Bitcoins through MtGox then be prepared to launder them carefully before they get to SR.
-
Proves the FBI doesn't give a shit about Bitcoin. Real criminals are making thousands of bank accounts with fake information to launder huge sums. BTC is like chump change to the feds
-
It's always about the money. Anything or anyone that makes any real money is subjest to the mob (government) wanting to control it. Just look at how the dea and cia have been taking over the coke business in america. Hell the cia flooded the streets with coke to fund the iran contra affair. Just look at what they did to freeway Ricky Ross
-
It's always about the money. Anything or anyone that makes any real money is subjest to the mob (government) wanting to control it. Just look at how the dea and cia have been taking over the coke business in america. Hell the cia flooded the streets with coke to fund the iran contra affair. Just look at what they did to freeway Ricky Ross
That puts me in mind of an question. I've heard the Russian crime syndicates are backing Freedom Hosting; but aside from that, where _are_ the fucking syndicates around here and why aren't they taking better care of us customers?
Onionland seems to be more or less a grassroots affair, with the possible exception of the high-roller events betting. Even the hitmen-for-hire seem to be private entrepreneurs.
-
I read this report yesterday and it is becoming clear that the technology isn't the fault that will lead to people being caught, rather it is the "last mile" is what will people up. So getting those bitcoins into cash (and then into your pocket) is how folks will be caught.
This means, obviously, you don't want to buy your bitcoins with a bank account - and you SURE do NOT want to sell your bitcoins and have the cash wired into your bank account. This really puts people in a hard position to get the cash out.
The two options that really stick out to me are:
http://bitcoin-debit.com/
and
https://www.btcpak.com/
With bitcoin-debit, they require documents (passport) in order to obtain it; however, on can send fake documents with a little time and effort. Then once can go to a cash station that doesn't have a video camera and withdraw funds.
The btcpak (Money pack) does not require any documentation, but it has much smaller funding limits the bitcoin-debit.
So, folks, what other options are there? How can one cash out their bitcoins and not have a paper trail that comes back to you?
-
Cash out your bitcoins? buy silver and gold with them.
-
Gold is a good idea, or use them to buy shit
-
Gold.. or alternately one could generate a plausible reason WHY you were getting all those Bitcoins.. like say leasing multiple Mining contracts (with your actual USD) then claiming that these (false front) Mining Rigs made you the coins which you then cashed out in the normal way.
Just think of it this way.. cashing out bitcoins is not a crime. Getting bitcoins by dealing drugs is the crime. Generate a plausible way to get the bitcoins and cash out like normal.
-
Generate a plausible way to get the bitcoins and cash out like normal.
I've thought about this - like saying I sell a product...The problem with this (any false front) is that you would have to find a way to have an actual paper trail if you are ever in an unfortunate position where you have to defend yourself.
Are there any places still around that will send you actual cash via the mail? I think get-bitcoins still does, but is there anyone else?
-
Buying and selling bitcoins isn't illegal.
-
Buying and selling bitcoins isn't illegal.
I realize I do not have many posts here but this is key, this statement says a lot. To prove that drugs have been bought or sold without hard evidence (i.e. the drugs) is a real long shot for the prosecution team.
-
I invested mine safely in heroin. 8)
-
Buying and selling bitcoins isn't illegal.
I realize I do not have many posts here but this is key, this statement says a lot. To prove that drugs have been bought or sold without hard evidence (i.e. the drugs) is a real long shot for the prosecution team.
But don't fool yourselves. Buying/selling bitcoin is VERY SUSPICIOUS, especially if LE is already investigating you for drugs...
-
Buying and selling bitcoins isn't illegal.
I realize I do not have many posts here but this is key, this statement says a lot. To prove that drugs have been bought or sold without hard evidence (i.e. the drugs) is a real long shot for the prosecution team.
But don't fool yourselves. Buying/selling bitcoin is VERY SUSPICIOUS, especially if LE is already investigating you for drugs...
correct, and suspicous = illegal in the minds of most LEO
-
Are you kidding me? And you sent it? The general consensus on this forum is to avoid Mt. Gox and Dwolla as if they were the DEA.
They are the DEA, or at least they're working hand-in-hand with the DEA. If you bought Bitcoins through MtGox then be prepared to launder them carefully before they get to SR.
