Silk Road forums

Discussion => Security => Topic started by: HeatFireFlame on May 11, 2013, 11:40 pm

Title: Information on the Hacks occuring on SR
Post by: HeatFireFlame on May 11, 2013, 11:40 pm
Hi all. Look i know this may have been said before but some people obviously were not reading the posts as attacks and stealing accounts are still happening.

Im sure everybody knows that over the last few weeks a massive Ddos has been occurring on SR. Im also sure a lot of you are worried about the getting logged out for no reason troubles etc. Now i asked a mod about the getting logged out screen and i was told that it was a security measure. However i still would not enter my password for any login that has only a verification code of 3 letters. I advise you to do the same.

Just to bring this to all of your attention as well. I have seen in the last day 5 or so vendor accounts that have been hacked. Who knows how widespread this is so please use extra caution when ordering , Search your vendors name into the forums and check if there is anything posted etc ;ANY login screen that asks for you pin as well Do not enter it as it is a phishing site, Most of you will be saying DUH but I'm telling you there have been a good few long time vendors who have fallen for this so exercise extreme caution.

These attacks have been changing and re-occurring in different forms ever since the original massive Ddos a week or two back. I have no idea if it's A government agency or a group of hackers, but either way something needs to be done. It's starting to get out of control here. I mean how much power do we and the mod's have over it? If we want to keep our community, we will need to do something.

Look there's plenty of threads on how to stop the attacks blah blah, But seriously Watch who you order from, Watch where you login, Watch everything, You cant trust anything now.
Please feel free to list any accounts compromised already.
Title: Re: Information on the Hacks occuring on SR
Post by: scout on May 11, 2013, 11:46 pm
However i still would not enter my password for any login that has only a verification code of 3 letters. I advise you to do the same.

There is nothing wrong with logging in on the correct url even if the captcha is only 3 characters long.  This has happened before and it is fine.  It's not a risk.  It's just a glitch and if you reload the page a few times, you will get the normal-length captcha.  As long as you are at the following url, you are fine to enter your username and password:

silkroadvb5piz3r.onion

Quote from: HeatFireFlame
Just to bring this to all of your attention as well. I have seen in the last day 5 or so vendor accounts that have been hacked. Who knows how widespread this is so please use extra caution when ordering , Search your vendors name into the forums and check if there is anything posted etc ;ANY login screen that asks for you pin as well Do not enter it as it is a phishing site, Most of you will be saying DUH but I'm telling you there have been a good few long time vendors who have fallen for this so exercise extreme caution.

These attacks have been changing and re-occurring in different forms ever since the original massive Ddos a week or two back. I have no idea if it's A government agency or a group of hackers, but either way something needs to be done. It's starting to get out of control here. I mean how much power do we and the mod's have over it? If we want to keep our community, we will need to do something.

All of us moderators have posted several times in response to those compromised accounts.  As far as I know, there are only 4 accounts affected, and two of them are weird random religious postings (but no scams), and the other two were compromised because the vendors provided their passwords and PINs to a phishing site mentioned in a scam message to vendors. 

These are not "hacks" - these are the consequences of vendors WILLINGLY PROVIDING THEIR PASSWORD AND PIN to a page unrelated to Silk Road.  It had nothing to do with the DoS attacks.  It's not a government agency or a "group of hackers" - it is the VENDORS THEMSELVES who have provided their information.
Title: Re: Information on the Hacks occuring on SR
Post by: HeatFireFlame on May 11, 2013, 11:59 pm
Thanks for clearing that up scout.
Yes I have seen 2 vendors who willingly supplied their PIN's at the login page. Scout i have seen the 2 you're reffering to, But i think it's more , I saw another thread with a further 2 vendors that were hacked as well. (or provided their pins to phishing pages)


The religious things, Was that the ones about im not selling poison anymore, And then something about biting their own wrists and throwing them self into a secluded river then saying a hail mary?  people do some weird shit.

Cheers for clearing it up scout.
Title: Re: Information on the Hacks occuring on SR
Post by: scout on May 12, 2013, 12:06 am
Yeah, none of us know what the hell those two vendor pages are about or why they have such strange messages on them.  I'm not sure what happened there, but it wouldn't make sense for scammers to do that because scammers are here for money, and simply changing vendor profiles to read weird shit is not going to make them any richer. 

There is really no excuse for vendors providing their passwords and PINs to phishing sites, but I want to make clear that it was not a "hack" - passwords and PINs weren't hacked or guessed or brute forced, they were entered into a phishing site.  Everyone should know better than to login to a page that is not at the following correct url:

http://silkroadvb5piz3r.onion

If there is ever a legitimate message from DPR to vendors, it will be signed with his PGP key.  All other messages from SR claiming to ask for donations, offer investment opportunities, or offer some kind of "upgrade" to a user's account are scams.  All a person needs to do to be absolutely sure of this (if the horrible grammar of the message wasn't enough to raise flags) is to know how to check the validity of a PGP signature.
Title: Re: Information on the Hacks occuring on SR
Post by: dryice on May 12, 2013, 12:00 pm
However i still would not enter my password for any login that has only a verification code of 3 letters. I advise you to do the same.

There is nothing wrong with logging in on the correct url even if the captcha is only 3 characters long.  This has happened before and it is fine.  It's not a risk.  It's just a glitch and if you reload the page a few times, you will get the normal-length captcha.  As long as you are at the following url, you are fine to enter your username and password:

silkroadvb5piz3r.onion

Quote from: HeatFireFlame
Just to bring this to all of your attention as well. I have seen in the last day 5 or so vendor accounts that have been hacked. Who knows how widespread this is so please use extra caution when ordering , Search your vendors name into the forums and check if there is anything posted etc ;ANY login screen that asks for you pin as well Do not enter it as it is a phishing site, Most of you will be saying DUH but I'm telling you there have been a good few long time vendors who have fallen for this so exercise extreme caution.

These attacks have been changing and re-occurring in different forms ever since the original massive Ddos a week or two back. I have no idea if it's A government agency or a group of hackers, but either way something needs to be done. It's starting to get out of control here. I mean how much power do we and the mod's have over it? If we want to keep our community, we will need to do something.

All of us moderators have posted several times in response to those compromised accounts.  As far as I know, there are only 4 accounts affected, and two of them are weird random religious postings (but no scams), and the other two were compromised because the vendors provided their passwords and PINs to a phishing site mentioned in a scam message to vendors. 

These are not "hacks" - these are the consequences of vendors WILLINGLY PROVIDING THEIR PASSWORD AND PIN to a page unrelated to Silk Road.  It had nothing to do with the DoS attacks.  It's not a government agency or a "group of hackers" - it is the VENDORS THEMSELVES who have provided their information.
This is not true in all cases brother. my account seemed to be hacked and I was getting logged out constantly. I kept logging in and trying to change my password until I got it changed.
I did not get logged out even 1 time after that. It was like someone was logging in so it was booting me out.
Now i never entered my password anywhere else, and I use the same link on the same comp every time. Ever since I have not entered my password if the logging screen has only a small ammount
of letter or numbers.
In this time one of my customers sent his address to me in a private note link, when I went to check the link it had been read already. I also had some domestic mail go missing
these where the one's that the address where not encrypted. This Is very strange because I pack everything well and vac seal everything as well.
There is a defeated hack going on and it is likely cops because of the missing mail.I refunded all orders 100% so don't go calling me a scammer This is real.
I am a vendor it would be a bad move for me to just spread FUD.
I think there is an operation going on and they are just sitting on a fair few account without changing anything so they can gather info like address and your bitcoin address.
In my opinion every SilkRoad user should change their passwords now and only use their vendors original pgp public key to encrypt all comm's and all address. If the account has been compremised
then the hijacker wont be able to read your messages or address.
Title: Re: Information on the Hacks occuring on SR
Post by: scout on May 12, 2013, 10:24 pm
This is not true in all cases brother. my account seemed to be hacked and I was getting logged out constantly. I kept logging in and trying to change my password until I got it changed.
I did not get logged out even 1 time after that. It was like someone was logging in so it was booting me out.
Now i never entered my password anywhere else, and I use the same link on the same comp every time. Ever since I have not entered my password if the logging screen has only a small ammount
of letter or numbers.
In this time one of my customers sent his address to me in a private note link, when I went to check the link it had been read already. I also had some domestic mail go missing
these where the one's that the address where not encrypted. This Is very strange because I pack everything well and vac seal everything as well.
There is a defeated hack going on and it is likely cops because of the missing mail.I refunded all orders 100% so don't go calling me a scammer This is real.
I am a vendor it would be a bad move for me to just spread FUD.
I think there is an operation going on and they are just sitting on a fair few account without changing anything so they can gather info like address and your bitcoin address.
In my opinion every SilkRoad user should change their passwords now and only use their vendors original pgp public key to encrypt all comm's and all address. If the account has been compremised
then the hijacker wont be able to read your messages or address.

You weren't being logged out by hackers - you were being logged out just like the rest of us due to changes made in the server to fight against the DoS attacks.  DPR made an announcement about it, and it continued to occur for me even as recently as yesterday.  The 3-character captcha is nothing to worry about - it has happened before and even though it doesn't "work" it's not dangerous.  All you need to do is refresh the page and it should give you a normal length captcha.

The issues you have with privnote and your mail have nothing to do with SR.

There is no hijacker or hacker or operation going on - the people who were locked out of their accounts were locked out because they provided their login details and PIN to a phishing site.
Title: Re: Information on the Hacks occuring on SR
Post by: jase00 on May 13, 2013, 09:47 am
I can never seem to login when the captcha is only 3 numbers... at first I thought it was my fat fingers, but now I'm not so sure. not a big deal though... I just refresh and the normal one comes up.

I'm not saying the 3 captcha is insecure etc etc.. just it doesn't seem to like me :(
Title: Re: Information on the Hacks occuring on SR
Post by: dryice on May 13, 2013, 02:11 pm
This is not true in all cases brother. my account seemed to be hacked and I was getting logged out constantly. I kept logging in and trying to change my password until I got it changed.
I did not get logged out even 1 time after that. It was like someone was logging in so it was booting me out.
Now i never entered my password anywhere else, and I use the same link on the same comp every time. Ever since I have not entered my password if the logging screen has only a small ammount
of letter or numbers.
In this time one of my customers sent his address to me in a private note link, when I went to check the link it had been read already. I also had some domestic mail go missing
these where the one's that the address where not encrypted. This Is very strange because I pack everything well and vac seal everything as well.
There is a defeated hack going on and it is likely cops because of the missing mail.I refunded all orders 100% so don't go calling me a scammer This is real.
I am a vendor it would be a bad move for me to just spread FUD.
I think there is an operation going on and they are just sitting on a fair few account without changing anything so they can gather info like address and your bitcoin address.
In my opinion every SilkRoad user should change their passwords now and only use their vendors original pgp public key to encrypt all comm's and all address. If the account has been compremised
then the hijacker wont be able to read your messages or address.

You weren't being logged out by hackers - you were being logged out just like the rest of us due to changes made in the server to fight against the DoS attacks.  DPR made an announcement about it, and it continued to occur for me even as recently as yesterday.  The 3-character captcha is nothing to worry about - it has happened before and even though it doesn't "work" it's not dangerous.  All you need to do is refresh the page and it should give you a normal length captcha.

The issues you have with privnote and your mail have nothing to do with SR.

There is no hijacker or hacker or operation going on - the people who were locked out of their accounts were locked out because they provided their login details and PIN to a phishing site.
Just seems very strange to me that the second I changed my password I no longer get logged out.
Put all the facts together.

I never use any other links to silkroad
I never enter my password anywhere else/unique password to silk   
I use a strong password

when I changed my password the log out's stopped.
when this was all happening my orders that where not encrypted address went missing in domestic mail.
one of my customers sent a private note link for me to check, it had been read by someone else b4 I got to it.

there has been lot's of account compromised at the same time.
The site was constantly being attacked.
the log in screen was od
we where being logged out constantly.

This defiantly happened and it seem to me like there is something big happening. I think there should be a warning sent out by one of the mod's telling people to change their passwords and always use encryption for sending pm's and address. 

Title: Re: Information on the Hacks occuring on SR
Post by: asshole on May 13, 2013, 02:22 pm
You are ignorant and paranoid dryice. It is frightening that you are a vendor.
Title: Re: Information on the Hacks occuring on SR
Post by: dryice on May 13, 2013, 02:53 pm
You are ignorant and paranoid dryice. It is frightening that you are a vendor.
Thanks asshole, Paranoia is good in this business and that's apart of the reason I am doing so well in it without getting looked at. You are talking to someone with over 15 years experience in the drug trade at a high level. Also I don't think I am being ignorant by attempting to warn people of a real threat, I think you are being ignorant for just dismissing it.
Ignorance is bliss until your sitting in the boob asshole

 ;) 
Title: Re: Information on the Hacks occuring on SR
Post by: asshole on May 13, 2013, 03:10 pm
You are ignorant and paranoid dryice. It is frightening that you are a vendor.
Thanks asshole, Paranoia is good in this business and that's apart of the reason I am doing so well in it without getting looked at. You are talking to someone with over 15 years experience in the drug trade at a high level. Also I don't think I am being ignorant by attempting to warn people of a real threat, I think you are being ignorant for just dismissing it.
Ignorance is bliss until your sitting in the boob asshole

 ;)

The only thread is your ignorance and possible lack of security. If you were such a high level dealer you wouldn't be peddling petty amounts of drugs on Silk Road.