2cbking Banned From TMG

He hasn't signed any of his messages since his return and he has only been using gmail for DD's so far.

Late Edit: I did not mean to imply that I too believed that 2cbking's account had been compromised. Everything I've stated has been strictly based off other TMG users points of view.

Quote from bodhi:

"@ 2cbking

Your partial ban has been elevated to a permanent total ban on TMG

Your OPSEC practices have been deemed so risky we cannot allow you to operate here under any circumstances

Security is NOT retroactive, even if you were to resolve the issues with your email (Gmail) service and PGP key the damage is already done and everyone who has done business with you in the past is potentially at risk

If you have any self preservation instincts you should cease all darknet activity and take a long hard look at what you are doing"

: (


Comments


[38 Points] BenAQN:

Why the fuck would he use gmail lol.


[22 Points] Ruger412:

RIP old friend.

40 mg of his 2cb and a 7 inch pipette took my ass on a journey to new levels of pain, glory, and color.

He will be missed.


[11 Points] blueballswhiteskin:

God dammit why is it getting so hard to find a good domestic 2C-B vendor


[8 Points] 2cbking:

I gotta say when i got back from a quick family trip and got online yesterday to see I was banned on TMG i was more than a little shocked and not sure wtf is going on. I didnt know they had new rules about pgp or whatever and they nevergave me an oppotuniry to implement it. As far as opsec, there is no vendor that takes opsec more seriously than I do and who takes its customers securityand privacy as serious as me, I would never do anything that would put my safety or my customers safety at risk.

About Gmail. FIrst of all, ya we do have that gmail. It was always meant to be used as backup for when people couldnt reach us any other way. And as been evidenced by various darknet email providers coming and going, we felt it was a good idea to at least have an email that would always work that we could be messaged at (and if wanted the conversion would move else where wherever they felt comfortable). We now also have 2cbking@protonmail.com and 2cbking@tutanota.com (but they said it might be upto 48 hrs before it can send or receive messages, that was a day ago, so...) and fully encourage people using those. BUT as with whatever provider you use, use PGP. PERIOD. As others have said, you shouldalways assume your messages are being monitored, or recorded. The whole point of PGP is so you dont have to trust the medium in which you communicate. Why people by default think some darknet email provider ran by god knows who, who is doing goknows what with the data, is somehow by default safer then gmail is beyond me.

Lets also be clear about how we created out gmail account. We paid cash for a burner phone to use as verification and threw the phone away immediately after doing so. This wasnt even done in the same part of the country as we operate actualy. From day 1 we have only EVER connected to the gmail account over Tor inside Tails. Google has zero information about our real identity and in no way could ever trace anything to us. People have this idea that simply having gmail means you gave up your real personal information at the beginning, or that you are using clearnet and cleartext for everything. Thats bullshit. We have never used gmail over a open connection and we have used pgp in the cases gmail was used to communicate with people.

Also, lets me clear, since I have had new stock, I have sold to like 2 maybe 3 people. TOTAL. And only 1 of them had anything to do with TMG and it was done on TMG thru private message, not GMAIL. The idea that we have been conducting business entirely over gmail is total fucking bullshit. Its inaccurate and a lie. We have barely done any business at all since weve had new stock and its mostly been with 1 person. Quite honestly, how they can even claim such a thing is beyond me, because they have no idea (nor does anyone except those who we do business with) who we do business with, or when, or how. They simply took the fact that we even had a gmail address to the most paranoid delusional extremes and make it sounds like we just dont care and are handing out customer info left and right. Its nothing more than a slanderous lie with no basis in reality We have always had that gmail, its not new and this shouldnt be a new issue. Dont like gmail, dont use it. And always remember to encrypt.

As far as PGP, part of the thing with TMG is i guess they have a new rule that requires keys to be 4096, to have subkeys with expiration dates, etc... Which we are more than happy to implement and intend to do that tonight regardless, because if it makes customers feel more secure, then we are happy to do it. TMG never gave us a chance to respond or implement any of their new rules. We were banned and unable to do anything or even message the admins before we even knew about any of this. It just hit us out of the blue yesterday. It has ben suggested the key we have used, 2048 is some how not secure enough and that in theory it can some how be comprimised (in the future). This is totally inaccurate bullshit and demonstrates a clear misunderstanding over pgp works. The fact that hash collisions were shown to exist in the hashing algorithm (after like 2 to the 69th power operations as compared to 2 to the 80 that brute force attack would require, whichis still orders of magnitude less, but still) does not mean messages encoded using PGP are any less secure or could be cracked, In fact, that theoretical collision at best could be used to generate a falsely signed message. Not break a message that was encrypted. But even that is not a practical reality in the near or far future. Our key may be 2048bit but our passphrase is also several hundred characters long. As it stands, it would be impossible for anyone to break a message sent to use with our PGP key. Anyone claiming otherwise doesnt understand the technology.

As far as signing stuff, uhh, why? Its not like we are new or disappeared and showed up out of no where. We never went anywhere. We have been out of stock since Novemember, but we didnt go anywhere .We have stil been on here posting comments, been on TMG posting comments, responding to messages, etc..We also have decoded and responded to every single pgp message sent to us using our key. Ya, we didnt make some new message that we signed saying hey its us because we didnt think we needed to. because we didnt go anywhere! Its always been us. And if you had any concerns if it was or not, all anyeone had to do is send a message encrypted with our key and wait for us to respond to it. Seriously.

So ya, i guess thats all the comes to mind right now. We are saddened to be attacked like this and accused of not taking opsec seriously simply because we do have a gmail address as a backup. But the stuff being suggested is just totally bogus and inaccurate. Our customers security and privacy is our number one priority (next to providing the purest product at the highest level of service) and always will be. We do not conduct being in the clear, and wont conduct business in the clear. We use Tails and Tor for everything. We dont keep customer info. There is literally no one your safer ordering from. We liked TMG, and have conducted some business thru private messages on there, and would of liked a chance to respond to such allegations or given a chance to implement the new pgp rules they have. But we were not given it, we got back onlie to see we had been banned simply because they didnt like he were in posession of a gmail adddress (not sure why it was never an issue before). We would still like to be involved on TMG, but apparently its out of our hands and from this post it appears they dont really care about the truth and think we should just quit. wtf?

Anyway, let us now if there is anything else you guys want to know. Hopefully our customers know better then to take this slander to heart and know we care about their safety and will always protect them. Thanks

2cbking


[3 Points] None:

funny how I can source basically any other 2c-x for reasonable prices except for 2c-b


[3 Points] madnessDNM:

What a weird turn of events. This seems completely unlike The King. While he has stated he has used Gmail in the past, he always seemed incredibly on his game as a vendor. I've dealt with him multiple times and he's always been known as top tier.

There definitely has to be something going on as I can't imagine he would purposely be that lazy on OPSEC. He even went what I would call pretty above and beyond on stealth for domestic packs, so it's odd to hear he would be slacking on simpler online stealth now.

End of an era is he's out. I was already dreading his retirement thread because of his precursor accident, but this isn't the way I wanted him to go out. RIP in peace old buddy.


[2 Points] 2cbking:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Here is a signed message since people seem to think that we
havent signed things. Since when does a vendor sign everything 
they write? They dont, ive never seen a vendor sign a message 
unless its to say they have a new key or if they are back with 
maybe a new name so people know its the same person. Not just 
every random message. Particularly if you havent gone anywhere 
and have been around and using this account the entire time 
without break. 

I have been able to decrypt and respond to every single message 
sent to me.So this whole signing business is crazy. 

One more thing about bodhis message. Eleveated to perm ban? 
That implys smething happened or changed or there was some 
cause or reason. I was perm banned before I even knew this 
shit was going on. No comunication or chance to defend my 
self of their false beliefs. My practices so risky I can 
never be allowed to conduct business? WTF? They dont know 
anythin about me or my practicies and have never done business 
with me. THe few people from TMG i hvae done business with over 
the last year or two were done thru private messages on TMG, 
not GMAIL. I have never done business over clearnet or 
unencrypted. PERIOD.

So this bullshit about security not retroactive doesnt make 
any sense,its literally nonsensical and doesnt have anything 
to do with me or my opsec. I only do business secure encrypted 
and exhibit the highest standards fo OPSEC unsurpassed by any 
vendor, period. Everything is encrypted, nothing plain text. 
You act like i conduct all my business on gmail (which as ive 
explained and as anone who knows anything about the actual 
technical aspect of pgp and encryption knows, doesnt matter 
even if i did, because you shouldnt depend on the security 
and privacy of your email provider to keep you safe, thats 
what PGP is for, and as long as its being used correctly, 
and a gmail acct was made entirely anonymous and never 
connected to with anything but Tor in Tails, it is no more 
insecure then any provider you may choose to use) which is 
not true. The truth is ive only dealt with a few people since 
ive been back, one oft hem was thru private message on your 
site TMG, and the others were long time old customers entirely 
encrypted and safe. Point is, ive barely done any business lately, 
let alone making it sound like im operating all sorts of deals on 
gmail, which isnt true. And clearly just something made up because
how could anyone but me and the people i deal with know what 
business ive done and where.  

In what way is everyone ive ever done business with at risk? You 
act like ive been hacked or something and kept plaintext records 
of every deal ive ever made (wheni dont keep any recorded at all, 
let alone plaintext) and that info is now in the hands of who knows 
who. Or that LE has it, or whatever. No one ive done business with 
is at risk of anything. There is nothing that has been done in the
clear. There isnt records of anything done in the past. THtas just 
blatant slander to claim i operate risky and have put anyone at risk 
either now or in the past. And not based in any actual reality. My 
self preservation instinct is onyl surpassed by instinct to protect 
the safety and privacy of my customers and people I do business with. 
ANd if anything, i take my opsec very serious and conduct my business 
in the safest way possible.Even if it means it takes more time, and 
would be considered paranoid and beyond need according to most vendors 
practices. But id rather be safer than sorry.

 The fact is, you guys at TMG, dont know anything about me and are 
making bold claims and accusations you dont know anything about are 
are pulling out of god knows where. I honestly expeced better. I always 
considered TMG a respectable decent forum and enjoyed my time there. 
And am shocked for this to come out of left field when nothing happend 
on my end.  That bogus claims would be made about my operation and not 
given the chance to defend my self or correct any misconceptions they 
somehow developed. To be banned for what literally was a nonevent that 
never happened is insane. What is criminal negligence and slander is the 
totally inappropriate fear mongering and false information being spread. 
People need to know REAL security issues and need truth. Not FUD and 
misinformation that does nothing but cause drama and problems. If someone 
isnt qualified to speak to any actual REAL technical security issues they 
should probably keep their mouth shut and not pretend like they do. Because 
it doesnt help people to stay more safe and secure. There are enough real 
issues on the darknet to deal with, without making shit up and attacking 
vendors out of the blue. 

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJY7FlQAAoJEDvQTADxwkPhzAgH/3Fm/s7ZsXHDVuA9e/pydzyQ
Be0c9f30VBQKB8lYgHlMbf/S4kyASUzKrdPfgr15/XwWcELtAwp3i4slTMkZ8OtE
WdXxWparNRgEWIckXgWBeNFWqJUXO31m6Ik2KWTG0VzZpMeJREyaKK5j8cuQnBnY
EDvhjCVGxn5U+bNUZDSIm4caJBo7KlCojCJbXPqMTTzOP1WUl+jZy5ILmZiy5VBz
x0zgyERfLShjqK9Ck8TdjVUPCCKQb7zGPjlvntDvjKEQLhOxOPbA21Su1+5AEw4V
dvP21recAbRndHuxN3VMgnVyaiZbNN6PFVs6SrApPBo6SCijD7Nu/qufSqVIXac=
=cg+r
-----END PGP SIGNATURE-----


[2 Points] 2cbking:

Just another point of interest. I was never actually a vendor on TMG. I didnt have the vendor flag orwhatever it was. I was just regular user who read and commented on things. Which makes the whole things even more ridiculous. All this coming from people who dont know anything about my opsec or business. This 100% boils down to the fact they saw I have a gmail acct (which wasnt a secret or new and the only reason my signature only contained it is because i deleted the sigaint email and whatnot from it because they dont work anymore and hadnt updated it yet with the new emails but incase someone really needed to reach me, they could try there) and decided that meant my opsec is so bad i cant even read or comment on post there. I have already explained how goofy that is. And it would actually be more accurate to say that since my 'return" i have only used TMG for DD through private messages. Since the only deal ive done besides 2 people ive been dealing with for a long time completely unrelated to all this, was to a TMG user through private message on TMG. So if the 'damage'is done and peopple are potentially at risk, your basically saying TMG is insecure and and anyone using TMG is exhibiting poor opsec. SInce Its the only site ive done deals on since my return, and only one. You could barely say ive returned because i havent taken any orders yet from strangers. So again, that whole message by bodhi is like twilight zone bizarre and nonsensical and based on god knows what hallucinations. Maybe they did too much of my product. Must to potent for them. Should stick to the dirty brown shit.


[1 Points] alphagaysupport:

Fuck. International here I come


[1 Points] None:

how does a vendor get sales on TMG? just through messaging?


[1 Points] dankonion:

If your opsec is so tight what about your PGP key?

This was posted on TMG http://talismanrestz7mr.onion/index.php?topic=10743.msg170748#msg170748

2cbking's PGP key was generated 25 months ago, to the day:

pub 2048R/0x3BD04C00F1C243E1 2015-03-09 Key fingerprint = 6190 AC64 02EB 92F6 A57B 505F 3BD0 4C00 F1C2 43E1 uid 2cbking@gmail.com

pub 2048R/0x3BD04C00F1C243E1 created: 2015-03-09 expires: never usage: SCEA [ unknown] (1). 2cbking@gmail.com Cipher: 3DES Digest: SHA1 Compression: ZIP, Uncompressed

Let's take a closer look at that key, shall we?

1) 2048-bits in size; inadequate for today's threat environment;

2) No encryption sub-key;

3) The only cipher supported is 3DES, which is reduced to 112-bits in strength due to a meet-in-the-middle attack published about a decade ago;

4) The only hash algorithm supported is the now-broken SHA1.

That's a really shitty key to be using!


[1 Points] None:

[deleted]


[-35 Points] poopybutt9000:

Gmail, what an idiot, WOW. Sounds about right though, judging by his brainless comments here in this sub...when I found out he was a mod I was stunned that they would allow such a dunce to have any sort of authority here.