More consenting adults being arrested for consenting. More taxpayer dollars being spent on imprisonment and enforcement than less expensive treatment, not to mention the opportunity cost of lost profits from taxation.
When are we going to realize that the drug war for most drugs is fucking bullshit?
DPR may have gone away but if the law doesn't change eventually, the nerds WILL figure this problem out. You say the weakness this time was the postal system? Well here comes APOD, Anonymous Physical Object Delivery https://www.cs.columbia.edu/~smb/papers/APOD_PETS09.pdf
In June 2011, the Global Commission on Drug Policy released a critical report on the War on Drugs, declaring "The global war on drugs has failed, with devastating consequences for individuals and societies around the world. Fifty years after the initiation of the UN Single Convention on Narcotic Drugs, and years after President Nixon launched the US government's war on drugs, fundamental reforms in national and global drug control policies are urgently needed."
If drugs were legal, there would be no need to kill anyone for fear of being revealed or extorted.
Prohibition also created a significant amount of violence... which has all but mysteriously disappeared. I wonder why. Did people magically become less evil? I think not. I think a fundamental flaw in the system was addressed properly back then, and certain perverse incentives were eliminated.
Eliminate the illegality and you eliminate the incentive for "hits" to prevent jail time or extortion.
How does the war on drugs have anything to do with DPR hiring a hit on the hacker who broke into his website and threatened to dump his user database, an act that would presumably shake customer confidence and lose him business?
"These arrests send a clear message to criminals; the hidden internet isn't hidden and your anonymous activity isn't anonymous."
Huh? At least in the Seattle case of "NOD", they caught them by gumshoe police work, noticing patterns in parcels (supposedly tipped off by narc dogs), and asking postal workers to recall customers and so on. I guess if you think mailing hundreds of packages of medicines via the postal service is "anonymous" then maybe they're right.
The real message is: Don't be careless. Don't create huge patterns we can detect via physical surveillance.
At least, so far. Maybe it'll come out that all these cases were the result of parallel construction and they really found everyone by defeating Tor. But so far the complaints seem pretty straightforward.
It's just a matter of time -- measured in weeks to months, not years -- before a new Silk Road emerges. And the creator of the next one will not be silly enough to allow themselves to be traced by a Stack Overflow post.
I think the difference is that now innocence has been lost. SR seemed so invulnerable. I think the biggest revelation out of the whole thing is that people for a long assumed that just because they got their vacuum-sealed drugs that they weren't, in fact, being "caught".
Sheep was set up back in like May (the exact dates aren't clear because no one was paying attention), so if it's a honeypot, it was a very far-sighted one. Personally, I strongly doubt it's a honeypot because the Czechs who run it are less competent than LE would be.
The clearnet version of Sheep has already been closely linked to them. Being in Czechslovakia may impede the investigation, but I still would not want to be using it...
A big honeypot is what the government should put in place before the bust, if it is really on the ball. I'm sure the probability of that is far from 1.
What if hackers everywhere started building an "anarchist cloud" consisting entirely of small mobile nodes only connecting through wifi or wireless broadband? Only nodes whose RSA key has been signed by another trusted key would be allowed to connect. All data would be redundantly stored across several nodes, and as part of normal operation, all devices would immediately brick themselves as soon as their accelerometers registered movement. (Done by overwriting their hard drive encryption key with all 1's then all 0's in both persistent storage and in memory.) To restore the node's operation, it would be required to reinstall the OS and sign its new keys.
The point would be to have network infrastructure that would be very difficult to serve a search warrant on. In many cases, it would be impossible to fill out the address, and even if they did fill the warrant, it wouldn't net the authorities any information. By using point to point encryption, it would also be very difficult to eavesdrop on communications as well.
In that case an LEO would probably go undercover, spend time building credibility in the scene and eventually get someone to sign their key to be a part of the network as well. LEOs have infiltrated many groups and I don't see anything special that would prevent them from doing it again this time.
True. However, being part of the network wouldn't expose the data on the entirely of it, only a small sliver. Also, keep in mind that there would be a network of people who are cloud-maintainers and also of cloud-users. The cloud-maintainers would be a more insular group than the users, and it would be these people who would be able to sign new nodes.
