Silk Road forums

Discussion => Security => Topic started by: medicineman684 on October 06, 2013, 02:53 pm

Title: What Shitty VPN was DPR Using?
Post by: medicineman684 on October 06, 2013, 02:53 pm
So I read that DPR was using a VPN to access stuff....the FBI squeezed the VPN to give over records. I'm curious as to why any VPN would even keep logs if they gave a shit about their customers. Most of all I'm wondering which VPN it was so I can avoid them.

mm
Title: Re: What Shitty VPN was DPR Using?
Post by: Austrian on October 06, 2013, 03:30 pm
one he hosted himself
Title: Re: What Shitty VPN was DPR Using?
Post by: medicineman684 on October 06, 2013, 04:14 pm
That doesn't make sense...the news story says that the vpn was forced to give up their logs......
Title: Re: What Shitty VPN was DPR Using?
Post by: railroadbill on October 06, 2013, 04:20 pm
Probably one of many hosts that has given up their logs on him. If he had only hosted in countries without MLATs with the US then the servers at least wouldnt have been compromised.
Title: Re: What Shitty VPN was DPR Using?
Post by: Austrian on October 06, 2013, 04:23 pm
the host* was forced to give up logs everything was wiped except the last login which was from 500metres away from his place.
Title: Re: What Shitty VPN was DPR Using?
Post by: flwrchlds9 on October 07, 2013, 11:36 pm
yes by the limited information given most probable that he was renting a VPS and setup his own VPN on it. The media does not report correct things.
Title: Re: What Shitty VPN was DPR Using?
Post by: sourman on October 08, 2013, 03:28 am
All VPNs keep logs of some sort, and even if they didn't, LE can simply tap the VPN's bandwidth provider and watch as you connect to it live.

The real question should be why the fuck did DPR use a VPN, and oh fuck it. Just thinking about this gives me a headache.
Title: Re: What Shitty VPN was DPR Using?
Post by: Nightcrawler on October 08, 2013, 12:24 pm
So I read that DPR was using a VPN to access stuff....the FBI squeezed the VPN to give over records. I'm curious as to why any VPN would even keep logs if they gave a shit about their customers. Most of all I'm wondering which VPN it was so I can avoid them.

mm

It's not so much that they don't give a shit about their customers, it's that they don't want to go to jail for their customers. Do you honestly think that ANY VPN provider is going to go to jail for a customer?  Get real!

VPNs provide, at best, a one-hop proxy. At the Hack in the Box 2012 conference, a hacker named The Grugq gave a talk on operational security, wherein he discussed VPNs. It's on Youtube, you might want to look it up. He also made the point that no one is going to go to jail for you. His basic attitude, in a nutshell was , "Screw VPNs!"  an attitude with which I totally concur.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: What Shitty VPN was DPR Using?
Post by: flwrchlds9 on October 08, 2013, 09:24 pm
They have uses if you understand the security model.
Title: Re: What Shitty VPN was DPR Using?
Post by: 7Kz2 on October 08, 2013, 10:19 pm
Anyone who says "screw vpns" doesn't know how to use them.

A good VPN owner will not go to jail for you, but you will not go to jail when the cops are at his door.  If he ran it right, he would have absolutely no records of who did what through his VPN, or who connected at what times to his VPN.

Also if you're doing something major you should learn to tunnel VPNs...
Title: Re: What Shitty VPN was DPR Using?
Post by: This_is_not_SOCA on October 08, 2013, 11:50 pm
A good VPN owner will not go to jail for you, but you will not go to jail when the cops are at his door.  If he ran it right, he would have absolutely no records of who did what through his VPN, or who connected at what times to his VPN.

Dang it - you made me log in to have to post this

NO COMMERCIAL VPN PROVIDER WILL  PROVIDE YOU ANONYMITY AGAINST THE LAW. PERIOD. GIVEN A CHOICE BETWEEN LOOSING THEIR BUSINESS/GOING TO JAIL AND HANDING OVER LOGS DETAILING YOUR ACCESS - THEY WILL HAND OVER THE LOGS EVERY SINGLE TIME.

PLEASE REMEMBER THAT.

VPNs have their uses - but providing anonymity IS NOT one of them.

You use VPNs to protect your data not your identity.




Title: Re: What Shitty VPN was DPR Using?
Post by: ECC_ROT13 on October 09, 2013, 12:22 am
The core problem is that there are only two categories of VPN providers:
1. Providers that say they log for various reasons. 
2. Providers that *say* they don't log.

Note that Category 2 was NOT "Providers who don't log", because from a trust perspective, you have no way of knowing that.  That you have any way of verifying, anyway.  So you're relying on shit they write on their website and a vague feeling that you haven't *heard* of them giving anybody up.  And everybody talks a good game before the National Security Letter shows up. 

