Silk Road forums

Discussion => Silk Road discussion => Topic started by: InkIndulgence on August 07, 2012, 11:23 pm

Title: Another article on SR, basically says we ain't goin nowhere
Post by: InkIndulgence on August 07, 2012, 11:23 pm
http://www.usnews.com/news/articles/2012/08/07/online-black-market-drug-haven-sees-growth-double

My favorite part in the article:

Quote
We see this market is growing—we can sit down and talk about what the appropriate response should be, should we try to shut them down," he says. "But we should revise this 'War on Drugs' concept. I don't think we should take this fight online.
 
He says any attempt to take down the site would likely require "serious resources."

The resources it'd take to shut it down might not be worth it, he says, if law enforcement even had the ability to do so.
 
"I don't have the slightest idea where it's operated out of," he says, although close to half of the sellers on the site are based in the United States.

<3 IT!!
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: InkIndulgence on August 07, 2012, 11:45 pm
I just figured with all of the articles people post that scare everyone, it was nice to find one that at least gave us SOME positive outlook!
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Limetless on August 07, 2012, 11:53 pm
Surely if you can get close the FBI with the amount of spends it has at it's disposal would have done it by now if they could?  :-\
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Joey Terrifying on August 07, 2012, 11:57 pm
thank you for the wonderfully brief & succinct summary of the article in the thread title.  reading "silk road" articles has become very tedious and dull.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: divinechemicals on August 08, 2012, 12:09 am
I really don't think there's a huge effort to take down the site. As the article says, we're $20 million in a $300 billion drug market. Why would they waste their time? I mean a place like the Farmer's Market was easy pickings, but this place would require a lot money that needs to be spent elsewhere what with the country facing budget problems. I think we're safe for quite a while.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Limetless on August 08, 2012, 12:14 am
Surely if you can get close the FBI with the amount of spends it has at it's disposal would have done it by now if they could?  :-\
they probably don't have anybody qualified tbh. i read an internal fbi flyer once where they were recruiting agents to go into this field, only after eight years of general computer security and forensics study at quantico would they learn about tor, traffic analysis, etc.

it's not a healthy mentality to underestimate your enemy though, so let's assume that they can trace hidden services (after all researchers can, even somebody who barely knows what they're doing like me can, so why can't they?), so why do you assume that they haven't? ;)

Really? Fuck me that seems a little slow off the mark, that's 8 years of time wasted it sounds to me.

And man don't tell me shit like that, it just makes me feel like having a very nervous paranoid evening.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: spawn73 on August 08, 2012, 12:52 am
I really don't think there's a huge effort to take down the site. As the article says, we're $20 million in a $300 billion drug market. Why would they waste their time?

One very good reason is that Silk Road is public.

You can compare it to breaking the law while in full view of a policeman. Even if it is something completely minor like littering, the policeman will have to act if you do it in front of him.

People dealing drugs in shady backrooms away from the public eye is easy to ignore, a public forum that everyone can, and seemingly, as far as journalists go, are visiting is hard to ignore.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: InkIndulgence on August 08, 2012, 12:54 am
HAHA I found the "Remove Topic" button!!!!!

Can I use the "can't see the forest through the trees" excuse??
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Lumps on August 08, 2012, 01:06 am
They would waste their time because the customers are everyone. That is also the reason publicity is a double edged sword for them as SR would only gain a significant amount of customers. A Gawker article more than doubled profits according to another article. Imagine a mass USA story.

LE is working hard on getting in the SR and are ever evolving, you can bet on that.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: owenk on August 08, 2012, 02:48 am
I wouldn't underestimate the power of a properly cloaked system either, though, and I mean thinking outside of the box, not just TOR alone.  We can run faster scared than they can angry.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: NurseJackie on August 08, 2012, 07:22 am
They would waste their time because the customers are everyone. That is also the reason publicity is a double edged sword for them as SR would only gain a significant amount of customers. A Gawker article more than doubled profits according to another article. Imagine a mass USA story.

LE is working hard on getting in the SR and are ever evolving, you can bet on that.

^^^ LE much? Not to accuse you of being LE but a comment like this sounds very LEish! But if you're not i apologize. If you are stop wasting your time on otherwise honest, law abiding citizens such as myself. I contribute to society in many positive, legal methods including income taxes which are likely around the amount of a LEO's salary per year. Yes I have a good job and I like drugs. Leave me & indirectly my family, as well as my other honest brothers and sisters on the road ALONE!!! We've done no harm to anyone and we're just miding our own business, trying to feed our families while also trying to be free to take the drugs we want to help relieve stress!

Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Snoopish on August 08, 2012, 03:31 pm
They would waste their time because the customers are everyone. That is also the reason publicity is a double edged sword for them as SR would only gain a significant amount of customers. A Gawker article more than doubled profits according to another article. Imagine a mass USA story.

