From the complaint:
"In or about May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it. Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 websites went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website."
Then, as a result of extremely poor OpSec (Benthall accessed the server directly, used his real email for registering the server), they got his IP's and, well, you know where it goes from there.
1. https://pdf.yt/d/RpyX9_xmapTkhmkb (Complaint)
Understanding of Tor
1. Hidden services can only exist on one node.
2. That node has a single IP or few IP addresses.
1. Send pulses of traffic to the hidden service (DDOS)
2. Comb through internet traffic logs to identify which IPs saw traffic pulses.
3. Reduce to a few statistically probable nodes matching the pulsed traffic pattern
4. Pulse hidden service again to see if it matches the probable nodes.
They've bugged nearly all of the entrance and exit nodes. This allows them to do trivial traffic analysis. Parallel construction hides the method from the courts which would be reluctant to rule against anyway.
The failures of modern crypto (and historical) are almost always usage bugs, not the technology itself.
During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website.
"During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website."
I realize it's vague but seems conceivable this level of access would allow you to connect the dots. No?
If that was the case, they didn't need to know where the server is hosted. And the "private" parts of the back end very likely opened up methods of code execution on the underlying host (eg. editing php templates, etc.)
"40. Based on a review of records provided by the service provider for the Silk Road 2.0 Server (the “Provider”), I have discovered that the server was controlled and maintained during the relevant time by an individual using the email account “firstname.lastname@example.org” (“Benthall Email Account-1")."
"b. I have also reviewed a publicly available profile of “Blake Benthall” on Twitter, another social networking website, which includes a photograph of BENTHALL as the user of the account, depicting the same individual associated with the GitHub account, discussed above. I have reviewed a post on that Twitter profile, dated on or about November 6, 2013, the date when Silk Road 2.0 was publicly launched, stating: “All this talk about the #SilkRoad being back up makes me want to watch ThePrincessBride.”"
"a. I have reviewed records provided by a U S.-based Bitcoin exchanger (“Exchanger-1"), for an account registered under the name “Blake Benthall” and linked to Benthall Email Account-1 (“Bitcoin Account-1”). According to transaction records for Bitcoin Account-1, BENTHALL engaged in his first Bitcoin transaction with Exchanger-1 on or about November 7, 2013, the day after Silk Road 2.0 was publicly launched. The transactional records reflect that, since that date, BENTHALL has received a total of approximately 575.58 Bitcoins into the account through on or about October 28, 2014, and that BENTHALL has exchanged approximately 543.63 of those Bitcoins for United States currency, totaling $273,626.60"
"c. I have reviewed emails from Benthall Email Account-1 reflecting that BENTHALL purchased a luxury vehicle with Bitcoins in late January 2014 - approximately one month after Defcon assumed control of Silk Road 2.0. Specifically, email correspondence indicates that, in or about late January 2014, BENTHALL made a down payment of approximately $70,000 in Bitcoins towards the purchase of a Tesla Model S, worth approximately $127,000 in United States currency."
"b. Records provided by Exchanger-1 regarding Bitcoin Account-1 indicate that on the same date, BENTHALL logged into Bitcoin Account-1, using the identical combination of software: Google Chrome web browser version 35.0-1910.3 and the Apple OS X operating system, version 10.9.0.
"c. According to publicly available information, on or about April 6, 2014, Google Chrome version 35 O.1910.3 was a beta version of the browser,L2 and Apple OS X version 10.9.0 was outdated.B Thus, based on my training and experience, this particular combination of software versions would not have been common among Internet users at the time. The information available to the HSI-UC indicates that Defcon was not using Tor to access the customer support interface at the time, which would have caused Defcon’s browser and operating system to appear differently."
That's pretty f*ing retarded of him.
No, I mean, what an idiot of epic proportions.
Or he is just a fall guy.
This is such a huge WTF to me. I mean, I can rent a server with Bitcoins completely anonymously right this moment from many providers.
I've been renting dirt-cheap VPSs recently and had zero problems with them.
It's interesting because this is a retweet yet it's still mentioned as a "post on [his] Twitter profile". I guess that's true, but shouldn't it be mentioned as a retweet in official court documents?
Way to lay low.
Good luck in taking that down.
Odd all around, like he wasn't at all prepared for this to end up here.
There was a story a while ago about someone buying a Tesla with Bitcoins, but it ended up being incorrect. The Bitcoins were exchanged for US Dollars which were then used to buy the car: http://www.cnbc.com/id/101258152
Hello browser fingerprinting, not a theoretical concern anymore I guess.
That whole "correlation is not causation" maxim comes to mind here.
That's what a jury is for.
A common theme (from what I can tell in law) is that something can never be proven to the rigor of a mathematician, so what happens is you build up piles of "coincidences" until a reasonable person would be hard-pressed to believe they are only coincidence.
None of the items taken by themselves are enough to convict (e.g., other people would be tweeting about Silkroad 2 at the same time), but you add it all together (server in his name, piles of unexplained cash and large purchases, tweeting about it, accessing the servers from his machine, etc., etc.) and it starts to look really bad.
Plus he's also confessed, apparently.
So I assume this means they were able to infiltrate the community and there was possibly no unauthorized break necessary on the actual technology stack. It does lead one to question how they drew the final line between Benthall and his online persona, unless the undercover agent was also given access to financial information or other personally identifiable info. Maybe they even placed a malicious program on the server to target Benthall after they had control of a support backend. Interesting to see if that is all that comes out....
They used the same tactics on gangs, mobs, etc. Now
violent crime is slowing, but they have hoardes of
agents trained in these protocols, so they're
redirecting energy into catching so called "cybercriminals."
A bunch of people who infiltrated the mob are now infitrating
groups of nerds in basements. It's frustratingly hilarious.
By the way: If the FBI is so successful using traditional
police tactics to infiltrate "cybercrime syndicates," why
do they need a "front door" to our devices?
Why? Generally speaking, crime is crime, whether or not you wear a trenchcoat & fedora.
There is perhaps some humor in operatives who went up against the mob now going after small fish which must seem like easy pickings to them, but it's the "frustrating" part that I don't follow.
Just like the old-fashioned police work they did here which you mentioned, the FBI in the past has been able to use warrants to obtain unilateral access to safe deposit boxes, drill open personal safes stored at home, search through a person's desks, closets, bedrooms, etc. for particular items, and more.
That is the level of access FBI Director Comey is saying that they need (the ability to enforce warrants for the same types of searches required for "papers and effects") for the same reasons that the FBI has needed such access for investigations in the past.
He isn't asking for the ability to conduct passive or mass surveillance, or even the ability for FBI to unilaterally enforce a warrant. He's asking for the ability of the device manufacturer themselves to be able to comply with a warrant if one is offered up. The cryptographic technology necessary to do so already exists, in a way that would limit access to the manufacturer, so that's not the issue.
This is a genuine question: Does it really? Everything I've read on the topic has shown that that's not really the case, at least not without implementing it in such a way that it has some rather serious human weaknesses anyway. However, I'm rather ignorant on the topic, so I'm genuinely curious.
Even easier might be to have the device itself store an encrypted version of the data storage key, encrypted to a PKI private key that only the manufacturer controls (i.e. leave a GPG-encrypted file accessible in an unencrypted partition that unlocks the rest of the storage). Since we're assuming that skilled hackers will forcibly encrypt sensitive data anyways by jailbreaking if needed, it's not that much of an additional stretch to leave the key on the device itself, and FBI can still get warrants served on the 99.9% of accused criminals who can't be arsed to figure out that their iPhone can be unlocked.
I'm not even close to a crypto expert either, someone with deep insight into the crypto literature (I hear NSA has a few of those...) could undoubtedly point to more applicable research that would be useful here.
I'm a little skeptical of this whole shtick that online criminals are just "nerds in basements." A nerd can do a lot more damage to your life with a computer than your average petty criminal.
While the drug trade can cause people to become victims (just as the legal trade in alcohol or cigarettes or many other commodities), such victimhood is incidental to the production and consumption of the illicit good rather than inherent to it. I think this distinction between what sorts of contraband could be traded on Silk Road (even if it was not adhered to in practice) is a big part of why many people were/are sympathetic towards Silk Road.
Which isn't to say they're allergic to profit, but since its closer to an open-market they can no longer rely on being the only game in town. Testimony from buyers on the dark markets shows that some dealers even include free drugs, which is completely unheard of.
If the cocaine cowboys of the 70s and 80s were the first wave and the crack kingpins of the 90s were the second wave, then the cyber vendors are the third wave drug dealers.
I think we've learned from the Dread Pirate Roberts case that what FBI says they did to catch these guys is a lie. They caught them some other way - either in an illegal way or through some method they intend to use in the future and don't want to disclose now. Either way, chances are it didn't happen the way they say it did.
Seriously, if you were running a Tor marketplace and one of your competitors goes down, it is a perfect cover for running away with everyone's bitcoins and disappearing.
Tbh tho, I wouldn't be surprised if you setup an Iranian site that you weren't accused of "funding terrorist operations" and the trial gets replaced with a US drone strike.
Point taken, though.
As in, you live somewhere else out of reach of the Iranian and US justice systems. But you host the site in Iran.
The point is where isn't important. Given a large enough market, the US would do whatever was needed to catch you. :P
So it's unlikely to be a false flag.
They were compromised from day 1, before the 2.0 site had even launched. I wonder how they managed to be a trusted admin so quickly?
If you mean the operators' physical locations, sure, that could help.
If you mean servers, the FBI complaint claims that SR 2.0 server was hosted in a foreign country.
> "In or about May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. 
In the end, your allies offshore may only be as loyal as the force they're willing to ignore. And your friends may only be as trustworthy as the information you choose to share with them.
Edit: Link to that poker takedown news http://www.covers.com/articles/articles.aspx?theArt=234980
If you run a single-server hidden service, the NSA can track it (unless you think otherwise - tried to initiate discussion here).
Once they track it, they will get your hosting provider to cooperate and before you know it, your server has been imaged and that irrevocable .onion private key is in the authorities' hands. The most you'll see from your end was some downtime, which a cooperative host (an assumption here, granted) would cover up for the FBI (status update: rack/sector/DC failure at XXX).
They can now impersonate your server, MitM you, the works. After that, in order to move, you have to literally move to another onion address.
What you're saying makes sense if there is anyone who habitually rotates servers as a matter of OPSEC, but that sounds like an invitation for disaster.
AFAICT the name of the game isn't whack-a-mole, because when the NSA sees the mole, it will whack it.
It's "bury the mole in the moleyard" - multiple mirrors so as to make locating the actual service very unlikely.
For offline analysis and to be used as evidence, presumably.
> Did SR2 not use full disc encryption using LUKS? (...) longest private key ever
So the process for you would be slightly different: There would be a "power outage" in your rack, your encrypted disk would be imaged and (unencrypted) bootloader would be bugged.
Then they'd wait for you to see that your server had some issues, upon which time you'd have two choices:
-enter your private key to resume the service.
-abandon the server.
The correct choice would be (2), but you don't have enough information to make that call.
I'd compare the bootloader to a known good image as an early boot step and if it isn't what you expect immediately start destroying data. :-)
Here's how I would do it:
- I assume that your hard drives are in RAID. I gamble that they're in RAID 1 - most typical - and strip one out while the server is still running. Some kernel messages are logged, whatever.
- I start imaging the disk. If it isn't a mirror of the other after all, I strip the remaining drive(s) out and start imaging them too.
- While the disk(s) is/are transferring, I patch both your boot loader and your kernel with a rootkit. This should be laughably easy for the level of adversary we're talking about.
- When the disk(s) are done, I power cycle your server. I may cold-boot your RAM and get the passphrases there if i'm lucky. The downtime was either seconds (if it kept going with one RAID 1 disk) or <however long the imaging takes>.
- When you realise your service is down you may contact customer support. In that case they will respond (with their usual timing) about something-something-blown-fuse-UPS in your rack.
- When you log onto your server, you will most likely be faced with the passphrase input and most likely will go for it, but even if you don't...
> I'd compare the bootloader to a known good image as an early boot step
If you do so after you've given away the passphrase, you've lost already. Destroying the data won't help, as they have the encrypted copy of it and you just gave them the key.
I don't think you could detect a good boot/OS rootkit remotely at all. One would cover for the other. You can't unplug the disk and examine it. You can't plug a read-only drive in and boot some forensic tool. All you have is your lying bootloader and your lying OS. Your encrypted partition doesn't protect the integrity of the binaries there either, as after it's been decrypted, the rootkit would happily intercept any values that would give it away.
I'm not sure how you could ensure hardware security without ensuring physical security. Usually, physical access == pwned. Maybe TPM changes/will change that, but I somehow doubt it. Some other routes not covered here (probably easier, heh): Getting host to decrypt your TLS/KVM session where you typed the passphrase in the first place, malware in firmware on misc devices, etc.
Well, you won't be getting the kernel, its on the drives. It would have to be in a separate partition so you can start it before mounting the sensitive filesystems, and you may have a key that the bootloader uses on it, but in either case if you are not present and a sever goes offline you basically have to do the following:
Verify the ROMs integrity in that first stage - before you put in the key for your actually sensitive data. That means you need open firmware or some mechanism to hash the ROM that is installed, you need to have a means to read it in its entirety, and then you need to hash it.
I say open firmware because you need to be able to guarantee the FBI couldn't embed a backdoor firmware. If you can get open spec / openfirmware mainboards and verify their authenticity only then can you be safe.
Then you verify the kernel, which is much easier because you can compile it yourself, maybe even pad it with some random and scramble the ELF tables in some custom orientation.
And then you need to worry about how you input the key - if its by USB, you can backdoor the USB and network controllers and keylog in hardware depending on the vendor and model of the mainboard. Over the network, just the NIC is in question, because any secret sharing over ethernet better be over a secure connection.
But that should be it. It is a fine line at best, and a bottomless pit at worse, but there are ways to try to be hardware secure.
Does such a mechanism exist? If you can do this from BIOS, why is it safe to assume that the same can't be done for the dump-bios-image routine? AFAIK the BIOS handles this in real-mode  (overrides the OS), and "returns" the image by copying it somewhere in low memory. So, you're trusting the BIOS that it's copied the right data out for you. (goodguybios)
> I say open firmware because you need to be able to guarantee the FBI couldn't embed a backdoor firmware.
This reminds me of this NSA RAID controller rootkit for Dell Poweredge Servers . Nuts. Every closed firmware on your servers is a potential hiding place to someone with (soldering-iron-to-the-motherboard) physical access.
In our Dread Pirate use case, you don't even have to think that far as you can't ensure your own BIOS. Who are you going to buy TPM servers  from, when you're defending against the FBI? Intel? HP?
The Rootkit wikipedia page is alarming, to say the least. 
 A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers http://phrack.org/issues/66/11.html#article
 http://en.wikipedia.org/wiki/Rootkit#Bootkits ("Bootkits??")
This is the whackamole I was talking about. The time between when they identify the server and getting the provider to comply is enough in certain countries to set up an alternative location. Hosting companies aren't gonna want to play this game forever, ESPECIALLY if they're getting good money out of it.
Use Docker to wrap up the front-end and make it easy and portable. You can then spin up a new iteration of the site on a new VPS in a matter of moments. It can download the DB entries from that blockchain, decrypt, and then keep the DB in memcache/redis. To speed things up, you can also do daily encrypted DB dumps to a DHT address and write the DHT address into the blockchain to bootstrap the service restart.
Once the DB is bootstrapped and caught up, the site can register itself on the Onion network and since it'll be the newest entry, traffic will start ending up at the new site pretty quickly.
Such a system could be automated pretty quickly where a person could register VPS's at Linode, Digital Ocean, AWS, etc. Then write some kind of encrypted config file into a blockchain so the site software would pull down the config and make the transition to the new provider automatically. Could be an automated daily move and by using a blockchain as an intermediary for communications it prevents worries about making mistakes with accidentally leaking IP addresses at each new service provider.
Oh I wish that was true but we are in our fourth? decade of the War on Drugs, Authorities don't care, they just hire more people at tax payer expense.
War on a Noun.
What a weird tone...
The usual stuff you expect out of an upstanding agent of democracy.
When they threaten citizens with arrest and a trial, yes. "Demonstrable foolishness" is not a get out of jail free card.*
*IANAL, but i'm pretty sure.
I have no problem with assurance that the law will be faithfully executed. This isn't that. This is inflicting fear to suppress people you disagree with. If only we had a buzzword for that.
Or more simply put, exceptional circumstances have now become a rule rather than an exception.
I was commenting more on the general tone of US agencies, since the PATRIOT ACT, and their contradictions of what is breaking the law when it applies to them vs. whomever they are investigating.
You can argue they shouldn't have such authorities, but when the law explicitly gives them authority it's foolish to then claim they're breaking the law when using those same authorities.
The premise of sites like Silk Road is that they exist entirely beyond the reach of the law - and the government is, understandably, refuting this premise.
The government disagreed with black markets, and they will enforce their will by shutting it down.
If not the DEA or the FBI, then the IRS will.
Apparently running a social media website where you don't sell drugs but other people do is also illegal.
He committed the equivalent of putting up a bulletin board where drug dealers would pin instructions on how to buy from them.
Just a few years ago the President of INTERPOL was convicted of taking bribes from a drug dealer.
There's a much higher beneficial payoff that can come from arresting bankers (like Iceland did), and at much less effort, than trying to make sure anonymous people don't put silly substances in their mouths.
So yes, attempting to close down darknets is a shining example of our government's corruption, today, with everything that is happening with the economy, courtesy of the bankers.
"Give me the control of the credit of a nation, and I care not who makes the laws." -- Mayer Amschel Rothschild
Disclaimer: I do not believe in a Rothschild conspiracy. I believe in real conspiracies like the Libor scandal.
Law enforcement absolutely includes an element of making examples, and deterring crime. That is one of the major purposes why organizations like the FBI exist. Not quite sure what this has to do with democracy.
Arguably anonymous sites can harbor truly dangerous crimes like murder for hire, pedophiles, and terrorists. However, they can also protect political activists and whistle blowers. So while this isn't necessarily a cut and dry issue, it is much more complex than just saying these are black market sites so who cares.
Sure, most people don't operate black market sites. But the problem is that if the government is able to use technology to have near-perfect knowledge of what everyone is up to then bad things happen when you get a bad person in charge of the government. Possible case in point just happened:
The bottom line is that there should be a way for people to be anonymous behind their keyboard. That's what prevents people from dying for expressing opinions that are counter to the government. Just picture a radical Prolife president who feels justified in murdering people who advocate for Prochoice policies. Don't focus on the one example - there are all kinds of bad things that a bad person in power could do. Enforcing laws is not a justification for absolute power.
And? How is this possibly a problem? Is it really an attack on potential legitimate uses of anonymity? Is it really useful to conjure up a murderous prolife president?
To all of those the answers is of course no.
It is very sad that you believe that... Sad indeed.
>>Not quite sure what this has to do with democracy.
It has everything to do with "democracy" which is mob rule, the FBI is the attack dog of the mob (aka the people) which has deemed running an unapproved website results in a life time of sadistic treatment in a human filled zoo where humans are locked in a small cages and emotionally tortured, we call them "prisons"
This  discusses passive analysis over time.
Isn't it really easy to locate one if you can perform active attacks on the global infrastructure? (introduce latencies and/or break links temporarily)
If your hidden service is served by a couple of mirrors on each continent, though... then maybe you're safe?
edit: This is a genuine question, not a rhetorical one. Am I missing something?
Seems like it wouldn't even take too long if you apply the same type of logic that makes binary search O(log n), even with mirrored servers. And as long as you don't need perfection (i.e. just to narrow to a list of candidates for further inspection) then mixing that with Bayesian statistics would probably work wonders too.
In light of those noises, my non-rhetorical question is this: Why would any Ulbright wannabe reside within the US DoJ's sphere of influence? Get thee to Russia, and quickly! And while you're at it, keep your hardware in some third, fourth, and fifth locations, neither American nor Slavic.
100% agree with this. I imagine it is mostly that people never think they'll get caught - or they view the risk of getting caught as much lower than the benefit of not moving, in any case.
Edit 1: To add: I think "people" also underestimate just how easy it is to get caught.
Getting caught doesn't mean you're stupid, or inexperienced, or anything except that you slipped once.
You forgot the proxy, once. You sent your personal pubkey your rather your darknet pubkey, once.
It takes next to nothing at all to get caught.
I'd go to Abu Dabi or Dubai and just be prepared to bribe the fuck out of local police.
I haven't checked the status of the project in a long time, but one of freenet's features was distributed hosting, with encryption making sure that nodes could not inspect their own content.
I don't think you can do a lot more than disseminate documents that way though, rather than actually useful sites...
Security by obscurity always fails - especially against the FBI. Given that Tor is essentially an obscuring mechanism for servers that have to function to some degree on the clearnet, if the FBI really wants to find a hidden service there are apparently many points of failure to exploit.
However, given that Ulbricht and now Benthall both had poor OpSec, criminals on the internet have as a last resort the ability to have no identifying information on their servers, even if their servers get owned.
Based on the info and understanding I currently have, the only information that can be used to track a hidden service is, basically, uptime* . If you own a significant percentage of both the network (Tor), and its carrier (Internet), you can start introducing latencies at will to exclude routes. That will basically allow you to find the IP by elimination.
As a passive adversary, you have to do the above passively - meaning loads of accurate uptime/time data for the hidden service, which you'd then have to correlate with known outages in various sections of the internet, yada yada. Passively it could take forever.
Security by obscurity is when the process being kept secret is the duct tape making it "secure" (think XORing against a fixed key and calling it "encryption"). This clearly not the case here, but rather that the protocol cannot protect a single server hidden service on an adversarial carrier network.
I can't imagine a HS with mirrors in 10-20 different DCs would be susceptible even with active capabilities.
> have to function to some degree on the clearnet
How so? They certainly don't have to, and AFAIK "marketplaces" don't.
* I'm obviously not counting leaking the native IP through the app layer, which is what the FBI claims happened with "Silk Road 1.0" (yes, I think this is what it's called now. Who got dibs on the silk road 2.0 name, and how?)
If not eliminate to just one IP, at least eliminate to few enough that you can DDoS them and see what happens to the HS.
It also mentions that most of the accounts (Bitcoin wallet and other) that he used were all under his real name.
People have never signed up for services with the wrong email address, I have never gotten confirmation emails for things I did not sign up for... no no that has never happened...
It would make a lot of sense for the Federal government to have a single agency that investigates all computer-related crimes, but since that would make sense it will never happen. Instead each agency (FBI, US Secret Service, ICE, etc.) will investigate computer-related crimes that tie into their bailiwick, likely cooperating for cases that cross jurisdictional boundaries like this case did.
Interests include Bitcoin.
Rocket Scientist at SpaceX? I think his career might be put on hold for a while.
All the pieces are in place for a true p2p marketplace. It
doesn't exist yet, but it will soon.
EDIT: I should read about OpenBazaar.
Of course they will still go after the large sellers and such using traditional investigative techniques.
Good to know he managed to tone down that concern in time for him to drop cold hard cash on a Tesla once the dough from SR2 started rolling in.
An international day of action to disrupt global activity on the Darknet and remove certain websites and forums is to conclude within the next 24 hours under the FBI/Europol operation codenamed "Onymous".
I assumed that it would be distributed in some sort of way that prevented this sort of thing from happening? Or does transferring ownership require the owner's credentials to be compromized?
The .onion address is iirc a hash of the public key.
Then you set up networking in a way that the only thing aside from absolute required services running on srv0 is your tor gateway, and no traffic from eth1 may pass through to eth0.
On srv1 you set up the usual services, e.g. mysql, lighttpd and whatever you need hosted.
Ideally, you keep srv0 and srv1 in different datacenters, if not even different countries.
Preferably one that likes to stick the finger to U.S. and extradition requests. Bring along some extra bitcoins for the local police though.
I wonder how is it "Homeland Security". Looks like this confirms "Homeland Security" is completely coopted into War on Drugs. Not that after this: https://www.eff.org/deeplinks/2014/10/peekaboo-i-see-you-gov... there was any doubt, but basically every time they talk about doing something to fight terrorism, it's probably means drug enforcement.
So theres no gain for them, as they can't get to whoever is selling/buying. They would just be facilitating the sales.
The text has been copy-pasted in this comment . The source is from item 28a on page 13 of the complaint.
Ok, that's enough fearmongering paranoia for me today. See
you tomorrow hacker news! :)
The government doesn't have to make these disappear. They just have to increase the perceived risk and decrease their effectiveness until they're no better than buying on well-known corners or getting the phone number of that one friend's friend's friend.
That's mainly because drug practical prohibition activity is about suppression, not elimination. But I think it's worth noting that cops get paid to fight crime, not defeat it. As a general rule, I expect long-lived organizations to act in ways that self-sustain.
Wire fraud? If it's the sale of something illegal I don't think that suddenly makes it wire fraud. Further, he's not charged with that. The sale is still completed. It's an illegal sale, but not fraud. Fraud would be if someone said they were going to sell you cocaine and instead shipped you powdered sugar.
Thus it's conspiracy if you are party to an agreement which involves you receiving a bitcoin commission (legal end) as a result of the trafficking of drugs (illegal action.)
If they're charging wire fraud, I think that may be part two of the complaint, "Conspiracy to Commit and Aid and Abet Computer Hacking." Probably people were using the site to sell hacking services or hacking tools which could be used to defraud people.
It's hard to miss all the ads for drugs on SR2.0, so it would be very easy to prove that charge at the very least. And as we've seen in the past, Federal prosecutors tend to be very inventive, and the law tends to be rather expansive for these types of things, it wouldn't surprise me at all if there are other charges that would be possible.
> if you know (or reasonably should know) that a crime is
> being committed and then don't report it, now you're an
> accomplice to the crime.
I'd like to know what the relevant laws are (if any) in Ohio and New York.
But for the average joe walking down the street and witnessing a crime there is usually no obligation to report that and they don't magically become accomplice. Most state laws in the U.S. don't impose duties like that (or even duties to help others) on its citizens.
Now, if your property is being used to commit a crime and you don't report it there might be different implications. And if you don't report it then you are going to have a difficult time proving you were involved. Guilt by association type scenario and the jury is going to likely believe you were involved. But this is not the same as becoming an accomplice because you didn't report the crime.
Just in case you didn't know:
Conspiracy law usually does not require proof of specific intent by the defendants to injure any specific person to establish an illegal agreement. Instead, usually the law requires only that the conspirators have agreed to engage in a certain illegal act.
Clearly, there was an agreement set forth. The owner of SR2.0 took money in exchange for people selling their goods and services on his site. If the site had some kind of terms of the agreement, which sellers had to ok, then he's screwed.
>> Wire fraud?
The essential element to be proved is that the person knowingly and willfully devised or intended to devise a scheme to defraud; and that the use of the interstate wire communications facilities was closely related to the scheme because the person either wired something or caused it to be wired in interstate commerce in an attempt to execute or carry out the scheme.
This means he knew what he was doing was illegal and the use of the internet to essentially launder his money is what they're going after. Not the sale of the narcotics, but the transfer of money for ill gotten gains, which defrauded the US Government of tax revenue.
IANAL but I am well read. If I understand correctly, conspiracy requires an intent to break the law. If you do something with the knowledge that someone might be breaking the law but you have no specific knowledge, it's going to be very difficult to make a case for conspiracy.
Facilitation is pretty much a given.
That's not correct. The conscious avoidance doctrine basically says that you aren't allowed to be an ostrich: deliberately taking steps to shield yourself from knowing about a crime leaves you as liable as having knowledge of the crime.
Additionally, you don't need to know a specific act: just knowing that the site was designed to facilitate drug transactions is enough. This would be easy to prove. Check the code - if Benthall created the categories, which included drugs, he's entered into the conspiracy.
I know that's a stretch, but hell, we're legalizing drugs all across our own country as we speak. In another election cycle or two the feds might well be fighting the states in every state.
I've pinged an old friend who is an AUSA for some legal clarification if the transaction was strictly legal in the jurisdiction, but I'm pretty sure that's the case.
2) I have never drank or taken drugs, but I respect the choice and liberty of another person to do so, whether that be the invasive and deadly alcoholic beverage or the noxious cancer causing cigarette, or even the cannabis that retarded pot-heads smoke.
3) Its a shame the governments, christians, jews, muslims, swahilis and everyone else can't do the same.
4) Thinking about it - having the drug trade on the internet, kept it out of the street. No kids were used to distribute it across schools. No one got robbed or beaten. No one got shot. That's more than you can say for the 'war on drugs' and it's fallout. How many trillions have been spent, and how many people have died because of it? How many non-violent potheads clog the prisons?
*There are more people incarcerated in America, the home of the free, than there are in any other country in the world, apart from Seychiles... because the prison system has been privatized and again - people figured out how to make money by taking away the liberties of Americans.
5) The drug trade had been around for a thousand years and it was never a problem until the FBI, CIA and various interested parties realized they could make money off of it.