Silk Road forums

Discussion => Security => Topic started by: omnium on May 31, 2012, 12:13 pm

Title: flaws to avoid / maximize security
Post by: omnium on May 31, 2012, 12:13 pm
Hello

this thread is mainly to list potantial gaps that lead to loss of anynomity and thus security.
especially for vendors it is important in numerous ways to work with maximum precaution.
i leak experience and knowledge in many points so please add anything.

this is highly hypothetical and in most cases VERY unlikely to happen but should point out as much as possible.
in the first place, investigation has to be initiated, which can happen through...

A)  intercepted goods

B)  suspicious money transfers

C)  infiltration
__________________________________________________________________________________

A (intercepted goods): authorities now might have the following information: Fingerprints of vendor, source of product through analysis and comparison with other busts (drug batches, etc.), city of vendor through post stamps, address of buyer.

depending on different factors this can lead from simply destroying the package to initiating a full investigation:
searching the buyers home -> compromising the sr account (if the buyer is not secured) thus connecting the package with a vendor account and reading messages. they can now predict the volume of sales the vendor has made and decide to further investigate by trying to link fingerprints or working with the post offices in the vendors city to look for similarities and refine geographic info up to the post box they could possibly sourveille and pin down the person that drops off product.

notes:

use encrypted communication (pgp)

BUYERS
should have ITsec
should use real names to minimize chance of interception

VENDORS
should rotate drop off points
should use stealth vacuum packaging to minimize chance of interception
should leave no traces that allow association on package and product


B (suspicious money transfers): laundering money is a complex field that requires precision and diligence. there are numerous ways in which a vendor can convert the earned BTC to money or goods. the aim of laundery is to make money appear as legit vendors property without any possible association to the illegal activity generating it. this could be through a business owned by the vendor (on-/offline) or masked as gambling winnings, donations, etc...
if there is any slight implausability this could raise suspicion of AMR(Anti Money Laundering)-Agencies that will be very capable of tracing money routes internationally due to AMR agreements. If the money trail dissolves somewhere in the jungle of panama and the suspect is incapable of explaining, that alone is a crime and will lead to (big) problems.
of course if the bitcoins have not been obscured and there is association to illegal trafficking the trouble is much greater.
another big problem in money laundering is that you will be highly dependend on other persons/services. in performing the last step and getting the money to you anynomity is given up to the penultimate element of the chain. that element knows the element before him and so on... any compromisation or wrong trustworthiness could prove fatal.

notes:

remove trafficking association from BTC
the last element in the chain should be of maximum trustability and as a profit source be easily justified


C (infiltration): tor is based on end-to-end encryption, similar to pgp. that means if you communicate with someone and the traffic is intercepted by authorities, they won't be able read it. even if you use non-anonymous isp and network, the data your isp has is encrypted. but given the possibility that your other end is compromised or an agent, they could find out about the nature of the encryptet traffic and use this information to identify you (?) . (i dont know about this its just a thought)
also i heard that if enough relay points in the tor network are compromised, data could hypothetically be traced back to the sender. (?)
selling an item to an agent can and possibly will produce some of the more serious possible outcomes of a goods interception.
converting BTC to cash with a fed can be fatal depending on how much you can obscure the gathered cash. they will know the first element in your laundering chain.

notes:

use anonymous internet access (still i am kind of worried about MAC caching on foreign APs..)
think twice before giving away any kind of information
establish signed pgp communication




so thats just some thoughts i had.. i did not point out things like "hide your goods" but of course it is essential for damage reduction in worst case scenario A... they will just be able to pin you on the goods you bring to the post and cant associate further illegal goods if you dont have them anywhere near your home/legal life.

there are many points in IT security that i did not mention like e.g. removing metadata from images

maybe you have some additional risks or additional tips for prevention... also i find stories of how people got busted extremely interesting and useful.

peace
Title: Re: flaws to avoid / maximize security
Post by: kmfkewm on May 31, 2012, 01:03 pm
Nice break down, you can spoof your MAC address you know
Title: Re: flaws to avoid / maximize security
Post by: HAL5000 on May 31, 2012, 07:34 pm
Good idea for a thread....gonna help new customers like myself....there's alot to learn for the average drug abusing layman!