Hacker News new | past | comments | ask | show | jobs | submit login
Phishing Darknet Users for Bitcoins (shufflingbytes.com)
102 points by campuscodi on June 6, 2023 | hide | past | favorite | 60 comments



Full title: Ripping Off Professional Criminals by Fermenting Onions - Phishing Darknet Users for Bitcoins

Had the second half been used as the truncated title, I would have saved myself the click: I was hoping for something related to onion futures or some such.


Onion futures are banned in the US: https://en.wikipedia.org/wiki/Onion_Futures_Act


> Onion futures are banned in the US: https://en.wikipedia.org/wiki/Onion_Futures_Act

So that only criminals have onion futures. And we all know that to stop a bad guy with onion futures you need a good guy with onion futures.


Ok, let's use the second half in the title above. Thanks!


Absolutely also the writing is very tedious.


I wouldn't be shocked if the text was created in a similar manner to the images.


What's this got to do with the price of onions? Unfortunately, nothing.


I thought it was about making really disgusting moonshine.


Me, too. I thought "Strawberry wine: fine. Blueberry wine: fine. Onion wine: no thanks."


I would try it. I would imagine it could be interesting for cooking if nothing else


Perhaps if you caramelize (for real, not just saute) the onions first?


The big problem I have with this, is that: are drug dealers and organized money launderers professional criminals? who are taking advantage of people, and spreading suffering? Yes, they are.

But lots of regular ol' struggling drug addicts use these services, to get generally much safer drugs than on the streets, under much safer circumstances.

Sure, everyone who uses these types of markets and services is (usually) committing a crime, but I think its a bit much to call everyone you'd wind up taking advantage of here a "professional criminal". And that thinking just sorta feeds the stigma and condemnation of drug addicts who are struggling and just want to be safe, and are already taken advantage of by society enough.

I don't think you can say this is 100% morally sound. Unless you're super mindful and careful about it, you'll have collateral damage of people who aren't bad people, even if they are doing illegal things.


This exact thought is talked about in the article.


As others have pointed out:

Good thing: criminals don't go to the law when you rip them off.

Another good thing: You don't suffer any moral qualms about stealing their money.

Not so good: they kill you instead


from an infosec perspective, im surprised no ones brought up how stupid dangerous this is.

crypto mixers and ransomware groups frequently have ties to organized crime, so the list of people you are "ripping off" could include formidably dangerous groups like the black axe mafia. If you really are ripping off "professional" criminals, you clearly havent considered their moral turpitude or your own personal safety.


Doing it on Tor is probably fine. Writing a blog about it with your name, however, is unwise.


Wouldn't be surprised if someone else rips off some criminals and they get angry at this guy just because the way it is done is similar.


He's not breaking any news here. This has been a well known and widely deployed attack for years, to the point that darknet markets impose multiple anti-phishing mitigations (as best they can, at least, e.g. signing a PGP message with the URL and then posting that PGP key on the landing page, and trying various JS tricks for reverse proxy detection to warn user they might be on the wrong site).


I thought crypto mixers were run by the Feds?


You probably don't want to be bragging about stealing money from the feds too much either


The captcha anti-phishing scheme the darknet site bohemia came up with is really smart!


it's simple to test: send a little. if it's legit it will work. who is gonna send entire stash in one tx to a site?


Or it works for small amounts and then selectively fails for large amounts sent from wallets that already sent small amounts.


The main reason why not to rip off professional criminals is you’re likely to be shot.


PSA: Stealing is illegal.


You're correct and the other responses you've got miss the mark. While stealing for thieves might be morally or ethically defensible (in some moral or ethical frameworks), it IS still illegal. You can go to prison for it. Your PSA is warranted.

For your comment to be not just downvoted but also flagged for saying something true is a farce.


PSA: Many criminals enforce 'don't steal from us' in with punishments that are more brutal and with a lower procedural protections than the state does.


Is someone depositing and withdrawing from a darknet market without transacting a criminal? Internationally?

Are all buyers of substances the U.S. controls inherently “professional criminals”?

Does the belief that someone is a criminal justify taking their money?

(I trace cryptocurrency professionally, depositing is key to identifying clusters and it sure is nice to get the money back)


Yes. Whitehatting is ethically fine if you actually know they are scammers.


“Whitehatting” : new and fine as long as you know

“Vigilantism” : well-established net negative for any land of law


If you are scamming people, even if those people are scammers, you're no white hat. You're just another scammer.


This is of course an obvious side effect of having to protect one's criminal resources from as large a potential criminal threat as the state does without the state's resources.


Is it an obvious side effect of limited resources? I thought it was an obvious side effect of the lack of any need or desire to maintain fairness.


As a general rule the problems of misbehavior among criminals are not actions that in the courts would be seen as criminal matters but rather things that would be seen as civil.

Despite what one sees in the movies the general problem one has is not some guys running up with masks on ripping you off of the money you made selling drugs, but rather the people you have fronted drugs to not giving you the money they owe you or the people you are buying drugs from ripping you off (using drugs because it is the most generally distributed type of organized crime but similar situations apply to other forms of organized crime)

The problem then is that you have people who have taken from you, there is no system to force them to pay, you must assume the state's monopoly of violence to get what is owed or decide to write it off. If you write off too great of losses you cannot stay in business, if you write off losses too frequently you cannot stay in business, and in writing off losses you may give other people the idea that they can steal from you as well.

