Regarding: SR2 staffer DoctorClu's arrest - Does anyone have ideas on how his IP was compromised?

Indictment: https://assets.documentcloud.org/documents/2852008/Farrell-Sentence.pdf

Excerpts:

In July 2014, Seattle agents received a lead that a particular IP address had accessed the vendor portion of SR2.

According to Comcast records, the IP address resolved to Farrell's address.

I am wondering if anyone here has clues as to how LE came across his home IP address if he was using TOR Browser Bundle to access the vendor portion? Something doesn't add up.

Was SR2 a LE Honeypot? Or was he De-anonymized by another operation?

Or was SR2 leaking IP? Even if it leaked IP, it would have leaked the server IP and not his home IP, it is very strange that LE would find out his IP if he was using basic precautions such as TOR/Tails.

Any ideas about this little incident?

If LE is able to obtain the IP address of a normal person accessing a darknet market via TOR, what is stopping them from obtaining the IP address of all users of DNMs?


Comments


[7 Points] GrandWizardsLair:

ITGWRC the SR2 vendor URL was a honeypot and SR2 was compromised from its inception. (Among the founding members "Cirrus" was an FBI agent at least and there may have been others).

It appears getting the IP addresses from the vendor URL was reasonably time and labor-intensive: sorting out everybody's IP address would be a whole lot of work to find people who bought grams of weed etc.


[1 Points] bobbiggs69:

The Carnegie Mellon tor hack. https://www.deepdotweb.com/2016/02/28/court-documents-confirm-cmu-paid-by-government-in-tor-attacks/


[1 Points] Vendor_BBMC:

That's a pretty flimsy case - "the only evidence we have is the IP address, but we won't say how we obtained it".

Defcon obviously sung like a canary, that's why he's not in prison. But I assume to avoid getting locked up he would have to give evidence against somebody higher up, or many people, to save his own oily hide.

Dr Clu was definitely "in" on the escrow theft cover-up, I remember realizing it at the time. He was kinda their blockchain expert and what he said was bullshit.

All of the forum mods were full of shit on Silk Road / SR2. It seemed to be the main prerequisite. Ross was a poor judge of character online.

SilkRoad2.0 shared a vulnerability with SilkRoad:- It used MTGOX wallets as if they were internal wallets, because SilkRoad and MTGOX were sister sites which depended on each other. When MTGOX was robbed on Feb 6th 2014, SR2 was technically insolvent. It was a classic "pass the scam down" case.


[1 Points] UDGHT:

!remindme 1week


[0 Points] None:

[deleted]