Silk Road forums
Discussion => Security => Topic started by: Lockjaw on April 20, 2012, 11:41 am
-
So I read a bit about how SR works and shit, but I'm still not sure how all those BC sites work.
I want to use Intersango to get my BCs (I have my reasons), but I don't know what site I can use as the "middleman". I read in a FAQ here about Bitinstant, but they don't support Intersango.
What site would you recommend?
The way I want to do it is: my bank account -> middleman -> intersango -> SR
Is that OK? Please excuse my poor concentration!
-
I am not sure about that method. The method I not use is bitinstant to mtgox to sr. I know some people like to go from mtgox to some other place before sr, but I have had no problem so far. It is very fast, much fast then dwolla to mtgox to sr.
-
Unless you're buying large quantities or are selling, I don't think you should worrying about using a "middleman" to buffer between your bank and an exchange. Trading btc is legal so obtaining the coins is completely legal in most countries. If you want to add security to your transfer to SR you could use InstaWallet from the exchange and transfer to a btc wallet, and eventually to your SR deposit address. Also remember that SR "tumbles"(transfers the coins across different wallets thru various transactions), which is another added feature to protect your security.
-
to Regicide: So how the hell does the LE go about finding anyone on SR i mean, to me its pretty safe.....noob here lol.
-
to Regicide: So how the hell does the LE go about finding anyone on SR i mean, to me its pretty safe.....noob here lol.
Well for the sake of this argument, let's assume that LE is going after a seller:
When people have untaxed and unrecorded income, it is very suspicious. When you are selling things with bitcoin, you essentially have to convert it into cash to do anything with it (beyond buying from businesses who accept bitcoin as payment). This is where the main trouble occurs financially for vendors. Basically, money laundering needs to occur to cash out on the bitcoins, because this income is illegal and unrecorded. You'll notice that SR has various people that will sell cash for bitcoins with a fee. These people aim to send money in less suspicious ways than to a bank account (IE cash, moneypaks), which are untraceable and the income of cash will not be noted by any financial institution, and your identity is not attached to these forms of cash.
Another way to get caught is by investigation that occurs without any tracing of money or bitcoins. The nature of bitcoins is that they are not easy to trace, which is why I have never heard of anyone getting busted through a bitcoin trail (always use any security possible though). Because of this, most investigations will occur through old fashion detective work. Packages can be tracked and once LE buys something, they may look for patterns in a vendors selling, and follow that pattern to eventually find the seller (IE shipping from the same post office). This is a very simple example, and no smart vendor would use the same PO or drop box to ship things all the time. This example is just created to give you an idea about the process of investigation.
Now, once the identity is discovered, financial records are then uncovered for the individual. If he/she was smart, they wouldn't have any trace of unusual income in a bank account or any other financial institution under their real identity. This would obscure any claims that the person in question sold anything, although there is still much, much more that could happen.
To learn more about the processes that can occur in such cases, take a look at the Farmer's Market (another drug selling darknet site, but different from SR in that it didn't use bitcoin) thread that has the investigation document posted . It makes for a really interesting read. (Bitcoins weren't used, and they were traced basically because they used traceable currency; very stupid mentary decisions were made by these people.)
Hope that helps :)
-
Don't use this fucking place. BITCOINS and TOR are not safe in the least. Every day there's a post about someone getting busted from a intercepted shipment, or police watching their bank accounts and tracking coins. Misinformed "gimme muh drugs" kids will try to tell you different, but as a information security specialist, I can tell you you're fucked if you order anything.
A most intriguing use of syntax for an "Information Security Specialist" ... I am at a loss to think of a way the cryptographic protocols underlying onion routing and Bitcoins could be more anonymous!
V.
-
Don't use this fucking place. BITCOINS and TOR are not safe in the least. Every day there's a post about someone getting busted from a intercepted shipment, or police watching their bank accounts and tracking coins. Misinformed "gimme muh drugs" kids will try to tell you different, but as a information security specialist, I can tell you you're fucked if you order anything.
can you elaborate on this? you keep making these grandiose vague claims in threads but without any explanation for them. i'm not attempting to be rude but as an information security specialist why would you not share with us what you know if it means sr becoming more secure for all of us. why are you even here if you're not going to buy, and not going to provide any useful information?
btw OP i would NOT send funds directly to sr from an exchange, they probably flag those addresses, send it through a few wallets or maybe bitcoinfog first
-
Don't use this fucking place. BITCOINS and TOR are not safe in the least. Every day there's a post about someone getting busted from a intercepted shipment, or police watching their bank accounts and tracking coins. Misinformed "gimme muh drugs" kids will try to tell you different, but as a information security specialist, I can tell you you're fucked if you order anything.
