Silk Road forums
Discussion => Security => Topic started by: This_is_not_SOCA on October 02, 2013, 11:55 pm
-
This server is almost certainly compromised by LEO.
All private messages, profile information and obviously posts are now in the possession of LEO.
If you continue to use this site please be mindful of the following:
1) You must disable javascript in your browser (disable it using Edit>Preferences>Content in TorBrowser)
2) Ideally use tor browser running in a Virtual Machine or use Tails or similar
3) DO NOT POST ANY SENSITIVE INFORMATION IN A PRIVATE MESSAGE (OR ANYWHERE ELSE ON THE SITE) THAT IS NOT PGP ENCRYPTED - that includes
a) Phone numbers
b) e-mail addresses attributable to you
4) The more time passes the less faith you should have in the integrity of the information on this site (such as PGP keys, email addresses etc) - this information COULD potentially be modified by the new owners...
it's been an honor and a privilege
stay safe
until we meet again
-
What proof do you have?
-
This server is almost certainly compromised by LEO.
All private messages, profile information and obviously posts are now in the possession of LEO.
Whether this is, in fact, the case is open to debate. What is NOT open for debate, however, is that users should have, from the very beginning, conducted themselves as though the site were compromised.
If you continue to use this site please be mindful of the following:
1) You must disable javascript in your browser (disable it using Edit>Preferences>Content in TorBrowser)
2) Ideally use tor browser running in a Virtual Machine or use Tails or similar
3) DO NOT POST ANY SENSITIVE INFORMATION IN A PRIVATE MESSAGE (OR ANYWHERE ELSE ON THE SITE) THAT IS NOT PGP ENCRYPTED - that includes
a) Phone numbers
b) e-mail addresses attributable to you
4) The more time passes the less faith you should have in the integrity of the information on this site (such as PGP keys, email addresses etc) - this information COULD potentially be modified by the new owners...
Any reasonably prudent person should have been conducting themselves in this manner from day one.
it's been an honor and a privilege
stay safe
until we meet again
Indeed.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
What proof do you have?
None I'm afraid. But if the main site really is owned, and it currently seems that it is. Then it is highly likely that this site is too. That also is the opinion of the mods based on what we know now.
Use it but use it safely.
-
This_is_not_SOCA is correct. Assume this forum is compromised.
Assume it's going to ship you exploit code.
Assume all private messages have been read.
If someone has control over the hidden service node for SRF, *and* they have control over any entry guard nodes, they can deanonymize you.
-
Everyone should have been under the assumption that LE has been on these forums for quite some time now. Can't really confirm one way or the other but in any case why would you want any details that could lead them back to you out in the open?
I've even read a few posts from the extra paranoid that go as far as changing their lingo around in each post to sound as if they're from certain regions (based on local slang etc), or posting with grammatical errors to feign being a non-English speaker.
A bit over the top IMO but the fact remains everyone should keep the details short. Don't make it any easier to hunt us down.
-
This got buried in the newbie section:
http://dkn255hz262ypmii.onion/index.php?topic=216860.msg1584213#msg1584213
-
Everyone should have been under the assumption that LE has been on these forums for quite some time now.
I said this many months ago and it has been repeated many times. Think about it for a minute. Why WOULDN'T LE set up shop here on the forums and set up a few Honeypot vendor accounts on the Road? Of course they have. Ever since this place opened they've been on here. These aren't the run-of-the-mill dumb cops either. These are guys that have a brain and just don't use it. They think that by shutting down SR (or any other site) that it's going to help the "WAR ON DRUGS". How's that going for them, you ask? Well, not so good. Street use of drugs continues to rise with age groups starting earlier and finishing later. We do nothing about educating kids about drugs. We just put more guys in prison. It's a fucking joke. But the bureaucracy has gotten so big and they are so firmly entrenched that it will never change. They will continue to attack and we will continue to adapt. It's a shame really. Just think of the possibilities if we worked together? Oh shit. Everybody would be happier, safer and the controls would be there to protect the producers, the vendors and the users. And think of the tax revenue that our lovely government would get. We would be out of debt in a year.
-
What proof do you have?
Have you seen the main site's new "Holiday Decorations" - Read the news? - Proof isn't needed. It's a logical conclusion, or an educated guess.
I was on when it happened.
Yesterday, while on THIS SITE!! - Forums, I got a notification, the likes of which I've never seen. In fact, I'm going to post it and come back and edit this post with a link to the picture. - Basically it "recognized" my IP address as one known to disseminate spam! - The name of this site? HONEYPOT!!!
