[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / hobby / tech / edu / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / git ] [ GET / ref / marx / booru / zine ]

/tech/ - Technology

"Technology reveals the active relation of man to nature" - Karl Marx
Name
Options
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

Join our Matrix Chat <=> IRC: #leftypol on Rizon


File: 1608526423381-0.jpg (185.98 KB, 1280x720, dnm.jpg)

 No.6187

Darknet markets are as close as it gets to a free market, where you can order drugs and have it delivered to you by mail. The purpose of this thread is to discuss opsec, ask for help and discuss markets in general. This thread should be fully legal as long as you don't solicit or facilitate illegal transactions, meaning:

&ltDon't beg to buy from someone
&ltDon't attempt to sell to anyone here
&ltDon't link to dealer Instagram/Reddit/Snapchat accounts. These accounts are run by either scammers or feds.
&ltDon't directly link to any market. These links could be fake scam/fed markets, designed to phish your login details and steal your cryptocurrency. Only use https://dark.fail/

The following is my personal recommendation for good opsec while conducting business, however, you must [b]read the darknet market bible[/b] (.pdf attached) after you are done with this post. If you don't read theory, it's likely you will be caught and convicted.

>Will I be 100% safe?

In theory, no. The darknet market bible, together with this thread, is meant to minimize the risk of getting caught as much as possible. If you follow the exact procedure outlined in the bible, you should be okay, especially as a small-time buyer.

Tails
Tails is an Linux-based operating system that runs entirely on your RAM and is wiped when PC is powered off. If the cops intercept your item, conduct a controlled delivery and seize your machine, they will not be able to find evidence linking you to the package and you can deny involvement via a lawyer.
You will want to install the Tails operating system to a USB flash drive with at least 8GB of storage. Personally, I'd go for USB 3.0, with at least 16GB storage for persistent volume purposes, or even 128GB or more if you want to store the Monero local node on it. You also need a PC with at least 1GB RAM to run Tails. The bible contains a guide for installing Tails in [b]2.A.2 Installing Tails[/b]. You can download it here:
https://tails.boum.org/install/index.en.html

>Why shouldn't I use Windows?

These types of OS are usually installed on a hard drive where all your data is stored when it is powered off. It would be stupid to store your darknet-related files here (including wallets and wallet passwords), because if the police sieze your machine, they will find everything.

>I have previously conducted deals over Windows. How do I get rid of the evidence?

You should uninstall and delete everything related to darknet markets, including Tor, PGP-related programs and files. The data will still be physically present on your drive, however. If your programs and files were stored on a hard disk drive (HDD), then you can use overwrite software, such as DBAN, that wipes the entire drive, or other software that overwrites only the space marked as deleted. Tails can also wipe the available disk space of any drive.
If your programs and files were stored on a solid-state drive (SSD), you should not use overwrite software as they could damage or even destroy your drive. Securely erasing an SSD is a bit more complicated, you can read more about it here:
https://security.stackexchange.com/questions/223110/how-to-securely-erase-the-free-space-on-an-ssd-in-windows-10

>How do I run Tails?

You can insert the flash drive, restart your PC and enter the BIOS where you can change the OS boot order. Move your USB to the top of the list and exit the BIOS.

Persistent volume
This is the best place to store your darknet-related files, such as PGP private keys, wallet passwords, market private links, and passwords, etc. This is a LUKS-encrypted partition of your Tails USB, so if the cops manage to seize your USB, they won't get much out of it.
The persistent volume is encrypted with a password, so make sure to [b]use a long password that cops can't guess[/b]. Personally, I use one that's 32+ characters, with numbers, symbols, and without any real words. Do not store the persistent volume password digitally, especially on any old hard drive or the cloud, so write it down in a diary or something so you remember it. You should also back up your persistence volume regularly to not lose your files. The bible explains how to create it in [b]2.A.4 Setting up persistence volume[/b]

JavaScript
You must disable JavaScript in Tor every time you boot up Tails. It's a useful scripting language that allows for truly interactive websites, however, it's a major security risk, as it allows websites to run arbitrary code in your browser. Attackers can gather data that could lead to fingerprinting your system.
You can disable JavaScript by setting the security mode to [b]Safest[/b]. This can be done by clicking on the shield icon in the toolbar, or going to Settings > Privacy & Security > Safest. You can also type in [b]about:config[/b] in your address bar and set [b]javascript.enabled[/b] to False.

>What's the risk?

For a more practical example: in 2013, the FBI took over a tor hosting service named Freedom Hosting and inserted a malicious script in the pages of the onion sites hosted on that service. That malicious JavaScript used an exploit to run a payload that called home to a fed-controlled machine that sent the real IP address of the computer that had visited the site as well as a unique identifier for the computer. If a site complains that you have it disabled or asks you to enable it, you should leave immediately. The bible explains the risk of using JavaScript in [b]1.2 Using Reddit with Tor[/b]

Cryptocurrency
Tails comes with Electrum by default, which is a Bitcoin (BTC) wallet. Most markets accept Bitcoin, but for ultimate privacy, you should [b]conduct transactions with Monero[/b] (XMR), as Bitcoin is not private. The benefit of Monero is that you can run your own local node by downloading the entire blockchain (70+ GB) instead of using a remote node. If a remote node is compromised, they can match transactions to your IP address, defeating the purpose of Monero to begin with.

>How is Bitcoin not private?

Bitcoin transactions are traceable and can easily be linked to your ID, so you should tumble your Bitcoin if you don't want to get caught. However, this is not a fool-proof method and can be illegal. The most secure way to spend your Bitcoin anonymously is to first [b]convert your Bitcoin to Monero[/b] through a non-KYC exchange like ShapeShift, MorphToken or Godex, over Tor without using JavaScript. This is known as cross-cryptocurrency tumbling. You can now pay with Monero, or you could convert your Monero back to Bitcoin through another non-KYC exchange like XMR.to, so that the resulting Bitcoin will be completely untraceable to your original Bitcoins since they were purchased with Monero, over Tor without KYC or JavaScript. The bible explains the pros and cons of this method in more detail in [b]3.2 Tumbling[/b]

>What type of Electrum wallet should I use?

Set up a normal wallet. [b]Do not use two-factor authentication[/b]. It requires you to install apps on your smartphone which defeats the purpose of opsec. The bible explains the pros and cons of this method in more detail in [b]3.3 Setting up your wallet[/b]

>Should I use my existing wallets to conduct deals?

If you've ever stored the passwords and mnemonic generation seeds for your wallets on an unencrypted drive, then no. If the police seize your machine and gain access to your wallet, they may be able to prove you sent money to a darknet market. The exception to this is if you are using Monero, as it anonymizes the receiver and sender. Make sure the passwords and mnemonic generation seeds for your wallets are stored in your persistent volume, or written down.

 No.6188

Pretty Good Privacy
PGP is encryption software that is mostly used to encrypt, decrypt, and verify messages. To give your address to a darknet market vendor so he can ship the item, you must encrypt it first. Otherwise, the market can store your address in plaintext, and [b]if the servers are seized by the cops, you can be arrested[/b].
In a nutshell, every person has a public key and a private key. You must import the vendor's public key, encrypt your message with it, then send it to the vendor. If done correctly, the vendor will be able to decrypt it with his private key. The bible explains how to set up your keys in [b]4.1 Creating a key pair[/b]

>Should I use an auto-encrypt feature found on a market?

If the darknet market servers are seized and cops gain access to the encryption keys, they'll have a lot of buyer's personal info. Learn to encrypt yourself, don't be low-hanging fruit.

Accessing markets
Markets suffer regular DDoS attacks, so they go up and down all the time. Luckily, there is a trusted list of all available markets on dark.fail. This is a bi-directional trust between the site and the markets that provide key information to it. Those markets believe it is legitimate enough to bother sending addresses and keys, which dark.fail publishes. If it starts publishing bad addresses/keys, stops posting timely verifications, or the DNS information has unplanned changes, then the sites and users assume it is compromised and stop trusting it:
http://dark.fail/

If you find any market .onion link outside of this site, [b]there is a chance it is a fake market which will phish your credentials and steal your cryptocurrency[/b]. This includes .onion links ITT, don't follow them. Some markets may offer you private links, which should not be shared with anyone.

>The bible recommends dnstats.net and deepdotweb.com

DeepDotWeb is a clearnet site that was sized and DNStats is likely to be compromised since the bible was written:
https://darknetlive.com/post/dnstats-from-research-to-phishing/

>What vendors should I go with?

Look for vendors with good reviews that go back a long time. Stay away from vendors with similar reviews posted in a short time span. If you're a beginner, it's a good idea to order domestically first. Personally, I prefer those that offer tracked shipping, and 100% reship if . It's also a good idea to keep ordering with the same vendor and build up a good relationship with a them over time, as then they would be more likely to accept custom orders you may want to request, or maybe even ship an extra little something. The bible goes into detail about vendors in [b]7.4 Choosing a vendor[/b]

>Should I use two-factor authentication?

Unlike Electrum, where using 2FA is dangerous, you should use it in darknet markets. The bible explains why this is the case in [b]7.1 Important tips for using markets[/b]

>Should I buy with escrow?

Escrow is a system in which the market will hold your funds until you mark the item as recieved. If you order an item without escrow, the vendor might as well scam you and take your money, and the market admins usually side with the vendor if you have no history with the vendor.

Don't forget to leave a good review and feedback for the vendor after you're done. There is so much more opsec information contained in the bible that is absent from this thread. Nobody is truly safe from being caught, but by following it to the T you can minimize the risk to the point where cops would rather go after someone who doesn't know what they are doing.

 No.6189

Some other places where you can post questions and get answers on this topic:

http://www.reddit.com/r/darknet
Dread (link on dark.fail)

 No.6190

>>6187
Good thread OP. Here's a newer version of the bible. disregard the old one.

 No.6198

Based thread

 No.6200

>>6198
What’s based about buying drugs?

 No.6201

you gotta have a serious addiction to be willing to go through all this trouble

 No.6203

>>6190
This is great.
I just spent a while on this website:
https://dancesafe.org/

And also this website:
https://drugsand.me/

Harm reduction is ridiculously important.
>>6201
Drugs are nice. I personally prefer to buy them from local drug dealers, but buying online is a more safe way to get clean shit. Plus in many places, it is the only way to get DMT unless you want to make it yourself (which I have).

 No.6210

>>6201
i think its overkill for most people, if you just order small quantities for yourself police is highly unlikely to visit you

 No.6215

>>6200
Depends on the drug, unless you're a spooked moralist.

 No.6217

>>6215
How can you call yourself a socialist when you support online drug markets? Socialists should be for the elimination of drugs from society.

 No.6218

>>6217
I mean we're for the abolishing of all markets but we still engage in capitalism, unless you're comfortable posting what amounts to "you're a socialist but you still buy things". I get LSD from nobodies anyway.

>Socialists should be for the elimination of drugs from society.

You're a conservacuck in denial and no amount of leftist rhetoric is going to change that.

 No.6219

>>6218
>nooooo you have to support my addiction!!!1!1!
Drugs contribute absolutely nothing to society.

 No.6221

>>6201
>trouble
Honestly dude its called hard work and opsec, set it all up once and you never have to do 80% of all this again. Gone are the days of finding connections, running around some dirty city trying to catch your dealer, etc. now I can get really high quality cali weed and professionally packaged chocolate bars without it being fake shit

 No.6222

>>6219
then go back to leftypol where you can complain about it? why are you here?

 No.6223

>>6219
Great rebuttal. You could at least put some effort into your posts if we're going to go offtopic instead of acting like a bible thumper.
We're also talking about one of the least addictive drugs here lol, even less than weed.

 No.6225

>>6223
all drugs are addictive and therefore bad

 No.6227

>>6225
Based retard

 No.6228

am i going to get v& for trying to buy research chems in california

 No.6245

>>6223
ok, you are still supporting a black market filled with criminals that are likely into worse shit and selling worse drugs.

 No.6247

>>6245
I already told you that leftist rhetoric won't change the fact you're a spooked conservacuck. What you posted is all conjecture and assuming it was true, are you someone who does lifestylist shit like only buying from "small business owners" (who also suck)? Porky in general uses their funds for fucked up shit.

>>6225
lol

 No.6377

I'm tired of getting my weed from a sketchy dealer and i don't have the resources to grow it myself. Is ordering weed from a dnmarket okay though? I live in europe but i guess that doesn't really matter.

