How are all markets not automatically seized?

I mean, it's insanely easy to get onto/find out about Tor dark markets. It literally takes a few clicks, copying a link, pasting it in Tor, creating an account and then boom: drugs. My question is with how easy it is to access these markets how're they not seized by the LE almost immediately? If a website is thought to be vending malicious/illegal goods wouldn't that give them just automatic due cause to just shut it down?


Comments


[18 Points] None:

[deleted]


[12 Points] asuuhzn:

The whole point of TOR is to promote anonymous and encrypted communications. The markets are set up as TOR hidden services, which allow them to operate differently than a regular website would. All connections to and from a hidden service are encrypted, and it hides the location and IP addresses of the hidden services.

I'm not a web developer or admin so I don't know the specifics of how it works. All I know is that it is incredibly difficult for any agency to find the servers of a hidden service. It takes a well executed cyber attack, and I believe that these can even be thwarted.

With that said, powerful government agencies will find a way to take them down if they can. They have massive resources and will exploit any weakness. It takes a really good dev team to keep a market's security one step ahead of Law Enforcement.


[8 Points] ihavebigtanks:

You dont know what Tor is do you?


[4 Points] None:

[deleted]


[3 Points] Shillsandthrills:

Easy. It's all strategic and all a cash grab for the Feds. See they want to bust the markets, but unlike in real life when they bust big time dealers they don't get to seize guns and drugs on here. The best they'll get when they seize a market is two things:

  1. The guy running it
  2. Money

It's well known that SR2 had no escrow. Therefore, no money to seize. BUT, there was a huge user base there. So the Feds probably said to themselves lets take down SR2 and force users to go to the sites with escrow. Then when it balloons up enough and enough time has passed they'll bust the remainder and seize the funds.

Remember, they imaged the SR servers and they imaged the SR2 servers too. They're probably doing the same with Evo and Agora and the rest right now. They know and have a good idea how much money is available and when it's high enough to satisfy them they'll make the next seizures. And if you're sitting reading this thinking that the seizures won't happen you're a fucking fool. Backopy was considered the best in the business and he didn't even want to stick around knowing what would be coming. It's just a matter of time folks. In the drug game in real life when you're dealing big you got two choices in the long run - jail or death. These markets are no different.

Whenever the Feds are ready to move they will.


[2 Points] tex1s:

Getting the markets' URL is the easy part, finding the server's IP address and/or exploiting vulnerabilities on the server in order to take down the server can be the difficult part.

There's a number of different experimental methods in hopes to get a server to divulge it's IP address including DDOS or breaking functionality of the website. Once you have an IP address you can hopefully attempt to exploit that server without using TOR.

A normal static website that doesn't have any interactivity will not have as many vulnerabilities to exploit as one with login forms, CAPTCHAs, and other functionality and daemons run. Supposedly the original SR was located due to a bug in their CAPTCHA service.

However even servers with static websites are prone to vulnerabilities in their OS which can be exploited. For instance there was a huge exploit this year found called Shellshock which was a vulnerability found in UNIX that has existed for over 20 years. This year another big vulnerability found was POODLE which was an SSL exploit that allowed for Man-In-The-Middle attacks. It might take a while for the public sector to find these exploits and for them exploits to be reported but you can bet intelligence agencies have known about some of these for a while and use them as needed. However there's a risk vs reward for using these, the FBI isn't going to use them on just anybody since they don't want the source of the vulnerability to be found and patched.

Once the servers are found if they are located internationally the FBI requires cooperation from the country the hosting company is located in to mirror the hard drives in attempt to preserve evidence for a case if the owner is believe the be residing in the USA. This also allows the FBI to use parallel construction so they don't have to admit that they hacked the servers in order to gain their information.

Also worth noting is the FBI taking down just any server can have international ramifications, some believe Agora to be hosted in Russia. With tensions high between Russia and the US' chances are weak that Russia would cooperate with any requests to mirror servers. Hacking a system is already considered by most countries to be cyber terrorism, muchless if it's done by a foreign government organization. Sure with enough effort the FBI could probably take down a lot of these servers but there's more to it than taking down one server; they want to learn and gain as much knowledge as possible, prosecute, and like most hackers accumulate some wealth (in this case bitcoin).

But to answer your question, again with enough effort the FBI could just keep taking these servers down one by one but some are difficult to locate, there's risks with using their privately discovered exploits, potential international issues, and there's quite a bit more they can gain by waiting "silently" as these sites grow in both numbers and size.