How not to be an anonymous drug dealer online



    • Set up a "hidden" website devoted to various illegal activities and substances, only accesable via Tor
    • Advertise your website on various Internet forums as "an anonymous Amazon.com", along with a Wordpress blog
    • Post to various other Internet forums . . . Bitcoins,  Magic Mushrooms, Stack Exchange
    • Do all this using an email address made up of your real name (firstnamelastname@gmail.com)
    • Add a list of favorite videos to your Google+ profile, with the videos coming from a website where you registered under your real name, then post about those videos on your website

     



  • @El_Heffe said:

  • Set up a "hidden" website devoted to various illegal activities and substances, only accesable via Tor
  • Advertise your website on various Internet forums as "an anonymous Amazon.com", along with a Wordpress blog
  • Post to various other Internet forums . . . Bitcoins,  Magic Mushrooms, Stack Exchange
  • Do all this using an email address made up of your real name (firstnamelastname@gmail.com)
  • Add a list of favorite videos to your Google+ profile, with the videos coming from a website where you registered under your real name, then post about those videos on your website
  •  

    6.  ???

    7.  Profit!

     



  • And Silk Road has only just been taken down after how many years operation? If the operator was as much of a doofus as that, what took them so long?

    Might be looking at this kind of thing.



  • As said in the article. You need to be disiplined like shit. A single wrong move (eg. not connectign anonmyously) and they have proof.

    Also mentioend in the comments is the fact, that soem stuff isn't atually meant for criminal activity at the start or not in such a huge extent and only later you realize your mistakes.

    You simply need to plan the whole thing from the start and have a separate PC that can only connect through a VPN and Tor and at the same time only use it on a public WiFi or a unregistered prepaid SIM if available in the country in question.

     



  • @flabdablet said:

    what took them so long?
    The prospects of finding much bigger fish. Remember that the users had to be extra cautious as well and iirc arrests linked to trade on SR have been made in the past. So the FBI was probably harvesting SR the entire time, but they couldn't stand the emberrassments of recent media coverage. It makes strategic sense imho.

     



  • As has been stated elsewhere[1], the Dread Pirate Roberts is a handle that is passed from previous owner to next owner. That is, the current owner is actually at least the second one in the chain of succession, and seeing this boneheaded mistake makes me suspect he may even be the third one. Maybe the previous DPR felt the feds were getting close and then offloaded the site to the current DPR a few months ago, knowing that he'd make an idiotic mistake and get caught.



  • @El_Heffe said:

    • Use a "hidden" website devoted to various illegal activities and substances, that was set up by the US anti-narcs to keep an eye on things
    • Pay for it using the NSA's terrorist-tracking 'secret currency'.
    FTFY. Selling on Silk Road is as dumb as bricks.



  • @Mo6eB said:

    the Dread Pirate Roberts is a handle that is passed from previous owner to next owner. That is, the current owner is actually at least the second one in the chain of succession, and seeing this boneheaded mistake makes me suspect he may even be the third one. Maybe the previous DPR felt the feds were getting close and then offloaded the site to the current DPR a few months ago, knowing that he'd make an idiotic mistake and get caught.
    According to all the reports I've read, this guy started Silk Road in 2011. There were no previous DPRs except in the movies.



  • @TDWTF123 said:

    @El_Heffe said:
    Use a "hidden" website devoted to various illegal activities and substances, that was set up by the US anti-narcs to keep an eye on things

    • Pay for it using the NSA's terrorist-tracking 'secret currency'.
    FTFY. Selling on Silk Road is as dumb as bricks.
    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.

     



  • @flabdablet said:

    And Silk Road has only just been taken down after how many years operation? If the operator was as much of a doofus as that, what took them so long?
    According the the articles I've read he started Silk Road in 2011, so it's only been two years and the FBI began investigating not too long after that. They tend to be patient and don't rush in to bust someone until they've got all the proof they need.

    New story today. The guy also tried to hire a hit man who turned out to be an FBI agent.



  • @El_Heffe said:

    According the the articles I've read he started Silk Road in 2011, so it's only been two years and the FBI began investigating not too long after that. They tend to be patient and don't rush in to bust someone until they've got all the proof they need.

    Indeed. Some analysis from a lawyer:
    @Ken @ Popehat said:

    How Long Has This Been Going On?

    For a while. The federal government's competitive advantage is the ability to use vast resources to conduct leisurely investigations. Except for reactive cases — say, where someone catches a bank robber in the act — it's very common for the feds to take many months or a few years to investigate a case.