LE is working hard on getting in the SR and are ever evolving, you can bet on that.

^^^ LE much? Not to accuse you of being LE but a comment like this sounds very LEish! But if you're not i apologize. If you are stop wasting your time on otherwise honest, law abiding citizens such as myself. I contribute to society in many positive, legal methods including income taxes which are likely around the amount of a LEO's salary per year. Yes I have a good job and I like drugs. Leave me & indirectly my family, as well as my other honest brothers and sisters on the road ALONE!!! We've done no harm to anyone and we're just miding our own business, trying to feed our families while also trying to be free to take the drugs we want to help relieve stress!

I like your last sentence. It's pretty much my philosophy. Why the hell does LE want to waste time trying to shut down one of the only (relatively) safe black markets out there? It's not like the people on here are just gonna clean up their habits if SR ever went down, they'd go elsewhere that could possibly put themselves or others in the way of physical harm.

I think the "war on drugs" is bullshit because there is only a war because the government wants to control these substances. If they were openly available (as they are on here), then violent crimes will go down. The less the government tries to squeeze the drug market, the less likely criminal activity will get sprinkled into my recreational activities.

It makes sense to me anyway...
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: NurseJackie on August 08, 2012, 06:36 pm
in other news the "technologist" at cmu is a fucking retard (when it comes to tor at least)

you can trace a hidden service in around a month with $2,000 worth of servers easily, if i've gotten close to deanonymizing sr's hidden service, the fbi probably has too :)

Hi Shannan. Im very curious / concerned about your statement if true. When you say $2K of servers and "easily" i need a bit more details on that... do you mean $2K worth of hardware not including someone with the brains to do the work? or do u mean someone would do it for $2K? what kind of hardware are we talking about here anyways? $2k wont even get you a high end desktop let alone a powerful server (unless you're buying used and heavily discounted servers) and define "easily" please. If it was easy how would SR have been up for so long then? Why hasnt anyone brought down SR or deanonymized it if it was so easy? I might be wrong but wouldnt a group like Anonymous and Lulzsec try to deanon SR if it was that easy?  To say that the FBI doesnt have resources capable i think is underestimating their intelligence in an unsafe way. To assume they dont have some very qualified and skilled IT folks cannot be true. This is the FB-frickin-I we're talking about here. A never ending purse of money is as their disposal in the name of Justice. Do you not think that with a pocket as deep as they have that they couldnt afford to bring a small team of elite hackers onboard for less than a million dollars a year? that would be giving these people insane salaries which would be a huge incentive to de-anonymize SR properly and quickly. Even a million dollars for a few people is pocket change for the FBI if SR became big enough - i would say that the size SR is right now is enough to warrant them spending pocket change of a million to pay some of the smartest people. Unless you are strongly opposed to working for the government - ie an extreme hard care anarchist, who is also a computer genius and mastermind - then id say most IT folk would jump at the chance to work for the FBI and have that on their resume. And even the anarchists may suck it up to get on the inside of the FBI anyways.

Anywho im starting to ramble like Jackie is known to do. Im a chatty kathy im sorry! My last bit i have to say is Shannon have you managed to deanon SR? And when you say deanon, what specifically do you mean by that? Like getting the actual REAL external IP address of the SR server? Are you able to get info on the type of equipment its running on, the OS, other software versions, whether they are physical or virtual servers? intel or non intel? im so curious about this. im not asking u to reveal this publicly (although PM me if you care to share) but just the general info on what u can or almost can deanon.

BTW Shannon i want to clarify that Im not trying to be bitchy or catty. I re-read this and realized it could come across that way. Im intrigued and actually very curious about the claims you've made because if you actually know how to deanon SR or any hidden service for that matter then you are one hell of a gal (or guy) and I have major respect for you, especially since having the power to deanon but not actually doing it for the good of the community deserves +8.7 million karma. hehehehehe.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: ultramarket on August 08, 2012, 06:57 pm
in other news the "technologist" at cmu is a fucking retard (when it comes to tor at least)


