Hacker News new | past | comments | ask | show | jobs | submit login
Operator of Silk Road 2.0 Website Charged in Manhattan Federal Court (fbi.gov)
289 points by pc on Nov 6, 2014 | hide | past | web | favorite | 251 comments

They located Silk Road 2.0's server in an unspecified way, not directly related to their undercover agent on the support staff. Given that two other darknet markets (Black Market and Cloud9) have been shut down today, and they didn't specify how they located the SR2 server, it seems plausible that law enforcement have a vulnerability to locate servers over the Tor network.

From the complaint:

"In or about May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it. Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 websites went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website."[1]

Then, as a result of extremely poor OpSec (Benthall accessed the server directly, used his real email for registering the server), they got his IP's and, well, you know where it goes from there.

1. https://pdf.yt/d/RpyX9_xmapTkhmkb (Complaint)

In this case it appears that they have an insider, however, given the ability to analyze internet traffic, and given the ability to DDOS a hidden service which apparently happens quite frequently when new sites appear, with sufficient network analysis it should be possible to determine the end point of the hidden service.

Understanding of Tor

  1. Hidden services can only exist on one node.
  2. That node has a single IP or few IP addresses.
How to locate a hidden service given understanding of Tor.

  1. Send pulses of traffic to the hidden service (DDOS)
  2. Comb through internet traffic logs to identify which IPs saw traffic pulses.
  3. Reduce to a few statistically probable nodes matching the pulsed traffic pattern
  4. Pulse hidden service again to see if it matches the probable nodes.

Since the bigger markets (Evo and Agora) aren't down (as of yet) I think it's probably not a general vulnerability that works for every site. If it did I would assume they would go after the biggest markets too, not the smaller ones who were already mostly dead.

They could have located the servers, but not the administrators because they don't do stupid stuff like connect to their servers directly. Perhaps they're just waiting for the admins to make a mistake. Taking down the servers without arresting anyone just isn't the same.

The servers may also be located somewhere that is less friendly and will not image the server for them?

I would argue that makes them more friendly. You would think someone who works for SpaceX would have better sense than to administer is darknet server using his real email address though...

They could even be on the server—knowing where it is doesn't help prosecute those who run it.

> it seems plausible that law enforcement have a vulnerability to locate servers over the Tor network.

They've bugged nearly all of the entrance and exit nodes. This allows them to do trivial traffic analysis. Parallel construction hides the method from the courts which would be reluctant to rule against anyway.

Or they were just in on it from day 1: https://news.ycombinator.com/item?id=8568765

The failures of modern crypto (and historical) are almost always usage bugs, not the technology itself.

This may be true but it doesn't seem necessary if you believe this:

During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website.

Let's see if they take down any more markets, and if all of them have "undercover agents". If not, then it should be clear that wasn't the main method of catching them, but just one to flaunt in front of the press for doing things "old school", and not NSA-style (or with NSA's help).

Also given the recent decision in the Ulbricht case that their method of obtaining the server location and contents was not enough to throw out the case may have given them confidence to use the same tactic again. Now they know the law does not apply to them they almost have free reign to bust these markets with whatever resources they have at their disposal.

yea, but, there is this tid-bit:

"During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website."

I realize it's vague but seems conceivable this level of access would allow you to connect the dots. No?

But how could they know what support staff to infiltrate if they hadn't identified the server? The first step was locating the server. The second step was identifying the individuals and getting evidence against them. The undercover operation couldn't happen (except by accident) until step 2.

It seems you read this as support staff for the underlying webhost. However I get the impression the undercover agent had a role akin to an admin or moderator on other user content generated sites.

If that was the case, they didn't need to know where the server is hosted. And the "private" parts of the back end very likely opened up methods of code execution on the underlying host (eg. editing php templates, etc.)

Interesting read, some highlights from the complaint:

"40. Based on a review of records provided by the service provider for the Silk Road 2.0 Server (the “Provider”), I have discovered that the server was controlled and maintained during the relevant time by an individual using the email account “blake@benthall.net” (“Benthall Email Account-1")."

"b. I have also reviewed a publicly available profile of “Blake Benthall” on Twitter, another social networking website, which includes a photograph of BENTHALL as the user of the account, depicting the same individual associated with the GitHub account, discussed above. I have reviewed a post on that Twitter profile, dated on or about November 6, 2013, the date when Silk Road 2.0 was publicly launched, stating: “All this talk about the #SilkRoad being back up makes me want to watch ThePrincessBride.”"

"a. I have reviewed records provided by a U S.-based Bitcoin exchanger (“Exchanger-1"), for an account registered under the name “Blake Benthall” and linked to Benthall Email Account-1 (“Bitcoin Account-1”). According to transaction records for Bitcoin Account-1, BENTHALL engaged in his first Bitcoin transaction with Exchanger-1 on or about November 7, 2013, the day after Silk Road 2.0 was publicly launched. The transactional records reflect that, since that date, BENTHALL has received a total of approximately 575.58 Bitcoins into the account through on or about October 28, 2014, and that BENTHALL has exchanged approximately 543.63 of those Bitcoins for United States currency, totaling $273,626.60"

"c. I have reviewed emails from Benthall Email Account-1 reflecting that BENTHALL purchased a luxury vehicle with Bitcoins in late January 2014 - approximately one month after Defcon assumed control of Silk Road 2.0. Specifically, email correspondence indicates that, in or about late January 2014, BENTHALL made a down payment of approximately $70,000 in Bitcoins towards the purchase of a Tesla Model S, worth approximately $127,000 in United States currency."

"b. Records provided by Exchanger-1 regarding Bitcoin Account-1 indicate that on the same date, BENTHALL logged into Bitcoin Account-1, using the identical combination of software: Google Chrome web browser version 35.0-1910.3 and the Apple OS X operating system, version 10.9.0.

"c. According to publicly available information, on or about April 6, 2014, Google Chrome version 35 O.1910.3 was a beta version of the browser,L2 and Apple OS X version 10.9.0 was outdated.B Thus, based on my training and experience, this particular combination of software versions would not have been common among Internet users at the time. The information available to the HSI-UC indicates that Defcon was not using Tor to access the customer support interface at the time, which would have caused Defcon’s browser and operating system to appear differently."

> I have discovered that the server was controlled and maintained during the relevant time by an individual using the email account “blake@benthall.net”

That's pretty f*ing retarded of him.

No, I mean, what an idiot of epic proportions.

Or he is just a fall guy.

This is such a huge WTF to me. I mean, I can rent a server with Bitcoins completely anonymously right this moment from many providers.

But is the host reliable? Will the server be of decent quality? Does customer support exist?

If it isn't reliable, there's plenty of competition.

I've been renting dirt-cheap VPSs recently and had zero problems with them.

> I have reviewed a post on that Twitter profile, dated on or about November 6, 2013, the date when Silk Road 2.0 was publicly launched, stating: “All this talk about the #SilkRoad being back up makes me want to watch ThePrincessBride.”"

It's interesting because this is a retweet yet it's still mentioned as a "post on [his] Twitter profile". I guess that's true, but shouldn't it be mentioned as a retweet in official court documents?

>> made a down payment of approximately $70,000 in Bitcoins towards the purchase of a Tesla Model S

Way to lay low.

This is a lot of major crimes investigations: if you want to participate in an organized criminal effort (which is what SR2.0 is), you're only as secure as the weakest link in that effort. Worth remembering when SR3.0 comes out. Is it being run by someone else who will put out a hit on a rival, or plow $70k of revenue into a Model S.

You are also, by nature, associating with people with a vastly higher than average risk of being arrested independent of your own conspiracy, and hoping that they will not mention your conspiracy for leniency in problems they got into without you.

Silkroad 3.0 will probably be this: https://openbazaar.org/

Good luck in taking that down.

Interesting. Are you claiming that OpenBazaar will be free of bugs, exploits, side-channel attacks, etc? Have you done an analysis of the code? Got a link?

I think he just meant that it's like Bitcoin. To stop Bitcoin, you need to seize everyone's computers.

Sounds like he confessed to everything after being read his rights, but before he even had a lawyer. His lawyer met him for the first time in court this morning.

Odd all around, like he wasn't at all prepared for this to end up here.


^. Simplest use case I can imagine for big data analysis on financial transactions, detect sudden spikes in income (esp. from different sources) and expenses, flag for further investigation. I'm sure the tax services do this. Banks too, to detect mules and other suspicious activity (repeated transactions of $999 to a different account are suspicious already imo).

You can buy a Tesla with Bitcoins?

Sure, you could theoretically buy a used Tesla with Bitcoins. But it may be hard to find a dealer willing to do that.

There was a story a while ago about someone buying a Tesla with Bitcoins, but it ended up being incorrect. The Bitcoins were exchanged for US Dollars which were then used to buy the car: http://www.cnbc.com/id/101258152

You can't buy a Tesla from a dealer. There are no Tesla dealers.

Dealers can sell a used Tesla.

>>> Google Chrome web browser version 35.0-1910.3 and the Apple OS X operating system, version 10.9.0

Hello browser fingerprinting, not a theoretical concern anymore I guess.

I don't think a single-server hidden service is meant to protect against a global, active adversary. If you think it does I would love to hear your thoughts on my question[1]

[1] https://news.ycombinator.com/item?id=8568667

> service outages at the time the imaging was conducted

That whole "correlation is not causation" maxim comes to mind here.

Evidence is all about correlation. You won't ever find direct causation in a court case.

That's what a jury is for.

It's part of a greater collection of evidence. Evidence doesn't have to be mathematical proof.

A common theme (from what I can tell in law) is that something can never be proven to the rigor of a mathematician, so what happens is you build up piles of "coincidences" until a reasonable person would be hard-pressed to believe they are only coincidence.

Hence the idea of reasonable doubt which has a specific meanings in various jurisdictions:


None of the items taken by themselves are enough to convict (e.g., other people would be tweeting about Silkroad 2 at the same time), but you add it all together (server in his name, piles of unexplained cash and large purchases, tweeting about it, accessing the servers from his machine, etc., etc.) and it starts to look really bad.

Plus he's also confessed, apparently.

This seems like an excellent example of a 'natural experiment' where the FBI's imaging request serves as an instrumental variable.

I think this is the money quote:

"During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website."

So I assume this means they were able to infiltrate the community and there was possibly no unauthorized break necessary on the actual technology stack. It does lead one to question how they drew the final line between Benthall and his online persona, unless the undercover agent was also given access to financial information or other personally identifiable info. Maybe they even placed a malicious program on the server to target Benthall after they had control of a support backend. Interesting to see if that is all that comes out....

This sounds no different than the undercover police, detective work the FBI has been doing since its establishment. Infiltrate the perp, take him down.

They used the same tactics on gangs, mobs, etc. Now violent crime is slowing, but they have hoardes of agents trained in these protocols, so they're redirecting energy into catching so called "cybercriminals."

A bunch of people who infiltrated the mob are now infitrating groups of nerds in basements. It's frustratingly hilarious.

By the way: If the FBI is so successful using traditional police tactics to infiltrate "cybercrime syndicates," why do they need a "front door" to our devices?

A bunch of people who infiltrated the mob are now infitrating groups of nerds in basements. It's frustratingly hilarious.

Why? Generally speaking, crime is crime, whether or not you wear a trenchcoat & fedora.

There is perhaps some humor in operatives who went up against the mob now going after small fish which must seem like easy pickings to them, but it's the "frustrating" part that I don't follow.

Because basement nerd isn't violently murdering anyone. Basement nerd is making a violent drug market civil and non violent.

Except when basement nerd tries to take a hit out on someone.


Those charges were dropped, and no one really knows why.


They were dropped because hit was on one undercover agent and was contracted to another undercover agent.

> By the way: If the FBI is so successful using traditional police tactics to infiltrate "cybercrime syndicates," why do they need a "front door" to our devices?

Just like the old-fashioned police work they did here which you mentioned, the FBI in the past has been able to use warrants to obtain unilateral access to safe deposit boxes, drill open personal safes stored at home, search through a person's desks, closets, bedrooms, etc. for particular items, and more.

That is the level of access FBI Director Comey is saying that they need (the ability to enforce warrants for the same types of searches required for "papers and effects") for the same reasons that the FBI has needed such access for investigations in the past.

He isn't asking for the ability to conduct passive or mass surveillance, or even the ability for FBI to unilaterally enforce a warrant. He's asking for the ability of the device manufacturer themselves to be able to comply with a warrant if one is offered up. The cryptographic technology necessary to do so already exists, in a way that would limit access to the manufacturer, so that's not the issue.

> The cryptographic technology necessary to do so already exists, in a way that would limit access to the manufacturer, so that's not the issue.

This is a genuine question: Does it really? Everything I've read on the topic has shown that that's not really the case, at least not without implementing it in such a way that it has some rather serious human weaknesses anyway. However, I'm rather ignorant on the topic, so I'm genuinely curious.

Easy mode is to encrypt the device key for each individual device, store it only with the manufacturer. Make it more difficult by requiring m-of-n agreement (probably via a parity block scheme) between HSMs to derive the key if you wish (with the key material being guarded on separate stores so that an insider can't simply hack into access), but that's not that difficult in comparison to what we're talking about.

Even easier might be to have the device itself store an encrypted version of the data storage key, encrypted to a PKI private key that only the manufacturer controls (i.e. leave a GPG-encrypted file accessible in an unencrypted partition that unlocks the rest of the storage). Since we're assuming that skilled hackers will forcibly encrypt sensitive data anyways by jailbreaking if needed, it's not that much of an additional stretch to leave the key on the device itself, and FBI can still get warrants served on the 99.9% of accused criminals who can't be arsed to figure out that their iPhone can be unlocked.

I'm not even close to a crypto expert either, someone with deep insight into the crypto literature (I hear NSA has a few of those...) could undoubtedly point to more applicable research that would be useful here.

> A bunch of people who infiltrated the mob are now infitrating groups of nerds in basements. It's frustratingly hilarious.

I'm a little skeptical of this whole shtick that online criminals are just "nerds in basements." A nerd can do a lot more damage to your life with a computer than your average petty criminal.

True, but that doesn't necessarily mean they will. One of the smarter things about Silk Road in my view was the nominal policy of disallowing trade in child pornography, criminal services, stolen credit card data and so on, ie illicit things that also have (or are intended to have) victims who are necessarily injured as a condition of production. There's no economic tipping point at which the consumption of child pornography could justify the abuse perpetuated in its production, for example.

While the drug trade can cause people to become victims (just as the legal trade in alcohol or cigarettes or many other commodities), such victimhood is incidental to the production and consumption of the illicit good rather than inherent to it. I think this distinction between what sorts of contraband could be traded on Silk Road (even if it was not adhered to in practice) is a big part of why many people were/are sympathetic towards Silk Road.