VPN's have their place, but at the point where you're stuck evaluating the subtle differences between two commercial VPN providers, you're probably doing it wrong.
Title: Re: What Shitty VPN was DPR Using?
Post by: bitfool on October 09, 2013, 03:02 am
Quote
You use VPNs to protect your data not your identity.


Care to elaborate on that?
Title: Re: What Shitty VPN was DPR Using?
Post by: This_is_not_SOCA on October 09, 2013, 03:12 am
Quote
You use VPNs to protect your data not your identity.


Care to elaborate on that?

Sure

VPNs encrypt traffic between two end-points to prevent an attacker who can monitor the network from getting access to the data you are transmitting - the confidentiality of the data and generally the integrity of the data is protected by the VPN. they are good at this and this is what they do.

However your system/IP address will always be one of those endpoints - moreover your will have to provide credentials to the other end of the VPN to prove you are who you say you are. Therefore they do not protect the anonymity of your identity in any way other than perhaps by encrypting identifying traffic that you may be transmitting.

TOR on the other hand does protect our identity to some extent at least by protecting it from disclosure which is what we worry about round here rather than proving who we are (PGP is for that). The reason it protects our anonymity is that it is (we trust) very difficult to see both ends of the connection unlike a VPN. Neither the client, not the server, nor anything in between known the identity of both endpoints. This is especially true for hidden services.

A somewhat tortured analogy would be:

I want to communicate with Alice by post. So I hire a courier to take a postcard from my house to my friend Alice. The courier picks up the postcard and takes it to Alices house. The courier knows my address (the sender), Alices address (the destination) and the message I wrote on the postcard.

But I want to protect my message from disclosure so the next time I send the message I write it in a letter with an envelope. The envelope stops the courier from reading my message. However the courier still knows that I sent a message to Alice and they still know my address but they don't know what is in the message without opening the envelope. That, sir, is a VPN.

Me ======> Alice

Now if I didn't want the courier to see the message and I didn't want them to know who the recipient was I would write my letter, put it in an envelope addressed to Alice as before. But now I would then put that envelope in another envelope this time addressed to Bob. Then, for good measure, I would take that envelope and stick the whole lot in a third envelope addressed to Carol. Then I call the courier, they come round and pick up the envelope addressed to Carol and deliver it to his house. Carol opens the envelope and sees that there is another envelope inside with Bobs address so she calls up the courier and they come round and pick up the envelope and deliver it to Bobs house. Bob then opens the envelope to find, again, another envelope inside, this time addressed to Alice. So Bob calls the courier and they come round pick up the envelope and deliver to Alice.

So now, not only does the courier not know what was in the message - they also are now unaware that the message I sent was for Alice. That sir, is TOR. Imagine a few thousand people sending messages in this manner at the same time and you will understand it is hard to pick apart for the courier.

Me======> Bob ========> Carol =========> Alice

So, clear as mud?

Trust me I'm a doctor.

Title: Re: What Shitty VPN was DPR Using?
Post by: 7Kz2 on October 09, 2013, 06:01 pm
A good VPN owner will not go to jail for you, but you will not go to jail when the cops are at his door.  If he ran it right, he would have absolutely no records of who did what through his VPN, or who connected at what times to his VPN.

Dang it - you made me log in to have to post this

NO COMMERCIAL VPN PROVIDER WILL  PROVIDE YOU ANONYMITY AGAINST THE LAW. PERIOD. GIVEN A CHOICE BETWEEN LOOSING THEIR BUSINESS/GOING TO JAIL AND HANDING OVER LOGS DETAILING YOUR ACCESS - THEY WILL HAND OVER THE LOGS EVERY SINGLE TIME.

PLEASE REMEMBER THAT.

VPNs have their uses - but providing anonymity IS NOT one of them.

You use VPNs to protect your data not your identity.

>commerican VPN
You're pretty fucking stupid .  Of course I wasn't talking about those you fucking moron.  There are tons of VPNS run by people who know their VPN is going to be used for illegal activity and put tons of work into providing security for such.

God damn, it's like basic internet security is a foreign subject to some people. 

A VPN that protects your identity will not keep logs.  It will run everything completely on RAM and will never physically log any personal data.  I ran a VPN for 2 years off a Ukrainian dedicated server and I never had a single IP address or any data of what any of the users did. 

I should also add that relying on any single VPN for security doing things that LE would spend much time investigating (connecting directly with your real IP) is moronic.   

If a VPN accepts credit cards, ask at all for your name, or shows up on the first page of google is NOT safe to use for illegal activity..
Title: Re: What Shitty VPN was DPR Using?
Post by: This_is_not_SOCA on October 09, 2013, 09:59 pm
You're pretty fucking stupid .  Of course I wasn't talking about those you fucking moron.  There are tons of VPNS run by people who know their VPN is going to be used for illegal activity and put tons of work into providing security for such.

God damn, it's like basic internet security is a foreign subject to some people. 

A VPN that protects your identity will not keep logs.  It will run everything completely on RAM and will never physically log any personal data.  I ran a VPN for 2 years off a Ukrainian dedicated server and I never had a single IP address or any data of what any of the users did. 

I should also add that relying on any single VPN for security doing things that LE would spend much time investigating (connecting directly with your real IP) is moronic.   

If a VPN accepts credit cards, ask at all for your name, or shows up on the first page of google is NOT safe to use for illegal activity..

You are a fucking liability. The mere fact that you run a VPN for other users is EXACTLY WHY PEOPLE SHOULD NOT USE OTHER PEOPLES VPNS, COMMERCIAL OR OTHERWISE AND EXPECT ANONYMITY.

DO NOT USE VPNS FOR ANONYMITY - PERIOD.

People listening to you will end up busted plain and simple.

Do something fucking useful with your server and run a TOR relay.
Title: Re: What Shitty VPN was DPR Using?
Post by: 7Kz2 on October 09, 2013, 11:18 pm
You're pretty fucking stupid .  Of course I wasn't talking about those you fucking moron.  There are tons of VPNS run by people who know their VPN is going to be used for illegal activity and put tons of work into providing security for such.

God damn, it's like basic internet security is a foreign subject to some people. 

A VPN that protects your identity will not keep logs.  It will run everything completely on RAM and will never physically log any personal data.  I ran a VPN for 2 years off a Ukrainian dedicated server and I never had a single IP address or any data of what any of the users did. 

I should also add that relying on any single VPN for security doing things that LE would spend much time investigating (connecting directly with your real IP) is moronic.   

If a VPN accepts credit cards, ask at all for your name, or shows up on the first page of google is NOT safe to use for illegal activity..

You are a fucking liability. The mere fact that you run a VPN for other users is EXACTLY WHY PEOPLE SHOULD NOT USE OTHER PEOPLES VPNS, COMMERCIAL OR OTHERWISE AND EXPECT ANONYMITY.

DO NOT USE VPNS FOR ANONYMITY - PERIOD.

People listening to you will end up busted plain and simple.

Do something fucking useful with your server and run a TOR relay.

You can't use TOR for everything moron.  Just because you're a dumbass who can't find a legitimately ran vpn doesn't mean shit to me.  You have absolutely no idea what you're talking about.  You either find a legitimate anonymous VPN or make your own.  Any dimwit can go buy a visa gift card, buy a VPS and set up there own VPN for personal use, openvpn literally set's itsself up for you.  Get out of here.

DPR fucked up because he hosted his VPN in America, which, I hate to say, is an idiotic thing to do.  I strictly use VPNs hosted in countries with poor relations with the US and laws do not require host to keep logs.
Title: Re: What Shitty VPN was DPR Using?
Post by: Nightcrawler on October 10, 2013, 01:19 am
They have uses if you understand the security model.

Sure they do. But how many average users understand the security model, and the limits/risks involved?  It would appear certain that DPR didn't.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: What Shitty VPN was DPR Using?
Post by: 7Kz2 on October 10, 2013, 02:37 am
They have uses if you understand the security model.

Sure they do. But how many average users understand the security model, and the limits/risks involved?  It would appear certain that DPR didn't.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0

Yes but "average users" don't need a VPN.  If you're just purchasing personal amounts TOR is sufficient.  But if you do things that require extra security, you better take the time to learn, or don't complain when you get caught...  I'm kind of dissapointed DRP made such a huge mistake... USA is the worst possible place to host a VPN because US Law requires the VPN's host to log the info regardless if the VPN is "logless" or not.
Title: Re: What Shitty VPN was DPR Using?
Post by: Baraka on October 10, 2013, 08:27 am
No. America has no data retention laws. But you're still right. It is the worst possible place to host a VPN because everything is under total police surveillance and state control. Whatever they don't suck up with their illegal spying they'll use a national security letter to go after whoever is hosting the VPN you connected to. Then they can track the original connecting IP without the VPN provider's knowledge (what happened to DPR). That's why VPNs (who don't log and are paid for with Bitcoin) are great for privacy but not anonymity. And Tor is great for anonymity but not privacy.