I learned the hard way not to trust Dwolla. Fuck those guys. They fucked over Tradehill too.
-
Yep, that's the dilemma that most of us realize we are in, but sometimes it takes a while: The more we protect ourselves from scrutiny, the worse we look if we do get nabbed.
I mean, the more hidden I am from some roving LE eye, the worse I'll look if the hammer falls for whatever reason. The do go by circumstantial evidence you know. Normal innocent people aren't usually on some druggie site, throwing btc around, using pgp to hide our addresses, etc., etc...
I mean, I like Tails, I like GPG, I like using btc, like bouncing around in TOR, like yapping on here. None of this is illegal...but, u know, it will depend a whole lot on how good your/my lawyer is, if shit gets heavy. Sometimes I have to remind myself that, hey, moving btc around isn't against the law, calm down...but then I wonder if I do that xtra bounce to an online wallet or two...will this look like money laundering?
Fuck if I know.
-
Yes it's my first post but gotta start somewhere!
Is Mt Gox not a reliable way to start buying Bitcoins? What is a better way to do it if I am not based in the US or UK and can't do international transfers....
-
Well I have a few questions:
Someone mention Dwolla and mtgox might as well be the DEA? How is this so? Someone please explain a little further? I am sending about $200-300 per week thru Dwolla and using MTGOX.
If Dwolla and MTGOX are not safe what should I use? If using these services are not safe it would seem I am already fucked as they are already watching me correct lol? I am just a small buyer but still pretty safe on getting a package?
Someone said Dwolla screwed them over? How did this happen?
-
Well I have a few questions:
Someone mention Dwolla and mtgox might as well be the DEA? How is this so? Someone please explain a little further? I am sending about $200-300 per week thru Dwolla and using MTGOX.
Considering Mt Gox has like 80% of market feds would have much bigger fish to fry if mt gox just opened books.
If Dwolla and MTGOX are not safe what should I use? If using these services are not safe it would seem I am already fucked as they are already watching me correct lol? I am just a small buyer but still pretty safe on getting a package?
Someone said Dwolla screwed them over? How did this happen?
I think it's more the fact you have a conspicuous paper trail leading right to your real bank account. There's no evidence that Mt Gox just open books to feds without subpoena. No reason they would do so willingly since that's bad for business. They're in Japan and their TOS says they they will turn stuff over but only on subpoena so it's just if you're already being tagged that the mt gox to dwolla could be nail in coffin.
If you want to be totally safe you should buy with cash from local bitcoin seller or bitinstant.
-
Well I have a few questions:
Someone mention Dwolla and mtgox might as well be the DEA? How is this so? Someone please explain a little further? I am sending about $200-300 per week thru Dwolla and using MTGOX.
Considering Mt Gox has like 80% of market feds would have much bigger fish to fry if mt gox just opened books.
If Dwolla and MTGOX are not safe what should I use? If using these services are not safe it would seem I am already fucked as they are already watching me correct lol? I am just a small buyer but still pretty safe on getting a package?
Someone said Dwolla screwed them over? How did this happen?
I think it's more the fact you have a conspicuous paper trail leading right to your real bank account. There's no evidence that Mt Gox just open books to feds without subpoena. No reason they would do so willingly since that's bad for business. They're in Japan and their TOS says they they will turn stuff over but only on subpoena so it's just if you're already being tagged that the mt gox to dwolla could be nail in coffin.
If you want to be totally safe you should buy with cash from local bitcoin seller or bitinstant.
Well I am definitely closing dwolla and mtgox but I am just worried something happening 4 months down the road... grrr this blows
-
Well I have a few questions:
Someone mention Dwolla and mtgox might as well be the DEA? How is this so? Someone please explain a little further? I am sending about $200-300 per week thru Dwolla and using MTGOX.
Considering Mt Gox has like 80% of market feds would have much bigger fish to fry if mt gox just opened books.
If Dwolla and MTGOX are not safe what should I use? If using these services are not safe it would seem I am already fucked as they are already watching me correct lol? I am just a small buyer but still pretty safe on getting a package?
Someone said Dwolla screwed them over? How did this happen?
I think it's more the fact you have a conspicuous paper trail leading right to your real bank account. There's no evidence that Mt Gox just open books to feds without subpoena. No reason they would do so willingly since that's bad for business. They're in Japan and their TOS says they they will turn stuff over but only on subpoena so it's just if you're already being tagged that the mt gox to dwolla could be nail in coffin.
If you want to be totally safe you should buy with cash from local bitcoin seller or bitinstant.
Well I am definitely closing dwolla and mtgox but I am just worried something happening 4 months down the road... grrr this blows
Honestly, I wouldn't sweat it too much unless you're a vendor and have been transferring both ways. Like I said, it's only if you're already being watched from other activity and they got warrant. Even if you were purchasing for sale IRL, SR has secure method for shaking up BTC that there's no way for them to trace your activity once coins hit SR so no way to know you're anything but a buyer which they don't seem to be pursuing. At least not now.
-
<snip>
Well I am definitely closing dwolla and mtgox but I am just worried something happening 4 months down the road... grrr this blows
Just a friendly tip. It's good not to fall into the 'paranoia' trap, where we start worrying that feds are everywhere. Mt Gox and other places like that are ok,and tho they are a bit of a pain, give better deals than using inhouse vendors. But btc aren't illegal, drugs are. I like speculating in btc, as sometimes I can make a few bucks doing that, it's legal. And sometimes I buy btc from inhouse vendors like btcKing and btcBuddy: they've always done me right, and I'm ok with the xtra I pay for the convenience. And I like bouncing them to an instawallet a time or two. Why? I don't know, just do.
It's good to show a bit of common sense, maybe use Tails as an OS if you are going to do any purchasing on main stite...but TOR and btc--neither one is illegal--but they are the hump we have to get over if we do plan on purchasing on main site. And one has to have a bit of 'acceptance of one's fate,' or a basic 'who gives a shit' attitude if one is going to engage in felonious drug pursuits....
-
Why not just use BitInstant's cash deposit at a local bank and use those funds to do BitCoin by Email (use tormail.org) or fund a BitStamp account, which is TOR friendly. When depositing with cash you don't have to give out any personal information or have a bank account, the only downside to it is that banks do have security cameras, but thats really a shot in the dark unless you are already being watched.
For the super paranoid, why not use Get-Bitcoin.com's cash by mail option? If you're using fake info & accessing the site via TOR then there is no trail at all. Their turn around time isn't bad at all. Cash by mail via stamped envelope (coast to coast) only took 3-4 days before my coins where deposited. If you're really in a hurry you can pretty much get coins the next day if you use expressmail.
I've never understood why anyone would use MT GOX, especially since BitStamp's exchange rate is almost always the same as MT GOX.
-
1. Open tor
2. Go to bitinstant.com and setup a BOA cash dep.
3. Make sure to use a fake tormail throwaway account and bitinstant will email your coins cia a coinapult.
All within tor!
Just throw on a hat or go through the drivethrough, I just swap tags with a dummy plate on my car long enough to slip my 500.00 to the teller. Total fees are under 20.00. Why would anybody use a mp? Or wu? Cash at BOA with email option is sweeet
-
I've never understood why anyone would use MT GOX, especially since BitStamp's exchange rate is almost always the same as MT GOX.
Two primary reasons.
Commonality. If you do lots of exchange trading, and seeing how btc currency exchange trading is the top reason btc is used, eclipsing even SR, a Mt Gox account is a necessity since everyone has one.
Security. Not like Mt Gox has best track record, but as an established first generation player they've been around the longest and are thus most familiar from past experience on how best thwart constant attacks and remain secure. For this reason, I would hesitate with any new exchange site since I have no idea how competent they are or if they have any idea how to handle the overwhelming number of attacks they'll be subjected to once they become established. Your information might be compromised without your knowledge should they do a poor job just setting up their server infrastructure. Look at what just happened to bitcoinica.
Never used bitstamp but I would make sure to always CAREFULLY go over the ToS of any new service no matter how promising the cutthroat rates they have on offer are and wait for a while to watch them in action before signing up. Find out if they guarantee your deposits and how much, and how they store your info, etc.
-
Thank you so much for the read man! It's great that we can pool our knowledge like this.
-
Great read and info for reference. I have stayed away from Mt. Gox and Dwolla, and really have no interest in using either service.
-
FUCK THE FBI
-
Just remember to open your untrusted PDFs in a clean virtual machine that you can shred after closing. PDFs have a multitude of security vulnerabilities that could allow malicious code execution of your machine. Scribd converts the data to nice clean images and html.
And I don't know about you but if I were going to infect a bunch of computers that are used to buy drugs I would include a bunch of information that would seemingly help out the criminals to deliver my malware. Think back to the Iliad, the first Trojan Horse in history was great gift for the people that it was meant to attack.
Malware, LEOs, doubtful.
Also, i am not aware of pdfs being such a security risk. I don't have acrobat on my machine, but would preview do malicious things?
not really.....they used it to catch Maxvision.....they use it for many other "anti-
criminal" takedowns.
-
Just remember to open your untrusted PDFs in a clean virtual machine that you can shred after closing. PDFs have a multitude of security vulnerabilities that could allow malicious code execution of your machine. Scribd converts the data to nice clean images and html.
And I don't know about you but if I were going to infect a bunch of computers that are used to buy drugs I would include a bunch of information that would seemingly help out the criminals to deliver my malware. Think back to the Iliad, the first Trojan Horse in history was great gift for the people that it was meant to attack.
Malware, LEOs, doubtful.
Also, i am not aware of pdfs being such a security risk. I don't have acrobat on my machine, but would preview do malicious things?
not really.....they used it to catch Maxvision.....they use it for many other "anti-
criminal" takedowns.
That pdf preview will you harm just as well.
No need for download or installation.
That's why you always got to have the latest acrobat reader for your pdf.
The same goes for your flash to watch youtube and such.
No need for downloading a movie or so, to get a infection.
Always keep those 2 up to date.
A preview in a sandbox should be safe though against malware, not to protect your anonymity.
-
http://www.scribd.com/doc/92797476/FBI-Bitcoin-Report-April-2012
What does BTC have to do with the FBI? Since when can our government just impose on anything they want without regard to privacy? And people say this country is free? I seriously doubt it. When I drive around without my seat belt I'm not inflicting any harm on anyone, but then again it is ILLEGAL to do so. That means no freedom to me.
-
As a small buyer, should this worry me? or should the worrying be left to the major sellers?
Also, say they take BTC down/start requiring ID. Does SR also go down, or will the community have found "BTC2.0" within a few weeks?
-
As a small buyer, should this worry me?
No.
Also, say they take BTC down/start requiring ID. Does SR also go down, or will the community have found "BTC2.0" within a few weeks?
If they take BTC down then BTC2.0 can't go up in a few weeks until it's demonstrated it will survive the security flaws that took the original currency down. Plus, it would take the public that lost their shirts from the first one a while before they'd be willing to embrace virtual currency again.
But fortunately, I don't see BTC as perceived to be enough of a threat that it would the focus of a take down anytime soon. And the more it's enjoys wide scale adoption, the more carnage incurred should it be taken out, the less likely it would happen. Also, the BTC code is very dynamic because it's modular, so it's capable of adapting to emerging technological threats before they happen.
If they start requiring ID to make BTC harder to obtain anonymously, then the vast numbers of people that have stockpiled bitcoins will be able to sell them at a premium for cash to anonymous buyers. :) There are enough exchanges that would be unaffected, but this might have the unintended affect of driving the value of the currency up which is not what their goal is.
-
Bitcoin is the spirit of electronic currency. If it is banned or ID required in one country, exchangers will pop up in other countries.
-
I hope the fbi doesnt try to shut down bittcoins!
-
mtgox has informed users that they are in full cooperation with law enforcement. dwolla is a usd based business, yes? this say to me that usa le is breathing down the neck of mtgox and dwolla, who are giving all the information that they are "asked" to hand over.
what will the end result be? my guess is that le has a goal of making any btc to usd transaction tracked and only possible if you have made yourself identifiable with personal information up to and maybe including social security numbers.
this is a sure way to shrink the activity, with btc, that those fuckers who think that they are in control(le, elected officials etc.), deemed illicit.
such a goal is a massive task using many man hours, and we know that with government, money is no object.
it has only been a year that le has had it's eye on btc and they will not stop going after it, to control it.
keep it anon. and stay off the "radar".
-
Thank you for the info
-
Don't touch MtGox unless you are trading BTCs innocently. They require ID. If you provide a false one they will freeze your account as I found out to my cost. And the thing that caused them to shaft me was I accessed their site using Tor. This is not rumour. They told me outright. I think the process of tracing a MtGox account back to a real bank account is trivial for any halfway competent LEO. You have to get a halfway competent LEO first. They are rare but they do exist.
-
That's funny...I recall the FBI as being part of the Executive branch thereby not responsible for any legislation regarding the (or any) economy.
-
https://buyvcc.com/shop/paypal-and-ebay/tripleverifiedpaypal/
-
ID for bitcoins? God, I hope not. Gee, my first post.
MockFrog
-
Don't touch MtGox unless you are trading BTCs innocently. They require ID. If you provide a false one they will freeze your account as I found out to my cost. And the thing that caused them to shaft me was I accessed their site using Tor. This is not rumour. They told me outright. I think the process of tracing a MtGox account back to a real bank account is trivial for any halfway competent LEO. You have to get a halfway competent LEO first. They are rare but they do exist.
By requiring ID, do you mean for a verified account? I have always used the cash deposit option from Bitinstant to MtGox and never had to provide ID.
Never had a problem with MtGox but after reading this thread I may switch up my methods to this new BTC to Email option from Bitinstant.
-
As a complete newb to bitcoin and SR, this thread is invaluable and I thank OP for posting this.
-
A quick question.
If you send BTC from MtGox, will your IP or MtGox server IP show up in public internet transaction records?
-
Nice info.
-
That's wild. But I have faith in anonymity.
-
Interesting.... many points to consider...
-
There aint nothin they can do about it its worldwide currency yo how are they gunna shut it down theres 100s of thousands of distributors if not more
-
Good read, I hope FBI doesnt spoil out fun.
-
There aint nothin they can do about it its worldwide currency yo how are they gunna shut it down theres 100s of thousands of distributors if not more
agreed. safety in number :) 8)
-
The U.S. Government is just pissed that they are not getting their normal piece of the pie. They're just irate that they are not getting their cut.
-
Yah. They are definitely just pissed because they can't regulate it and just keep printing it when they need more.
You think the feds actually wanna MINE BTC?
Haha, you wish!
So, they'll just pull the plug on the interwebz.
-
will someone copy/paste the article? surely my tor aint the only one that sucks nuts(at a very slow pace)...
-
link to the wired article for those who don't want to read the doc.
http://www.wired.com/threatlevel/2012/05/fbi-fears-bitcoin/
Its quite amusing that magazines/newspapers publish articles about Tor, Bitcoins and SR... I mean its only generating more users of these services - nothing else.
I'll happily admit that I discovered Tor and Silk Road through the Rolling Stone article late 2011.
-
rolling stones brought me here also. but i had the magazine for like 3 months before i read the article. talk about it, if it were a snake it would of bite me. lol
-
Traveling the Silk Road:
A measurement analysis of a large anonymous online
marketplace
Nicolas Christin
Carnegie Mellon INI/CyLab
nicolasc@cmu.edu
Working paper
First version: May 4, 2012.
This version: August 1, 2012.
Id: paper.tex 1286 2012-07-30 21:29:14Z nicolasc
6.2 Potential intervention strategies
Given the nature of the goods sold on Silk Road, it is quite clear that various law enforcement agencies
may have a strong interest in trying to disrupt Silk Road operations. They appear, so far, to have been
unsuccessful since the site is still up and has grown in size since Sen. Schumer called on the U.S. Attorney
General and the head of the U.S. Drug Enforcement Agency to put an end to it.
We discuss four possible intervention strategies that could be considered: disrupting the network, disrupting
the financial infrastructure, disrupting the delivery model, and laissez-faire.
Attacking the network. The first possible intervention policy is to disrupt the Tor network. Indeed, without
Tor, Silk Road cannot operate. This strategy is very likely to be difficult to put in place. First, Tor has many
uses beneficial to society – Silk Road and other anonymous online marketplaces are far from representing
the majority of Tor traffic, even though this work argues that their importance is growing. Tor is routinely
used by oppressed individuals to communicate without fear of reprisal. Thus, disrupting the entire Tor
network for the purpose of taking down Silk Road would come at a potentially high collateral cost.
Furthermore, Tor has shown to be resilient to a large number of attacks, due to its open design and to the
large amount of academic research it fosters. In particular, Tor hidden services, like Silk Road, have been
the subject of considerable scrutiny [27, 29]. Øverlier and Syverson showed that timing and intersection
attacks could be used to reveal the location of hidden services. Most of these concerns have been addressed
in recent versions of Tor, e.g., through the use of “entry guards.” Murdoch described how covert channels
(specifically, clock skew) could leak information allowing to pinpoint the location of a hidden service.
Attacking the financial infrastructure. Another possible disruption strategy is to attack the financial infrastructure
supporting Silk Road. Bitcoin has shown, in the past, to be a very volatile currency. The June 2011
theft of a large number of Bitcoins from the Mt.Gox exchange [4] actually caused an abrupt collapse of the
currency. Certain users have been complaining in forums of the uncertainty on the prices they end up paying
due to the instability of Bitcoin and the various commissions they have to pay to purchase Bitcoins, and then
to purchase items on Silk Road [6].
Disrupting the Bitcoin network appears, compared to attacking the Tor network, to be a more actionable
possibility. In fact, in the aforementioned Gawker article [10] one of the Bitcoin developers argued that
Bitcoin was not providing the level of security Silk Road and other anonymous marketplace operators would
desire. More precisely, recent research [30] has shown that Bitcoin transactions are partially vulnerable to
traffic analysis. Indeed, the history of all transactions is publicly available and network analysis can allow
to map sets of public keys to individual users and transactions.
Since currency exchanges like Mt.Gox where users redeem Bitcoins for cash bind public keys to actual
identities, Bitcoin anonymity guarantees are weaker than most Silk Road users seem to assume, even though
additional intermediaries (tumblers) are in place. In particular, large Silk Road sellers withdrawing massive
amounts of Bitcoins at once may be relatively easily identified.
Attacking the delivery model. Another possible angle of action is to attack the delivery model. That is,
to reinforce controls at the post office and/or at customs to prevent illicit items from being delivered to
their destination. One interesting finding from this work is the apparent lack of worries a large number of
sellers have: Most items are marked as shipping internationally, which means that the risk of package loss or
20
destruction is viewed as minimal by the sellers. This is certainly an area that warrants further investigation.
In the United States, coordination between agencies is paramount: Customs (which can inspect mail) need
to work in concert with Drug Enforcement Agency (DEA) and/or Food and Drugs Administration (FDA),
depending on the type of item concerned. Yet, very often, packages that are seized are simply destroyed, or
returned to the sender.
Laissez-faire. Finally, a last possible intervention strategy is actually not to intervene. Politically, this is
a questionable proposition, as it may sound as an admission of weakness. There are however studies that
show that drug abuse prevention is considerably more cost-efficient than enforcing drug prohibition [9].
The relatively rapidly expanding business of online anonymous markets such as Silk Road and the logistic
difficulties in shutting down such markets may further tilt the economic balance toward prevention and
cure. As a result, laissez-faire, however untenable it might currently appear from a policy standpoint, might
become even more attractive in light of budget constraints. Although there is no public statement about it,
this could be the strategy currently adopted by law enforcement, seeing that the marketplace has not met any
significant disruption to its operations, other than transient technical issues, in the past nine months, while
at the same time sales volumes have doubled.
http://arxiv.org/pdf/1207.7139v1.pdf
Do you believe this shit.?????
-
"Since the IP address of the user is published online with bitcoin transactions.............."
is this true or just disinformation? if so where can this info be found?
-
We are in an ideological war, and we are winning. Too me, it is that simple.
It is individual freedom reigning supreme... I am so proud to be even such a minute chasm of this magnificent venture.
'THEY' are scared because 'WE' don't need 'THEM' to take care of 'US'.
We are slipping through the net in ever advancing numbers, every single day. We are more than competent and if we were truly 'free' the need for such privacy would obviously not be so great in the first place.
I am proud of this community and I have been a member for such a short time, but 'generally' (as with all things, you get your exceptions) the aura of this place is amazing, people genuinely want to help each other get what they want in a peaceful way. We are humanity at it's best!
Everyone, keep going. If there truly is good in your heart, then come any scrunity, be it from law enforcement authorities or otherwise, the truth will come to light as it always does.
Thanks for existing BTC, SR, TOR, PGP... Everything.
'We are all in this together'
p.s Yes, I have had some 2cI but that surely only makes my post more meaningful? ::)
-
Traveling the Silk Road:
A measurement analysis of a large anonymous online
marketplace
Nicolas Christin
Carnegie Mellon INI/CyLab
nicolasc@cmu.edu
Working paper
First version: May 4, 2012.
This version: August 1, 2012.
Id: paper.tex 1286 2012-07-30 21:29:14Z nicolasc
6.2 Potential intervention strategies
Given the nature of the goods sold on Silk Road, it is quite clear that various law enforcement agencies
may have a strong interest in trying to disrupt Silk Road operations. They appear, so far, to have been
unsuccessful since the site is still up and has grown in size since Sen. Schumer called on the U.S. Attorney
General and the head of the U.S. Drug Enforcement Agency to put an end to it.
We discuss four possible intervention strategies that could be considered: disrupting the network, disrupting
the financial infrastructure, disrupting the delivery model, and laissez-faire.
Attacking the network. The first possible intervention policy is to disrupt the Tor network. Indeed, without
Tor, Silk Road cannot operate. This strategy is very likely to be difficult to put in place. First, Tor has many
uses beneficial to society – Silk Road and other anonymous online marketplaces are far from representing
the majority of Tor traffic, even though this work argues that their importance is growing. Tor is routinely
used by oppressed individuals to communicate without fear of reprisal. Thus, disrupting the entire Tor
network for the purpose of taking down Silk Road would come at a potentially high collateral cost.
Furthermore, Tor has shown to be resilient to a large number of attacks, due to its open design and to the
large amount of academic research it fosters. In particular, Tor hidden services, like Silk Road, have been
the subject of considerable scrutiny [27, 29]. Øverlier and Syverson showed that timing and intersection
attacks could be used to reveal the location of hidden services. Most of these concerns have been addressed
in recent versions of Tor, e.g., through the use of “entry guards.” Murdoch described how covert channels
(specifically, clock skew) could leak information allowing to pinpoint the location of a hidden service.
Attacking the financial infrastructure. Another possible disruption strategy is to attack the financial infrastructure
supporting Silk Road. Bitcoin has shown, in the past, to be a very volatile currency. The June 2011
theft of a large number of Bitcoins from the Mt.Gox exchange [4] actually caused an abrupt collapse of the
currency. Certain users have been complaining in forums of the uncertainty on the prices they end up paying
due to the instability of Bitcoin and the various commissions they have to pay to purchase Bitcoins, and then
to purchase items on Silk Road [6].
Disrupting the Bitcoin network appears, compared to attacking the Tor network, to be a more actionable
possibility. In fact, in the aforementioned Gawker article [10] one of the Bitcoin developers argued that
Bitcoin was not providing the level of security Silk Road and other anonymous marketplace operators would
desire. More precisely, recent research [30] has shown that Bitcoin transactions are partially vulnerable to
traffic analysis. Indeed, the history of all transactions is publicly available and network analysis can allow
to map sets of public keys to individual users and transactions.
Since currency exchanges like Mt.Gox where users redeem Bitcoins for cash bind public keys to actual
identities, Bitcoin anonymity guarantees are weaker than most Silk Road users seem to assume, even though
additional intermediaries (tumblers) are in place. In particular, large Silk Road sellers withdrawing massive
amounts of Bitcoins at once may be relatively easily identified.
Attacking the delivery model. Another possible angle of action is to attack the delivery model. That is,
to reinforce controls at the post office and/or at customs to prevent illicit items from being delivered to
their destination. One interesting finding from this work is the apparent lack of worries a large number of
sellers have: Most items are marked as shipping internationally, which means that the risk of package loss or
20
destruction is viewed as minimal by the sellers. This is certainly an area that warrants further investigation.
In the United States, coordination between agencies is paramount: Customs (which can inspect mail) need
to work in concert with Drug Enforcement Agency (DEA) and/or Food and Drugs Administration (FDA),
depending on the type of item concerned. Yet, very often, packages that are seized are simply destroyed, or
returned to the sender.
Laissez-faire. Finally, a last possible intervention strategy is actually not to intervene. Politically, this is
a questionable proposition, as it may sound as an admission of weakness. There are however studies that
show that drug abuse prevention is considerably more cost-efficient than enforcing drug prohibition [9].
The relatively rapidly expanding business of online anonymous markets such as Silk Road and the logistic
difficulties in shutting down such markets may further tilt the economic balance toward prevention and
cure. As a result, laissez-faire, however untenable it might currently appear from a policy standpoint, might
become even more attractive in light of budget constraints. Although there is no public statement about it,
this could be the strategy currently adopted by law enforcement, seeing that the marketplace has not met any
significant disruption to its operations, other than transient technical issues, in the past nine months, while
at the same time sales volumes have doubled.
http://arxiv.org/pdf/1207.7139v1.pdf
Do you believe this shit.?????
Maybe,its a good read though. :)
-
"Since the IP address of the user is published online with bitcoin transactions.............."
is this true or just disinformation? if so where can this info be found?
it's true, you can parse the blockchain or check a site like blockchain.info and look up a transfer
I have an option in my bitcoin wallet to use TOR.
Actually I have it set to proxy requests though TOR.
-
This is EXACTLY the kind of information that SR members need to see! Big thanks for posting this
The report is pretty long, boring, and hard to read (but I don't mind tedious research ;D ) so I thought I'd put a Reader's Digest version of it up here.
In spite of my posting this, I HIGHLY reccomend that everyone reads through the entire report, since I may have missed something you would find important.
All my bullet points here are summarized or paraphrased sections of the report.
><><><><><<><><<<><><><><><
- FBI has medium confidence that law enforcement can identify or discover more information about malicious actors if the actors convert their bitcoins into a fiat (government-regulated) currency. Third party bitcoin services often require customers to submit valid identification or bank information to complete transactions. Furthermore, any third-party service that qualifies as a "money transmitter" must register as a "money services business with the Financial Crimes Enforcement Network (FinCEN) and implement an anti-money laundering program.
- All Bitcoin transactions are published online and IP addresses are linked to the public Bitcoin transactions. If a user does not anonymize his or her IP address, an interested party can identify the individual’s physical location without much difficulty
- July 2011: College researchers suggest that LEO can find you via Bitcoin transaction records, bank account info, shipping addresses, etc.
You aren't safe.
- Third party BtC services (like MtGox) must keep records, file suspicious activity reports, and currency transaction reports to law enforcement. This is required by the Bank Secrecy Act (an anti-money laundering act) since these BtC services are, legally, monetary exchange platforms.
>> Accessing your MtGox account via TOR will likely get you suspended and reported <<
- Your bank account is linked to these BtC services, and they DO keep records
- What users can do to increase anonymity:
Create and use a new Bitcoin address for each incoming payment
Route all Bitcoin traffic through an anonymizer
Combine the balance of old Bitcoin addresses into a new address to make new payments
Launder BC through third parties registered outside the US. Particularly services that act as EXCHANGERS/TRANSMITTERS, that convert virtual currencies to fiat currencies or transfer bitcoins between members. Offshore services may provide additional anonymity by allowing currency exchange or money transfer without verifying user identification or enforcing any monetary exchange limits.
><><><><><><><><><><><><
hope this helps
-
Just remember to open your untrusted PDFs in a clean virtual machine that you can shred after closing. PDFs have a multitude of security vulnerabilities that could allow malicious code execution of your machine. Scribd converts the data to nice clean images and html.
And I don't know about you but if I were going to infect a bunch of computers that are used to buy drugs I would include a bunch of information that would seemingly help out the criminals to deliver my malware. Think back to the Iliad, the first Trojan Horse in history was great gift for the people that it was meant to attack.
For those interested in improving their security I've put up a tutorial for exactly this ^
http://dkn255hz262ypmii.onion/index.php?topic=39320.0
Please use it and post whether you succeed or if you have any difficulties following it so we know what's up.
Also, it needs bumping experts since it keeps getting lost between all the junk threads in Security. I swear people should be banned from using capitalized text in thread titles.
-
I see ฿ like a worldwide cash payment. Frankly I think FBI has no case, do they also want all coins and cash payments to be by ID and registered? its stupid. What people buy with it is meaningless, you can buy drugs or a lamp, same as with hard cash.
-
very interesting information)
-
Offshore services may provide additional anonymity by allowing currency exchange or money transfer without verifying user identification or enforcing any monetary exchange limits.
Which offshore services can send foreign currency? Anyone know?
Modzi