Public Announcement

Howdy,

This is not about BlackBank. I thought really long about whether I should write this or not. I decided to share it as I feel it is important for the community to know what kind of admin I am. I am not trying to build more members as BlackBank has been experiencing a growth of around 100 new members a day with veteran vendors joining as well. If anything, what I write here may actually bring critique from my new partners and the members of the community. If anything, I expect downvotes. I want everyone to know, this is strictly about me at a personal level and is neither about security nor technical expertise.

As everyone knows, there was a juncture where whyusheep made false claims to have found an exploit in BlackBank.

Whyusheep also made claims to have doxxed me and the server and was handing it to the LE. I am not a 20 year old libertarian as whyusheep has suggested. I have had around 10 years of experience in running and maintaining servers. From that experience, I KNOW that every server has an exploit and that keeping ahead of exploits is an endless race that requires constant security updates. At the end, it's all based on luck if a server was the first to have an exploit discovered before a security patch for it exists.

I take every claim seriously, even if it is FUD, because I am unwilling to take risks. I spent several days observing whyusheep in silence as well as reviewing the logs again and again, and testing meticulously for any leaks. I would not stop until I am absolutely sure that whyusheep's claims were false.

After whyusheep was unable to find any exploits or security issues with BlackBank, he decided to accuse me of being crazy.

Prior to starting BlackBank Market, I spent a week contemplating the risks and consequences of running a DNM. It is during that time I had to determine if I am willing to take these risks and what would the worst possible outcome be.

When whyusheep claimed to have the IP and was handing it to the LE, my previous concerns of the consequences flooded me.

The concept of being arrested and detained. The idea that you'll have to go through countless court hearings and being locked up in a cell without chance of bail. The look on the faces of the same family members you were trying to support, hoping that the accusations are false, and then faltering to disappointment. I don't want to put family into an endless emotional cycle of the repetitive judicial system.

Then you multiply that by the thousands of members in the database that would be compromised and experience the same horrors if their details were not encrypted. This is the responsibility that I was faced.

What would a normal admin have done?

What did whyusheep reveal? He revealed that I would rather go down with the server than to have any one member compromised. I never said I would hurt anyone. I understand LEOs are just doing their jobs and they also have family. What I can't let happen is let the servers be compromised and the identity of a member be revealed.

Every name in the database is not just a name to me; each person is an individual and has a life. Each person is here because sometimes they just want to have a little fun or need a little something to get through the day. I am someone who understands life is complicated. I don't want someone to lose their freedom, simply because their lifestyle is complicated and not understood.

This is why I take security very seriously.

Nobody dreams of becoming a drug dealer when they are 5 years old. We don't always have control of the circumstances that brought us to where we are.

"Men make their own history, but they do not make it just as they please; they do not make it under circumstances chosen by themselves, but under circumstances directly encountered, given and transmitted from the past." Karl Marx

We don't always choose what we do in life. In many cases, we are driven to where we are by our circumstances, just as how I ended up as an admin for BlackBank. There was a demand that matched my skillset, and by taking this role, I take full responsibility to be diligent in any manner possible.

If caring about people and taking the security of BlackBank seriously is crazy, then yes, maybe I am.

After this personal announcement, I will not be as publicly available as I will be putting my full concentration on maintaining the server. I have spent and will continue to spend countless hours to keep BlackBank as secure as I possibly can and will also continue to seriously take all voiced concerns of exploits or issues.

MDParity


Comments


[19 Points] None:

I fucking respect you. I will check out Blackbank and see whatsup. You're the kind of guy I want controlling a DNM. It's not easy to BS the things you just said simply cause scammers and thieves really don't even understand the concept of everyone having their own life/story, you seem very empathetic and that is something I appreciate a lot. Thank you.


[6 Points] pinkprincess1:

I really don't know what to say here.


[5 Points] kronostheconqueror:

What I see is a guy, who has many years experience working on clearnet sites and probably knows his shit pretty good. Comes down to the darknet, makes a few rookie mistakes, (things that aren't really an issue on clearnet) and has that exploited by people like whyusheep. I posted about this in another thread a few days ago. The blackbank site probably is secure ( I don't know) but the whole MO of people like whyusheep is to destroy. He can't actually hack and destroy anything so he uses psyops to do it. He makes all the users believe that things like an html server banner is like total 0-day pwnage of root. It's bullshit is what it is. Look, there are a few main html servers, and 99% of sites, clearnet or not are gonna run them. So if someone is ACTUALLY hacking, then they have their payloads and exploits and they are hitting from every angle regardless of what a banner says. Likely ignoring a banner because it is so easy to change and misdirect anyways.

Without revealing where I come from or who I am, this is the same thing that has been happening to many new sites. Little, non essential things are blown WAY out of proportion to scare away users who don't know any better. Where they are scared away to should be on everyones mind.

At any rate, I wish the best to you mdparity. You sound like a good guy. I hope you have really taken the OPSEC part of this seriously as a site going down is one thing, but a human going down is something else entirely. I don't mean your users but you. Not saying anything but really, take those extra steps even though they are inconvenient.


[4 Points] blackbankthrowy:

I had a recent security concern with blackbank that involved certain features that would help users maintain anonymity. I messaged mdparity about them. An hour later. The features had been added and everything had been taken care of. This man listens. This man cares. Blackbank is headed for a promising future with this man at the helm. It is my new market. And with multisig escrow. Its really a no brainer.


[3 Points] heroinking:

I cant imagine now much effort/time/money has probably been wasted because of that idiotic troll. Props to you though for taking it seriously, just on the outside chance he was right and your security was at risk.


[3 Points] Vendor_BBMC:

We like the cut of your jib.

WhyUSheep is an adult (probably) and responsible for his own actions.

Its a such a fine line between "helping the community to be safe" and "blackmailing little scumbag upsetting vendors who represent murderous mexican crime cartels".

A lot of server guys have a touch of Asperger's syndrome, and come across as all grandiose and humorless like Usheep. Their intentions are neither good nor bad, they just do their Rain Man-style idiot savant thing if unsupervised by their carer, whether its card-counting, doing SQL injections, or taking credit for every other pest on the darknet. We see them time and time again in their black T-shirts getting extradited to the US and using their autism to avoid jail, all because their mom didn't know what they were doing on their computer.

From his writing style, you get the feeling that WhyUSheep is a few driver updates short of a service pack. If not, he should have a little think.

Just because you can do something, it doesn't mean that you should. Have a look on Narco Mundo.


[3 Points] None:

OP you certainly have a nice way with words and know what the crowd wants to hear.

unfortunately you don't sound very eloquent,charming or professional when you're under pressure.

it doesn't matter in this context if whyusheeps claims were right or wrong although i think it is worse if they were wrong. imagine your breakdown to a real threat if false clames already shook you up that much. you reacted very poorly and it will take more than a nicely worded public announcement to get me to trust you and your market.

the whole john/linkedin (and all the accounts which also use the mdparity handle) thing makes it even worse. even if it isn't your real name (which i believe) it is a stupid and pointless idea and even dangerous to your opsec.

i wouldn't reccomend using black bank to anyone.

that been said:you seem like a nice guy and i wish you all the best, but you are not the type of man it needs to run a biz like that


[2 Points] DuckDuckTNT:

I like my DNM admins like I like my women. To be seen and not heard.

Seriously though, these super out there public admins are getting a little much. I don't care about you personally. Nor do I want to. Speak to keep me updated on the site. Backopy style.


[1 Points] Mrshrooms420:

I thought sheep was talking about Agora. I'll have to check out BlackBank tomorrow


[0 Points] None:

[deleted]


[-1 Points] RosyPalm:

You aren't cut out for a life of crime John.

If whyusheep fucked your head up that bad with that piddly shit, you will not survive. Give it up.