[OPSEC/Computer] Why BlankBank might be up: LE attack speculation

So earlier I posted this thread where I suspected a DDOS attack:

https://www.reddit.com/r/DarkNetMarkets/comments/305bfl/is_tor_network_under_attack/

and it turned out that there is indeed a DDOS attack. According to speculation of a newspaper article,

The forensic interest in quite how international cybercrime initiative 'Operation Onymous' defied Tor's obfuscating protocols to expose hundreds of 'dark net' sites, including infamous online drug warehouse Silk Road 2.0, has led many to conclude that the core approach to deanonymisation of Tor clients depends upon becoming a 'relay of choice' - and a default resource when Tor-directed DDOS attacks put 'amateur' servers out of service."

If Blankbank is still up, it may be that the feds are DDOSing all other services other than Blankbank to allow the feds to find Blackbank's IP and take them out. They're probably going to do this one by one to each hidden service because Evo's exit means that hidden service traffic is far more bottlenecked and concentrated. I don't think it is FUD to suggest that people approach markets with caution at the moment and prepare for the worst at all times. Please don't buy/sell goods on debt. Markets are inherently unstable and shit goes down really often, so please be careful.

LIGHTING THE GWERNSIGNAL /u/gwern

Do you believe that there's any way to protect against the DDOS to identify server attack mentioned above? Also how was evo able to maintain such perfect uptime? Finally, do you believe that onymous was merely through locating sketchy server hosts and taking everything down or an actual sophisticated Tor attack like the one mentioned above?


Comments


[9 Points] Therealfed1:

everyone flash the /u/gwern signal


[8 Points] Theeconomist1:

Yeah man, there is a feel that something is afoot. However, we do know that Agora will shut down for security upgrades and don't communicate a whole lot. I don't have the user counts, but Black Bank is smaller, and probably significantly smaller, than Agora. If it were up to LE, it seems like their best bet to de-anon via these means would be Agora being up and the other sites being down right? More targeted traffic should be more helpful in this scenario. So that leads me to believe that Agora is down on their own volition doing security upgrades, if we do assume that there is a de-anon attack going on. So I don't know. We can fit a lot of back story that will sound reasonable simply b/c we lack so many facts. You are right though that we should always be vigilant when approaching the markets, no matter what.

And add to that DNStats.net is down. That target surprises me. So that could be fuckers just fucking around or you do have to ask, why would someone want dnstats down? Obviously given what they do, if the attack isn't just lulz, the reason would be they don't want the community knowing any detailed info as to whether or not services are up and down and to be unable to know the timing of the outages.

I'd like to get Gwern's thoughts on this as well. He is always the voice of reason and sanity during these fucked up times.


[6 Points] AllJoociedUP:

I personally think it's a variety of factors causing this. I still stand firm that DNMs are like a virus. Once the cat is out of the bag, it can't be stopped. I know for damn sure if they take all the markets down and make outright make Bitcoin illegal (hypothetically). I dont know about you cats, but Ill be on the next VC, be it litecoins, darkcoin, or whatever other form of currency hope on whatever new market and place my first order on there. I'm not going back to 'traditional' means of acquiring. Calling my guy, waiting on his schedule and if he has iwhat I need, if its good or not. I'm done with that shit. Its unsafe, unpredictable, and by the power and funds vested in me I will spend it on DNMs even if they I get exit scammed and fucked I would do it just to show spend the funds, in hopes it would go towards the rigt direction.

I hope everyone on this reddit come with me as we try to keep DNMs alive. +1 this post if your with me.

The more people using it, the stronger the system (theoretically) in terms of anonymity. You can't be anonymous if your the only one in the sample size.

But with regards to this particular outage. I think its a critical security issue that site admins had to figure out the hard way, via intrusion detection and/or APT combined with some F**ks from LizardSquad and their TOR DOS and then to top the cherry on top off the large amount of users moving from open market to open market multiple times everyday thats not helping.

Best thing to do is. Check DNSstat to see if your fav MArket is online. If it is then give it a try, if its not PLEASE FOR THE SAKE GOD don't keep hitting refresh thinking your going to get something. Thats creating a majority of the problems. The site down't load, and NOOBs can't just say "Fuck it." Ill try again tomorrow and need to hit the refresh key over and over over again. Not helping at ALL.

Yeah yeah you placed and order with vendor ...x.. and you really need your ....y.... for .....z.... but lay off the network and give it a chance to recover. and it will come back up better than ever.


[4 Points] AgoraMarket:

Also how was evo able to maintain such perfect uptime?

One of two reasons IMO:

  1. The admins were located in an "untouchable" country, had zero fear of being caught, and simply didn't care if the server(s) were located, as they could hypothetically resurrect them within hours at another oníon address.

  2. Few security measures (esp. the lack of URL change after Heartbleed) were implemented, because the exit scam was planned out from day one. They were just waiting until a reasonable amount piled up, and then took off. Better to attract tons of users by making 10+ oníon addresses, 99% uptime, etc.


[3 Points] SecondChanceUsername:

Maybe its time to institute a round table for DNM admins so they can communicate and plan downtime to be simultaneous and try and avoid this kinda shit. Plan counter-LE intelligence and share useful OPSEC info. Stop being selfish and unite together in the war on drugs.


[2 Points] lickinglollies:

Maybe LE run blackbank and are gearing up for the biggest bust in history. "Thousands of online drug dealers and there customers arrested in the biggest bust in history"

Darknetmarkets=DEAD


[1 Points] None:

[deleted]


[1 Points] ShulginsCat:

Blackbank was also affected by the slowdown and I experienced that first hand last week.


[1 Points] None:

[removed]


[1 Points] None:

There's your sign. /s


[1 Points] None:

I got on agora three times today on first attempt. No one refresh but it worked on second time.

I really think it's flooded.

Also PLEASE stop writing mod names. We are getting flooded. You don't even have to use the /u/ - Automod alerts us to our names and nicknames. We are drowning.


[1 Points] JustADudeYep:

I'm no computer expert but I know a little bit here and there, and isn't there software that prevents DDOS attacks from messing with your system / server? I believe there are a number of them actually. Either way, this whole thing pisses me off. I have a severe autoimmune disease and I actually utilized the markets if I ran out of something like pain meds a little early, or if I just thought something else would help. So this is extremely shitty. --- Why don't the market owners do what the Dallas Buyer's Club did and just sell memberships instead of 'pharmaceuticals'?? Then that shit is legal!