One of the most astonishing parts of dark markets is that it flips the drug-dealing paradigm. Instead of watered-down product sold by unsavory people only motivated by profit, we now have what are essentially drug aficionados who are earnestly interested in selling the best possible product.

Which isn't to say they're allergic to profit, but since its closer to an open-market they can no longer rely on being the only game in town. Testimony from buyers on the dark markets shows that some dealers even include free drugs, which is completely unheard of.

If the cocaine cowboys of the 70s and 80s were the first wave and the crack kingpins of the 90s were the second wave, then the cyber vendors are the third wave drug dealers.

That's a little bit hyperbolic. I bet if you took the last 12 months, the average petty criminal has done more genuine experiential damage to people's lives than even the most intense nerd/hacker.

Unless that's what they want us to think. If it was just this undercover agent, how did they shut down the other unrelated markets?

I think we've learned from the Dread Pirate Roberts case that what FBI says they did to catch these guys is a lie. They caught them some other way - either in an illegal way or through some method they intend to use in the future and don't want to disclose now. Either way, chances are it didn't happen the way they say it did.

Or, they just executed the same plan repeatedly. Clearly most people opening these markets are not as smart as they think they are. I would not be surprised if undercover police tactics succeeded across multiple markets, and the FBI simply timed the shutdowns to coincide. In fact I remember reading an interview with a market founder in cryptonews, where he mentioned the difficulty in finding and trusting support staff. That's all the more reason to listen when the FBI comes knocking, asking to help with support.

Its been hinted that they'll be busting other Tor marketplaces in the next day or so. I wonder if they were similarly infiltrated and what effect that will have on the community.

Or maybe someone is trying to get out of the market and pocket all of the wallet funds sitting on another marketplace.

Seriously, if you were running a Tor marketplace and one of your competitors goes down, it is a perfect cover for running away with everyone's bitcoins and disappearing.

On the community I have no idea, but I imagine the next reincarnation of these type of markets will have to be managed by lone wolfs out of a cave in Afghanistan.

in all seriousness perhaps iranian hosts would be a viable route

In all seriousness, is there any legal precedent for seizing/shooting down satellites?

Space law tends to be extrapolated from maritime law as many of the legal condundrums are similar. So if you had a pirate satellite then it could probably be seized under a letter of marque. It's a fun question, I'll look into it.

You'd probably fall afoul of sanctions law if you tried that.

I am not sure you want to stare down the Iranian justice system.

If you don't live in Iran, staring down the Iranian justice system [given the lack of love other nations have for them] is pretty easy.

Tbh tho, I wouldn't be surprised if you setup an Iranian site that you weren't accused of "funding terrorist operations" and the trial gets replaced with a US drone strike.

To my knowledge, there have not been any drone missile strikes in Iran. That would likely constitute an act of war. Iran did shoot down a spy drone back in 2011.

Point taken, though.

> If you don't live in Iran.

As in, you live somewhere else out of reach of the Iranian and US justice systems. But you host the site in Iran.

@opendais: I'm still confused where the drone strike is happening.

Let us say you decide to hide out in Cambodia while operating servers in Iran.

The point is where isn't important. Given a large enough market, the US would do whatever was needed to catch you. :P

This is perhaps pedantic, but the US is also not going to order a drone strike in Cambodia.

The US would never extradite to Iran, so unless you are so desperate to open a "dark net market" that you move to Iran, you will stare down the US justice system, not the Iranian tribunals.

Cloud9 and Hydra are now displaying seizure notices as well.

Perfect cover to run away with everyones funds :)

Apparently Cloud9 went down four minutes before SR2.

So it's unlikely to be a false flag.

Yes, it seems the feds had a blast, taking down darknet markets.

"successfully infiltrated the support staff" - This doesn't rule out that they didn't sniff out their credentials and logged in as them.

This implies an agent established a direct connection to a server in Benthall's C&C chain. Once there, they simple hacked (or subpoena or Mutual Legal Assistance Treatied) their way back to him.

"On or about October 7, 2013, the HSI-UC [the undercover agent] was invited to join a newly created discussion forum on the Tor network, concerning the potential creation of a replacement for the Silk Road 1.0 website. The next day, on or about October 8, 2013, the persons operating the forum gave the HSI-UC moderator privileges, enabling the HSI-UC to access areas of the forum available only to forum staff."

They were compromised from day 1, before the 2.0 site had even launched. I wonder how they managed to be a trusted admin so quickly?

That sounds like the FBI had already infiltrated the Silk Road 1.0 community so they were invited into 2.0 at the beginning.

HSI refers to Homeland Security Investigations, an arm of the Department of Homeland Security. Not to say it wasn't a joint effort with FBI, but it was an HSI undercover.

That might have the most chilling effect on a 3.0.

WANTED: rockstar programmer for new e-commerce startup. still in stealth mode, but think silk road with less php and more rails. bitcoin experience/enthusiasm a plus. message for details. no feds please.

Better watch out, law enforcement isn't exactly known for their sense of humour.

Don't worry, I'll be conducting interviews on the StartupBus. http://www.wired.com/2013/03/a-long-fast-road-to-the-next-bi... (check photo credits)

Perhaps, but that kind of joke gets made all the time on the Internet without bringing down black helicopters.

I made a joke like that on Slashdot once and the black helicopters did show up. Well, the Secret Service, anyway.

You satirically quoted an imaginary job posting and Secret Service showed up? That sucks, I guess we need to close down Duffel Blog and The Onion then.

Or you know, he did a SLIGHT VARIATION of the "imaginary job posting", an "imaginary something else" but equally imaginary and tongue-in-cheek...

Yes, I'm sure that his "not actually the same as the joke we're talking about" joke was a mere slight variation. Maybe the Secret Service guy missed the (+5: Funny), I'm sure that happens to the best of us sometimes.

Yeah, because secret service and/or cops are known to have a great sense of humor and enough understanding of the Web (including Slashdot trivia).

Care to expand on that?

Story time?

You shouldn't tell people that what they say might bring the attention of law enforcement - that counts as secondary liability.

Yep, this is how you know you live in a -democracy- dictatorship.

Not that I'm personally worried about the FBI, but if I were? Living in fear that you'll get busted for making a lame joke isn't living. Whatever happened to all the grand talk of civil disobedience and standing up to the man? Instead we've got people on the "good side" going around saying "don't talk like that." The man doesn't even need to bother oppressing speech when you're doing it for them.

Maybe the title should be, "FBI Announces Silk Road 3.0" :-) And I agree, folks seem to be running these things out of the US rather than out of say the Cayman islands or Belize where is it easier to level the playing field with respect to the authorities.

> running these things out of the US

If you mean the operators' physical locations, sure, that could help.

If you mean servers, the FBI complaint claims that SR 2.0 server was hosted in a foreign country.

> "In or about May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. [1][2]

[1] https://news.ycombinator.com/item?id=8568219 [2] https://pdf.yt/d/RpyX9_xmapTkhmkb

I'm not so sure. There have been offshore gambling sites (sports, poker etc...) that have been shut down before with the cooperation of local authorities, although not always easily. They may see revenue for local industry as a nice plus, but not so nice as to risk the ire of the U.S. govt.

In the end, your allies offshore may only be as loyal as the force they're willing to ignore. And your friends may only be as trustworthy as the information you choose to share with them.

Edit: Link to that poker takedown news http://www.covers.com/articles/articles.aspx?theArt=234980

The difference though is 'seizing the website' versus 'seizing the person running the website'. What surprises me is that US citizens, knowing they live in an undeclared police state, take the risk of starting up high profile web businesses. It would be like Kim Dotcom moving to Florida to run Mega.

With TOR, though, it's very easy to move servers quickly. Who wants to play a foreign game of 'whack a mole'? Authorities will tire quickly of complying with an endless game.,

I'm not sure how this is a whack-a-mole game.

If you run a single-server hidden service, the NSA can track it (unless you think otherwise - tried to initiate discussion here[1]).

Once they track it, they will get your hosting provider to cooperate and before you know it, your server has been imaged and that irrevocable .onion private key is in the authorities' hands. The most you'll see from your end was some downtime, which a cooperative host (an assumption here, granted) would cover up for the FBI (status update: rack/sector/DC failure at XXX).

They can now impersonate your server, MitM you, the works. After that, in order to move, you have to literally move to another onion address.

What you're saying makes sense if there is anyone who habitually rotates servers as a matter of OPSEC, but that sounds like an invitation for disaster.

AFAICT the name of the game isn't whack-a-mole, because when the NSA sees the mole, it will whack it.

It's "bury the mole in the moleyard" - multiple mirrors so as to make locating the actual service very unlikely.

[1] https://news.ycombinator.com/item?id=8568667

I'm wondering why they would image the server. Did SR2 not use full disc encryption using LUKS? How would they be able to access anything on it, I know if I were running SR2 I'd have the longest private key ever stored in my brain to decrypt the drives.

> I'm wondering why they would image the server.

For offline analysis and to be used as evidence, presumably.

> Did SR2 not use full disc encryption using LUKS? (...) longest private key ever

So the process for you would be slightly different: There would be a "power outage" in your rack, your encrypted disk would be imaged and (unencrypted) bootloader would be bugged.

Then they'd wait for you to see that your server had some issues, upon which time you'd have two choices:

-enter your private key to resume the service.

-abandon the server.

The correct choice would be (2), but you don't have enough information to make that call.

fyi they don't need to power cycle your machine to remove it from the data center (if there is physical access); there's a battery backup that clips onto the power prongs while it's still 3/4 in the socket.

It's not log bugging your bootloader can magically send your password for the key off the server. They would have to be watching and be very quick, but I'm sure they'd want to see the server start to boot to ensure they have it.

I'd compare the bootloader to a known good image as an early boot step and if it isn't what you expect immediately start destroying data. :-)

I meant "power outage" as the pretext that would justify (to the HS owner) why the server has been power-cycled (assuming they decided to cooperate with the FBI/whoever).

Here's how I would do it:

- I assume that your hard drives are in RAID. I gamble that they're in RAID 1 - most typical - and strip one out while the server is still running. Some kernel messages are logged, whatever.

- I start imaging the disk. If it isn't a mirror of the other after all, I strip the remaining drive(s) out and start imaging them too.

- While the disk(s) is/are transferring, I patch both your boot loader and your kernel with a rootkit. This should be laughably easy for the level of adversary we're talking about.

- When the disk(s) are done, I power cycle your server. I may cold-boot your RAM and get the passphrases there if i'm lucky. The downtime was either seconds (if it kept going with one RAID 1 disk) or <however long the imaging takes>.

- When you realise your service is down you may contact customer support. In that case they will respond (with their usual timing) about something-something-blown-fuse-UPS in your rack.

- When you log onto your server, you will most likely be faced with the passphrase input and most likely will go for it, but even if you don't...

> I'd compare the bootloader to a known good image as an early boot step

If you do so after you've given away the passphrase, you've lost already. Destroying the data won't help, as they have the encrypted copy of it and you just gave them the key.

I don't think you could detect a good boot/OS rootkit remotely at all. One would cover for the other. You can't unplug the disk and examine it. You can't plug a read-only drive in and boot some forensic tool. All you have is your lying bootloader and your lying OS. Your encrypted partition doesn't protect the integrity of the binaries there either, as after it's been decrypted, the rootkit would happily intercept any values that would give it away.

I'm not sure how you could ensure hardware security without ensuring physical security. Usually, physical access == pwned. Maybe TPM changes/will change that, but I somehow doubt it. Some other routes not covered here (probably easier, heh): Getting host to decrypt your TLS/KVM session where you typed the passphrase in the first place, malware in firmware on misc devices, etc.

> I patch both your boot loader and your kernel with a rootkit. This should be laughably easy for the level of adversary we're talking about.

Well, you won't be getting the kernel, its on the drives. It would have to be in a separate partition so you can start it before mounting the sensitive filesystems, and you may have a key that the bootloader uses on it, but in either case if you are not present and a sever goes offline you basically have to do the following:

Verify the ROMs integrity in that first stage - before you put in the key for your actually sensitive data. That means you need open firmware or some mechanism to hash the ROM that is installed, you need to have a means to read it in its entirety, and then you need to hash it.

I say open firmware because you need to be able to guarantee the FBI couldn't embed a backdoor firmware. If you can get open spec / openfirmware mainboards and verify their authenticity only then can you be safe.

Then you verify the kernel, which is much easier because you can compile it yourself, maybe even pad it with some random and scramble the ELF tables in some custom orientation.

And then you need to worry about how you input the key - if its by USB, you can backdoor the USB and network controllers and keylog in hardware depending on the vendor and model of the mainboard. Over the network, just the NIC is in question, because any secret sharing over ethernet better be over a secure connection.

But that should be it. It is a fine line at best, and a bottomless pit at worse, but there are ways to try to be hardware secure.

> Verify the ROMs integrity in that first stage (...) need open firmware or some mechanism to hash the ROM that is installed, you need to have a means to read it in its entirety"

Does such a mechanism exist? If you can do this[1] from BIOS, why is it safe to assume that the same can't be done for the dump-bios-image routine? AFAIK the BIOS handles this in real-mode [2] (overrides the OS), and "returns" the image by copying it somewhere in low memory. So, you're trusting the BIOS that it's copied the right data out for you. (goodguybios)

> I say open firmware because you need to be able to guarantee the FBI couldn't embed a backdoor firmware.

This reminds me of this NSA RAID controller rootkit for Dell Poweredge Servers [3]. Nuts. Every closed firmware on your servers is a potential hiding place to someone with (soldering-iron-to-the-motherboard) physical access.

In our Dread Pirate use case, you don't even have to think that far as you can't ensure your own BIOS. Who are you going to buy TPM servers [4] from, when you're defending against the FBI? Intel? HP?

The Rootkit wikipedia page is alarming, to say the least. [5]


[1] A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers http://phrack.org/issues/66/11.html#article

[2] http://en.wikipedia.org/wiki/Real_mode

[3] http://resources.infosecinstitute.com/nsa-bios-backdoor-god-...

[4] http://en.wikipedia.org/wiki/Trusted_Platform_Module

[5] http://en.wikipedia.org/wiki/Rootkit#Bootkits ("Bootkits??")

[6] https://www.blackhat.com/presentations/bh-usa-07/Heasman/Pre...

If you're in San Francisco, how do you type the disk password into a server in Iceland? Through a BMC with clownshoes security?

> Once they track it, they will get your hosting provider to cooperate and before you know it,

This is the whackamole I was talking about. The time between when they identify the server and getting the provider to comply is enough in certain countries to set up an alternative location. Hosting companies aren't gonna want to play this game forever, ESPECIALLY if they're getting good money out of it.

So you'd just move servers every X months no matter what, or would you be tipped off somehow during that time window? If it's the first, that's pretty hardcore. Migrations are a pain for most people. Unless the system was built to migrate painlessly... Hm.

Set up the site so all the database transactions take place in memcache or redis and every 10 minutes it's written into encrypted entries on some kind of distributed blockchain (Datacoin, Namecoin, etc).