...
a intercepted shipment
police watching their bank accounts
...
Yes you have presented extremely compelling evidence here as to the insecurities of TOR and bitcoins. Obviously some highly advanced crypotgraphic principles have been shattered by truly brilliant mathematicians working working for the DEA who are now busily squandering these advances to bust a punk for 2 grams of weed possession.
But in all seriousness you do strike on the major point of potential danger when using this site: human error.
-
Oh dear, children coming out of the wood work. So, to elaborate, the BTC trail, proof of deposit slips, and intercepted packages are somewhat in the context of "human error" like you say, but the authorities use these things as their "evidence". I say TOR is not safe, because if they really wanted to look into you, they don't have to look further than your ISP for 100% of all incoming/outgoing packet information. It WILL be decrypted and analyzed, trust me. The BTC trail : everything leads back to YOU and YOUR IP(If you use the bitcoin client wallet). I suppose if you used online wallets with vpns and such, it may be harder. This isn't really human error considering its the way bitcoins were meant to work, but then I guess, humans programmed it this way? Think about it... You buy coins from MT GOX. They have all of your personal information, send the coins to you, you tumble or middleman them, but its still not hard to trace it to you and the road. The concept that they will not investigate personal use is absurd. You're receiving drugs in the mail. This is called DRUG TRAFFICKING, no matter the amount. What would i do in order to shut down the road if I cant find its hidden host service? I would simply become a vendor, and a btc middleman. Gather and collect as much information as possible, and strike with force, all at one time. I bet the DEA even has prizes in the office for who ever collects the most addresses. So what if I cant hit the dealers, hitting 10k USA buyers with drug trafficking and probably possession after a raid, will generate thousands in court fees and costs in fees for them. This makes it worth it, YOU essentially fit the bill for their hard work. Call me crazy or tin foil hat man, but i truly believe they are investing quite a bit of time and money into address harvesting for this very purpose. If no one is around to buy the drugs, the site will be rendered useless in the USA, and further potential users would be stupid if they bought anything. So, to re cap, my opinion is that the general notion that they're only going for dealers is 100% dead wrong. They will come after you, the 2 gram marijuana purchaser. My point being, LE is monitoring BITCOINS, and TOR. They also have "good" vendors here set up for address harvesting. In these 2 regards, Silk Road, is NOT safe, even if you dont buy from one of their vendors, they will still come after you with their evidence of drug purchases via btc traces, and possible ISP monitoring.
Thank you for your long and rambling post. Can I suggest you use paragraphs in future? Once again your style and use of syntax doesn't exactly evoke the image of a trained "Information Security" specialist but let us gloss over that.
So your points seem to be as follows:
1. The BTC trail can be followed.
We're aware of this. In the nature of things it's necessary in order to conduct business. As Regicide mentions many sellers, myself included, offer services to vendors to convert their Bitcoins to cash/precious metals which can be sent in the mail. The fact that you can detect which coins have been sent to a particular address isn't a problem in and of itself unless you use a traceable method to buy or sell them such as transferring funds from a bank account.
2. Proof of deposit slips amount to evidence.
I have several deposit slips for Intersango sitting in my desk drawer in my office where I work. All this proves is I have bought Bitcoins which I do as part of a legal business which sells Bitcoins for cash. Indeed without a corresponding warrant to search the records of the BTC exchange itself, the deposit slips by themselves are useless as it wouldn't be possible to detect to which address the Bitcoins had been sent. Even then you would still have not much to go on as vendors in the SR have a mixer built into their account.
3. Intercepted mail is "evidence".
Yes indeed, if you have contraband delivered to your home address you could be arrested, it's a risk. I'd qualify that by comparing it with the risk of hanging around on seedy street corners buying narcotics of unknown quality from dangerous looking hoods, who of course may be undercover LEO. No way to check their feedback score of course.
