Silk Road forums

Discussion => Security => Topic started by: head on May 26, 2012, 01:06 am

Title: blackopsecurity.net - partially bullshit ?
Post by: head on May 26, 2012, 01:06 am
Have a look on this thread. It is really interesting, I promise you.

http://www.shadowrx.com/forums/showthread.php?t=822

A moderator from the shadowrx-board called "Shetlan" criticized a lot of the content from blackopsecurity.

On page 3 of the thread there appears a user called "raxxror" and the fight beginns.

Quote from raxxor:
Quote
Allow me to reply to Sheltan. I was on the team that made Polyfront as well as Blackopsecurity.

Quote from Shetlan
Quote
That's roughly as impressive as being one of the founders of zoklet.

Quote from Shetlan (after banning "raxxor");
Quote
It is amazing that this kid could be taken seriously anywhere - the fact that blackopsecurity.net is so often cited just proves how easily lies can spread.

Who is right? Is blackopsecurity and polyfront really filled partially with misinformation?
Title: Re: blackopsecurity.net - partially bullshit ?
Post by: l33thaxz on May 26, 2012, 01:47 am
Sheltan makes a lot of mistakes. He says that it is not illegal to mail any amount of money. This is true but it is illegal to mail more than ten thousand dollars if it is not declared. He doesn't understand the point of encoding anonymously obtained magstripe data to blank cards to avoid having to physically pick up a cash out card. He is wrong about the USPS not needing a warrant to open mail, they do need a warrant to open protected classes of mail but no other shipping service does. He says that the USPS doesn't examine domestic shipments but that is the entire job of the United States Postal Inspector. He claims that Netwar isn't a new concept and that is true although it is very commonly  thought of as new. I suppose you need to look at it as what is more common. In the past hierarchal organization structures were more common for criminal groups to take, like the Mafia. A more modern phenomenon is largely leaderless organization structure, like Silk Road. DPR can be thought of as a leader, but in reality he has very little command and control power and is largely just an easily replaceable maintainer of the used communications infrastructure. SR is not a traditional drug trafficking organization with cartel leaders and a chain of command, and the structure that SR takes is relatively new for militant groups, crime groups, terrorist groups and activist groups. It is generally called netwar in academia and although leaderless movements are not necessarily new they are growing in popularity as well as in efficiency largely due to the internet. Sheltan rejects all of this. He also claims that modern terrorist and crime groups are not leaderless and this just goes to show that he is only aware of outdated structures.

He calls Mixminion a company when it is really a network of volunteer nodes managed by people from the Tor project. Mixminion probably does not offer NSA resistance strictly speaking, but it was designed to offer anonymity from a global passive adversary. The NSA will not be able to quickly deanonymize Mixminion users based off of analysis of passively gathered signals intelligence, but nothing is stopping them rooting all of the mixes and becoming a global active adversary. So Sheltan gets half a point on this one.

Sheltan calls the developmental smuggling model entirely fake and baseless, and claims that it was taken straight out of a movie. In reality it is based on an academic analysis of the various types of smuggling organization. He claims that GPS assisted dead drops are less effective than a description of the spot the product was dropped at, this is absurd considering the accuracy one can obtain with specialized GPS.

He calls research by the RAND organization into question versus his own professional opinion as the moderator of a kiddie level underground forum that is largely as sophisticated as Totse was. He claims that Al-Qaeda is an organization with a firm command and control structure but this point is debated in the U.S. intelligence community.

He also claims that e-currency is not a secure way to handle payment. When the person he is arguing with counters that the entire online drug smuggling community disagrees with him he has this to day

Quote
And the "Internet Smuggling Communnity" consits of who? You? A bunch of other kids that play too many video games? Yeah Skippy, I'm really worried about what the "internet smuggling communnity" thinks

an he also continues to trash talk the online drug community as a bunch of stupid kids, simply because he has no idea it exists. It looks like SR and the other public forums launched shortly after this debate and the online drug smuggling community exploded in its size. It is also using all of the techniques that Sheltan is arguing against, so I guess we can just look at the real world to see who the biggest dumbass is. Blackopsecurity had plenty of flaws but Sheltan is a grade A dumbass.
Title: Re: blackopsecurity.net - partially bullshit ?
Post by: kmfkewm on May 26, 2012, 02:32 am
Polyfront (made with the help of some of the people from BOS) fixed most of the problems with BOS, which shut down many years ago. BOS had errors though. So did Polyfront. If Polyfront were to be done again today it would fix some other things most likely, probably would suggest using hardware isolation instead of virtualization based isolation. Regardless BOS and Polyfront were both cutting edge underground security sites in their time. The people who made them learned more over time, but I don't know of any comparable comprehensive black market security resources, all of the others are playing catch up. BOS was teaching thousands of people how to use Tor and GPG when the majority were using Hushmail or no encryption and shitty or no anonymity solutions. Polyfront was the first underground security site to teach people how to use any sort of isolation at all, the first to warn people about checking tracking with Tor. What has Sheltan done?

Title: Re: blackopsecurity.net - partially bullshit ?
Post by: head on May 26, 2012, 05:09 pm
When the person he is arguing with counters that the entire online drug smuggling community disagrees with him he has this to day
Quote
And the "Internet Smuggling Communnity" consits of who? You? A bunch of other kids that play too many video games? Yeah Skippy, I'm really worried about what the "internet smuggling communnity" thinks

He probably just didn't know. Normal people which are not into drugs can't even imagine something like a private drug smuggling scene on the internet. Especially before SilkRoad.

Blackopsecurity had plenty of flaws but Sheltan is a grade A dumbass.

I agree. I think they had both their points though, even if this Sheitan was clearly a dumbass.

If Polyfront were to be done again today it would fix some other things most likely, probably would suggest using hardware isolation instead of virtualization based isolation.

Is there a chance too see an updated version of Polyfront in the next time?

Regardless BOS and Polyfront were both cutting edge underground security sites in their time.

Absolutely. I posted this just to bring up some discussion to see how people think today about this topic.
Title: Re: blackopsecurity.net - partially bullshit ?
Post by: aciddeath on May 26, 2012, 08:44 pm
saw this on an ovdb thread the other day

2po5jdzeffv2kyv3.onion/polyfront/