 No.6379

>>6377
Yeah just use Monero and if you want to avoid detection in transit only buy from within the customs area (ie EU). A long time ago I used to buy from all over the world but I see more posts about seizures on international borders nowadays.

 No.6407

Looks like there is a big DDOS going on, pretty much all markets are down

 No.6458

>>6407
Andddddd, everyone wants me to believe the fed had nothing to do with it, when, coincidentally, this happened:

https://amp.thenationalnews.com/world/europe/police-take-down-the-world-s-biggest-darknet-market-1.1144923

Now the network is fine.

 No.6459

>>6219
They keep people from being snobby pretentious twats like you, lol.

 No.6463

>>6459
I just don’t understand why socialists would support a market as free as a drug market, you are buying from people who sell meth and shit which can ruin people’s lives.

 No.6464

>>6463
>I just don't understand why grown adults should be able to do things that effect literally no one but themselves.

Have you read any Marx? Drugs don't ruin peoples lives. The material conditions of capitalism that A: Drive people to addiction and B: entrap people in a cycle of alienating labor. That is what fucks people up not the drugs.

 No.6465

>>6464
Drugs can certainly help

 No.6732

which darknet market doesn't have the javascript and also uses monero only

 No.6785

>>6732

whitehouse

 No.6794

This thread was originally posted before the split. However, I've just noticed that the jannies on bunkerchan have deleted the DNM thread there. Not sure when the deletion happened, and I know that it wasn't pruned because there are even older threads that are still up. what the fuck is their problem?

 No.6795

>literal book of security procedures
>at the end of it you give some rando your irl address to post you illegal goods
i know it must work out in practice, but i can't imagine not being too paranoid to go through with something like this.

 No.6799

>>6795
Sure, but no one except for that rando is going to see your address.

I rather give my address to some random then my local dealer, that dude is a creep.

 No.7858

>>6245
Based
Made by illegalist gangpiratePirate

 No.7859

>>6795
>>6799
>he doesn't send it to an abandoned house
NGMIpiratePirate

 No.7860

>>7859
Not joking, can you please do a similar step-by-step guide for this?
I know some people actually do this but when I tried to figure out how to do it practically it became really hard, also didn't find any guides for it. Like how do you even know a place is abandoned rather than just temporarily empty? Won't abandoned houses also lack a mailbox / public address for mailmen?
Ty.

 No.7863

>>7860
NGL I was just shitposting and I've never bought any illegal shit but you can try and sign the place up for spam mail maybe to test if the address works - I don't have a guide or anything on-hand and it was just something that popped to mind randomly as a solutionpiratePirate

 No.12802

dark.fail is down

 No.12810

>>7860
>>7859
>>7863
this is a rather bad practice, especially if you are not familiar with how your local post works, or too doesnt have much practice

 No.12845

>>6200
>buy drugs on dnm
>sell to bougie's kids for 5x the price
expropriaton

 No.12846

>>6245
youre against black markets because youre anticapitalist, yet you still engage in government approved markets… curious

btw talk to pearl clutching law biding citizens, then talk to criminals, and you'll see immediately whose more based… the only thing keeping you from a wider world of social revolt is your desire to assimilate and recruit everyone into your ideology. Open your eyes and ears more to the reality on the street. All revolutionaries should know to look to the real world to inform ideas, not other way around.

 No.12847

>>6379
>>6377
BTW they can map most monero transactions… granted its mostly just trading/speculation they can see, but its very important to use the monero wallet gui dont let someone else hold ur wallet, and connect to ur node over tor. (or host ur own, and still use tor)

 No.13035


 No.13107

>>13035
Whithouse is dead

 No.13108

>>13035
Use Versus

 No.13109

>>7860
If you're not sure you can just order lsd it's literally impossible for it to be intercepted. I order 200-400g of speed every month and I've never had any problems

 No.13114

>>6795
PO box

 No.13527

https://pastebin.com/GrV3uYh5
So, you want to be a darknet drug lord...
by nachash
[email protected]
 
[The advice in this article can be adapted to suit the needs of other
hidden services, including ones which are legal in your jurisdiction.
The threat model in mind is that of a drug market. The tone is that of a
grandfather who is always annoyingly right, who can't help but give a
stream-of-consciousness schooling to some whippersnapper about the way
the world works. If this article inspires you to go on a crime spree and
you get caught, don't come crying to me about it.]
 
You've decided that you're bored with your cookie-cutter life of working
at a no-name startup, getting paid in stock options and empty promises.
You want a taste of the good life. Good for you, kid. I used to run a
fairly popular hidden service (DOXBIN) that was seized by the FBI after
3 1/2 years of spreading continuous butthurt, then subsequently
repossessed from the feds. Because I managed to not get raided, I'm one
of the few qualified to instruct others on hidden services and security,
simply because I have more real-world experience operating hidden
services than the average tor user. In other words, very little of this
advice is of the armchair variety, as you'll often find in abundance the
Internet. But enough about me. Let's talk about your future as an
internet drug lord.
 
1. Legal/Political
 
First things first, you need to cover the legal, historical and
political angles. Read up on various drug kingpins and cartels from the
20th century. Learn everything you can about how they rose and fell (
you can safety ignore all the parts about intelligence agencies backing
one drug cartel over another, because that's not going to happen to
you). Once you've got a good command of that, read everything you can
about busted drug market operators and branch out into cybercrime
investigations as well. It wouldn't hurt to make yourself familiar with
law enforcement and intelligence agency tactics either. You'll find that
virtually all drug kingpins either get murdered or go to prison. Let
those lessons sink in, then find a good drug lawyer and make plans for
being able to pay them when The Man seizes everything you own. While
you're dreaming big about making fat stacks of fake internet money, do
some research on Mutual Legal Assistance Treaties and extradition treaties.
 
Mutual Legal Assistance Treaties (MLATs) are self-explanatory. Country A
will help Country B do whatever it takes to aid a cybercrime
investigation should some aspect of the crime bleed over into Country A.
Figure out which countries don't provide legal assistance to your
country in these cases, then find hosting services that are based there.
You'll shorten this list by determining which hosts allow tor, or at
least don't explicitly forbid it in their Terms of Service (you don't
care about exit bandwidth. You just want relays. Remember this for later
in the article). Last but not least, sort out which hosts accept payment
options that don't make you sweat bullets over the fact that the NSA has
been monitoring global financial transactions since at least the 1970s.
You will want to avoid any host that advertises itself as bulletproof --
they'll probably kit your box and siphon everything of value, in
addition to overcharging you for the privilege of running on older
hardware -- and any host which sells a cheap VPS and promises to
guarantee your privacy.
 
Extradition treaties mean that if you're in Country A and do something
that makes Country B want to prosecute you, Country A is most likely
going to give you a one way ticket to Country B. If or when your box
gets seized and you know the heat is on, you're going to want to beat it
to a place that won't send you back, where you will presumably live out
the rest of your days. Just make sure you've made enough money to grease
all the right palms in your new life, or the road ahead may be extremely
bumpy. If you're smart, you'll permanently move to this country well
before you have any trouble with law enforcement.
 
One last thing before moving on: Don't be so stupid as to attempt to
hire a hitman to kill anyone. Murder-related charges have no statute of
limitations, which means you won't get to write a tell-all book about
what a sly bastard you are when this wild ride is a distant memory. If
you've reached a point in your new career where murdering people makes
sense, it's time to walk away. Don't get corrupted like Dread Pirate
Roberts.
 
2. Technical
 
This section tries to be as operating system independent as possible.
You'll want to consult the documentation of your OS for specifics. The
technical side of running a hidden service and not getting owned by cops
is a lot harder than just installing stuff and crossing your fingers.
The recommendations in this section WILL NOT protect you from 0days in
the wild, but should help somewhat with damage control. Remember, if
they want to own your hidden service, it will probably happen eventually.
 
Before you even think about installing bitwasp and tor, you need to
really understand how tor works. Go to freehaven.net and read the white
papers until your eyes glaze over, then continue reading until you're
out of papers to read. Pay particular attention to the hidden service
papers. If you feel like you didn't understand something, come back to
that paper again when you have more knowledge. A lot of the papers
explain some of the same concepts with slight differences in the intros.
Don't skim over them, because you might read someone's rewording that
will clarify an idea for you. Check back with freehaven regularly. Once
you're up to speed, a good next step is to keep up with the tor
project's mailing lists. [1]
 
While you're doing all of this reading, it's (mostly) safe to go ahead
and install tor on a box on your local network, purely for
experimentation. Keep in mind that the NSA will start scooping up all of
your packets simply because you visited torproject.org. That means don't
post code questions related your drug market on Stack Exchange, if you
want to avoid giving The Man morsels he can use for parallel
construction. Once you've gotten hidden services working for http and
ssh, you're going to take the first baby step towards evading casual
discovery: Bind your hidden services to localhost and restart them.
 
The next step in your journey towards changing the drug business forever
is to grab the transparent proxying firewall rules for your operating
system to make sure they work. [2] They will guard against attacks that
cause your box to send packets to a box the attacker controls, which is
useful in thwarting attempts to get the box IP. You may wish to have a
setup similar to an anonymous middle box, preferably without public IPs
where possible, so if your application gets rooted tor isn't affected.
 
Speaking of applications, do everything you can to ensure that the
application code you use to power your hidden service isn't made of
Swiss cheese and used bandaids. To protect against other types of
attacks, you will want to identify any pre-compiled software that your
users will touch and compile it yourself with hardening-wrapper or it's
equivalent, plus any custom flags you want to use. If you keep
vulnerabilities from the application and server to a minimum, your
biggest worries will be tor-related.
 
You will only connect to your production box via a hidden service. It's
a good idea to get into that habit early. The only time deviating from
this pattern is acceptable is when you have to upgrade tor, at which
time you'll want to have a script ready that drops your firewall rules
and unbinds ssh from localhost just long enough for you to login, do the
upgrade, re-apply the firewall rules and bind ssh to localhost again. If
you're not ready to deal with the latency, you're not ready to do any of
this. Don't forget to transparently proxy the machine you use too, so
you don't slip up by mistake.
 
On the subject of the machine, you need to automate the process of both
setting up your hidden service and of destroying it. Proactively change
servers every few months, in order to frustrate law enforcement attempts
to locate and seize your site. Your creation script should install
everything your site needs as well as all configuration files. Your
clean-up script needs to destroy all evidence, preferably with a tool
like srm.
 
Regarding time-related issues: Always select either UTC or a time zone
that doesn't match the box's location. You will also do this to the box
you use to interact with your hidden service every day. If you read the
whitepapers, you will probably note a recurring theme of clock
skew-related attacks, mostly directed at clients, in some of the older
papers. Tor won't even start if the clock skew is off by too much.
 
If you want to have some fun at the expense of business in the short
term, intentionally take your service offline periodically in order to
mess up attempts to match your downtime with public information. If
you're the kind of person with access to botnets, you could DDoS
(Distributed Denial of Service) some provider at the same time on the
off chance that someone might connect the dots. This counter-measure
will only work on researchers looking at public info, not nation state
actors with an ax to grind.
 
I've saved some of the hardest stuff for the last part of this section.
It's hard because you have to make choices and it's unclear which of
those choices are the best. It's a bit like a Choose Your Own Adventure
book. In that spirit, all I can do is lay out the possibilities in as
much of a Herodotus-like way as possible.
 
One thing you have to consider is whether you want to run your hidden
service as a relay or not. If it's a relay, you'll have extra cover
traffic from other innocent tor users. But if your relay goes down at
the same time as your hidden service, it will be far more likely to be
noticed. Federal criminal complaints make a big deal of seized hidden
services not being relays, but three relays were taken down at around
the same time as Operation Onymous, so that's not a guaranteed defense.
The choice is yours.
 
Remember when I said to take note of hosts that don't ban tor outright?
This is the part where you give back to the community in the form of tor
relays or bridges. [3] The feel-good aspects of this move are along the
same lines as drug barons who build schools and hospitals, but this is
more immediately self-serving. You're going buy several servers to set
up strictly as relays or bridges, then configure your hidden service box
to use only those relays or bridges to enter the tor network. Here's
where things start to get theoretical.
 
If an adversary is running a guard node discovery attack -- in which an
attacker is able to determine the node you're using to enter the tor
network -- against your service and you're using your own relays as
entry nodes, the damage they can do will be limited to DoS (Denial of
Service) if your relays are not linkable to your identity. However, if
you're entering the tor network with bridge nodes, an attacker will
probably say "WTF?" at first unless they determine they've found a
bridge node. Bridge nodes don't use nearly as much bandwidth as relays
because there is not a public list of them, so an intelligence agency
would have less traffic to sift through, which makes correlation easier.
On the other hand, using bridge nodes also allows you to run obfsproxy
[4] on both the bridges and your hidden service. obfsproxy allows you to
make tor traffic appear to be another type of traffic, which is a good
defense against non-Five Eyes entities. For example, your hosting
provider may decide to monitor for tor traffic for their own reasons.
Just make sure your relays/bridges aren't linkable to you or to each other.
 
One last thing about guard node discovery attacks: The Naval Research
Lab published a paper in July 2014 about the "Sniper Attack," [5] which
in short works like this: The attacker discovers your guard nodes, then
uses an amplified DoS trick to exhaust the memory on all of your nodes.
The attacker keeps doing this until your hidden service uses guard nodes
that they control. Then it's game over. If your hidden service's entry
nodes are all specified in your torrc file and they get DoSed, your
service will go offline. In this situation, if all of your relays are
down, you essentially have an early warning canary that you're being
targeted. In other words: This is the best possible time to book your
one-way ticket to your chosen non-extradition country. For those of you
with a background in writing exploits, this is similar in principle to
how stack smashing protection will render some exploits either unable to
function or will turn them into a DoS. Personally, I recommend an
ever-changing list of relays or bridges. Add a few new ones at a
pre-determined interval, and gradually let old ones go unpaid.
 
3. Operational Security
 
This section is critical, especially when things start to break down. If
everything else goes bad, following this section closely or not could be
the difference between freedom and imprisonment.
 
This is important enough to re-state: Transparently proxy your tor
computer. This is a good first line of defense, but it is far from the
only way to protect yourself.
 
Do not contaminate your regular identity with your Onion Land identity.
You're an aspiring drug kingpin. Go out and pay cash for another
computer. It doesn't have to be the best or most expensive, but it needs
to be able to run Linux. For additional safety, don't lord over your new
onion empire from your mother's basement, or any location normally
associated with you. Leave your phone behind when you head out to manage
your enterprise so you aren't tracked by cell towers. Last but not least
for this paragraph, don't talk about the same subjects across identities
and take counter-measures to alter your writing style.
 
Don't log any communications, ever. If you get busted and have logs of
conversations, the feds will use them to bust other people. Logs are for
undercover cops and informants, and have no legitimate use for someone
in your position. Keep it in your head or don't keep it at all.
 
At some point, your enterprise is going to have to take on employees.
Pulling a DPR move and demanding to see ID from high-volume sellers and
employees will just make most people think you're a fed, which will
leave your potential hiring pool full of dumbasses who haven't even
tried to think any of this out. It will also make it easier for the feds
to arrest your employees after they get done arresting you. If your
enterprise is criminal in nature -- whether you're selling illegal goods
and services or you're in a repressive country that likes to re-educate
and/or kill dissidents -- an excellent way of flushing out cops is to
force them to get their hands not just dirty, but filthy, as quickly as
possible. Don't give them time to get authorization to commit a crime
spree. If there's a significant amount of time between when they're
given crimes to commit and the commission of those crimes, you need to
assume you've got an undercover cop on your hands and disengage. If they
commit the crime(s) more or less instantly, you should be fine unless
you've got the next Master Splynter on your trail. [6]
 
Disinformation is critical to your continued freedom. Give barium meat
tests to your contacts liberally. [7] It doesn't matter if they realize
they're being tested. Make sure that if you're caught making small talk,
you inject false details about yourself and your life. You don't want to
be like Ernest Lehmitz, a German spy during World War II who sent
otherwise boring letters about himself containing hidden writing about
ship movements. He got caught because the non-secret portion of his
letters gave up various minor personal details the FBI correlated and
used to find him after intercepting just 12 letters. Spreading
disinformation about yourself takes time, but after a while the tapestry
of deceptions will practically weave itself.
 
Ensure that your communications and data are encrypted in transit and at
rest whenever applicable. This means PGP for e-mail and OTR for instant
messaging conversations. If you have to give data to someone, encrypt it
first. For the tor-only box you use for interacting with your hidden
service, full disk encryption is required. Make a password that's as
long and complex as you can remember ("chippy1337" is not an example of
a good password). Last but not least, when you're done using your
dedicated tor computer, boot into memtest86+. Memtest86+ is a tool for
checking RAM for errors, but in order to do that it has to write into
each address. Doing so essentially erases the contents of the RAM.
Turning your computer off isn't good enough. [8] If you're planning to
use TAILS, it will scrub the RAM for you automatically when you shut
down. Once your RAM is clean, remove the power cord and any batteries if
you're feeling extra paranoid. The chips will eventually lose any
information that is still stored in them, which includes your key. The
feds can do a pre-dawn raid if they want, but if you follow this step
and refuse to disclose your password, you'll make James Comey cry like a
small child.
 
Use fake info when signing up for hosting services. Obfuscate the money
trail as much as possible and supply fake billing info. I prefer
registering as criminals who are on the run, high government officials,
or people I dislike. If your box gets seized and your hosting company
coughs up the info, or if a hacking group steals your provider's
customer database (It happens more often than you'd think), your hosting
information needs to lead to a dead end. All signs in Operation Onymous
point to operators being IDed because they used real info to register
for hosting service and then their box got decloaked.
 
Speaking of money, you're going to have to figure out how to launder
your newfound assets, and we're not talking about using a couple bitcoin
laundering services and calling it a day. You also shouldn't go out and
buy a Tesla. Living beyond your means is a key red flag that triggers
financial and fraud investigations. Remember, money is just another
attack vector. Washing ill-gotten gains is a time-honored drug business
tradition and one that you would be a fool not to engage in. You can
only use your hard-won profits to send shitexpress.com packages to
people you don't like so many times.
 
Take-away: If you rely only on tor to protect yourself, you're going to
get owned and people like me are going to laugh at you. Remember that
someone out there is always watching, and know when to walk away. Do try
to stay safe while breaking the law. In the words of Sam Spade, "Success
to crime!"
 
 
 
Sources:
[1] https://lists.torproject.org/cgi-bin/mailman/listinfo
[2] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
[3] https://www.torproject.org/docs/bridges
[4] https://www.torproject.org/projects/obfsproxy.html.en
[5]
http://www.nrl.navy.mil/itd/chacs/biblio/sniper-attack-anonymously-deanonymizing-and-disabling-tor-network
[6] http://www.pcworld.com/article/158005/article.html
[7] https://en.wikipedia.org/w/index.php?title=Canary_trap&oldid=624932671
[8]
https://freedom-to-tinker.com/blog/felten/new-research-result-cold-boot-attacks-disk-encryption/

 No.13529

darknet markets are based. always ordered drugs to my home address with real name (much less sus than using a fake name or trying to use a drop). heavy opsec only needed if you're a dealer imo.

 No.13769

is brainmagic still trustworthy

 No.13770

>>13529
Yeah, they are mostly hunting down server locations and sellers

 No.14598

What are the better markets ATM? Versus seems pretty decent on first glance since they use multisig

 No.14606

>>14598
versus is legit

 No.17261

>>13109
Wtf dude? A pound every month? that would make me so paranoid. How do you find that many customers though? I'd assume people there use speed and not just meth unless allah forbid you are using that all yourself.
t. neurotic aspiring dealer

 No.17687

File: 1668681527391-1.png (35.07 KB, 621x108, cryptomoments.png)

File: 1668681527391-2.png (170.24 KB, 609x394, bruh.png)

How many rabbit holes behind the fiasco are there???

 No.17691

what shit y'all niigas into?

 No.17692


 No.17693


 No.17695

File: 1668745417125.png (Spoiler Image, 1.22 MB, 782x544, it don't end.png)

>>17687
kek
There's more, even.

 No.17703


 No.17704

Why was this thread bumped after a month just to post about a completely unrelated thing?

 No.17750

man I want to do this, but am spooked about getting booked. I know feds usually only go for dealers but knowing my luck I may get fucked instead. Plus I live with my parents and don't wanna get them fucked either. I'll have to try this when I move out


Unique IPs: 15

[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / hobby / tech / edu / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / git ] [ GET / ref / marx / booru / zine ]