Silk Road forums

Discussion => Silk Road discussion => Topic started by: acider on December 14, 2012, 08:59 pm

Title: Vendor Asylum busted
Post by: acider on December 14, 2012, 08:59 pm
A warning for Asylum's customers.

From his vendor page:

"14.12.

I am Asylum's friend. Asylum has been arrested and his computer and drug-related equipment has been confiscated by Czech authorities. He is currently detained and it is unlikely he will be back. All records of buyer addresses and shipping-related info have been compromised."


http://silkroadvb5piz3r.onion/silkroad/user/c454ea9fd9


Title: Re: Vendor Asylum busted
Post by: sammyjenkins404 on December 14, 2012, 10:27 pm
Not cool.  :o Does anyone know (or keep track) how often this happens to our awesome vendors?
Title: Re: Vendor Asylum busted
Post by: Ballzinator on December 14, 2012, 10:39 pm
Well... fuck.
Title: Re: Vendor Asylum busted
Post by: Funbagz on December 14, 2012, 10:53 pm
the vendor shouldn't have had any addresses if they were following SR rules.
Title: Re: Vendor Asylum busted
Post by: SelfSovereignty on December 14, 2012, 10:53 pm
Yes, because all of us here are SO good at following the rules...  :P
Title: Re: Vendor Asylum busted
Post by: AnonymousAddict on December 14, 2012, 11:05 pm
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..
Title: Re: Vendor Asylum busted
Post by: Ballzinator on December 14, 2012, 11:11 pm
Yes, because all of us here are SO good at following the rules...  :P
I'm a vendor at BMR and my customers' addresses don't exist one more second than they absolutely need to. After getting decrypted (inside a VM, with the VM's virtual hard drive inside a triple-encrypted TrueCrypt volume, secured with a 16-digit random password), and used, the addresses are overwritten ten times and then deleted ("shred -n 10 -u address.txt"). And I'm not a professional vendor (17 sales in the last six months), just spreading psychedelics so what I just described should be the absolute minimum for any professional vendor.
If the Czech police gets any useful data from his computer, it's his fault.
Title: Re: Vendor Asylum busted
Post by: Magic Moments on December 14, 2012, 11:12 pm
this sucks man  :(  I dont know who this vendor is but its a shity day for Silk Road, at least it teaches everyone involved from buyers to vendors and everyone in between that we need to take all precautions to be safe and insure the safety of our clients. I will say a prayer tonight for our fallen soldja.
Title: Re: Vendor Asylum busted
Post by: SelfSovereignty on December 14, 2012, 11:14 pm
this sucks man  :(  I dont know who this vendor is but its a shity day for Silk Road, at least it teaches everyone involved from buyers to vendors and everyone in between that we need to take all precautions to be safe and insure the safety of our clients. I will say a prayer tonight for our fallen soldja.

To all vendors who call us clients, not customers: may angels visit you this night and give you the best goddamn blowjob you've ever had.  Just more polite, is all  :D
Title: Re: Vendor Asylum busted
Post by: acider on December 14, 2012, 11:19 pm
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..

I am not the guy who changed his feedback obviously, I found out by checking his page.
Title: Re: Vendor Asylum busted
Post by: Limetless on December 14, 2012, 11:20 pm
Shit one.
Title: Re: Vendor Asylum busted
Post by: eddiethegun on December 15, 2012, 12:08 am
Shit one.

Your door getting kicked in next Limetless?
Title: Re: Vendor Asylum busted
Post by: Limetless on December 15, 2012, 12:15 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)
Title: Re: Vendor Asylum busted
Post by: eddiethegun on December 15, 2012, 12:23 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

wherever the mephedrone grows
Title: Re: Vendor Asylum busted
Post by: Limetless on December 15, 2012, 12:26 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

wherever the mephedrone grows

Hahahaha definitely not, I'm as far away from that as possible. :)
Title: Re: Vendor Asylum busted
Post by: Ballzinator on December 15, 2012, 12:29 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

wherever the mephedrone grows
Everyone knows that it is extracted from the Mephedra sinica, a plant that has been used in traditional British medicine for the treatment of boredom.
Title: Re: Vendor Asylum busted
Post by: Limetless on December 15, 2012, 12:41 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

wherever the mephedrone grows
Everyone knows that it is extracted from the Mephedra sinica, a plant that has been used in traditional British medicine for the treatment of boredom.

This is correct. :)
Title: Re: Vendor Asylum busted
Post by: TheGoodSon on December 15, 2012, 01:17 am
This sucks, don't the cops have any real criminals to track down?
Title: Re: Vendor Asylum busted
Post by: Psychadelia on December 15, 2012, 02:02 am
This sucks, don't the cops have any real criminals to track down?

Yea, their just not good at their job really so they take what they can get...which is not usually who they should really be worried about...
Title: Re: Vendor Asylum busted
Post by: awakened350 on December 15, 2012, 02:58 am
Any details on how he got busted? Was she selling IRL too? Taking anything other than btc?
Title: Re: Vendor Asylum busted
Post by: gambino on December 15, 2012, 03:11 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

A gogo bar on Soi Cowboy?  ;)
Title: Re: Vendor Asylum busted
Post by: Christy Nugs on December 15, 2012, 03:13 am
i doubt limmy will ever get busted unless its for fucking some cops wife....:P
my addys r on a special 1 gig encrypted sticks that r erased - gutted 4 those of u who know
when the last finalization for that day is made.

if there is enough evidence to hold this guy its all on him !
it is sad - with all of the great posts in the security section made by the former members
of ovdb this kind of thing shouldn't even be an issue!!!!!!!!!!
Title: Re: Vendor Asylum busted
Post by: BenJesuit on December 15, 2012, 03:37 am
There was another vendor, IIRC, that got pinched. His name was DavidD. He sold research chemicals like bk-MDMA. Good shit too.

Title: Re: Vendor Asylum busted
Post by: quinone on December 15, 2012, 03:42 am
Hmmm glade i never used him.. But the OP not saying its BS at all but he called you from jail gave you his SR account name and info to get on here to say that? Im not being sarcastic im just wondering why that would be his first worry to let ppl knw.. Unless he needs u to get his coins and bail/lawer for him.. IM just speculating. Dont mean nothing by it ..This sucks though,..

^^^

And lim, i'll shit two, just for you  8)
Title: Re: Vendor Asylum busted
Post by: nosaj_thing on December 15, 2012, 06:05 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

wherever the mephedrone grows

lol. i've been getting some dark vibes from this subforum right now, i just cracked up
Title: Re: Vendor Asylum busted
Post by: Asylum on December 15, 2012, 12:43 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Title: Re: Vendor Asylum busted
Post by: Ballzinator on December 15, 2012, 12:45 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.
Good to know you haven't been busted. Good luck with getting your account back :)
Title: Re: Vendor Asylum busted
Post by: acider on December 15, 2012, 12:52 pm
If that's true I m happy you are not busted.
Change your forum password if you haven't already.
Title: Re: Vendor Asylum busted
Post by: AnonymousAddict on December 15, 2012, 12:54 pm
I knew something was off Asylum!! I said it in the first page it just seemed weird...I hope you didnt get too many coins taken// FUCK U SORRY FUCKS DOING THIS TO HARD WORKING VENDORS!!!
Title: Re: Vendor Asylum busted
Post by: Asylum on December 15, 2012, 01:04 pm
I'm doing what I can to get it back, messaging with SR support back and forth takes time though. Hopefully it's gonna be resolved ASAP.

He has stolen about 100 BTC laying there, but that's not the point. I'm really pissed that he now tries to message everyone and get more under my name.

Glad at least I was able to recover a forum account for now.

Of course none of the sensitive data is stored in the account. No customer's addresses etc. The most he could get a hold of are any addresses for orders made yesterday before he put my listings down - that's if they were not encrypted.

Besides, I don't store anything neither. Even if someone gets a hold of my computer, he won't find anything there.

Title: Re: Vendor Asylum busted
Post by: voice on December 15, 2012, 01:15 pm
Am soooo GLAD to hear you did not get busted !
Even though you are dealing with a first degree fucker right now : it beats the hell out of dealing with leo.
stay safe Asylum and may you get to have your way with the fucker who did this
Title: Re: Vendor Asylum busted
Post by: eddiethegun on December 15, 2012, 04:30 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.

Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?
Title: Re: Vendor Asylum busted
Post by: Limetless on December 15, 2012, 04:41 pm
i doubt limmy will ever get busted unless its for fucking some cops wife....:P

You always know what to say to make me smile Nugsy, again this is another sign we should get married. ;) 8)
Title: Re: Vendor Asylum busted
Post by: Asylum on December 15, 2012, 04:55 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.

Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----
Title: Re: Vendor Asylum busted
Post by: Funbagz on December 15, 2012, 05:07 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.

Just two days ago there was a small discussion about some SR phishing sites.
I wonder if something like that came into play here.
Sorry to hear this terrible news happened to you. Especially a week and a half before Christmas.
I'd like to see the guilty party raped with corn on the cobs dipped in habenero sass.
Title: Re: Vendor Asylum busted
Post by: eddiethegun on December 15, 2012, 06:54 pm
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.

Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----

Same public key as posted on your vendor profile and the signature is valid. Ok I'm satisfied.
Sorry nothing personal, just helps to be skeptical around here.

I see the hacker posted a plea for donations on your profile and according to blockchain.info:
http://blockchain.info/address/1CfhQC2sDofgDBrBsY2G1JwUT5NEwV1dCv

the cocksucker already got $500 in donations.

Has to be a targeted attack asylum, if he got both your password AND your PIN. I'd be seriously auditing whatever computer your using right about now.
Title: Re: Vendor Asylum busted
Post by: SelfSovereignty on December 15, 2012, 07:47 pm
You know, Eddie, I'm really beginning to think rather highly of your security measures.

He's got an excellent point -- that really does need to be addressed.  It's a possibility.  If you use persistent storage like a regular OS install on a hard drive and not a live CD, at least.
Title: Re: Vendor Asylum busted
Post by: eddiethegun on December 15, 2012, 11:47 pm
SS, unfortunately I've suffered the consequences of being careless before.
Title: Re: Vendor Asylum busted
Post by: Nightcrawler on December 16, 2012, 01:25 am
My account has been hacked!

The fucker didn't only steal coins that were laying there, he now tries to scam more!

Don't believe anything he claims or messages and don't send him anything.

I'm working on getting my SR account back with support. I don't know how to say how sorry I'm for that shit.

Unless you start signing some of these statements with your GPG key I'd say your vendor account is DOA.
Why should anyone believe you're not LEO taking over a pinched vendors account?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good point. It's me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQzKfwAAoJENzDRG0l6WV1bWoIAMa5XSsRL6nX8N/NxWY7K3FZ
g9z3ufaMITC0MBJb56/GwAYYyn8nhJ3tPfXDCw2Rp7CU2Bs3BvVO9QcN3THYX8K0
S1K4YrW8MAJgbqSUYQ3BygYGDV4pVQXDb22ogZ8256el7HbD8mXrqP2w3CO7s7au
yRNy8iG6vLBG9XeMdXIIklO0SGzmSoqqSv0PP6PEKVDjBeF/xB73OGe8nnqgV8j3
WnQjFg12ZzDirriUwgM3Gumfx3kzk5dsPL11oRUb5ebOHTerFVtGh/kkNCjh2B2a
oXVitYpW1Sef6wpVdi96f+6cZwQTroYy2TF1cxQ4wyabs0e6e4FFAboOwaPzI08=
=fJAq
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBE/q09IBCAD6egaCUeTWIejCLu1psvfomW0jSry0e2NrRCxeOjVhH84qKWSd
0pwUm8Ty2rEggowWHLAvtxErKJhljRH1vI7QXUteJzwzIDPgBOOFq/PvaLVFL6ny
7/xDEwBvtTMhg8K5Vzojmf7QiQeWvd8ntz0ZOIJ64YdU9NDvtWoiY/DgKJiKoqk5
JUgYcCfuCHNq4qMHiV/icxpR4kk7KjPC8Rkm1ZHapKFZn63zArjQWDOOw2ui0coh
NLxQwb7BuWZBnoZGm80xqRu+18+PSLVlnxiAQi0n0EAx06WytaqYMWyF2eGecEyC
W7UcGupMNfL3tSN6aJ3BLSbqhzZHZ2C3k+shABEBAAG0G0FzeWx1bSA8YXN5bHVt
QHRvcm1haWwub3JnPokBOAQTAQIAIgUCT+rT0gIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ3MNEbSXpZXXsiwgAsF775Fwdy/TqBpf8KAYiRGyrbKCF/I+M
ZzHnhzsCBZTGSpRT7kO6f1vSp32J5rxtxS/TRe2iY8KoXEhgGMZrX9jWJr45E1ra
CqjkquxCUgu1yj2uCHwcvObOJkT3oliP8M0kehvh3zyePZrAgrZ4wskdvCJaxPSZ
9lnA713MeyqR1nunVw1cmLshMDH6p9VXNzJsGm6ZQ03YEiGbHbmaTaYRj3FpzJqY
zIT8GXRlTOJcIqX01RzN0C7QqthgaPc6fYjQ5/sKu0a/5ivNJnWcv9pNUozsgqZA
uJqqr3xaYcmpRhs/M1obNbf+sGp0/W0kiGpIbnEvJhfh4QOc+UvVP7kBDQRP6tPS
AQgAsa6wyx7euLkCok035HVSmIxqW3jS9ehN7w6bl9BH1KVs3xidFWtvZr8mRF6g
hjLDuv5bWYz/k29sfHRQF2xXTC+Ib7dDLcxbXh5o/Vh+HEvB8DAWvGDjdEQHqZUc
UhhFFI3lrjvGm9I5lFFruIMpvM49IyzF4vS0VzfQdOMxn587eZgBeJ0L00yGrhz2
IdbHEp6kJ6KYsykI/9h2rMIa1WtoYS0vFvEWkZHIpuw/AMB2+kID+fuF7wqXGIGG
xrzLLq5CAv2hpSVaEkhrov7GUHreeqxj9p0gD2m0jx4UbZzwtbWSeDad2Bygaq5s
Nd1cpQprL7KvlzU+4ORyMj9XYwARAQABiQEfBBgBAgAJBQJP6tPSAhsMAAoJENzD
RG0l6WV1qLAIAKZ6GtxhEw6niPLMQI2c3yV3Pusk7Pk2ZGpc4zcND9iSj6+JkaZs
uNqoksG0AwjJH4sn6XNMMos4q6Q6LxsHyneq5OW/4vBl+NIwBwg5bqr3xuG2SPtc
wt36Gkk4EUawe2/IB73V8GLUcTrMUtbXEIF2VA6R9TNd4D01IPJJkpby10qapZ2G
xuF68HMpd6Aijt7uVBgzXj7fEL2o2k+e8EfmBwXTYsaPZpAlwo/YpHWIxdFwFlA5
MeQc2w9ssz02KNb2gdq0FSWGyPCncL3KJ28MPTRdQSQXzC2kQxocp4KBzXG2XjPr
D2kR/WXq8bDW5Yvs9joJulyfp/WnFOeRAl0=
=ZMiZ
-----END PGP PUBLIC KEY BLOCK-----

Same public key as posted on your vendor profile and the signature is valid. Ok I'm satisfied.
Sorry nothing personal, just helps to be skeptical around here.

I see the hacker posted a plea for donations on your profile and according to blockchain.info:
http://blockchain.info/address/1CfhQC2sDofgDBrBsY2G1JwUT5NEwV1dCv

the cocksucker already got $500 in donations.

Has to be a targeted attack asylum, if he got both your password AND your PIN. I'd be seriously auditing whatever computer your using right about now.

That's why it's important to publish your PGP key as widely as possible; if you publish it only on your vendor page, then an attacker could replace the PGP there with one of his own. Now, while some of your previous customers _may_ notice the change in PGP keys, many likely will not.

One point that needs to be stressed here is that anything used for verification has to be taken from one or more channel(s) over which the attacker presumably has no control. If the key was posted in the thread established for this here in the Forum,  then both the Forum as well as the vendor account would need to be compromised to successfully substitute a PGP key of the attacker's own choosing -- this makes an attacker's job considerably harder.

The fly in the ointment here is that anyone wanting to check the vendor's bona-fides,  has to be aware of this possibility -- most people, seeing a key on the vendor's page, will simply assume that it is correct, even after the page has been compromised -- that is a dangerous, even fatal,  assumption to make. 

NC
Title: Re: Vendor Asylum busted
Post by: astor on December 16, 2012, 01:43 am
Just two days ago there was a small discussion about some SR phishing sites.
I wonder if something like that came into play here.

I wouldn't be surprised. There used to be dozens of then listed on Hidden Wiki.
Title: Re: Vendor Asylum busted
Post by: astor on December 16, 2012, 01:47 am
That's why it's important to publish your PGP key as widely as possible; if you publish it only on your vendor page, then an attacker could replace the PGP there with one of his own.

I agree. All vendors should use an out of band mechanism to publish their PGP keys. It could be as simple as Pastebin or qPaste.

If the SR site was compromised, they could replace vendor keys with their own. When vendors viewed their own profiles, they would see their real keys. Everyone else would see the attacker's keys. Then when you PGP encrypt your address, you're really encrypting it to the attacker. They decrypt and get your address. Then they reencrypt it with the vendor's real key, so nobody would suspect a thing.
Title: Re: Vendor Asylum busted
Post by: BenCousins on December 18, 2012, 10:27 am
Shit one.

Your door getting kicked in next Limetless?

I seriously doubt it and I also seriously doubt they have even the faintest idea where to look. :)

The UK would be a start
Title: Re: Vendor Asylum busted
Post by: sourman on December 18, 2012, 01:35 pm
I recommend keeping a secure, hidden database of important PGP keys. Once you have a vendor's key saved, just use the local copy rather than pasting it from SR every time.
Title: Re: Vendor Asylum busted
Post by: GOTMILKTEAM on December 18, 2012, 05:54 pm
we always delete buyers info after shipment its standard practice.
Title: Re: Vendor Asylum busted
Post by: Ballzinator on December 18, 2012, 06:07 pm
we always delete buyers info after shipment its standard practice.
I not only delete it, I shred it (e.g. "shred -u -n 10 info.txt").
Title: Re: Vendor Asylum busted
Post by: Orinoko Flow on December 18, 2012, 08:25 pm
I feel for ya mate, hope you can somehow recover your account..  I can vouch - Asylum is 1 of the good guys  8)