Return

[Theory] Secure Darknet Site Operation

1 Name: Anonymous 2017-11-27 23:13
Suppose you want to be a druglord\child-predator\freedom-fighter but you're too much of a nerd to go outside, and you're deathly afraid or big black jail-penis. You're going to run a server and expose it though Tor\I2P. Let's start by listing a few of the security problems and discuss how to overcome them:
1 - Timing correlation attacks: Mossad is watching your internet access and accesses your site repeatedly at random times and request assets of different sizes. They then watch which nodes on the internet have traffic which correlates with the data that they recieve back. Over time, the pool of people who are potentially you gets smaller and smaller until *BOOM*, they kick in your door and shoot you in the head.
2 - Your hosting provider: you either operate the physical servers and pay for internet access or you host them somewhere else. Either way, you're involving a third party that could spy on you like the good shabbos that they are and rat you out.
3 - Shitty software: That PHP4 script you download from the geocities archive to display the animated gif webcounter might just have a vulnerability that could allow arbitrary code execution on the server, which could ping www.nsa.com. Or it could inject a browser exploit to fuck all your users and potentially yourself.
4 - Blockchain analysis: If you're taking payments in cryptocurrency, misconfiguration or software vulnerabilities or whatever could leave a permanent record of your misdeeds on the blockchain. Or even in the logs of nodes that you used to access the blockchain. Related to this is getting your money into cash so that you can pay rent, but that's more of a money laundering problem outside of the scope of this thread.
5 - Stupidity: Losing\leaking PGP keys, asking how to hello-world on stack overflow under your real name with the email address you use as admin on your site, using unique phrases in things you write under your secret identity that can be used to identify you a la the Unibomber.
2 Name: Anonymous 2017-11-28 04:42
Get access to someone else's connection and host it secretly. That solves a few of the stated issues provided you can do it safe n secret.
3 Name: Anonymous 2017-11-28 08:40
And use Window's remote desktop function on a computer somewhere other than you are to access the secret server. And put motion-activated cameras there too so you know if police bust through.
4 Name: Anonymous 2017-11-28 20:23
I've always wondered how big time online drug dealers and market owners laundered their bitcoin. You could swap it for monero, run it through a couple of wallets and then swap it back to btc after a few days. That would be a huge hassle though. A better idea is to set up a gas station and swap the btc for amazon coupons which you use to buy soft drinks and other gas station snacks to sell at your station for cash.
5 Name: Anonymous 2017-11-29 02:03
Combine cloud technology with a botnet. Select 10% of the nodes at any time to be part of the OnionBalance setup. Have instructions and changes propagate through the botnet so that you will look like any regular bot to outside observers.
6 Name: Anonymous 2017-11-29 09:01
>>4
I think most just use exchanges that allow money laundering like btc-e.com (now wex.nz since the domain got seized), then transfer USD or whatever currency to perfectmoney.is and transfer it out however they want, possibly in the form of prepaid visa cards
7 Name: Anonymous 2017-12-11 16:42
>>4
Wouldn't they just use a bitcoin tumbler/mixing service?
8 Name: Anonymous 2017-12-12 00:49
>>7
There's no such thing. Bitcoin is designed so every transaction on the chain can be traced. It takes a little longer the more you tumble, but that doesn't stop the tax and law men. Transaction fees are also massive these days, so it is easy to tumble away all of your profit.
9 Name: Anonymous 2017-12-12 01:02
haven't read anything in this thread just wanted to drop a wew lad and leave!
10 Name: Anonymous 2017-12-13 06:01
>>1
there are a few others, when your server is up or down also leaks information, if your server goes down at the same time that <obscure hosting company> has an outage, then it's easy to pinpoint your location if anyone is watching

the other is where you set up a bunch of fake relays and wait for the inevitable chance that your relays get chosen for a complete circuit (this is harder with entry guards as they don't change often), you have a (m/N)^2 chance of correlating traffic if you control m out of N nodes on the network
11 Name: Anonymous 2017-12-14 02:54
>>9
Sounds grim.

Return
Name:
Leave this field blank: