Remember when the US gov DDOS'd the SR1 servers months before it was shut down? And the same with SR2? Remember when someone DDOS'd the AlphaBay servers before it was shut down? Notice all the DDOSing of markets now?

SR1 was DDOS attacked by the government months before market shutdown: https://arstechnica.com/information-technology/2014/11/silk-road-other-tor-darknet-sites-may-have-been-decloaked-through-ddos/

Operation Onymous / SR2 DDOS speculation: http://www.experienceproject.com/stories/Want-To-Talk-About-Privacy-And-The-Internet/5117309

What Defcon (Silk Road 2.0 admin) is truly guilty of: - registering his VPS with his eponymous email account -> it's like he wasn't even trying...

But it still doesn't explain how they located the server, and the servers of the 26 other onion sites.

Most plausible theory so far: The FBI threw money at the problem. They rented enough servers to host a ton of Tor relays, DDOS attacked the targets thus forcing the connections through the FBI-controlled nodes to unmask the real IPs.

And actual DDOS attacks from that era? https://www.dailydot.com/business/cyberwar-deep-web-silk-road-2/

The latest attacks came after weeks of heavy distributed-denial-of-service (DDoS) attacks repeatedly brought both markets to their knees, interrupting service for days at a time and costing tens or hundreds of thousands of dollars in lost revenue. Filling a void

One month after the much-discussed fall of the original Silk Road, version 2.0 was launched to great fanfare.

The attacks

Competition between the two sites was uneventful until approximately one week ago when Silk Road 2.0's ten thousand users suddenly couldn't access the site. Vendors itching for a product and junkies itching for a fix felt the pain of the outage that, for a time, went unexplained.

There is plenty of precedent for such an attack on the Deep Web. The original Silk Road suffered harsh DDoS attacks numerous times through its life. What happened next, however, had never taken place on the original website.

Dread Pirate Roberts, the new leader of Silk Road 2.0, spoke privately with his vendors, accusing TorMarket of orchestrating a week-long attack against the website. Word leaked to the public that DPR had evidence of TorMarket's involvement but it was never released.

Silk Road 2.0 wasn't the only black market being denied service. Pandora, a fledgling market attempting to carve out a niche, experienced outages as well at the beginning of December.

A few days after Silk Road was knocked out of service, TorMarket went down, and would continue to go down for days at a time--courtesy of yet another DDoS attack. This attack was fundamentally different from the one that had taken down Silk Road. Whereas Silk Road's entire server came under fire, it appears that only TorMarket's entry nodes were affected during the attack, allowing some users to access the site even as the denial persisted.

Due to the anonymous nature of the Deep Web, it's impossible to tell how the DDoS may have affected each site's security. A few theories being floated suggest that any aggressive actor--be it law enforcement or a skilled hacker--could use the attack to gain unauthorized access to black market databases.

The only thing we know for sure is that the outages have cost the Deep Web's biggest drug dealers a lot of money.

Remember when AlphaBay was being DDOS attacked before it was taken down? /r/AlphaBayMarket/comments/6lf6aq/alphabay_being_ddosd/

These were probably effort to locate the server. Now look at all the DDOS attacks on the current markets. Is it not reasonable that this current full press attack it is a government effort to locate the remaining unfound servers? Thoughts?


Comments


[60 Points] dts-NOW:

I reckon the DDOS is smoke and mirrors and targeted requests are being slipped through simultaneously. Whether or not it's law enforcement carrying out the attacks is another question, as it could just as easily be well organised cyber criminals or even a state, in an effort to gain access to crypto currency. I think the days of DDOS being used simply as a means of disruption are long gone. Will be interesting to see how everything plays out.


[43 Points] SpeedflyChris:

https://blog.torproject.org/new-tor-denial-service-attacks-and-defenses

It's referred to as a "Sniper Attack" and it's used to force the hidden service to connect through an adversary's nodes as guard nodes.

Alternatively, if the adversary controls a significant number of TOR nodes (which is extremely likely in this case) then a DDOS can be used to aid in traffic correlation, keep it up for long enough and even if you can't get the hidden service to switch to one of your guard nodes you can identify the guards it does have, at which point you call up the hosting company and monitor the traffic to that server to find the hidden service.


[16 Points] ecstasais:

Why do people still keep on bringing this SR stuff up? It's not DDoS that brought it down. It was a bug in Tor protocol which enabled them to unmask SR during DDoS. That bug was fixed a long time ago (in addition to many more in last few years).

Now, these days there's only one possible attack vector remaining, but this can actually mostly only help to unmask users, not servers. The speed throttling-speed modulation and correlation attack, which also requires the control over the hidden site. But if a hidden site is under constant flood, then from correlation standpoint it wouldn't stand out among other high bandwidth sites.


[15 Points] None:

[deleted]


[13 Points] BruceJender143:

$OON NO MORE MARKETS AND ONLY DDS OR ONION SITES 👀


[12 Points] thenorm123:

They seem to like historically significant dates too - eg. alphabay taken down on 4 July.

Today is Friday 13th.


[9 Points] None:

[deleted]


[7 Points] Derrick4Real:

remember, remember the 5th of november.

if ya dont know, brush up on your darknet history.

its that time of the year folks...button up the hatches just in case...


[4 Points] pauz43:

To all commenters: Your technical explanations/thoughts and conspiracy theories for the current market shutdowns are fascinating! No sarcasm meant -- I'm really trying to learn this shit. My question: It took several days and comments to learn what DDOS means, and many of the other terms are way over my head.

So, can y'all recommend a source(s) or additional reading for the less technically adept among us to catch up? I want to understand what you're talking about and try to sharpen my opsec skills, or at least my awareness of the damage hackers and LE can do.


[5 Points] Brookklyn:

I wouldn’t be surprised


[4 Points] None:

Reading this made me incredibly sad and shit. Lol


[1 Points] fnufnir:

Dream: 3 out of 4 mirrors working.

Don't FUD.


[1 Points] L3T:

Nope, i was using both these markets days before the take downs without remembering outages or ddos. Sure they were ddos'd many other times, but i dont remember the timing coinciding like you claim.

I am of the belief that the feds dont find a market by traffic fingerprintig (your theory). I believe they have sophisticated malware methods we will not hear about for another 10 years. The hard part is getting to the server, with the many 'bullet proof hosting' services popping up all over the place


[0 Points] poncho_escobar:

LE


[-5 Points] None:

who cares, if TR comes back great, if it doesn't move on.....after AB was down for days (like TR has been) everyone thought it was a exit scam! then AB came back up, the idiot got arrested at starbucks, and then hansa came....lets see which TR mod hangs himself this time. (that is, if its not an exit scam)