DPR got nailed for receiving forged IDs with his pics on them at his IRL address. That's it. I just can't figure out why he would've EVER agreed to receive fuck all at his IRL address. Especially IDs with his fucking face on them. After they seized those IDs and finally figured out who he was they were able to quickly track him to the SR servers and then image them less than a couple of weeks later. Had he used Tor all the time to admin SR then DPR wouldn't have led the feds to shit. Too bad the site had suffered so many DOS attacks and he needed a fast direct connect to maintain an advantage over the attackers. So what helped defeat those earlier attacks was one of the things that brought SR down in the end.

DPR was very sharp and NOT dumb at all. But he got played by the government virtuoso manipulators who gained his trusted on the open forums over a couple of years. Someone convinced him to order those IDs and that's how he was busted and everything unraveled from there. We may never find out who that was.

USA is the worst possible place to host a VPN because US Law requires the VPN's host to log the info regardless if the VPN is "logless" or not.
Title: Re: What Shitty VPN was DPR Using?
Post by: sourman on October 10, 2013, 01:56 pm
The very fact that the *sole* OWNER/OPERATOR of the largest illegal online marketplace in history trusted anyone--let alone forums users or other people he MET ON THE INTERNETS within the last two years--to such a degree is absolutely unbelievable.

I mean, he presumably met these individuals after SR was already in operation. Either he was overly idealistic and had no common sense, or perhaps DPR was developmentally challenged or had some serious personality issues. He was book smart, but that's about it. He didn't just receive fake IDs with his pics on it... at the place he was staying at... Which was in the US. He left trails on the clearnet as well as other breadcrumbs that allowed LE to confirm his identity once they got close.

Did I mention he had millions of dollars? It's not that hard to cash out btc when you can travel all around the world.
Title: Re: What Shitty VPN was DPR Using?
Post by: SmokesHisBroccoli on October 10, 2013, 03:52 pm
So is it bad to be using a VPN in conjunction with TOR?  I know a good bit about computers but not as much as some of you I'd suspect.  It just seems like in a lot of these threads people are arguing the facts.  I'm a seeker of truth.  I just want to know if I should be using tor browser only or a VPN + tor browser?
Title: Re: What Shitty VPN was DPR Using?
Post by: 7Kz2 on October 10, 2013, 04:17 pm
No. America has no data retention laws. But you're still right. It is the worst possible place to host a VPN because everything is under total police surveillance and state control. Whatever they don't suck up with their illegal spying they'll use a national security letter to go after whoever is hosting the VPN you connected to. Then they can track the original connecting IP without the VPN provider's knowledge (what happened to DPR). That's why VPNs (who don't log and are paid for with Bitcoin) are great for privacy but not anonymity. And Tor is great for anonymity but not privacy.

DPR got nailed for receiving forged IDs with his pics on them at his IRL address. That's it. I just can't figure out why he would've EVER agreed to receive fuck all at his IRL address. Especially IDs with his fucking face on them. After they seized those IDs and finally figured out who he was they were able to quickly track him to the SR servers and then image them less than a couple of weeks later. Had he used Tor all the time to admin SR then DPR wouldn't have led the feds to shit. Too bad the site had suffered so many DOS attacks and he needed a fast direct connect to maintain an advantage over the attackers. So what helped defeat those earlier attacks was one of the things that brought SR down in the end.

DPR was very sharp and NOT dumb at all. But he got played by the government virtuoso manipulators who gained his trusted on the open forums over a couple of years. Someone convinced him to order those IDs and that's how he was busted and everything unraveled from there. We may never find out who that was.

USA is the worst possible place to host a VPN because US Law requires the VPN's host to log the info regardless if the VPN is "logless" or not.

I've never paid for a VPN in btc.  Most of the good ones I've used take LR.  Maybe it's changed since I don't buy VPNs anymore, but an offshore logless VPN is pretty impenetrable. 

You obviously use more security for the more serious crimes you do, and running a multi-million dollar drug market is certainly not safe to do under any one VPN..  and especially using the same one for an extended period of time... (1-3months.) I've use more security carding then DRP used to manage SR...

Of course TOR is secure but it is slow as shit.  There's not getting around that, TOR is not some magical "do whatever the fuck you want" browser due to the data restrictions. For some reason people have this false sense of TOR being some internet safehaven for illegal activity.
Title: Re: What Shitty VPN was DPR Using?
Post by: TreadLight on October 13, 2013, 06:45 am
I always thought one of the main advantages in using VPN -> Tor was it hid the fact from the ISP that you were using Tor. Even if you are using a public Wi-Fi, if you live in an area where not many people use Tor, and LE knows that someone is shipping drugs from your area, they could always look for where Tor is being accessed from. So using a VPN (obviously hosted in an uncooperative country and paid for by fogged bitcoin) to access Tor at the public wi-fi spots would protect you from such a "pattern of life" attack.

What am I missing?