Use Docker to wrap up the front-end and make it easy and portable. You can then spin up a new iteration of the site on a new VPS in a matter of moments. It can download the DB entries from that blockchain, decrypt, and then keep the DB in memcache/redis. To speed things up, you can also do daily encrypted DB dumps to a DHT address and write the DHT address into the blockchain to bootstrap the service restart.

Once the DB is bootstrapped and caught up, the site can register itself on the Onion network and since it'll be the newest entry, traffic will start ending up at the new site pretty quickly.

Such a system could be automated pretty quickly where a person could register VPS's at Linode, Digital Ocean, AWS, etc. Then write some kind of encrypted config file into a blockchain so the site software would pull down the config and make the transition to the new provider automatically. Could be an automated daily move and by using a blockchain as an intermediary for communications it prevents worries about making mistakes with accidentally leaking IP addresses at each new service provider.

> Authorities will tire quickly of complying with an endless game

Oh I wish that was true but we are in our fourth? decade of the War on Drugs, Authorities don't care, they just hire more people at tax payer expense.

The never-ending nature of these "Wars On" is actually the main appeal of them for the lobbyists and their minions. What is better than cash this year? Cash every year until the Republic falls.

Yup; as long as it takes only a few weeks to set up something like this but a year to take it down, I don't think this idea is going away. The business model obviously works, and there is definitely a market.

And there is no shortage of people who think they can outsmart the FBI, but one slip and there goes your life. I sleep better working for a living.

Can someone be charged with drug trafficking for simply running a website on which drug trafficking occurred?

You certainly can if you knowingly target the drug market and make a commission off each sale.

So did the conformed slave.

Virtually everyone commenting here is at work and IMHO it is a lot more work to be a criminal.

Not if you operate for a year or two and manage to successfully exit. Then you'll be able to live without working for the rest of your life.

It would be hubris to think I would be any good at crime. Basically sounds like a higher stakes version of the movie Bottle Rocket.

Nah, there's several other active, established markets already - SR2 wasn't even one of the top three.

"Benthall should have known that those who hide behind the keyboard will ultimately be found."

What a weird tone...

The FBI exists to justify itself. An up-front, moralizing tone is reassuring to non-technically literate people who don't realize this is equivalent to tracing all of our most intimate conversations.

As it sounds like it was social engineering [e.g. Getting into the private/admin areas of the forum via an undercover agent] I'm not sure you can state that.

Sorry, I meant it in terms of the ominous "nobody is safe behind a keyboard"—not only do they seem to be proud to be so invasive, but they're even adopting a moralizing tone.

In which the purpose of the press release (and bust) is revealed: to threaten the public and make an example.

The usual stuff you expect out of an upstanding agent of democracy.

Shame on the US government for threatening the public with the enforcement of its own laws.

Well, they've certainly shamed the public enough for trying to get the government to comply with its own goddamn laws.

Not sure what your point is. It's okay for government representatives to threaten citizens for circumventing laws that are demonstrably foolish? Regardless you should step back and think about how a representative democracy should function.

>It's okay for government representatives to threaten citizens for circumventing laws that are demonstrably foolish?

When they threaten citizens with arrest and a trial, yes. "Demonstrable foolishness" is not a get out of jail free card.*

*IANAL, but i'm pretty sure.

That statement nonspecifically threatens anyone who "hides behind a keyboard". Also, this threat comes without any determination that the law has been broken; there has been no conviction.

I have no problem with assurance that the law will be faithfully executed. This isn't that. This is inflicting fear to suppress people you disagree with. If only we had a buzzword for that.

This is assurance to the public that the law will be faithfully executed. They are assuring the public that the FBI is capable of investigating crimes even on the internet.

It would just be nice if they operated under the same judicial rules that they are enforcing. It seems like a large portion of US agencies (who enforce 'justice' in one way or another) these days feel like the same laws they are enforcing don't necessarily apply to them, especially when said law(s) limit their ability to do their job.

Or more simply put, exceptional circumstances have now become a rule rather than an exception.

Specifically which laws did the FBI break in this investigation?

I'm not sure if they did, "in this investigation".

I was commenting more on the general tone of US agencies, since the PATRIOT ACT, and their contradictions of what is breaking the law when it applies to them vs. whomever they are investigating.

Commenting more on the general tone of US agencies, since changing the law to specifically allow an expanded set of investigatory techniques, is them "breaking the law"? What?

You can argue they shouldn't have such authorities, but when the law explicitly gives them authority it's foolish to then claim they're breaking the law when using those same authorities.

It can still be breaking the law if they: a) exceed even the authority granted to them explicitly by the Patriot Act or b) the contents or interpretation of the Patriot Act violate the letter (and possibly the spirit/interpretation) of a higher law, namely the Constitution. IANAL so I don't know whether either of those are true, but is something that has been called into question (beyond the ethical or social-impact concerns over the laws and practices enabled by the act). I don't feel shutting down a black market is illegal (or unethical) unless the means to do so were illegal (or unethical). However, saying that US agencies violate the law more often after being given more powers within the law is not necessarily a self-contradictory or strange notion.

It's possible to be skeptical of the government and government agencies while at the same time thinking that the arrest of (alleged) drug traffickers is a good thing.

Something something parallel construction, no doubt.

The context of the entire paragraph from which that statement is drawn refers pretty clearly to "hiding behind a keyboard" to commit crimes such as running an online drug bazaar.. of course the government disagrees with and wants to suppress that. I don't believe it's nearly as nonspecific and ominous as you seem to.

The premise of sites like Silk Road is that they exist entirely beyond the reach of the law - and the government is, understandably, refuting this premise.

Disagree with what?

The government disagreed with black markets, and they will enforce their will by shutting it down.

If not the DEA or the FBI, then the IRS will.

By "its" do you mean the "public" or the US government? These are the government's laws, and it enforces those laws on said public.

> These are the government's laws, and it enforces those laws on said public.

Well, yes.

...when it consistently and unfairly places itself and its cronies above said laws.

Nevertheless, selling illegal drugs on the internet is illegal. I don't think you can say that attempting to bring down darknets is an example of government corruption in this case, notwithstanding the inevitable argument that the government is corrupt in any case.

> Nevertheless, selling illegal drugs on the internet is illegal.

Apparently running a social media website where you don't sell drugs but other people do is also illegal.

He committed the equivalent of putting up a bulletin board where drug dealers would pin instructions on how to buy from them.

Also he took a cut of every transaction

He probably pays taxes on that money, too. Does that make the government an accomplice? Really, you just can't apply logic and consistency to laws across all members of society. On the one hand, they contradict themselves in application, and on the other hand you have special exceptions for state-actors among others.

He bought a top end tesla with a $70,000 down payment in bitcoin a few months after taking over. You really want to contend that he "probably pays taxes on that money, too."?

Sales tax in San Francisco is 8.75%, so, yeah.

There are many cases of drug-police taking bribes from drug dealers. If you can't believe that happens in the US, at least accept that it happens in other places.

Just a few years ago the President of INTERPOL was convicted of taking bribes from a drug dealer.

I can say exactly that, watch me: their persecution priorities are corrupted. How many rights violations is this darknet thingy causing? More than the megabankers that get away with a slap on the wrist? And how much easier is it to arrest megabankers than technical-minded hacker guys and gals that try their best to hide their crimes?

There's a much higher beneficial payoff that can come from arresting bankers (like Iceland did), and at much less effort, than trying to make sure anonymous people don't put silly substances in their mouths.

So yes, attempting to close down darknets is a shining example of our government's corruption, today, with everything that is happening with the economy, courtesy of the bankers.

(Shrug) The bankers have no power that the government doesn't give them. Your enemy lives on Pennsylvania Avenue, not Wall Street.

Are you sure of that?

"Give me the control of the credit of a nation, and I care not who makes the laws." -- Mayer Amschel Rothschild

Disclaimer: I do not believe in a Rothschild conspiracy. I believe in real conspiracies like the Libor scandal.

Key part of that phrase: Give me control.

Well, the crime-committing public anyway.

There is absolutely nothing untowards or abnormal about their claim, nor are they threatening the "public", which overwhelmingly doesn't operate black market sites.

Law enforcement absolutely includes an element of making examples, and deterring crime. That is one of the major purposes why organizations like the FBI exist. Not quite sure what this has to do with democracy.

You have to look at it not from the perspective of a black market site, but from the perspective of anonymity. Sites operated on the TOR network are supposed to be anonymous which is a valuable contribution to the existence of free speech. The freedom of a country that outlaws acts between consenting adults can be debated, but there are many countries that are undeniably oppressive. If the US government can track down an anonymous site, then it is likely these countries can too.

Arguably anonymous sites can harbor truly dangerous crimes like murder for hire, pedophiles, and terrorists. However, they can also protect political activists and whistle blowers. So while this isn't necessarily a cut and dry issue, it is much more complex than just saying these are black market sites so who cares.

There is absolutely nothing untowards or abnormal about their claim, nor are they threatening the "public", which overwhelmingly doesn't operate black market sites.

Sure, most people don't operate black market sites. But the problem is that if the government is able to use technology to have near-perfect knowledge of what everyone is up to then bad things happen when you get a bad person in charge of the government. Possible case in point just happened:


The bottom line is that there should be a way for people to be anonymous behind their keyboard. That's what prevents people from dying for expressing opinions that are counter to the government. Just picture a radical Prolife president who feels justified in murdering people who advocate for Prochoice policies. Don't focus on the one example - there are all kinds of bad things that a bad person in power could do. Enforcing laws is not a justification for absolute power.

The government is saying that they will pursue people who break the law through any means possible. In this case, they apparently socially engineered their way in.

And? How is this possibly a problem? Is it really an attack on potential legitimate uses of anonymity? Is it really useful to conjure up a murderous prolife president?

To all of those the answers is of course no.

>>Law enforcement absolutely includes an element of making examples, and deterring crime.

It is very sad that you believe that... Sad indeed.

>>Not quite sure what this has to do with democracy.

It has everything to do with "democracy" which is mob rule, the FBI is the attack dog of the mob (aka the people) which has deemed running an unapproved website results in a life time of sadistic treatment in a human filled zoo where humans are locked in a small cages and emotionally tortured, we call them "prisons"

He has a private repo on GitHub, I wonder if it is the code for the site. https://github.com/blakeeb/private/commits?author=blakeeb

Yes, shame on him for not standing on a street corner like any respectable drugs dealer.

"Let’s be clear—this Silk Road, in whatever form, is the road to prison."

I cannot imagine a way in which a single-server hidden service is safe from a global, active adversary like FBI, NSA & Friends.

This [1] discusses passive analysis over time.

Isn't it really easy to locate one if you can perform active attacks on the global infrastructure? (introduce latencies and/or break links temporarily)

If your hidden service is served by a couple of mirrors on each continent, though... then maybe you're safe?

edit: This is a genuine question, not a rhetorical one. Am I missing something?

[1] http://www.onion-router.net/Publications/locating-hidden-ser...

> Isn't it really easy to locate one if you can perform active attacks on the global infrastructure? (introduce latencies and/or break links temporarily)

Seems like it wouldn't even take too long if you apply the same type of logic that makes binary search O(log n), even with mirrored servers. And as long as you don't need perfection (i.e. just to narrow to a list of candidates for further inspection) then mixing that with Bayesian statistics would probably work wonders too.

Good point. Noises have been made for a long time that Tor is compromised given a sufficiently motivated adversary. For instance, [0], among many others.

In light of those noises, my non-rhetorical question is this: Why would any Ulbright wannabe reside within the US DoJ's sphere of influence? Get thee to Russia, and quickly! And while you're at it, keep your hardware in some third, fourth, and fifth locations, neither American nor Slavic.

[0] https://www.schneier.com/blog/archives/2013/08/has_tor_been_...

> Why would any Ulbright wannabe reside within the US DoJ's sphere of influence? Get thee to Russia, and quickly!

100% agree with this. I imagine it is mostly that people never think they'll get caught - or they view the risk of getting caught as much lower than the benefit of not moving, in any case.

Edit 1: To add: I think "people" also underestimate just how easy it is to get caught.

Getting caught doesn't mean you're stupid, or inexperienced, or anything except that you slipped once.

You forgot the proxy, once. You sent your personal pubkey your rather your darknet pubkey, once.

It takes next to nothing at all to get caught.

Edit 2: The link you posted was about a javascript 0day exploit in the Tor Browser Bundle. Implementation flaws will always be there, but if the theory is broken as well... My question is about if the tor protocol itself could theoretically shield a hidden service from a global, active adversary. Which I think it couldn't.

Hopefully anyone doing this in the future would be doing so only from Tails and public internet cafes

Russia has its own war on drugs and if you think the USA is a police state, just LOL at Russia. Their version of the speaker of the house said that drug dealers should be thrown into forced labor camps.

I'd go to Abu Dabi or Dubai and just be prepared to bribe the fuck out of local police.

I wonder if the next step in service hiding is to do this on a service more like freenet?

I haven't checked the status of the project in a long time, but one of freenet's features was distributed hosting, with encryption making sure that nodes could not inspect their own content. I don't think you can do a lot more than disseminate documents that way though, rather than actually useful sites...

So, it seems possible to build a p2p based market. I'm pretty sure I read something about there already being one. Like, a distributed network based market where sales and buys are processed by users, much in the way bitcoin does, or torrenting. Then the network could be accessed by clients, even web based ones. Perhaps. Like i2p based markets? Which can even be accessed over tor?

BitXBay is another concept, using Bitmessage as its primary protocol.


Holy shit, thanks for linking that. That's pretty awesome.

IIRC, Silk Road 1.0 (is this what we're calling it now?) had mirroring servers. As we know, somehow the IP of the main server was leaked, whether through the CAPTCHA or by other means.

Security by obscurity always fails - especially against the FBI. Given that Tor is essentially an obscuring mechanism for servers that have to function to some degree on the clearnet, if the FBI really wants to find a hidden service there are apparently many points of failure to exploit.

However, given that Ulbricht and now Benthall both had poor OpSec, criminals on the internet have as a last resort the ability to have no identifying information on their servers, even if their servers get owned.

I'm not sure "security by obscurity" applies to Tor, even in the context that you mean (which I understood as the routing-to-hidden-services bit of it, rather than Tor in its entirety).

Based on the info and understanding I currently have, the only information that can be used to track a hidden service is, basically, uptime* . If you own a significant percentage of both the network (Tor), and its carrier (Internet), you can start introducing latencies at will to exclude routes. That will basically allow you to find the IP by elimination.

As a passive adversary, you have to do the above passively - meaning loads of accurate uptime/time data for the hidden service, which you'd then have to correlate with known outages in various sections of the internet, yada yada. Passively it could take forever.