On top of that, it could be arranged so that cloud-maintainers had almost no knowledge whatsoever of what cloud-users were doing. Cloud-maintainers could abstain entirely from using their own cloud (maintaining a separate one for their own use). This would mean that LEOs who infiltrate the cloud-maintainer organization would not gain any information on cloud-user activities, and LEO that infiltrated a cloud-user organization wouldn't gain any ability to compromise the network.
Implemented this way, such an infrastructure would be a different order of difficulty entirely to penetrate. In contrast, Donnie Brasco as a lone agent could gain access to both operational activities and organizational structure of the Cosa Nostra. In this scheme, he would have to choose one or the other. Also, two LEOs attacking the infrastructure from both sides would have to collude to make sure their intelligence would overlap, and this would make their activity detectable.
The point isn't that it would be hard to shut down a particular node. The point is that it would be hard to retrieve evidence from one.
Also, "easy to shut this down by triangulating the source of these transmissions" -- currently this isn't so easy for domestic US law enforcement. The government could equip law enforcement to do so, but at significant expense. Also, keep in mind that "these transmissions" are just regular broadband and wifi signals.
EDIT: It would be easy for telcos to figure out where the mobile broadband nodes are. What if you put them on trucks, and only had them in an "active" state capable of decrypting their own hard drives while they are mobile?
>The point is that it would be hard to retrieve evidence from one.
This can already be achieved over the public internet through the use of FreeNet or other darknet programs. Duplicating the entire communications infrastructure is the least efficient or covert way of doing this.
You are using the public internet in this scheme, and you would run a darknet on it. The point isn't to recreate communications infrastructure. The point is to make data physically inaccessible to search warrants.
A friend of our hackerspace had something interesting to say about criminals (he's a former narcotics cop).
I remember finding a card skimmer once. It was attached to an ATM at my local bank (at the branch!). I yanked it off of the machine (I've made a habit of pulling on the reader before I stick my card in; you should too.), and tried calling the bank.
No answer. It was a Sunday, they were closed.
I couldn't really just leave it there...I kindof wanted to keep it and take it apart, but I'm sure that would be a crime.
So I called the local cops.
In the ~30 minutes it took them to get to the bank, I spent some time examining the device.
Whoever built this thing was...an idiot. This was the dumbest possible way I could think of for storing CC information. It just read the tracks and dumped them into a flash drive. The criminal stealing cards had to physically /come back/ to the ATM to retrieve them.
No GSM modem, no bluetooth, no wifi...nothing. No way of getting data out of the thing without placing yourself back at the scene of the crime.
Honestly, I was a little bit offended. If you're going to steal my ATM card, at least be GOOD at it! C'mon, criminals! You can do better than this, can't you?
--
I struck up a conversation with my law enforcement friend about this. Why are criminals so terrible at being criminals? I mean...I hear about drug runners getting busted and put in jail it seems like every day. Have seriously none of them heard of ardupilot? Have they not put the pieces together on this one?
It's because they're lazy.
Most criminals have spent their lives taking short cuts. These are the people that didn't want to put the time into saving up to buy a cellphone, they just stole one. Or the people that didn't want to put the time into saving for a new car, or going to a job every day, or whatever. They just took every shortcut they could.
So the reason that they suck so badly at stealing my ATM card number is that doing it badly is easier. It's the shortcut, and shortcuts are what criminals are all about.
--
Well what does this have to do with silk road?
I'm not really sure what to make of the people behind SR [in whatever form it takes in the future]. Ross Ulbricht got caught because he made some really stupid mistakes.
But he's...definitely not an idiot. And if you read about his history, it doesn't sound like he's lazy.
I think that the drug war has created itself a really dangerous problem. The nerds have mostly stayed out of crime because it's not worth it to us. Yeah, sure, we could build drones to fly drugs across the border, but we don't, because we don't want to go to jail.
But I think that the drug war has created such a large incentive for people to get into crime, that some of them aren't going to be able to resist it.
DRP made absurd amounts of money. Drug Cartel levels of money.
And he was a nerd sitting in an apartment in Austin, then SF. SR was an interesting experiment in libertarianism to him, not a drug empire.