Actually, this was good research -- the news media conveniently leave this out from the end of his paper:
Quote
Laissez-faire. Finally, a last possible intervention strategy is actually not to intervene. Politically, this is
a questionable proposition, as it may sound as an admission of weakness. There are however studies that
show that drug abuse prevention is considerably more cost-efficient than enforcing drug prohibition [9].
The relatively rapidly expanding business of online anonymous markets such as Silk Road and the logistic
difficulties in shutting down such markets may further tilt t he economic balance toward prevention and
cure. As a result, laissez-faire, however untenable it might currently appear from a policy standpoint, might
become even more attractive in light of budget constraints. Although there is no public statement about it,
this could be the strategy currently adopted by law enforcement, seeing that the marketplace has not met any
significant disruption to its operations, other than transi ent technical issues, in the past nine months, while
at the same time sales volumes have doubled.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: queryox on August 09, 2012, 01:56 am
Just a thought. I remember a while ago when Anonymous said they where doing an operation to bring down a load of Tor websites that where hosting child pornography, the SR website was down for a good few hiours and Anonymous came out with a statement didnt they basically saying sorry to the users of Silk Road for the interruptions but basically they where testing out if they could bring down the site. While the site itself was not taken down forever they where able to disable it for sometime, although that is completley different to finding the source of the website and its relavent owner right?

Does anyone remember this happening, it was a post on the forums after the downtime, or am I just completley tripping about a dream I had   :o
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: jameslink2 on August 09, 2012, 01:58 am
do you mean $2K worth of hardware not including someone with the brains to do the work?

yep although it doesn't require very many brains, the most popular way to deanonymize hidden services (http://www.nrl.navy.mil/chacs/pubs/05-1226-4245.pdf) is kind of a "set it and forget it" thing

Quote
what kind of hardware are we talking about here anyways? $2k wont even get you a high end desktop let alone a powerful server (unless you're buying used and heavily discounted servers)

no special hardware is required, just a few servers, you don't even need much bandwidth

After reading the paper you reference, all be it from a non-military site and through a proxy, I can say that it is wrong. This only works if the hidden service is on a system that is directly connected to the internet. It could be used to detect the last internet facing IP that routes to the hidden service. It would also make it hard on a site like SR because of the background traffic, spotting the patterns they are talking about require a lot of known items and precision.

So, Where it fails is if the hidden service is on a private network that is tunneled, VPN'ed, or nated to the internet. So, for example, if I get a full service VPS from one of the anon services in a country that protects ones privacy and then create a VPN between a private network and that VPS using a nat address, this attack could determine the internet facing address but not the actual location of the hidden service.

You could further confuse them by the fact that a single VPS could nat to 10's, 100's, or even 1000's of hidden services all with the same internet facing address but located all around the world.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: sourman on August 09, 2012, 02:11 am
Surely if you can get close the FBI with the amount of spends it has at it's disposal would have done it by now if they could?  :-\
they probably don't have anybody qualified tbh. i read an internal fbi flyer once where they were recruiting agents to go into this field, only after eight years of general computer security and forensics study at quantico would they learn about tor, traffic analysis, etc.

it's not a healthy mentality to underestimate your enemy though, so let's assume that they can trace hidden services (after all researchers can, even somebody who barely knows what they're doing like me can, so why can't they?), so why do you assume that they haven't? ;)

This.

Please don't underestimate your opponents. If the US feds wanted to take this place down, you wouldn't be reading this right now. Either they are biding their time while their plan comes together, or there hasn't been a major effort to target the site itself. The FBI/Secret Service/ICE/DHS absolutely has the talent to find a tor hidden service, let alone trace btc transactions. They have all the money in the world to hire experts and develop tools for such an effort. Locating the hidden service doesn't necessarily mean they'll catch the operators though. I think that's the impasse that they're stuck at ATM. Otherwise, why are all those supposed CP sites still open? I know they made a press release about it, but I wouldn't buy it. There is definitely something going on behind the scenes.

That said, there's a good chance that no one wants to bother with SR. John Q. Public isn't putting significant pressure on politicians to close this place. You'll hear a senator, congressman, or some other dumbass politician mention it once in a while, but that's about it. The usual constellation of dying children, scary news reports, and local news stories has yet to be seen. Without said pressure, there just may not be enough of a push for LE to do much other than bust low hanging fruit and pool their intel. This isn't exactly TFM where they were using western union and encryption provided by a 3rd party known for cooperating with investigators. It will still require a great deal of effort to find the server and then track the operators down, and they have to consider the possibility that a new Silk Road will just pop up in its place. Perhaps they are working on a way to catch lots of random buyers instead, that way the whole mail-order-drugs-over-the-internet-thing moves back underground. Who knows? Your best defense is to take this threat seriously and set up a good defense. Not only will you not be a tempting target, but should you fall under investigation, there's a good chance you can avoid a conviction anyway.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Christy Nugs on August 09, 2012, 02:43 am
Interesting thread - Thanks for making it that way Shannon
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: b0lixtrader on August 09, 2012, 10:45 am
Just a thought. I remember a while ago when Anonymous said they where doing an operation to bring down a load of Tor websites that where hosting child pornography, the SR website was down for a good few hiours and Anonymous came out with a statement didnt they basically saying sorry to the users of Silk Road for the interruptions but basically they where testing out if they could bring down the site. While the site itself was not taken down forever they where able to disable it for sometime, although that is completley different to finding the source of the website and its relavent owner right?