    ...

    If I were a betting man, I'd bet it happened like this: New York* started investigating Silk Road in 2012, taking its time. Someone in the investigation figured out that Dread Pirate Robers was thinking about having the Maryland witness whacked and Maryland agents and prosecutors got involved. Maryland indicted first, asserting jurisdiction based on a scheme to murder one of its inhabitants. But New York made its charges public first and arrested first — possibly by agreement, possibly by gamesmanship.

    * U.S. Attorney's Office for the Southern District of New York

    Lots more at the link.



  • @boomzilla said:

    it's very common for the feds to take many months or a few years to investigate a case.
     

    You get faster results if you use scrum.



  • @koek said:

    The prospects of finding much bigger fish.
    I cast Summon Bigger Fish.



  •  @El_Heffe said:

    @TDWTF123 said:

    @El_Heffe said:
    Use a "hidden" website devoted to various illegal activities and substances, that was set up by the US anti-narcs to keep an eye on things

    • Pay for it using the NSA's terrorist-tracking 'secret currency'.
    FTFY. Selling on Silk Road is as dumb as bricks.

    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.

    I think selling on such a place makes sense if you are like a chemistry student selling some meth or whatever produced in your lab. it's perfect. You don't need to know anyone criminal, you don't need to exposue yourself physically as in someone knows how you look and as in someone could harm you. And for the buyer it's pretty much the same reasons and you also have a rating system so quality supossedly was way, way better than from the streets.

    Findining the site and having access to it is something completely different than knowing who opeates it and were the server is located. It was not the Tor network that failed! It was him being idiotic by promoting the site using forum accoutns with his real email adress containing his real name! It was simple old school detective work. If you are clever and disiplined enough, they can't catch you. He supposedly made 80 Mio in those 2 years. If he had been more clever in the beginning, he could have just sold the thing or shut it down himself and enjoy the rest of his life in wealth.

     

     



  • @El_Heffe said:

    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.

    Yeah. Just like when
    Microsoft paid $8.5 billion for Skype. They didn't know you can download it for free!



  • @El_Heffe said:

    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.
     

    Many people seem to have the same delusion about hidden volumes in TrueCrypt.  



  • @DCRoss said:

    @El_Heffe said:

    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.
     

    Many people seem to have the same delusion about hidden volumes in TrueCrypt.  

    Ok, I'll bite. What exactly do you think you know about TrueCrypt that nobody else does?



  • @beginner_ said:

     @El_Heffe said:

    @TDWTF123 said:

    @El_Heffe said:
    Use a "hidden" website devoted to various illegal activities and substances, that was set up by the US anti-narcs to keep an eye on things

    • Pay for it using the NSA's terrorist-tracking 'secret currency'.
    FTFY. Selling on Silk Road is as dumb as bricks.

    When I first read about Tor and "hidden" websites the very first thing I thought of was "If I can find these websites then so can anyone else -- including law enforcement". Apparently that never occured to a lot of people.

    I think selling on such a place makes sense if you are like a chemistry student selling some meth or whatever produced in your lab. it's perfect. You don't need to know anyone criminal, you don't need to exposue yourself physically as in someone knows how you look and as in someone could harm you. And for the buyer it's pretty much the same reasons and you also have a rating system so quality supossedly was way, way better than from the streets.

    SR was always much better protection for the seller than the buyer, because posting a package is something you can do anonymously, but receiving it requires you to give up your real-world address. I've read several news items about buyers getting busted in the past, but don't recall any about sellers getting caught.

    The biggest risk for sellers is cashing out their bitcoins. BC is only pseudonymous, not anonymous, and the fact that every transaction is recorded forever in the block chain enables a lot of opportunities to unmask them.

    @beginner_ said:

    Findining the site and having access to it is something completely different than knowing who opeates it and were the server is located. It was not the Tor network that failed! It was him being idiotic by promoting the site using forum accoutns with his real email adress containing his real name! It was simple old school detective work. If you are clever and disiplined enough, they can't catch you.

    Indeed, and yesterday's Snowden revelations make clear that TOR really does work, even against nation-state level adversaries such as NSA and GCHQ.

  • Discourse touched me in a no-no place

    @DaveK said:

    Ok, I'll bite. What exactly do you think you know about TrueCrypt that nobody else does?
    The main weaknesses? That it's entirely vulnerable to rubber hose cryptography, and that by the time they're trying to decrypt it, they already aren't going to buy into that plausible deniability stuff. Courts and law enforcement don't work like computers; massive overcomplexity in excuses just makes people highly suspicious on the grounds that nobody puts that much effort in without there being something actually worthwhile hiding. Even a partial capture of your high-security credentials (relatively easy to obtain through surveillance) is likely to lead to it being very difficult to demonstrate that you're not giving them the real data. File metadata (change times, etc.) would also be likely indicative of something fishy. Hiding stuff is hard.

    The other issue is the fact that just about everyone using it that way seems to be at the very least a total asshat. (Technically not a flaw per se, but even so…)


  • Winner of the 2016 Presidential Election

    @dkf said:

    @DaveK said:
    Ok, I'll bite. What exactly do you think you know about TrueCrypt that nobody else does?
    The main weaknesses? That it's entirely vulnerable to rubber hose cryptography, and that by the time they're trying to decrypt it, they already aren't going to buy into that plausible deniability stuff. Courts and law enforcement don't work like computers; massive overcomplexity in excuses just makes people highly suspicious on the grounds that nobody puts that much effort in without there being something actually worthwhile hiding. Even a partial capture of your high-security credentials (relatively easy to obtain through surveillance) is likely to lead to it being very difficult to demonstrate that you're not giving them the real data. File metadata (change times, etc.) would also be likely indicative of something fishy. Hiding stuff is hard.

    The other issue is the fact that just about everyone using it that way seems to be at the very least a total asshat. (Technically not a flaw per se, but even so…)


    Maybe if you encode your key into a deck of playing cards you can shuffle it when thr FBI breaks down your door.



  • @dkf said:

    The other issue is the fact that just about everyone using it that way seems to be at the very least a total asshat.
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.


  • Discourse touched me in a no-no place

    @PJH said:

    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).



  • @dkf said:

    @PJH said:
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).

    cough



  • @Ben L. said:

    @dkf said:
    @PJH said:
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).

    cough

    With a hefty price of $64. And it even has a sequel.

    If I wanted a paperback book full of random crap, I'd buy some postmodernist poetry. It's cheaper.



  • @dkf said:

    @PJH said:
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).
    And of course, your use case is the only possible one in existence...



  • @Maciejasjmj said:

    @Ben L. said:
    @dkf said:
    @PJH said:
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).

    cough

    With a hefty price of $64. And it even has a sequel.

    If I wanted a paperback book full of random crap, I'd buy some postmodernist poetry. It's cheaper.

    It only costs 99 cents on kindle... How much cheaper can a book get?


  • Discourse touched me in a no-no place

    @PJH said:

    And of course, your use case is the only possible one in existence...
    Of course not, but why would you want to store private data in some random Amazon cloud server in the US?



  • @Ben L. said:

    @Maciejasjmj said:
    @Ben L. said:
    @dkf said:
    @PJH said:
    I only use it for stuff I want to store on Dropbox without having Dropbox being able to rummage through it.
    I only use Dropbox for things I want to share with someone else. It's a very convenient way to put a file online where you can let someone else have access. But in that case encrypting the data defeats the purpose (unless you like sharing effectively-random binary blobs).

    cough

    With a hefty price of $64. And it even has a sequel.

    If I wanted a paperback book full of random crap, I'd buy some postmodernist poetry. It's cheaper.

    It only costs 99 cents on kindle... How much cheaper can a book get?


    But then I can't smugly display it on my bookshelf, next to my copy of Not A Wake.



  •  I'm wondering if the Silk Road arrest + Somalia/Kenya raids is the US demostrating that the 'shutdown' dosn't make them weak/vulnerable.

     Or, they were afraid of losing the targets they were tracking during an extended shutdown; so 'closed the workitem' by taking action.



  • @Ben L. said:

    cough

    <font color= "#CC6600">Customers Who Viewed This Item Also Viewed </font>

    Officially Licensed Star Wars Luke Skywalker Cermonial Jacket with Medal of Yavin (L)

    Surprisingly not XXL



  • @RTapeLoadingError said:

    @Ben L. said:
    cough

    <font color="#CC6600">Customers Who Viewed This Item Also Viewed </font>

    Officially Licensed Star Wars Luke Skywalker Cermonial Jacket with Medal of Yavin (L)

    Surprisingly not XXL

    The XXL jacket was discontinued because the fat guy died during the attack.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.