What happens when the nerd who realizes the absurd amount of money that they can make approaches it like a drug empire? Or rather, what happens when an engineer starts trying to engineer themselves an anonymous drug empire? Not a political experiment, but a true-blue drug cartel?
That's what the next [or maybe the next after that] SR is going to look like.
Remember napster? Remember suprnova? What happened when those things, which seemed to start more as side projects to their founders, were snuffed out?
Yeah there is more than a little bit of selection bias going on here.
What percentage of criminals are dumb enough to get noticed and/or caught? Well, we don't know how many don't get noticed, so let's call it zero. Bam, 100% get noticed/caught!
> What happens when the nerd who realizes the absurd amount of money that they can make approaches it like a drug empire? Or rather, what happens when an engineer starts trying to engineer themselves an anonymous drug empire? Not a political experiment, but a true-blue drug cartel?
Drug cartels as currently realized have some serious downsides. Like physical safety. Or to put it another way, in exchange for crazy wealth, you've eroded the base of your Maslow pyramid and polluted virtually all of your interpersonal relationships.
SR sidestepped most of the physical jeopardy, but didn't manage to sidestep the legal jeopardy and the overhead of paranoia this entails.
If someone really smart goes about building the next SR, then it may involve a clever way to sidestep the legal jeopardy as well.
I think it's because of what Bruce Schneier notes about crime. Most criminals don't use mathematical probability on their actions or threat modelling. If they did they wouldn't even start in the first place after figuring out the probability of them being busted is too high.
As for the ATM magstripe stealer, a guy here ripped it off a machine and 2 thugs KOd him and took it back. They are usually watching next time you should just walk away from the ATM and see if there's 2 guys sitting in a car watching you.
There has been cases of hackers building empires, Max Vision was one of them. He met his crew in prison. Where I live there is also a software engineer police say went to prison as a white collar criminal and came out a memeber of a crew and is actively gangstering up the streets, and breaks into competitors phones to spy on them. He fled the country after a second arrest for engineering a pretty impressive fraud scheme where they managed to somehow switch the POS terminals at the local airport with their own and for a few years, stole countless cards. Passengers have to pay a 'departure fee' and since all the victims were heading out of the country it was a good scam and went unnoticed. He also survived a shooting at a nightclub where 3 rivals tried to kill him because of spying and being a "manager" for whatever criminal operation he was in charge of. So there is so-called nerds out there who went fully to the dark side. His first mugshot he is Mr. White Collar, second mugshot he is juiced/roided out with classic gangster Christian Audigier shirt and covered in crew tattoos.
The idea that nerds and engineers have not gotten involved in the drug trade is really wrong. Even if you have no insider knowledge, there is overwhelming evidence of a highly sophisticated, safe, abundant and financially diverse industry. Shoot, all we need to look at is purity and availability rates of narcotics to conclude that there must be more production and distribution than the handful of super massive manufacturing facilities that we associate with major cartels. The murder rate in totality is not high enough to associate a necessary massive physical risk with involvement in the drug trade. Even if SR was 10 times as large as they were, they would still be a small fraction of the overall drug marketplace.
The second thing to keep in mind is that the drug trade is inherently tied to the physical manufacturing and trading of product. DPR built something which he could almost completely trade his physical risk, but none of the actual vendors were able to do so. Everyone of them, barring some tiny personal labs, were involved in the exact same physical drug trade on a procurement basis that every other drug merchent is involved in.
'What happens when the nerd who realizes the absurd amount of money that they can make approaches it like a drug empire? Or rather, what happens when an engineer starts trying to engineer themselves an anonymous drug empire? Not a political experiment, but a true-blue drug cartel?'
One has to wonder when our surveillance overlords will hack into torrent sites and steal user information so that they can easily score hundreds of high-profile arrests for "IP Theft."
Copyright infringement isn't a criminal offence unless it's done as part of business.
Thus, someone downloading or uploading torrents is not at any risk of "high profile arrests for 'IP Theft'".
Most people don't do anything to hide their torrenting, so the information is all public anyway.
I don't understand your point. Are you really trying to compare copyright infringement (usually not a criminal offence) with possession of drugs with intent to supply (a criminal offence, which can carry a prison sentence, and which has always been a serious crime)?
The U.S. law, I think, but I haven't looked to refresh my memory, does something similar. It says it's only a crime if the value of the work(s) in question exceeds a dollar amount, on the premise that only someone seeking commercial advantage would share works of that much value. Ignoring, of course, that a lot of people who do a lot of p2p filesharing (completely not for profit) exceed those limits.
You don't need to hack into sites for that—you can simply connect to a torrent and see the IPs that are uploading to you. This has been a very effective strategy in Germany, where ISPs will happily identify their users by IP, and courts will accept these IPs as proving the identity of the uploader.
In Sweden, at least two people have been arrested for selling drugs on Silk Road, right after Dread Pirate Roberts was busted. Are the feds going after all vendors on SR?
> And as a regular SR-user myself i noticed that SweExpress (the vendor in question) stopped sending packages almost exactly one week before SR went down.
Not much reason to go after them before, rather than synchronized.
If they have the private keys they can go back in time 2yrs ago and match up every transaction on the blockchain by asking major exchanges like mtgox, bitstamp ect for records. I'm sure there's a few who directly pulled out bitcoins to a service that has their identity documents and IP.
The SEC did impressive blockchain forensic work on pirateat40's ponzi scam the DEA/FBI will do the same to round up all the major dealers.
If. But there was no reason for the withdrawal addresses' keys to still be on file. SR needed to keep the deposit addresses on file, to deal with buyers sending deposits to old deposit addresses, but that doesn't apply to withdrawals through the tumbler.
We don't know how DPR handled opsec. There could be a file sitting on the server of every withdrawal pasted into his php app since day 1. He kept a record of a lot of things he claimed he didn't (PMs, transactions). The blockchain keeps these transactions forever, so even if they just have the private keys from his wallets they can figure out withdrawals.
But I'm betting these guys were caught through plain text messaging in the internal system. Most likely they ordered stuff to themselves from another vendor and didn't bother to use PGP because most criminals are really terrible at being criminals.
> He kept a record of a lot of things he claimed he didn't (PMs, transactions).
Did he? We have seen quotes from messages to government agents (which obviously don't require DPR to have saved them), we have quotes from 'cooperating witnesses' (likewise), we have addresses/PMs from within a month or two of the server imaging (consistent with DPR's publicly stated data retention policies)...
Not surprising. I'm sure the feds are pouring over the user information they got from the server files they have.
Big roundup for sure in the coming months. I'm wondering if they're going to go after all the identity thieves who were rampant on the site, or just stick with the drug dealers.
I strongly doubt that. What we're seeing is all the existing investigations are hurriedly wrapping up and arresting the people they can before everyone cleans up and protect themselves. The NOD investigation began in early 2013 and had nothing to do with the SR bust, the 3 UK arrests seem similar (and the Plutopete arrest suggests that they hadn't done their homework on him), the 2 Swedes went silent a week before the bust, and that's everything I know of right now.
Since I hate cheap talk, I'll even offer you a bet. Because of my interest in the topic, I track all publicly-known SR-related arrests, prosecutions, and convictions in http://www.gwern.net/Silk%20Road#safe . Based on the past history and the circumstances of the currently known arrests, I am strongly skeptical that there will be as many as... oh, let's say 30 related arrests after 1 October 2013 and before 1 October 2014 (Should be more than enough time; this, incidentally, would imply <~1% of active sellers were arrested.)
I'll offer generous odds: $100 to your $20.
So? What do you say? Are you just engaged in cheap talk and FUD, or do you have the conviction of your words?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
When are we going to realize that the drug war for most drugs is fucking bullshit?
DPR may have gone away but if the law doesn't change eventually, the nerds WILL figure this problem out. You say the weakness this time was the postal system? Well here comes APOD, Anonymous Physical Object Delivery https://www.cs.columbia.edu/~smb/papers/APOD_PETS09.pdf
And lest we forget, here's a statement from http://en.wikipedia.org/wiki/Global_Commission_on_Drug_Polic... :
In June 2011, the Global Commission on Drug Policy released a critical report on the War on Drugs, declaring "The global war on drugs has failed, with devastating consequences for individuals and societies around the world. Fifty years after the initiation of the UN Single Convention on Narcotic Drugs, and years after President Nixon launched the US government's war on drugs, fundamental reforms in national and global drug control policies are urgently needed."