4. TOR is not safe as an analysis of your ISP's traffic will detect packets, which can be decrypted.
This is what makes me doubt you specialise in IT Security. Even when I was studying in High School we all knew that Onion Routing wasn't susceptible to analysis in this way. It's true that an analysis of your ISP's logs would reveal the fact your connections have been torified but this would do you no more good than if I intercepted an e-mail you'd received which had been encrypted by PGP - I could analyse every byte of information in it until the cows come home as we say in England but there'd be no way to know the contents.
5. You buy Bitcoins from MtGox who have "all" your personal information.
Anyone with an e-mail address can open a MtGox account - I have one myself and used it for multiple transactions without revealing a thing about my own bank account or other personal information. It's true you can't access it from Tor easily but there are any number of VPN's you can use - my personal favourite is Shellmix.
6. SR is vulnerable to BTC Man in the Middle attacks / LEO posing as vendors.
We've been discussing this in another thread called "Can Police break the law"? Firstly, as I mentioned already how do you know the shifty looking guy standing on a street corner offering you dope isn't an undercover Police Officer or a paid informant? I know that isn't the case for other sellers on SR through analysing their feedback.
It is possible in theory of course for a shadowy LEO to set up a vendor account on here but they'd have to sell a considerable amount of drugs before they had enough information to make it worth their while - when you examine the minute quantities being sold this way compared to the huge amounts being sold on the streets outside schools and churches, it makes you realise why they'd pile their limited resources into more public and wide ranging methods of prosecuting drug dealers. Also this method couldn't be used against sellers, as they don't have to give out their personal details to conduct business - the most that could be done is dusting a package for prints.
7. It's possible to find a person's BTC wallet address by determining their IP address if they're running a BTC client on their machine.
Even if an ISP kept such information about applications accessing the BTC block chain all this would prove is that you were running a Bitcoin client, not that you personally received coins to a specific address. Once again using a VPN would circumvent this issue in any case.
None of this of course means that we shouldn't be vigilant but what you're saying is just nonsensical.
V.
-
Oh dear, children coming out of the wood work. So, to elaborate, the BTC trail, proof of deposit slips, and intercepted packages are somewhat in the context of "human error" like you say, but the authorities use these things as their "evidence". I say TOR is not safe, because if they really wanted to look into you, they don't have to look further than your ISP for 100% of all incoming/outgoing packet information. It WILL be decrypted and analyzed, trust me. The BTC trail : everything leads back to YOU and YOUR IP(If you use the bitcoin client wallet). I suppose if you used online wallets with vpns and such, it may be harder. This isn't really human error considering its the way bitcoins were meant to work, but then I guess, humans programmed it this way? Think about it... You buy coins from MT GOX. They have all of your personal information, send the coins to you, you tumble or middleman them, but its still not hard to trace it to you and the road. The concept that they will not investigate personal use is absurd. You're receiving drugs in the mail. This is called DRUG TRAFFICKING, no matter the amount. What would i do in order to shut down the road if I cant find its hidden host service? I would simply become a vendor, and a btc middleman. Gather and collect as much information as possible, and strike with force, all at one time. I bet the DEA even has prizes in the office for who ever collects the most addresses. So what if I cant hit the dealers, hitting 10k USA buyers with drug trafficking and probably possession after a raid, will generate thousands in court fees and costs in fees for them. This makes it worth it, YOU essentially fit the bill for their hard work. Call me crazy or tin foil hat man, but i truly believe they are investing quite a bit of time and money into address harvesting for this very purpose. If no one is around to buy the drugs, the site will be rendered useless in the USA, and further potential users would be stupid if they bought anything. So, to re cap, my opinion is that the general notion that they're only going for dealers is 100% dead wrong. They will come after you, the 2 gram marijuana purchaser. My point being, LE is monitoring BITCOINS, and TOR. They also have "good" vendors here set up for address harvesting. In these 2 regards, Silk Road, is NOT safe, even if you dont buy from one of their vendors, they will still come after you with their evidence of drug purchases via btc traces, and possible ISP monitoring.
Thank you for your long and rambling post. Can I suggest you use paragraphs in future? Once again your style and use of syntax doesn't exactly evoke the image of a trained "Information Security" specialist but let us gloss over that.
So your points seem to be as follows:
1. The BTC trail can be followed.
We're aware of this. In the nature of things it's necessary in order to conduct business. As Regicide mentions many sellers, myself included, offer services to vendors to convert their Bitcoins to cash/precious metals which can be sent in the mail. The fact that you can detect which coins have been sent to a particular address isn't a problem in and of itself unless you use a traceable method to buy or sell them such as transferring funds from a bank account.
2. Proof of deposit slips amount to evidence.
I have several deposit slips for Intersango sitting in my desk drawer in my office where I work. All this proves is I have bought Bitcoins which I do as part of a legal business which sells Bitcoins for cash. Indeed without a corresponding warrant to search the records of the BTC exchange itself, the deposit slips by themselves are useless as it wouldn't be possible to detect to which address the Bitcoins had been sent. Even then you would still have not much to go on as vendors in the SR have a mixer built into their account.
3. Intercepted mail is "evidence".
Yes indeed, if you have contraband delivered to your home address you could be arrested, it's a risk. I'd qualify that by comparing it with the risk of hanging around on seedy street corners buying narcotics of unknown quality from dangerous looking hoods, who of course may be undercover LEO. No way to check their feedback score of course.
4. TOR is not safe as an analysis of your ISP's traffic will detect packets, which can be decrypted.
This is what makes me doubt you specialise in IT Security. Even when I was studying in High School we all knew that Onion Routing wasn't susceptible to analysis in this way. It's true that an analysis of your ISP's logs would reveal the fact your connections have been torified but this would do you no more good than if I intercepted an e-mail you'd received which had been encrypted by PGP - I could analyse every byte of information in it until the cows come home as we say in England but there'd be no way to know the contents.
5. You buy Bitcoins from MtGox who have "all" your personal information.
Anyone with an e-mail address can open a MtGox account - I have one myself and used it for multiple transactions without revealing a thing about my own bank account or other personal information. It's true you can't access it from Tor easily but there are any number of VPN's you can use - my personal favourite is Shellmix.
6. SR is vulnerable to BTC Man in the Middle attacks / LEO posing as vendors.
We've been discussing this in another thread called "Can Police break the law"? Firstly, as I mentioned already how do you know the shifty looking guy standing on a street corner offering you dope isn't an undercover Police Officer or a paid informant? I know that isn't the case for other sellers on SR through analysing their feedback.
It is possible in theory of course for a shadowy LEO to set up a vendor account on here but they'd have to sell a considerable amount of drugs before they had enough information to make it worth their while - when you examine the minute quantities being sold this way compared to the huge amounts being sold on the streets outside schools and churches, it makes you realise why they'd pile their limited resources into more public and wide ranging methods of prosecuting drug dealers. Also this method couldn't be used against sellers, as they don't have to give out their personal details to conduct business - the most that could be done is dusting a package for prints.
7. It's possible to find a person's BTC wallet address by determining their IP address if they're running a BTC client on their machine.
Even if an ISP kept such information about applications accessing the BTC block chain all this would prove is that you were running a Bitcoin client, not that you personally received coins to a specific address. Once again using a VPN would circumvent this issue in any case.
None of this of course means that we shouldn't be vigilant but what you're saying is just nonsensical.
V.
this is all very interesting, but the part im having trouble believing is this idea that they're going to bust thousands of buyers one day. this would mean they would have to sell potentially dangerous drugs to people for a quite a while just to bait users? how would that look in the public eye once they found the sheer amount of people who use this place, and that the cops were potentially endangering lives just so they can make a bust to make themselves feel good? i would like to think that people would not take that very well. not to mention SR has been around for a while, why haven't they done this already? in the meantime sr is gaining more and more popularity and a reputation for "friendly" safe drug experiences. How would the average joe react when on the news they announce they wasted funds to arrest 25,000 harmless users and were engaging their own drug sales just to do so? the drugs they sold would never be recovered either so i wonder how they would justify that? i would like to think there would be a public uproar over such negligent abuse of power.
-
So, eeee, you claim that they can decrypt TOR traffic but you advocate using this http://sourceforge.net/projects/advtor/?source=directory instead? As far as I can tell it doesn't utilise any different method of encryption.
So please let us in on your special "information security specialist" insider knowledge as to how it is so much more secure.
-
Alright, enough about law enforcement.
I just got some bitcoins on my Intersango account. To send them to Instawallet I need to go to Accounts -> Bitcoin - withdraw funds -> Withdraw Bitcoin (on the right) and use the Bitcoin address from Instawallet, right?
-
You sound exactly like a sock puppet.
I'm an IT professional and developer and there is no substance to what you say.
Back up your claims with coherent evidence, or leave these forums please.
Don't use this fucking place. BITCOINS and TOR are not safe in the least. Every day there's a post about someone getting busted from a intercepted shipment, or police watching their bank accounts and tracking coins. Misinformed "gimme muh drugs" kids will try to tell you different, but as a information security specialist, I can tell you you're fucked if you order anything.
-
Alright, enough about law enforcement.
I just got some bitcoins on my Intersango account. To send them to Instawallet I need to go to Accounts -> Bitcoin - withdraw funds -> Withdraw Bitcoin (on the right) and use the Bitcoin address from Instawallet, right?
Correct! ;-)
-
Excellent post, V! One quarrel :
Oh dear, children coming out of the wood work. So, to elaborate, the BTC trail, proof of deposit slips, and intercepted packages are somewhat in the context of "human error" like you say, but the authorities use these things as their "evidence". I say TOR is not safe, because if they really wanted to look into you, they don't have to look further than your ISP for 100% of all incoming/outgoing packet information. It WILL be decrypted and analyzed, trust me. The BTC trail : everything leads back to YOU and YOUR IP(If you use the bitcoin client wallet). I suppose if you used online wallets with vpns and such, it may be harder. This isn't really human error considering its the way bitcoins were meant to work, but then I guess, humans programmed it this way? Think about it... You buy coins from MT GOX. They have all of your personal information, send the coins to you, you tumble or middleman them, but its still not hard to trace it to you and the road. The concept that they will not investigate personal use is absurd. You're receiving drugs in the mail. This is called DRUG TRAFFICKING, no matter the amount. What would i do in order to shut down the road if I cant find its hidden host service? I would simply become a vendor, and a btc middleman. Gather and collect as much information as possible, and strike with force, all at one time. I bet the DEA even has prizes in the office for who ever collects the most addresses. So what if I cant hit the dealers, hitting 10k USA buyers with drug trafficking and probably possession after a raid, will generate thousands in court fees and costs in fees for them. This makes it worth it, YOU essentially fit the bill for their hard work. Call me crazy or tin foil hat man, but i truly believe they are investing quite a bit of time and money into address harvesting for this very purpose. If no one is around to buy the drugs, the site will be rendered useless in the USA, and further potential users would be stupid if they bought anything. So, to re cap, my opinion is that the general notion that they're only going for dealers is 100% dead wrong. They will come after you, the 2 gram marijuana purchaser. My point being, LE is monitoring BITCOINS, and TOR. They also have "good" vendors here set up for address harvesting. In these 2 regards, Silk Road, is NOT safe, even if you dont buy from one of their vendors, they will still come after you with their evidence of drug purchases via btc traces, and possible ISP monitoring.
Thank you for your long and rambling post. Can I suggest you use paragraphs in future? Once again your style and use of syntax doesn't exactly evoke the image of a trained "Information Security" specialist but let us gloss over that.
So your points seem to be as follows:
1. The BTC trail can be followed.
We're aware of this. In the nature of things it's necessary in order to conduct business. As Regicide mentions many sellers, myself included, offer services to vendors to convert their Bitcoins to cash/precious metals which can be sent in the mail. The fact that you can detect which coins have been sent to a particular address isn't a problem in and of itself unless you use a traceable method to buy or sell them such as transferring funds from a bank account.
Of course it would be better to deposit by cash, however using BitCoinFog & instawallets you can pretty much avoid any trail being linked back to you (other than the fact you bought coins with your bank account).
I know it isn't in your favour to mention it but I just thought I would for the sake of the forum - I think you are providing a great service and am glad you are providing it. It is clear that transferring funds frm your bank account -> intersango -> SR is a very traceable method though and I agree with you.
-
I say TOR is not safe, because if they really wanted to look into you, they don't have to look further than your ISP for 100% of all incoming/outgoing packet information. It WILL be decrypted and analyzed, trust me.
I trust you are an Information Security Lamorist.