Thus as you get to a certain level of organized crime you have to punish the people who do not fulfill the contracts they have undertaken with you.

This is sometimes also described as the actual origins of the mob, because they were the guys who could enforce contracts among the various criminal factions (by using violence)


Only if they catch you.


I would love to see your stance substantiated by an accepted (preferable Western) law or moral code.


PSA: Applying a consistent moral code when others refuse to do the same leaves you at a competitive disadvantage. It's better to play by the rules of whomever you are playing with. A thief likes to play the theft game. Murders like to play the murder game. Normal people play the polite society game. Play the game that is currently being played, not the game you think everyone should be playing.


> PSA: Applying a consistent moral code when others refuse to do the same leaves you at a competitive disadvantage. It's better to play by the rules of whomever you are playing with. A thief likes to play the theft game. Murders like to play the murder game. Normal people play the polite society game. Play the game that is currently being played, not the game you think everyone should be playing.

I've no idea why parent was voted down[1]; presumably a large number of people both object to "do unto others as they do unto you" AND are too shy to reply.

[1] Honestly, in the last few days the voting of comments seem completely out of tune with how comments normally get voted. I'm seeing immediate downvotes of comments, which, over time, sometimes normalise. It's very odd.


The Golden Rule is that you should do unto others as you would have them do unto you. Not as they do do unto you.

Applying a consistent moral code even when it puts you at a competitive disadvantage is what makes it a moral code in the first place. If you only stick to your morals when it's advantageous to do so then they're not your morals at all!


> The Golden Rule is that you should do unto others as you would have them do unto you.

Also, Jesuit parochial school told us an improved version: Do unto others as they would have you do unto them.

It would seem to preempt a lot of imperialism.


Back when we had high trust societies[0] that worked out ok, but that's just not the world we live in anymore. I have respect for people who hold themselves to a moral code and play by those same rules in dealing with them, but I don't have a lot of pity when they scream "life's not fair" when they try to play hockey against people who are playing baseball.

[0]https://en.m.wikipedia.org/wiki/High_trust_and_low_trust_soc...


New accounts can't downvote, so I'm suspicious of the idea that something weird is going on with downvoting. It's more likely the result of natural growth in the userbase.


I'm not a new account and I _still_ can't downvote in some situations. I haven't cared enough to figure out why, but it happens.


I’ve noticed this happen at times too. I don’t think it’s strictly a recent phenomenon.


I mostly use my upvotes to correct others' downvotes.


Amazing. In one fell swoop, you argued that it's OK to murder and steal.

Needless to say, I could not disagree with your stance more strenuously.


> It's better to play by the rules of whomever you are playing with.

This depends significantly on how you define "better." If I become a thief by stealing from thieves, I would not consider that to be a net positive outcome for me.


Theft is the taking of property without consent. I argue that engaging in theft gives implicit consent to be stolen from, after all if you felt theft is bad you wouldn't of engaged in it. Therefore stealing from a thief isn't really stealing.

Same goes for violence, if you had a problem with violence you wouldn't have engaged in violence, now that you have, let's be violent together.


That’s not what he’s saying.

In a world of thieves, if you steal from a thief there it is a net-positive outcome for you. Because in that world everyone steals so that creates a baseline. If you don’t steal, then it’s a net negative for you relative to that world.


It still depends on how you define the outcomes. In a world of thieves, I still would not define becoming a thief as a net positive. If you're talking solely in terms of material wealth, then sure.


In the world of thieves, stealing isn’t a negative or even positive action, it’s just the way of life. Therefore, getting what you want by stealing leads to positive outcomes for you.


> PSA: Applying a consistent moral code when others refuse to do the same leaves you at a competitive disadvantage. It's better to play by the rules of whomever you are playing with. A thief likes to play the theft game. Murders like to play the murder game. Normal people play the polite society game. Play the game that is currently being played, not the game you think everyone should be playing.

Problem is that your perception of what kind of game is played might be wrong. And you treat people that don't deserve* more harshly or people that deserve* more lenient.

*deserve your intended outcome


If someone is buying weed on a darknet site, would you feel morally justified in stealing from them?


It they aren't stealing from someone then that's not the same game.

A guy selling credit card numbers, given the opportunity he'd have nothing left.


> If someone is buying weed on a darknet site, would you feel morally justified in stealing from them?

No, but I'd guess that GP feels morally justified in buying weed from him or selling weed to him.

If the weed-buyer isn't playing the theft game, why do you believe that the GP would play the theft game?


This is an article about darknet markets, and when I hear "darknet markets" I think of drugs. The impression I get from Bruce Schneier's blog is that other shady stuff like stealing credit cards or murder-for-hire sites (which are all fake) mostly happens on the clearnet. So it was odd to see someone make the casual jump from darknet markets to theft/murder.


I was thinking of sites that deal exclusively in carding, scams, fencing stolen goods, etc.

If your actions have blowback on morally innocent people (ie. Technically a law was broken but it was a crime without a direct victim), inadvertently or not, you are not acting morally.


s/PSA/Tl;dr/ (the fine article covers this, at the end)


As usual, if I’m reading about it like this it’s too late to try.

This is fun to think about though, it’s like being Omar from “The Wire”. As the author points out, different targets have differing moral valence.


People have run phishing schemes against Darknet targets almost as soon as the concept existed. It's both "too late" (in the sense that it's no longer novel and everyone expects it) and, apparently, not too late (in the sense that attackers keep thinking it will be worth their time).




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: