Silk Road forums
Discussion => Silk Road discussion => Topic started by: OzFreelancer on July 30, 2013, 11:19 am
-
Wow.. story by Brian Krebs
****
Mail from the (Velvet) Cybercrime Underground
Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.
But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.
Rest of the story: http://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-underground/
-
People on the forum have asked how anyone can know a bitcoin address belongs to SR. Here's your answer:
I received assistance from Sara Meiklejohn, a graduate student at the University of California, San Diego who's been analyzing the role of bitcoin and anonymity on the Silk Road. Meiklejohn confirmed that the bitcoin wallet linked to in Fly's forum thread was indeed used to deposit two bitcoins into a purse controlled by anonymous individuals who help manage commerce on the Silk Road.
Meiklejohn and fellow researcher Damon McCoy, an assistant professor of computer science at George Mason University, have been mapping out a network of bitcoin wallets that are used exclusively by the curators of the Silk Road. If you wish to transact with merchants on the Silk Road, you need to fund your account with bitcoins. The act of adding credits appears to be handled by a small number of bitcoin purses.
"All Silk Road purchases are handled internally by Silk Road, which means money trades hands from the Silk Road account of the buyer to the Silk Road account of the seller," explained Meiklejohn, author of the paper, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, to be released in October 2013 at the ACM Internet Measurement Conference in Barcelona, Spain.
"These accounts aren't visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users," Meiklejohn wrote in an email to KrebsOnSecurity. "By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are 'owned' by silk road."
-
People on the forum have asked how anyone can know a bitcoin address belongs to SR. Here's your answer:
....
"These accounts aren't visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users," Meiklejohn wrote in an email to KrebsOnSecurity. "By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are 'owned' by silk road."
So who on here does that impact?
-
Well that's not good ???
-
Why was he targeted, is it some 4chan attack type thing? and that sounds very worrying Astor.
-
Yes, what are the ramifications of this research?
-
Subbing :(
-
Yes, what are the ramifications of this research?
Simple. Without a degree of separation between BTC source to SR's "wallets" or from SR's "wallets" to BTC final destination, LE may be able to identify bitcoins sent to and received from SR.
In even simpler terms, if you don't tumble or use at least 1 anonymous wallet (which gives plausible deniability) between you and SR, you may be fingered for having transacted on SR.
That 1 anonymous wallet has to have an IP address log that is not associated with you in any way. Thus it can be viewed as you interacting with an unknown intermediary who in turn interacted with SR. There's no way for LE to "prove" you are the intermediary or that you have knowledge of the intermediary's activities on SR. Unless you confess.
But you have to consider that they would be going after vendors... big vendors who are moving a lot of coin, stupidly.
And of course, going after SR itself. Perhaps, if possible, they would attempt to set up points of bitcoin seizure if they could detect coin that left SR wallets or that was destined for it.
It's scary.
-
interesting stuff, thanks for posting
-
Cimicon-Rep nails it.
-
Yes, what are the ramifications of this research?
Simple. Without a degree of separation between BTC source to SR's "wallets" or from SR's "wallets" to BTC final destination, LE may be able to identify bitcoins sent to and received from SR.
In even simpler terms, if you don't tumble or use at least 1 anonymous wallet (which gives plausible deniability) between you and SR, you may be fingered for having transacted on SR.
That 1 anonymous wallet has to have an IP address log that is not associated with you in any way. Thus it can be viewed as you interacting with an unknown intermediary who in turn interacted with SR. There's no way for LE to "prove" you are the intermediary or that you have knowledge of the intermediary's activities on SR. Unless you confess.
But you have to consider that they would be going after vendors... big vendors who are moving a lot of coin, stupidly.
And of course, going after SR itself. Perhaps, if possible, they would attempt to set up points of bitcoin seizure if they could detect coin that left SR wallets or that was destined for it.
It's scary.
So what countermeasures could we take, to stay one step ahead, ? Assuming they are devoting most energies into the set up points, Change wallets regular?
-
The best solution would be for a new Bitcoin fork to integrate Zerocoin. Zerocoin makes attacks like this much more difficult, impossible in some cases. The Bitcoin developers are not planning to integrate Zerocoin because their lawyers suggested against it, but if an alternative currency that forks from Bitcoin integrates it then the solution would be to spend Bitcoins buying that and then spend the new currency on Silk Road. I really do think Bitcoin is shooting itself in the foot by not integrating Zerocoin, as soon as a fork comes along that integrates it a lot of people are going to ditch Bitcoin in favor of it. Nobody wants to use a currency that is 100% trackable, in the past we accepted Bitcoin because at the time there was no known solution to distribute mixing in a trustless way, but now Zerocoin has shown that there is no requirement for transactions to be inherently traceable and it has essentially outdated Bitcoin already.
