Delivery-Date: Mon, 10 Nov 2014 02:42:44 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EF13E1E0044;
	Mon, 10 Nov 2014 02:42:39 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4B7433138C;
	Mon, 10 Nov 2014 07:42:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 12B3B3136F
 for <tor-talk@lists.torproject.org>; Mon, 10 Nov 2014 07:42:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZThh_PDrIR-Q for <tor-talk@lists.torproject.org>;
 Mon, 10 Nov 2014 07:42:30 +0000 (UTC)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com
 [IPv6:2a00:1450:4010:c04::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A4D4A312CF
 for <tor-talk@lists.torproject.org>; Mon, 10 Nov 2014 07:42:30 +0000 (UTC)
Received: by mail-lb0-f170.google.com with SMTP id p9so2166881lbv.1
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 23:42:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=CuZmyCktZeoHILOr7cxX9sSnAP/T0oI6pWqbz1+9+KU=;
 b=Y+puYdTC/EIOGd7Q4pdex327yczwGxe06Qp0JqO6R2mI2KsVhIfI/pjm+p4FRmQfZt
 uJROoJ1TRvMlYcLhN4axFIdZnilnsBJXdrFy6LXoLOIUmiLIQ7viHwNgi24CkIqNWbde
 IqGQ82laxyFL5FWc3QI6GiALUdA+NcPqMJNC3vf7/5itml2d23+xBH06DBPIwITh+otR
 +Ukiyp6BWyeAdj3qX+y+FjO/BtFdsqsP3kICC+KzDTHCoEX8UDFe5gacCW0cDmze/z+p
 16MUP9+bb6utsLoCYoK8qmvialN/ygVWc1rTK/VSVkMKIrsOC8wycfVp9vo7WjRyJaz4
 PxZA==
MIME-Version: 1.0
X-Received: by 10.152.26.226 with SMTP id o2mr28074490lag.50.1415605347275;
 Sun, 09 Nov 2014 23:42:27 -0800 (PST)
Received: by 10.112.199.9 with HTTP; Sun, 9 Nov 2014 23:42:27 -0800 (PST)
In-Reply-To: <545d0b75.847fe00a.02a1.ffffbbec@mx.google.com>
References: <N1B-_PspDNLugc@Safe-mail.net>
 <545c3e80.2b5d8c0a.37d9.ffffea48@mx.google.com>
 <CAPkfgVYdFE-KHHMjeHn6Nsd_Uj5-Ne3xxqFkkSiAsQgCqz1MJg@mail.gmail.com>
 <545d0b75.847fe00a.02a1.ffffbbec@mx.google.com>
Date: Mon, 10 Nov 2014 09:42:27 +0200
Message-ID: <CAPkfgVaNocyq0u6OX3q7x7PwUXxz4H-AT_irUXXYqWu-neZ0HQ@mail.gmail.com>
From: Jon Tullett <jon.tullett@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Operation Onymous against hidden services,
 most DarkNet markets are down
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 7 November 2014 20:13, Juan <juan.g71@gmail.com> wrote:
> On Fri, 7 Nov 2014 13:04:38 +0200
> Jon Tullett <jon.tullett@gmail.com> wrote:
>
>> On 7 November 2014 05:39, Juan <juan.g71@gmail.com> wrote:
>> >         So why would people be tracked in the first place? Are
>> >         you saying that the US government nazis track all of US
>> >         subjects all the time, and that's how they find people who
>> > run 'hidden' services?
>>
>> Well, I wouldn't want to rule anything out :) But in this case, we're
>> talking about hidden services which proxied for drug dealers. Whatever
>> your personal feelings about it, the war on drugs is a given. So the
>> reality is that there are enormous intelligence and law enforcement
>> operations targeting people in the drug trade. If one of them starts
>> to operate (or do business with) a hidden service, is it so unlikely
>> that that service could get caught up in the investigation?
>
>
>         That is possible, but I'm not sure I'm fully following. Suppose
>         that some "off line" dealer has his phone tapped, and then he
>         starts selling through a market like silk road. What of it? Why
>         would that lead in any way to finding out who the hidden
>         service's owner/admin is?  The hidden service's owner isn't
>         going to talk on the phone with the dealers who use his site.
>         That is not his 'business model'.

That's an assumption, and it may be incorrect. It is alleged that some
HS operations were infiltrated early on - that sort of foolish trust
is just the sort of basic mistake law enforcement thrives on. And
infiltrating target organisations is something the LEO agencies do for
a living, after all.


>         In the case of silk road 2 apparently the owner was a 26 year
>         old who even worked for SpaceX for a while. Not exactly a
>         memeber of the italian mafia, I'd say. So why would this
>         person's communications be monitored? Some genius government
>         employee said : let's tap some random guys' phones out of 300
>         millions and see if we find silk road's owner?

Or some agent gets lucky and is appointed a moderator on a darknet
marketplace forum, proceeds to socially engineer his way from there.
Hey trusted moderator friend, can you recommend software to do X? Why,
sure I can, download Y from Z.


>> If anything, I'd have thought that the coordinated takedowns lend
>> credibility to that argument - it's not like dealers would only do
>> business through a single marketplace at a time. Compromise or turn a
>> big dealer or two, and you'd probably be able to target a whole lot of
>> marketplaces at once.
>
>
>         Like I said, I'm not seeing the connection between dealers and
>         hidden services admins.

It's not just about dealers. It's about the entire ecosystem. The drug
economy is just that: an economy. Dealers are just retailers - there's
an entire supply chain and supporting players extending back from that
point (though online commerce certainly flattens the structure a lot!)
Every part of that ecosystem is fair game for investigators, and any
compromise can be leveraged along the chain. For a retail analogy,
think Target, which was compromised via an HVAC contractor who
probably thought they weren't a target (heh) at all.

Again, I'm not suggesting this theory is correct, just that it's an
option. At this stage, there's a ton of speculation and I'm cautioning
against jumping to conclusions.

That said, if you're running a hidden service, you absolutely should
assume the worst and tighten your security practices, not just after
an incident like this but on a regular basis. Risk management is a
thing.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

