
Drug Market ‘Agora’ Replaces the Silk Road as King of the Dark Net - e15ctr0n
http://www.wired.com/2014/09/agora-bigger-than-silk-road/
======
GrinningFool
I noticed that in the weeks and months before Silk Road went down, we had some
interesting things happen:

    
    
        1. several articles like this one 
        2. statements from the FBI that it was untraceable 
        3. the implication in tech media that it was 'safe' to use, with usual caveat emptor verbiage. 
    

I know we have a sample size of one here, and there's no guarantee that steps
2 and 3 above will follow - but to me, it seems that mainstream coverage of
anything like this is a sure signal to bail out.

~~~
gabriel34
If this is a US operation, don't the US law prohibits entrapment? Also,
doesn't it seem more likely a surge in public interest is what originated the
operation, instead of the other way around?

~~~
bravura
That's not entrapment.

An undercover cop can ask you to commit a crime without entrapping you. It's
only entrapment if the police induce you to commit a crime that you wouldn't
commit otherwise. Hence, them offering you the opportunity to commit a crime
is permitted by law.

See this illustrated guide to understand better:

[http://thecriminallawyer.tumblr.com/post/19810672629/12-i-wa...](http://thecriminallawyer.tumblr.com/post/19810672629/12-i-was-
entrapped)

~~~
derefr
What I learned from that: the easiest way to detect undercover cops is to ask
them to--or really, _entrap them into_ \--committing an unrelated crime, e.g.
hurting someone.

Imagine "rewarding" the new member of your drug ring by giving them a hired
escort who has been paid to _resist_ all acts upon them, and then locking the
new member and the escort in a room together with some extremely brutal S&M
"toys." You'll get lots of false positives--people who don't actually get
their jollies from harming others--but it's the false negatives that are
important here, so maybe populating your organization with sociopaths is a low
price to pay.

On the other hand: is the boss committing a crime just by setting up this
"reward?" They wouldn't mention anything about having to harm the escort, it'd
just be implicit in the setup that if you're that type of person, the
situation is easy to take advantage of.

~~~
rdtsc
Probably not uncommon for initiation / testing purposes to ask members of evil
organization to break the law in some way. Such that they become black-
mailable easily.

A large organization would presumably benefit from having hidden away proof of
each of its members breaking the law, such that if time comes and that member
gets out of line, that can be used against them.

So perhaps an undercover cop would be asked to assassinate someone, or take
use illegal drugs and get recorded in the process.

Prosecutors usually break this blackmail ring by offering immunity to one
person if they present evidence against others.

------
olefoo
One thing I'm mildly surprised hasn't shown up more in these types of markets
is "pirated" or outright stolen clinical pharmaceuticals. Drugs like Humira or
Etanercept are expensive and need to be taken for years ( usually for the rest
of your life if you really need them ) and are heavily advertised.

Selling Humira at $200 USD / dose would be profitable if you were using stock
diverted from Abbott Labs, and selling a similar product using a black market
supply-chain would still be effective; even if the trust in the product would
be less than most sensible people would accept.

Of course it would get not just the regular regulators on your tail, but the
full panoply of intellectual property and medical enforcement.

From a customers point of view it's pretty easy to justify paying a tenth of
the "list price" for a drug that keeps you alive and functional; so the demand
is there.

~~~
randallsquared
Essentially everyone who needs those gets them through insurance, medicaid, or
some such. They are therefore quite price-insensitive (which is it's own
problem, of course).

~~~
olefoo
Empirical evidence says that is not the case; and that most people who need
them have to fight their insurance company for them on a semi-regular basis.
If only that class of drugs were available at a competitive price so that
individual consumers had a way to route around the damage that is our
healthcare system.

~~~
randallsquared
Spending 10-15 hours on the phone two weeks a year to get the insurance
company to pay 3K/month of medicine is cheaper for most people than spending
300/month themselves. Even if, as in this example with numbers pulled from
nowhere, it's 1/10th the cost in monetary terms, the risk is not worth the
savings for a drug that is actually necessary, rather than recreational or
mere enhancement.

A flatmate of mine has an immune deficiency disease which requires a drug
every week which costs more than 3K/month, which is covered by her healthcare.
If she doesn't get it, within a few months she'll be in the hospital with
serious infections. She has to fight with the healthcare folks two or three
times a year to remind them that this is actually a life-or-death matter for
her, and then they grumble and continue paying. It in no way makes sense for
her to start paying money out of pocket for questionable drugs from a source
that might cease to exist in a month or two. If nothing else, assuming she
needed to get it through "legitimate" channels again, they would use the time
when she officially wasn't getting it as evidence that she doesn't need it.

The risk around quality and continuing availability mean that there's no good
way to use a shadowy market for anything which is actually required for life,
if it's even semi-rare.

------
api
Who else has wondered whether SIGINT types might allow things like this to run
in order to bolster the perception that Tor is not traceable?

In WWII they allowed the enemy to sink whole ships to accomplish same.

~~~
Jayschwa
> In WWII they allowed the enemy to sink whole ships to accomplish same.

Whoa, that's interesting if true. Do you have any links you can share about
this?

~~~
andrewchambers
Imagine you stole the enemy encryption codes, and are listening and waiting
for intel on an upcoming invasion that can save your whole country. Instead
you hear chatter about how they are going to bomb a single ship.

Do you save the ship and let the enemy know you have access to the encryption
codes? Or do you let the ship be destroyed and keep listening for the more
important info?

This decision is pretty black and white too. Imagine if your mother was on the
ship. Or it was half your navy.

Some of the decisions world leaders need to make are horrible.

------
MichaelGG
I thought the Tor project sort of agreed that Hidden Services could be
discovered by a not-that-awesome adversary. Doesn't that vastly increase the
risk of being found? After all, with The Silk Road, part of the evidence was
that they had imaged the VM -- but they didn't say how they found that VM in
the first place.

~~~
jamoes
Yeah, Tor as a whole, and Hidden Services specifically are very vulnerable to
traffic analysis attacks.

I'd love to see a project with a real focus on anonymous publishing of
content. Tor's original goal was anonymous retrieval of content, with
anonymous publishing just added on as a secondary goal.

In order to make anonymous publishing robust against traffic analysis, it may
be necessary to sacrifice the "real-time" goal that Tor has.

~~~
api
IMHO you'd have to distribute the data and the computation so that there is no
single point to find.

~~~
contingencies
Agreed. Some ideas for the resistance of traffic analysis in the provision of
Tor hidden services: layered architecture with aggressive caching at edge
nodes, non-deterministic latency or update fetch algorithm (eg. random)
between nodes, use of push rather than pull (edgier nodes have no knowledge of
the location of content-publishing parent, only its key to auth inbound
updates as they are supplied from unique addresses periodically) where
feasible.

------
big_youth
I dislike Agora. The site is rarely up and when I do manage to login most of
my requests time out.

What I'm interested in is how much money the major sites are making. The much
smaller Cannabis Road was recently hacked and robbed of $130k in bitcoin from
various escrow and user wallets. I can only imagine what the major players are
making.

------
jedanbik
Am I reading an advertisement?