-
I think that this is the main point and bears repetition for emphasis:
"In even simpler terms, if you don't tumble or use at least 1 anonymous wallet (which gives plausible deniability) between you and SR, you may be fingered for having transacted on SR. "
-
Now this is total BS and definitely an attack reverse reversed ie not good probably LE trying their best to get into the minds of sheep to scare them cos there is no way on earth btc can be traced unless you you you allow it to be so I hope SR and btc bankers shat on this lie cos it needs shitting on and is totally lies lies n more lies whoever believes this well I suggest you don't ok think about it logically ok what utter crap reversed reverse psychology man jeeezz BS alert BS alert
-
The best solution would be for a new Bitcoin fork to integrate Zerocoin. Zerocoin makes attacks like this much more difficult, impossible in some cases. The Bitcoin developers are not planning to integrate Zerocoin because their lawyers suggested against it, but if an alternative currency that forks from Bitcoin integrates it then the solution would be to spend Bitcoins buying that and then spend the new currency on Silk Road. I really do think Bitcoin is shooting itself in the foot by not integrating Zerocoin, as soon as a fork comes along that integrates it a lot of people are going to ditch Bitcoin in favor of it. Nobody wants to use a currency that is 100% trackable, in the past we accepted Bitcoin because at the time there was no known solution to distribute mixing in a trustless way, but now Zerocoin has shown that there is no requirement for transactions to be inherently traceable and it has essentially outdated Bitcoin already.
I agree with you 100% about integrating Zerocoin. I just didn't think all the necessary tech & coding have been completed? I thought there were still a couple of tweaks to be made...
-
Why are people even replying man this is nonsense like I said btc cannot be traced but they can if you allow them to be traced ok the amount of codes is like a trillion codes so how the flip could this be manipulated it can't be and if it was so then all of us and our addresses are at risk ie we're all fucked which is totally BS well it better be cos my understanding of SR and the btc system was it's all safe cos it's anonymous so what now I do not believe this BS not for 1 second think about it the only people who can put buyers and vendors in jeopardy are the vendors themselves thats if they don't deal with then delete oh well all I'm saying is this OP post is nonsensical to me and I hope it don't change from that so I call BS alert
-
Why are people even replying man this is nonsense like I said btc cannot be traced but they can if you allow them to be traced ok the amount of codes is like a trillion codes so how the flip could this be manipulated it can't be and if it was so then all of us and our addresses are at risk ie we're all fucked which is totally BS well it better be cos my understanding of SR and the btc system was it's all safe cos it's anonymous so what now I do not believe this BS not for 1 second think about it the only people who can put buyers and vendors in jeopardy are the vendors themselves thats if they don't deal with then delete oh well all I'm saying is this OP post is nonsensical to me and I hope it don't change from that so I call BS alert
Could you maybe post in a more coherent manner? I'm interested in reading up about this but your posts are making my head hurt. I didn't even make it through the second one.
-
“These accounts aren’t visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users,” Meiklejohn wrote in an email to KrebsOnSecurity. “By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are ‘owned’ by silk road.”
This is not actually a very compelling argument. If a new wallet got created every time a deposit was made, then you still can't prove that it's an SR wallet (unless you made the deposit yourself, as they did in this research, uh-DUH).
-
So you can call the FBI if you know unwanted drugs are coming to your residence without your consent/knowledge and you won't get in trouble?
I don't understand how these people got the sensitive information in the first place....
-
Why are people even replying man this is nonsense like I said btc cannot be traced but they can if you allow them to be traced ok the amount of codes is like a trillion codes so how the flip could this be manipulated it can't be and if it was so then all of us and our addresses are at risk ie we're all fucked which is totally BS well it better be cos my understanding of SR and the btc system was it's all safe cos it's anonymous so what now I do not believe this BS not for 1 second think about it the only people who can put buyers and vendors in jeopardy are the vendors themselves thats if they don't deal with then delete oh well all I'm saying is this OP post is nonsensical to me and I hope it don't change from that so I call BS alert
Could you maybe post in a more coherent manner? I'm interested in reading up about this but your posts are making my head hurt. I didn't even make it through the second one.
I lol'ed, same here.
-
“These accounts aren’t visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users,” Meiklejohn wrote in an email to KrebsOnSecurity. “By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are ‘owned’ by silk road.”
This is not actually a very compelling argument. If a new wallet got created every time a deposit was made, then you still can't prove that it's an SR wallet (unless you made the deposit yourself, as they did in this research, uh-DUH).
Look at it like this: say you're one of the first people to use SR (smaller numbers make it easier to see). So there's 3 bitcoin addresses owned by SR so far. You come along and generate another, a 4th. You send money to this 4th address. Part of SR is it's tumbler, so when you send to that 4th address it in turn sends to one (or more) of the other 3 addresses. But if any of those addresses can be linked to SR, then so can your 4th address.
... as can the 5th, and the 6th, as well as the 2 millionth all the way up the chain. Is it guaranteed or easy? No, of course not. That's what makes it research. Really it all hinges on just how good their algorithm is. But you can see how it's at least possible, if not assured.
-
They've been on Krebs ass for awhile. All of 2013 for sure. It's because he made an article about some hackers or malicious software and the hackers/coders did not appreciate it. I forget what exactly the article was about or how long ago it was. Krebs regularly talks to the owner of a large botnet on TOR over twitter. The botmaster has a twitter and posts funny things. Krebs will regularly map out his botnet for him. Pretty funny if you ask me.
I don't understand how these people got the sensitive information in the first place....
Krebs is a member of the forum where they planned to do this. He knew they were doing it and alerted authorities ahead of time. Just like he alerted local law enforcement and the FBI before he got swatted but that didn't help. the SWAT team still came in full force....
-
I had a look inside one of the packets. But not before donning a particulate face mask and a pair of disposable gloves. Hey, I watch Breaking Bad: Safety first!
wot a fuckin faggot :facepalm:
up until that i was actually thinking what a cuntish thing that was to do. but after that i just thought fuck him
-
I see alot of these theoretical attacks put out but none of them ever materialize. Anyone get caught yet by having the EM patterns of their keystrokes recorded through the walls? If so youre going to need a tinfoil house.
-
that is insane. I dont unerstnad why anyone would do something awful like that
-
Look at it like this: say you're one of the first people to use SR (smaller numbers make it easier to see). So there's 3 bitcoin addresses owned by SR so far. You come along and generate another, a 4th. You send money to this 4th address. Part of SR is it's tumbler, so when you send to that 4th address it in turn sends to one (or more) of the other 3 addresses. But if any of those addresses can be linked to SR, then so can your 4th address.
... as can the 5th, and the 6th, as well as the 2 millionth all the way up the chain. Is it guaranteed or easy? No, of course not. That's what makes it research. Really it all hinges on just how good their algorithm is. But you can see how it's at least possible, if not assured.
Hypothetically, the system could be designed to protect the depositor through a very simple mechanism of moving a deposit through a few (and random number of) newly created wallets that never get used again. This can make it impossible to prove that you sent the money to SR and not to an intermediary who then sent it to SR.
So while they may have been able to follow their own btc and figure out which wallets are tumbling btc, if deposits are employed in this way -- with wallets that no other btc go into and are only used once -- then these wallets cannot be proven to be a part of the tumbling and therefore it's plausible they are intermediaries and do not belong to SR at all. The same methodology could be applied to withdrawals as well. As long as the first 2 and last 2 wallets your btc move through do not have other users' btc moving through them (i.e. the researchers' btc), then without being able to identify those wallets through some other means, you have plausible deniability. (assuming my logic is correct here)
Of course, this ONLY ensures plausible deniability, it does not prevent raised suspicion if you were to follow an individual's btc over a period of time (e.g. if they were consistently buying btc off an exchange, putting them directly onto SR, and then getting packages in the mail 3-4 days later).
-
Since I first heard of SR a fews years ago I always wondered how LE would take it down. I always assumed that they'd track down the people running SR and that would be the end of the party.
But now there's research about how to track Bitcoins moving through the blockchain, and LE has closed down one cybercurrency site (Liberty Reserve) because it was supposedly being used to launder money.
Cutting off funds to SR will cause the site to close up, and this, I think, is the feds new strategy. They can't find
SR so they're going after what they can find ~~ buyers and sellers of Bitcoin. This is why you have to give government issued ID to MtGox. And it's why you need to be more careful than ever when buying and moving your Bitcoins.
-
I don't think this setup was pulled off very well.
The crux of the assault was that the hackers were publicly posting their plans. Furthermore whomever, plotted this -didn't even have the $200 for the Heroin and had to beg others to "donate" for it.
If you just wanted to set the guy up -why not send him the dope without the middleman? I mean, the vendor was using stealth; Stealth is something that you don't want if you are trying to get the recipient caught. Send it from Russia using Media Mail. Don't hide the junk and let the package smell a little.
Also, if some guy was caught by an anonymous tip with some H - A PISS TEST WOULD EXONERATE HIM. I mean junkies do junk. I don't believe that 2BTC worth of junk is really that much for a junkie -it would still be in his system.
Finally, the amount seemed to little for this "Security Expert" (little more than a guy who knows the right people) to be targeted as a Dealer.
This news is terrible negative publicity for SR. Drugs and one's personal decision to do them should be legal. Half-assed, harassing scare tactics like this are a step against the (the only sane) future of a legalized drug market.
-
A bit more about the woman who traced the Bitcoin movements: http://www.kpbs.org/news/2013/aug/01/how-ucsd-researcher-helped-expose-cybercrime-heroi/
-
This news is terrible negative publicity for SR. Drugs and one's personal decision to do them should be legal. Half-assed, harassing scare tactics like this are a step against the (the only sane) future of a legalized drug market.
this this and this
-
A bit more about the woman who traced the Bitcoin movements: http://www.kpbs.org/news/2013/aug/01/how-ucsd-researcher-helped-expose-cybercrime-heroi/
I wouldn't kick her out of bed.
http://cseweb.ucsd.edu/~smeiklejohn/