Does anyone remember this happening, it was a post on the forums after the downtime, or am I just completley tripping about a dream I had   :o
Shit yeah I remember it was down for a bit a long time ago relevant to the reason of what you said.  I was scurred.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: Snoopish on August 09, 2012, 02:44 pm
Shit yeah I remember it was down for a bit a long time ago relevant to the reason of what you said.  I was scurred.

I didn't realize anon attacked SR. Hopefully they don't decide to ever target us again. I don't want them taking away my precious. I'm haven't had a chance to enjoy myself yet!
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: sourman on August 09, 2012, 04:33 pm
Anonymous rarely "hacks" anything in the traditional sense. They basically "get in through the side channels" rather than attacking the systems head on trying to find undiscovered vulnerabilities. I can only recall one prominent example of mainstream Anon actually discovering one, and that would be Goatse Security's hacking (more like mining) of AT&T's iPad email database. Sorry, DDoS tools and social engineering aren't going to help bring down or trace a hidden service.

The CP hack was pulled off by convincing some pervert forum that torbutton needed an urgent update. They then linked their own compromised version of torbutton rather than the official one, unmasking anyone who installed it. I think they took down a few sites and a forum or two, but these were old sites that ran outdated, horribly insecure software. Let's hope SR has better security than that, haha.
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: InkIndulgence on August 09, 2012, 05:30 pm
It seems like someone is writing a new article about SR everyday now.  Just now I found one from a French news site, I tried translating it and got this (the translation is obviously not perfect, so if anyone speaks french I'm posting that version also):

http://www.20minutes.fr/web/983513-site-underground-silk-road-ventes-drogue-explosent

Quote
Silk Road et ses acteurs peuvent-ils échapper aux autorités encore longtemps? Suite aux articles de Gawker et de Wired, l'an dernier, des sénateurs américains se sont alarmés et penchés sur la question. Récemment, le DEA, l'agence américaines anti-drogue, a ouvert une enquête et cherche à identifier les administrateurs du site, qui, selon l'étude, auraient touché 1,9 million de dollars sur un an grâce aux commissions prélevées sur chaque transaction.
 
L'administrateur principal, connu sous le pseudo Dread Pirate Roberts, a fait profil bas ces derniers mois, relançant les rumeurs sur une possible arrestation. Mais fin juillet, il a annoncé le lancement d'une nouvelle formule du site. Sur le forum, certains rappellent toutefois que le pirate Sabu, d'Anonymous, faisait semblant d'être actif alors qu'il collaborait avec les autorités après s'être fait pincer.

What I could translate:
Quote
Can Silk Road and its actors escape from the authorities still long? Recently, the DEA, the Agency U.S. anti-drug, opened an investigation and seeks to identify the site administrators, which, according to the study, would have received $ 1.9 million over one year with commissions from each transaction.
 
The principal administrator, known the Dread Pirate Roberts pseudo made low profile these past months, boosting rumors about a possible arrest. But in late July, he announced the launch of a new formula of the site. On the forum, some recall however that pirate Sabu, Anonymous, was pretending to be active while he was collaborating with the authorities after pinching.

Its like people are just combing over the forums like mad trying to get any interesting tidbit to write about.

Do you all think that the publicity has increased that dramatically as of late? Or am I just now paying more attention to it and it's always been there...
Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: ultramarket on August 09, 2012, 05:57 pm
Actually, this was good research -- the news media conveniently leave this out from the end of his paper:
ok but what does this have to do with the security tor provides sr?

Quite a bit.  I think it's unfair to call this researcher a moron - especially as he has shared both the methodology and results of his research.  You should really do the same with your de-anonymization research if you want to be taken seriously.

As for the level of skills inside the FBI . . .   Going by the number of suits who troll DefCon, I would say that they have a large talent pool to draw from.  This does not mean we should over-estimate them however.

Title: Re: Another article on SR, basically says we ain't goin nowhere
Post by: awakened350 on August 09, 2012, 11:02 pm
yeah getting the real ip address is what i meant, i got close but got stymied by bad luck (admin probably noticed my shenanigans, picked new entry guards, and changed a config option that made this attack a little more difficult), if i'd started two or three days earlier i would have succeeded

once an adversary succeeds, they can just pwn the server and spy on addresses and such, or if they're law enforcement they can compel the server's owners, exchange point, or autonomous system to put the server under surveillance. then, they can deploy some tor entry nodes or bridges and start deanonymizing users.

Can you provide any insight into how users can prevent this from happening. If it truly is as simple as you make it out to be, we should all assume that it has already been done.