Silk Road forums
Discussion => Security => Topic started by: StonedCrusader on April 17, 2012, 07:26 pm
-
Out of all the security topics here on silkroad, people seem to overlook a MAJOR one: VENDOR NAMES
Last night, I got really stoned, and curious, and decided to do some googling.
I found the locations, addresses, and Identities of 6 vendors in the top 20% of vendors, out of about 15 that I tried.
Once I got curious about one vendor, and found some info with very little effort, my curiosity grew and it was very easy to uncover the identities undoubtedly. Especially when I find their personal profile pages that have pictures with weed paraphenallia and pictures of pipes/bongs, etc. Hippy/New Age stuff etc.
Keep in mind, a cop would be able to do this far easier than I. They have access to national databases. I used google.
I don't mean to alarm anyone, but if I were a cop, which gladly I'm not, this would mean some serious shit for these vendors.
If you are one of the Vendors I have found, then I have PM'd you and let you know that your security is at risk.
Just because I have not PM'd you, does not mean you are not also at risk. I find stoners tend to overlook obvious things sometimes. PLEASE FOR THE SAKE OF YOUR SAFETY, make sure you take down/change any personal pages on any forums that have any relation to your SR name. Because it's like a giant web.
If you can't get rid of everything associated with the name, I suggest contacting SR admins and try to get a name change, if that's possible, or if it comes down to it, start a new Vendor account. It's either one of those options, or jail time.
WHEN MAKING A SR NAME PLEASE MAKE IT UNIQUE TO SR. A single connection to anything online can lead to a million other things.
PLEASE, TAKE PRECAUTIONS IMMEDIATELY.
-
This is retarded, I highly doubt they use the same names, you probably just found some random stoner with the same name.
-
This is retarded, I highly doubt they use the same names, you probably just found some random stoner with the same name.
Lol YEAH, I bet.
Random Stoners with the same name in the same state the vendor operates out of, and even some of these vendors had their Vendor Names as their facebook profile names... Facebook.com/VendorName
It's seriously stupid.
Yeah must just be a coincidence that all the people I found that had obvious links to the name of the Vendors also had tons of weed talk all over their profile pages. Not a coincidence...
Yes you are very right. This IS retarded. I'm highly surprised some of these guys haven't been busted yet. Just goes to show us cops are more stupid than we think. Some of the vendors on here need to be smarter about their business.
-
There's a MMJ clinic named Delta11 out here in CA so if you intercept any of my packages or have any concerns just go ahead and give them a call, thank you.
-Delta11
-
This is retarded, I highly doubt they use the same names, you probably just found some random stoner with the same name.
Lol YEAH, I bet.
Random Stoners with the same name in the same state the vendor operates out of, and even some of these vendors had their Vendor Names as their facebook profile names... Facebook.com/VendorName
It's seriously stupid.
Yeah must just be a coincidence that all the people I found that had obvious links to the name of the Vendors also had tons of weed talk all over their profile pages. Not a coincidence...
Yes you are very right. This IS retarded. I'm highly surprised some of these guys haven't been busted yet. Just goes to show us cops are more stupid than we think. Some of the vendors on here need to be smarter about their business.
As silly and careless as people get with Facebook, I'm not at all surprised. Combine that with how easy it is to get too comfortable with anything familiar (like SR), and there is bound to be people careless enough to allow a connection to be made between their SR identity and their real identity.
I don't want to see anyone go to jail for drugs, but maybe the herd needs to be thinned once in a while...
-
shit I went on google typed in my username and 10 pages of BigBill6778 to look at and NOT 1 IS ME
-
ffs du0d why did you post here instead of contacting the vendors directly. delete your damn post already.
-
ffs du0d why did you post here instead of contacting the vendors directly. delete your damn post already.
Uhm I posted here to let all vendors know... I don't have time nor the inspiration to investigate the names of every vendor on SR. Many vendors probably overlooked this when creating their SR vendor account, as I have seen, and there are probably many more than the ones I googled.
I only google 15 vendors... 6 of them I found very personal information about that was way to closely connected to their SR activity to be just some random person. Everyone needs to know about this. Vendors need to tighten their assholes or they're going to get fucked by the long dick of the law
-
StonedCrusader,
I have enough sense to come in here and say, "Thank you."
It may seem a bit paranoid or intrusive at first glance to your post but it is not until one has been inside of a jail cell, does one really understand that pointing and clicking for your fix was the best thing EVER invented so whey in THE f*ck would you want to jeopardize THAT!
Again, thanks for the heads up.
-
what if a vendor calls himself PeeWee Herman will they go arrest Paul Ruebens?
-
maybe I'll change my name to MicheleLeonhart69
-
Laugh if you want, but people have been busted for this kinda shit before. The kid who hacked InfraGard Tampa was arrested partly because his usernames could be linked to IRL accounts. I'm not saying the profiles StonedCrusader found can be solidly linked to any vendors here, but it does happen & the feds have arrested people using common account names.
-
Laugh if you want, but people have been busted for this kinda shit before. The kid who hacked InfraGard Tampa was arrested partly because his usernames could be linked to IRL accounts. I'm not saying the profiles StonedCrusader found can be solidly linked to any vendors here, but it does happen & the feds have arrested people using common account names.
Matching screen names most certainly isn't sufficient evidence for an arrest in any case, but they most certainly could use such information as a lead. Everybody should seriously be very careful about these kinds of issues.
-
I have to give StonedCrusader credit for a good post... many of us don't think about the fact that we may be using a screen name that we have used multiple times on other sites or forums that could identify us. This name is my first time using it... had I used my 'regular' ident which I have had for 15 years it probably wouldn't be hard for the Feebs to figure out who I was.
We ARE creatures of habit... it is that habit that makes us predictable... it is that predictability that makes us easy to find... you MUST break from your normal routine and use all NEW info.
Thanks StonedCrusader for stating the obvious.
TJ
-
You're right, it is not enough information to arrest on alone.
But some of the stuff I found IS enough information to justify a search warrant if any previous watching was done by LE.
For instance: LE suspects a certain person sells drugs or is getting drugs in the mail, but does not have enough evidence to act on it. They then happen to do some investigation on a Vendor and just coincidentally a person turns up who they were watching and has connections to the Vendor.
It doesn't matter if it's not enough information to arrest someone on alone, but the fact of the matter is, it's information that doesn't need to be in anyones hands.
Lets put the LE matter to the side. Think about theifs. Burglars. If I was ill-intentioned enough, I could sneak in the night and break into somebodies house and get a couple pounds of drugs and who knows what else. As a matter a fact, one of the very vendors I happen to find information about lives barley 3 hours from me, and I could become very wealthy if I went on a little quest. Lucky for them, I would never do such a thing.
It doesn't matter what someone uses as a vendor name. As long as they don't use something that can be directly linked to them, even if it is a vague and popular word such as "PeeWee Herman". It really doesn't matter what the vendor name is. As long as it can not be tied to you in anyway.
Thanks StonedCrusader for stating the obvious.
TJ
Haha, obvious things are usually is the most overlooked. And I'll throw it out there. TrustusJones, you were one of the vendors I was curious about after I accidentally found other vendor information, and I couldn't find anything on you, so you are in the clear, if it helps put you at rest somewhat.
SC
-
LOL... I am old timer... life lessons have trained me to be suspicious and on my toes at all times... I just wish I knew in my 20's and 30's what I know in my 50's and my life would have been a LOT more prosperous and without UN-needed drama.
... and I am not in my 50's... ;-)
TJ
-
Trustus' Age is over 9000. He is a supreme god, just like his bud.
-
LOL, I am the chick in my profile pic... and if you believe that I have a pound of the most dank bud on the planet for free...
-
This guy is right, they do look for common spelling mistakes and unique phrases you use in online postings to find you, also usernames. Hacker Max Butler specifically chose the name "Iceman" when he started the biggest crime board so they would find a dead end trying to trace the name.. been plenty of Iceman's in the carding world.
-
I found the locations, addresses, and Identities of 6 vendors in the top 20% of vendors, out of about 15 that I tried.
Once I got curious about one vendor, and found some info with very little effort, my curiosity grew and it was very easy to uncover the identities undoubtedly. Especially when I find their personal profile pages that have pictures with weed paraphenallia and pictures of pipes/bongs, etc. Hippy/New Age stuff etc.
Greetings,
How do you know it was the same vendors from SR?
Nicknames and handles could be very generic and duplicate, right?
-
thanks StoneCrusader, I came across a vendor a few month back and checked him on the clearnet, too. Just because I thought I saw this name somewhere. And in fact (s)he was the same. I told her/him and gave her/him the links to her/his own threads on drug forums (open ones).
This should something that is obvious but sadly it is not.
take care
no_pain
If I practice what i preach ... lol I have an account here that is way to blown up, too. Time to make a new one... grr
-
I found the locations, addresses, and Identities of 6 vendors in the top 20% of vendors, out of about 15 that I tried.
Once I got curious about one vendor, and found some info with very little effort, my curiosity grew and it was very easy to uncover the identities undoubtedly. Especially when I find their personal profile pages that have pictures with weed paraphenallia and pictures of pipes/bongs, etc. Hippy/New Age stuff etc.
Greetings,
How do you know it was the same vendors from SR?
Nicknames and handles could be very generic and duplicate, right?
There's a point in trying to match something that you recognize when it goes from pure coincidence to utmost certainty.
When a name is so specific that it links to a number of profiles coming out of a vendors state, even matches the vendors RL name to a degree, and the vendor has tons of weed talk, pictures of bongs with his friends, etc.... it's really not even questionable at that point. Not to mention when the vendors address has the same zipcode or general location that they ship from.
There's a certain point where the information is so much that it's pretty obvious that it's not just a coincidence.
-
Good heads up for vendors AND buyers. It was the first thing I thought of when I was confronted by the join page--the tendency to use the same name here I use everywhere else was almost an unconscious act--luckily my paranoia in entering anything like SR kicked in.
It's too easy to come up with a new log in for anyone to be that lazy . . . and put themselves at risk.
-
Maybe these vendors are one step ahead, and have gone to a clearnet site like grasscity or cannabis.com, found the name of someone in their state and then decided to use that for SR to give LE a false trail.
Just saying, the smartest vendors would do that 8)
-
Big ups and major props to StonedCrusader for this post.
That being said.......
ARE YOU FUCKING SERIOUS VENDORS?!?!?! THIS IS FUCKING COMMON SENSE, SECURITY 101 SHIT WE'RE TALKING HERE!!!!!
PULL YOUR HEADS OUT OF YOUR ASSESS, FUCK!!!
EDIT: Many of you may even know of a fairly recent extremely, extremely high-profile cyber-crime case in which this exact oversight was used to effectively end a person's free life.
Sorry to use all caps and be rude and whatnot, but this really pisses me off. This jeopardizes more than just you, you carefree fucks!! What's worse is that this particular type of oversight can't be easily undone, if it can be undone at all. That shit is cached probably indefinitely.
Rocker
-
Thanks for the post SC. I challenge u feds to google my user name. yup, saw that one coming.
Its an especially salient point, when I am reading posts like:
'i bought the green dot card with cash at a convenience store with no cameras, while wearing a "V" mask. Then i traded it for bitcoin through tor, while using an open router from some house on the other side of town. I PGP'd it and used the address for the abandon house in the town next over. i only go to pick up late at night, and then only after circling the block several times looking for out of place cars.' Am I safe? No really am i?
what he didn't post, but should of is that he used the user name MustangDriverNH1980 .... He's big under that user name all over the ford mustang forums, which he was kind enough to post to from home, and work too. Of course he drives one, yup he posted pictures there, and on twitter and fb. And yes he lives in new hampshire and was really born in 1980....So is he safe?
-
EDIT: Many of you may even know of a fairly recent extremely, extremely high-profile cyber-crime case in which this exact oversight was used to effectively end a person's free life.
Bradley Manning right? They made fun of it on Cobert. Gee how many intelligence officers with potential access have Brad in their name and were born in 1987. Anyhow, i don't think they can prove anything. i wonder why he doesn't just deny it all.
-
Months ago I entered the name of a well know pill dealer, found the name selling a car on autotrader or something else like that.
that dude doesn't show up on here or the road anymore....