Security by obscurity is when the process being kept secret is the duct tape making it "secure" (think XORing against a fixed key and calling it "encryption"). This clearly not the case here, but rather that the protocol cannot protect a single server hidden service on an adversarial carrier network.

I can't imagine a HS with mirrors in 10-20 different DCs would be susceptible even with active capabilities.

> have to function to some degree on the clearnet

How so? They certainly don't have to, and AFAIK "marketplaces" don't.

* I'm obviously not counting leaking the native IP through the app layer, which is what the FBI claims happened with "Silk Road 1.0" (yes, I think this is what it's called now. Who got dibs on the silk road 2.0 name, and how?)

If not eliminate to just one IP, at least eliminate to few enough that you can DDoS them and see what happens to the HS.

I won't link to them directly, but his accounts on most social networks are not deactivated, are publicly viewable and all mention bitcoin in the bio. In the wake of DPR 1.0 I find this a bit hubristic.

That's not the worst of it - the criminal complaint mentions that the server was registered to the email address blake@benthall.net. If that's not a giant "hey, feds, come and get me", I don't know what is.

It also mentions that most of the accounts (Bitcoin wallet and other) that he used were all under his real name.

It's enough to make you wonder if someone set him up. Did they have something conclusively linking him to the site in the real world?

yes and none of that can be faked at all....

People have never signed up for services with the wrong email address, I have never gotten confirmation emails for things I did not sign up for... no no that has never happened...


Most crimes are never solved. The criminal has to practically fall asleep in the getaway car.

...or to post a basis for reasonable suspicion on their social media accounts.

Why couldn't the FBI land this case by itself? What are the responsibilities and special investigative powers (if any) of "Homeland Security Investigations." How do they justify their existence independent of the FBI? Their webpage suggests they do almost exactly the same thing.


ICE is the agency that handles customs inspections, and presumably get called in for any type of smuggling of contraband that crosses national borders.

It would make a lot of sense for the Federal government to have a single agency that investigates all computer-related crimes, but since that would make sense it will never happen. Instead each agency (FBI, US Secret Service, ICE, etc.) will investigate computer-related crimes that tie into their bailiwick, likely cooperating for cases that cross jurisdictional boundaries like this case did.

These guys should stop operating out of the US. They might last longer.

Thank god, I was worried that my violent street gang was going to lose business.

A twitter and github account based in San Francisco with a similar name has been quiet for over a month.

Interests include Bitcoin.

He posted on Instagram just 5 days ago http://instagram.com/blakeisblake

Here's a recent image of the person charged from his instagram:



Oh my.

Rocket Scientist at SpaceX? I think his career might be put on hold for a while.

He's all about getting high.

How is the FBI going to handle an inevitably popular decentralized marketplace? Will they prosecute anyone who downloads the marketplace software onto their computer?

All the pieces are in place for a true p2p marketplace. It doesn't exist yet, but it will soon.

EDIT: I should read about OpenBazaar.

I think we will arrive at a future where it will no longer be legal to create such software. The FBI will then go after the developers of said platforms.

Of course they will still go after the large sellers and such using traditional investigative techniques.

I think this may be his hn account. https://news.ycombinator.com/user?id=blakeeb

"Greed. It's terrifying how much it prevails in our startup culture."

Good to know he managed to tone down that concern in time for him to drop cold hard cash on a Tesla once the dough from SR2 started rolling in.

A software engineer at Space X [1] is also behind Silk Road 2.0? Crazy

[1] https://news.ycombinator.com/item?id=7277371

"when I look back I will clearly view the code I've written here to be way more important for humanity's progress than the code I've written for entrepreneurs' selfish attempts at billion dollar exits"

Everyone should note that he worked at SpaceX for 5 months..

Quote from http://www.irishexaminer.com/breakingnews/ireland/gardai-sei...

An international day of action to disrupt global activity on the Darknet and remove certain websites and forums is to conclude within the next 24 hours under the FBI/Europol operation codenamed "Onymous".

Very impressed with the codename.

Anyone who knows more about tor than me care to explain how DNS works on onion sites?

I assumed that it would be distributed in some sort of way that prevented this sort of thing from happening? Or does transferring ownership require the owner's credentials to be compromized?

You seize the server running the tor software serving as entry-point for your hidden service and grab the private keypair in order to impersonate the hidden service.

The .onion address is iirc a hash of the public key.

By entry-point, do you mean a server that you would typically own/rent, or some other server in the tor network that you would not normally control?

The first one. In an ideal world (tm) you have two physical servers srv0/1, both with full-disk encryption and some form of remote KVM. srv0 is connected to the internet on eth0 and to srv1 on eth1.

Then you set up networking in a way that the only thing aside from absolute required services running on srv0 is your tor gateway, and no traffic from eth1 may pass through to eth0.

On srv1 you set up the usual services, e.g. mysql, lighttpd and whatever you need hosted.

Ideally, you keep srv0 and srv1 in different datacenters, if not even different countries.

There are already movements to decentralize Silk Road type sites using P2P technology, like OpenBazaar: https://openbazaar.org/.

To anyone thinking about 3.0, just move to another country.

Preferably one that likes to stick the finger to U.S. and extradition requests. Bring along some extra bitcoins for the local police though.

I actually had this guy interview me for a first round at SpaceX. Seemed nice enough and we chatted further. By the time I flew in for the onsite he had "left." Cool dude.

Wow. The guy's social media accounts indicate that he is a rocket scientist at SpaceX.

Meh.. it looks like he was only there for 5 months and that he quit in March (presumably to work on SR2.0 full time).

Unlike at SpaceX, at Silk Road 2.0 the sky is the limit

Good news for bitcoin though, all these hidden service seizures and the price has barely budged. It is actually up a bit since this morning.

I think "Good News for Bitcoin" should be attached to a little trademark icon every time the phrase is uttered.

>>> and Peter Edge, Executive Associate Director of Homeland Security Investigations (“HSI”),

I wonder how is it "Homeland Security". Looks like this confirms "Homeland Security" is completely coopted into War on Drugs. Not that after this: https://www.eff.org/deeplinks/2014/10/peekaboo-i-see-you-gov... there was any doubt, but basically every time they talk about doing something to fight terrorism, it's probably means drug enforcement.

ICE (Immigration and Customs Enforcement) is responsible for controlling the import of goods (such as counterfeit Dutch passports and ID cards, but probably including drugs too) into the country, and they're a part of DHS.

I feel like this information might make some deviously smart individuals think they can get away with it by not screwing up where Benthall did.

Like he probably thought he would't screw up the same way Ulbricht did?

Yup, but the one takeaway I get from these court documents is the FBI needs someone to make some bone headed mistakes in order to bring them to justice.

What are the chances that the FBI set up a number of "copy-cat-silk-road" hidden services, immediately after seizing the original? That would provide them ample opportunity to 1) build a profile of everyone who used them, then 2) shut them down with an intimidating "sting," dampening the desire of potential copy-copy-cats.

Last I checked, the original Silkroad strongly enshrined PGP encrypted communication between seller & buyer into the way these marketplaces are run.

So theres no gain for them, as they can't get to whoever is selling/buying. They would just be facilitating the sales.

Actually, an undercover agent was invited to be part of the select list of "trusted" users from SR 1.0 to join SR 2.0 so there was no need for them to do this.

The text has been copy-pasted in this comment [0]. The source is from item 28a on page 13 of the complaint[1].

[0] https://news.ycombinator.com/item?id=8568765

[1] https://pdf.yt/d/RpyX9_xmapTkhmkb

If Blake Benthall actually does prison time, I'd say that's extremely unlikely... I suppose the FBI could have been behind the original setup and then sold it to him...

Or he's a government agent. After all, who's really verifying he a) exists, b) goes to jail?

Ok, that's enough fearmongering paranoia for me today. See you tomorrow hacker news! :)

So what? 100 more will arise. And this time not US based. You close 1 100 more will appear.

Marketplaces work much better at scale. And entrepreneurs do better the more they are connected with their markets. So from the government perspective, 100 kittens is way better than 1 lion.

The government doesn't have to make these disappear. They just have to increase the perceived risk and decrease their effectiveness until they're no better than buying on well-known corners or getting the phone number of that one friend's friend's friend.

That's mainly because drug practical prohibition activity is about suppression, not elimination. But I think it's worth noting that cops get paid to fight crime, not defeat it. As a general rule, I expect long-lived organizations to act in ways that self-sustain.

Drug prohibition is about police departments getting federal grant money based on how many arrests they have made, seizing property of people arrested for drug crimes, and getting bribes from large-scale dealers.

Curious if anyone has any idea how he was facilitating this: https://github.com/blakeeb/private

so, is everyone ready to ditch Tor for i2p yet?

It wasn't a protocol issue/backdoor. It was social engineering.

Against an adversary tapping the entire network, i've already switched to I2P/Tahoe-LAFS for my private communication/file transferring. It's where Silk Road 3.0 should be located.

What does this mean in the wake of Prop 47?

Absolutely nothing at all. Transporting, or aiding in transporting, drugs across state lines brings in the big guns.

Nothing. Prop 47 is a state measure for simple possession. This is conspiracy to traffic, interstate wire fraud, federal crimes prosecuted under federal statutes. Even if these were state charges Prop 47 didn't really change much (or anything) sentencing for sales.

Conspiracy to traffic? Doesn't seem like it. Is it something that makes trafficking easier? Sure. But who did the trafficking? The seller and the buyer.

Wire fraud? If it's the sale of something illegal I don't think that suddenly makes it wire fraud. Further, he's not charged with that. The sale is still completed. It's an illegal sale, but not fraud. Fraud would be if someone said they were going to sell you cocaine and instead shipped you powdered sugar.

"Conspiracy has been defined in the United States as an agreement of two or more people to commit a crime, or to accomplish a legal end through illegal actions."


Thus it's conspiracy if you are party to an agreement which involves you receiving a bitcoin commission (legal end) as a result of the trafficking of drugs (illegal action.)

If they're charging wire fraud, I think that may be part two of the complaint, "Conspiracy to Commit and Aid and Abet Computer Hacking." Probably people were using the site to sell hacking services or hacking tools which could be used to defraud people.


What if you don't take a cut of the transaction? If there's some flat fee that people pay regardless of whether there is an illegal drug transaction, is that then a conspiracy?

Perhaps not, but if you know (or reasonably should know) that a crime is being committed and then don't report it, now you're an accomplice to the crime.

It's hard to miss all the ads for drugs on SR2.0, so it would be very easy to prove that charge at the very least. And as we've seen in the past, Federal prosecutors tend to be very inventive, and the law tends to be rather expansive for these types of things, it wouldn't surprise me at all if there are other charges that would be possible.

  > if you know (or reasonably should know) that a crime is 
  > being committed and then don't report it, now you're an
  > accomplice to the crime.
It seems as though this depends on the state you're living in and the seriousness of the crime.

I'd like to know what the relevant laws are (if any) in Ohio and New York.

I don't know if any state that has mandatory reporting of all crimes based solely on knowledge. Outside of mandatory reporting of child abuse for certain individuals in specific roles (i.e. doctors, teachers, etc) so that those people report despite confidentiality obligations.

But for the average joe walking down the street and witnessing a crime there is usually no obligation to report that and they don't magically become accomplice. Most state laws in the U.S. don't impose duties like that (or even duties to help others) on its citizens.

Now, if your property is being used to commit a crime and you don't report it there might be different implications. And if you don't report it then you are going to have a difficult time proving you were involved. Guilt by association type scenario and the jury is going to likely believe you were involved. But this is not the same as becoming an accomplice because you didn't report the crime.

>> Conspiracy to traffic?

Just in case you didn't know:


Conspiracy law usually does not require proof of specific intent by the defendants to injure any specific person to establish an illegal agreement. Instead, usually the law requires only that the conspirators have agreed to engage in a certain illegal act.

Clearly, there was an agreement set forth. The owner of SR2.0 took money in exchange for people selling their goods and services on his site. If the site had some kind of terms of the agreement, which sellers had to ok, then he's screwed.

>> Wire fraud?


The essential element to be proved is that the person knowingly and willfully devised or intended to devise a scheme to defraud; and that the use of the interstate wire communications facilities was closely related to the scheme because the person either wired something or caused it to be wired in interstate commerce in an attempt to execute or carry out the scheme.

This means he knew what he was doing was illegal and the use of the internet to essentially launder his money is what they're going after. Not the sale of the narcotics, but the transfer of money for ill gotten gains, which defrauded the US Government of tax revenue.

Agreed, it sounds more like criminal facilitation than conspiracy.

IANAL but I am well read. If I understand correctly, conspiracy requires an intent to break the law. If you do something with the knowledge that someone might be breaking the law but you have no specific knowledge, it's going to be very difficult to make a case for conspiracy.

Facilitation is pretty much a given.

> If you do something with the knowledge that someone might be breaking the law but you have no specific knowledge, it's going to be very difficult to make a case for conspiracy.

That's not correct. The conscious avoidance doctrine basically says that you aren't allowed to be an ostrich: deliberately taking steps to shield yourself from knowing about a crime leaves you as liable as having knowledge of the crime.

Additionally, you don't need to know a specific act: just knowing that the site was designed to facilitate drug transactions is enough. This would be easy to prove. Check the code - if Benthall created the categories, which included drugs, he's entered into the conspiracy.

What if it's used to sell drugs from someone to someone else inside a country where both buying and selling drugs is legal?

I know that's a stretch, but hell, we're legalizing drugs all across our own country as we speak. In another election cycle or two the feds might well be fighting the states in every state.

You would almost certainly be guilty of engaging in a transaction derived from unlawful activity (http://www.law.cornell.edu/uscode/text/18/1957)

I've pinged an old friend who is an AUSA for some legal clarification if the transaction was strictly legal in the jurisdiction, but I'm pretty sure that's the case.

1) It's obvious now that TOR or bitcoin has been compromised in some way shape or form, allowing government strong arm agencies to once again subvert US citizens privacy in order to catch a 'drug facilitator.'

2) I have never drank or taken drugs, but I respect the choice and liberty of another person to do so, whether that be the invasive and deadly alcoholic beverage or the noxious cancer causing cigarette, or even the cannabis that retarded pot-heads smoke.

3) Its a shame the governments, christians, jews, muslims, swahilis and everyone else can't do the same.

4) Thinking about it - having the drug trade on the internet, kept it out of the street. No kids were used to distribute it across schools. No one got robbed or beaten. No one got shot. That's more than you can say for the 'war on drugs' and it's fallout. How many trillions have been spent, and how many people have died because of it? How many non-violent potheads clog the prisons?

*There are more people incarcerated in America, the home of the free, than there are in any other country in the world, apart from Seychiles... because the prison system has been privatized and again - people figured out how to make money by taking away the liberties of Americans.


5) The drug trade had been around for a thousand years and it was never a problem until the FBI, CIA and various interested parties realized they could make money off of it.

> retarded pot-heads


That's the part you have a problem with?


Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact