An Outsiders (kind of) Perspective

First, a little background info on why my opinion might possibly be slightly valid: While I have never bought or purchased anything on the darknet markets I have always been interested in privacy/digital security and the darknet by association. Since stumbling onto the Crypto-Anarchist Manifesto in middle school I have spent countless hours researching privacy, encryption, etc. I fully believe that freedom, anonymity, and online opsec are intrinsically linked, and if we are to remain free people (or become free people in many nations) we need true anonymity and freedom from snooping corporations and nation states online. After SR1 was taken down I became very interested in DNM opsec as I believe you guys are the front line fighters in the war of internet freedom.

/end ideological rant

Disclaimer: All of this is my opinion. I may be completely right or wrong, and if I am right about some things I may be wrong about others. Bottom line: no one really knows anything for a fact when it comes to the recent takedowns.

I believe that Hansa's servers were compromised independently from Alpha Bay. While the operations became tied together I do think LE had a little bit of luck in their timing. Hansa's servers were discovered and the site honeypotted. All data was compromised and autopgp broken. AB, on the otherhand, was not compromised in itself. It's admin was doxxed by police and the location of servers discovered through poor OpSec on Caze's part. I do believe that the e-mail in the early days of AB that had his clearnet address was real. You guys may argue that "it can't be because why'd it take two years!?!?! Why doesn't anyone have a copy?!?!" No one has a copy because it was only sent to a few users before the mistake was realized/method of communication by Admin changed. This is also why it took the cops so long to stumble upon it. There are countless examples of criminal cases being solved after long periods of dead ends by some cop finding a crucial piece of (what appears obvious in hindsight) evidence by chance.

From what I have seen no vendors were doxxed based purely on the AB bust. Those who were seem to have all been operating on Hansa as well. An argument in favor of AB not being compromised (merely shutdown): if the police compromised it as they did Hansa they would have made it a honeypot also. Why go to the trouble of herding users to Hansa (and potentially missing thoughs who were cautious and refused to migrate) when it would have been much more effective to just make AB a honeypot. They didn't have the capability to make AB a honeypot. This said I do believe that when vendors moved to Hansa (or vendors who already had accounts on both) their AB accounts were compromised, and the cops now have access to them.

I would also like to mention here that I do not believe Dream is in itself compromised (yet). The compromised vendors on there all seem to have either A: used the same/very similar login info as on Hansa or B: were arrested due to Hansa and gave up their Dream account info/had login info written or in unsecured cleartext when arrested. I believe that the Dutch Police stuck their pgp key up there as a way of gloating because the vendors who were busted will soon be going to court, and we will all soon know from court records who was busted anyway. They milked it for a month. That's plenty of time for them to get all the evidence they need for dozens of major busts. They also most likely were unable to get the vendors PGP keys so they just put theirs up knowing that many people would make orders without ever checking the key. 10 people accidentally using the cops pgp key is better than 100 using the pgp of an account they don't have the key of.

Lastly: TOR is not compromised. Tails is definitely not compromised. "But teh gvernments maked it!!11!!". This is true. US Naval Intelligence played a major role in the development of TOR. But let us look at why they made it: they wished to have a highly secure way of communicating with spies and souls living under highly oppressive governments. If they had put in a back door their adversaries would have found it. Russia would have. China would have. The fucking NorKs would have even stumbled onto it between rounds of international meth dealing through their embassy program. Naval Intelligence is not the FBI or the DEA. Catching drug dealers is not their job. To them drug users using TOR to freely sell their wares is a small price to pay for the Navy to have a highly secure network of communication. The quote "not my circus, not my monkeys" applies well here. Were they to backdoor TOR in order to bust what to Naval Intelligence are non issue targets would defeat the entire purpose of their massively expensive and (in terms of intelligence gathering) massively lucrative project. Another reason I believe TOR is safe is because it has been in the hands of privacy oriented, publicly audited, open source folks who are entirely transparent in their operating of the projects.

While TOR has its weaknesses (mainly in the use of it within easily compromise-able OS' such as Windows) I think that in itself and especially coupled with a Linux Distro (with TAILS being the penultimate version) it is entirely secure. OpSec is key. Ima let me finish but I gotta repeat that: OPSEC IS KEY!

These are my thoughts. Thanks for taking the time to read them, and I look forward to CIVIL discussion with you all. I would also like to take a minute to give a shoutout to /u/wombat2combat and to /u/Theeconomist1. You guys have done an awesome job keeping people updated, giving great advice on hardening OpSec, and trying to keep this ship afloat in stormy seas (even though you are a dirty fucking fed econ).


Comments


[38 Points] MT_Merchant_Mangler:

I believe you guys are the front line fighters in the war of internet freedom.

Most of us just wanted to get high and not get v&


[11 Points] None:

[deleted]


[6 Points] None:

Anything can happen on the Darknet you can get ass raped or beat up by Russian mobsters for typing at them funny. I'd recommend just buying drugs though.


[7 Points] Lucid_Enemy:

Actually I remember an email I'd have to dig it up in one of my sigant mail boxes but i do remember it.... not fud when i get back to a safe place I'll message the mods


[5 Points] itsalaughinggas:

I appreciate your perspective, and also feel the same way, the more people who use Tor for drugs/fraud/etc, the better the spies abroad blend in w/ the traffic. Take away the drugs/fraud/etc guys and all you have are spies using Tor...sticks out like a sore thumb without us, the "noise"


[3 Points] tossinsaladsallday:

this was a good read. thanks for posting op. /thumbsup


[3 Points] Immaloner:

Very nice write-up!


[3 Points] xxctstorey97xx:

You say tails is the penultimate Linux distro, what do you recommend is better than using tails?


[2 Points] lamoustache:

RE that Alpha02 email address I would be more inclined to believe it was provided to LE by "someone" that had been aware of it for a while.

My understanding is it had only been displayed in a header, when resetting a forum password account, for a short period of time in late December 2014, however, LE only learned about the personal email address of CAZES in December 2016. The wording in the complain doesn't let much doubt that they didn't find that themselves.


[1 Points] None:

[removed]


[1 Points] shaggingandjagging:

just a quick question, if tails is the penultimate in security what do you consider the ultimate? peace


[1 Points] InsanityDRM:

Just to be clear they most likely do have the AB data. The only way they can redirect the onion address to a seizure notice is by having access to the domains private key, which would of been stored on the AB server, so the fact they have managed to redirect the domain shows they eventually accessed the server & its contents.


[0 Points] AutoModerator:

/u/wombat2combat - You have been summoned in this thread by /u/Pylyp23.

This convenience is brought to you by AutoMod. Submissions do not automatically summon users like comments do. AutoMod is trying to be helpful.

For others, it should no longer be necessary to summon the referenced user in a comment any more. AutoMod has done the heavy lifting for you. You're welcome. Bow before me.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[-1 Points] None:

[deleted]