Then it had a bunch of "known links associated with this ISP address. - Many CP sites. So obviously there's a lot of people using Tor just to feed their sick fetish.
Anyway, I'll bbl with that screen shot.
jagfug
http://torimagesbp2vt3u.onion/i/Lifr.png
[EDIT] - here's a link to the screenshot of that "Honeypot" thing that popped up, while I was on forums, and I had the Silk Road open on another screen. - Can anybody tell me what the fuck this is???
This was 8 hours before your wonderful government took down the last good American Business. - See they want America to crash and burn. Let's make the leaders homes crash and burn, before they get us! >:(
-
Yesterday, while on THIS SITE!! - Forums, I got a notification, the likes of which I've never seen. In fact, I'm going to post it and come back and edit this post with a link to the picture. - Basically it "recognized" my IP address as one known to disseminate spam! - The name of this site? HONEYPOT!!!
Then it had a bunch of "known links associated with this ISP address. - Many CP sites. So obviously there's a lot of people using Tor just to feed their sick fetish.
Anyway, I'll bbl with that screen shot.
jagfug
http://torimagesbp2vt3u.onion/i/Lifr.png
[EDIT] - here's a link to the screenshot of that "Honeypot" thing that popped up, while I was on forums, and I had the Silk Road open on another screen. - Can anybody tell me what the fuck this is???
This was 8 hours before your wonderful government took down the last good American Business. - See they want America to crash and burn. Let's make the leaders homes crash and burn, before they get us! >:(
Hey jagfug
That is pretty fucked up and I do not see how you would end up there from commenting on the SR forum.
First that IP address is the address of a TOR exit node the the US (Calif i believe)
Second the only way you could possibly end up there automatically after posting is if somebody had installed the honeypot mod into the SMF forum software. (I put my hand up now and say I don't know shit about SMF forum but this does look like it is related to the honey pot mod - MOD httpBL)
** So either you ended up there as a result of some other action or it would suggest , perhaps, that the server config has changed or that - possibly this is actually a completely different server. I have noticed that, despite the load, it seems faster than it was a couple of days ago.... **
Sorry to be so vague but that is certainly a bit odd and if what you say is accurate - would suggest that the server and/or config was changed
-
http://6zyze2mkwyla7jwe.onion/silkroad/backup
-
i thought DPR said all messages / transaction was gone after 2-3 months, this is not true is it?
they are saying they got all messages since 2011 to now, around 1 million messages / and 900k accounts, do they have EVERYTHING or what?
-
i thought DPR said all messages / transaction was gone after 2-3 months, this is not true is it?
they are saying they got all messages since 2011 to now, around 1 million messages / and 900k accounts, do they have EVERYTHING or what?
DPR never said this. Messages stayed in my account forever until I deleted them. And transactions never went away from my history.
The one question I would like an answer to was around the destructing of addresses in the system for orders placed previously. So many people have not used PGP over time that I am just wondering if LE has addresses for every person that ever placed an order on here without using PGP for their address, or just since they compromised the site in July?
Do any of the mods have knowledge if this process worked properly or not according to what the Wiki stated?
-
i thought DPR said all messages / transaction was gone after 2-3 months, this is not true is it?
they are saying they got all messages since 2011 to now, around 1 million messages / and 900k accounts, do they have EVERYTHING or what?
DPR never said this. Messages stayed in my account forever until I deleted them. And transactions never went away from my history.
The one question I would like an answer to was around the destructing of addresses in the system for orders placed previously. So many people have not used PGP over time that I am just wondering if LE has addresses for every person that ever placed an order on here without using PGP for their address, or just since they compromised the site in July?
The problem is site backups. Even though stuff may have been deleted from the current server, it may still exist on a site backup. While we may know what DPR said/claimed, we have NO way of knowing what he actually DID. It is only prudent to assume that every message, every transaction, every address is now in the hands of law enforcement. For those who PGP-encrypted their communications, they have little to worry about, for the most part. Communications with DPR, even those encrypted with PGP, should now be considered compromised. If DPR was sloppy about his operational security, then it only stands to reason that he likely choose a poor PGP passphrase, which he may have given-up, or which may be subject to a dictionary attack/brute-forced.
Do any of the mods have knowledge if this process worked properly or not according to what the Wiki stated?
I doubt it. I suspect that DPR, and _only_ DPR, knew what was really going on.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0