Listen Music during reading my blog

Wednesday, February 19, 2014

Friday, February 14, 2014

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Update: The amount of BTC that was stolen was calculated by Nicholas Weaver @NCWeaver – Computer Security Researcher, to be around:  4474.266369160003BTC that are with the value of about $2.7 Million.

It was just announced in a post by Defcon the Silk Road administrator (this post will be updated as soon as we get more info) -
Yes, what seemed to be an imaginary situation until not long ago, just became true, the silk road2  – the site who counted to be the security fortress of the deep web just has been hacked with its bitcoin stolen.  as he announced on the sites forums,  we pasted his post here:
Link to the original thread on Silk Road 2 Forums:  http://silkroad5v7dywlc.onion/index.php?topic=25091.msg491029#msg491029
=====Start Quote====
I am sweating as I write this.
Christmas brought grave news. I cannot adequately express how deeply honored I was by your unconditional support of my staff.
I do not expect the same reaction to today’s revelations. This movement is built on integrity, and I feel obligated to be forthright with you.
I held myself to a high standard as your leader, yet now I must utter words all too familiar to this scarred community:
We have been hacked.
Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.
Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.
This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.
In retrospect this was incredibly foolish, and I take full responsibility for this decision.
I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.
I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice. More details will emerge as we continue to investigate.
Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward.
It takes the integrity of all of us to push this movement forward. Whoever you are, you still have a chance to act in the interest of helping this community. Keep a percentage, return the rest. Don’t walk away with your fellow freedom fighters’ coins. DPR2 returned the cold storage. I didn’t run with the gold. But two people alone cannot move us forward. It takes an entire community committing to integrity – and though this crushing blow will not stop us, it sure is a testament to how greedy some bastards truly are.
Being a part of this movement might be the most defining thing you do with your entire life.
Don’t trade that for greed, comrades.
I will fight here by your side, even the greedy bastards amongst us.
This community has suffered great financial loss over and over again, and I am devastated that it has happened again under my watch.
Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.
The only way to reverse a community’s greed is through generosity. Our true character is revealed during trying times.
If this financial hardship places you at risk of physical harm, contact me directly and I will do my best to help you with my remaining personal funds.
Now what.
Never again store your escrow bitcoins on a server.
Silk Road will never again be a centralized escrow storage.
This week has shown the collateral damage we can cause by being a huge target and failing in just one unforeseen area.
I am now fully convinced that no hosted escrow service is safe.
If I cannot trust myself to keep a hosted escrow solution safe, I cannot trust anyone.
Multi-signature transactions are the only way this community will be protected long-term.
I am aggressively tasking our devs on building out multi-sig support for commonly-used bitcoin clients. Expect a generous bounty if you have the skill to implement this.
Until then.
1. We will never again allow ourselves to be a single point of failure. We will never again host your Escrow wallets.
2. Vendor registration is closed while we regroup.
3. All listings on Silk Road are now No-Escrow (Finalize-Early) for 1-2 months while we implement multi-signature transactions and lobby for mainstream Bitcoin client multi-sig support.
4. All unshipped orders have been cancelled.
5. Vendors may link to other marketplaces on a trail basis until we launch multi-sig, then we will re-evaluate based on community input. We do not want to be a centralized point of failure, but we also do not want to lead our buyers into dangerous waters.
6. From this point forward DO NOT trust markets with centralized escrow. Use multi-signature transactions whenever possible, with trusted third parties as escrow providers.
Everything will be offline for 24-48 hours to minimize variables as we continue to investigate. The evidence we have below will be expanded based on our findings.
- ——————
No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize.
We are relieved that our security procedures protected user identities, and that no servers were compromised. This was not a worst-case scenario: nobody will be getting arrested from this. Financial loss is terrible, but will not put all of us behind bars.
The details we have on the hacker are below. Stop at nothing to bring this person to your own definition of justice.
Humbled and furious,
Defcon
- ——————
# Attacker Intel as of 2014-02-13 18:00:00 UTC
We normally do not doxx anyone, and hold user information sacred. But this is an extreme situation affecting our entire community, and all three users who have exploited this vulnerability are very much at risk until they approach us directly to assist with any information.
Do not reveal any details of the attack. This will jeopardize your reward. Contact us directly.
If anyone has purchased or sold to these usernames, expect generous bounties for any information you can contribute which leads to identification.
# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:
narco93
ketama
riccola
germancoke
napolicoke
smokinglife
Transactions listed at bottom of this file. Finding Attacker 1 is top priority.
# Attacker 2: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
LethalWeapon – Australia – “stumbled upon” large amount of BTC
# Attacker 3: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
mrkermit – Australia
# Theft Withdrawal Transactions and historical withdrawals by Attacker 1
address,txid_cleaned
{Here some big list of withdrawal addresses with the stolen bitcoins}
=====End Quote====
Aside from the endless marketplaces being hacked every day now, this is the most shocking event we have encountered – as Silk Road being the largest DarkNet market nowadays was probably holding the largest sum of money of them all – it is not yet clear how many Bitcoins were stolen exactly, but its almost certain that this is about to become the largest theft in the Deep Web history – bigger than the Sheep Marketplace Scam that had amount equal at the time to $40 million in bitcoins stolen by its admins.
This case only serves as ANOTHER, Very Painful lesson about – why on-site escrows are bad, and should not be used! only direct transaction or mulsig escrow like the one offered at themarketplace.i2p are the safe way to conduct business on these sites.
Is this the end of the centralized marketplaces?
We sure hope so!  as we posted here again and again, they are not safe, and will always end up being hacked or having the money stolen by their admins.
So who were the hackers?
Few hours before the announcement we at DeepDotWeb received a mail saying: “SilkRoad hacked, 150 BTC stolen, you heard it first from me” this was sent to us by a reddit user who claimed since yesterday he was going to hack SR and steal the sites money – we are trying to verify if this amount matches the amounts that were stolen by the “smaller” hackers that Defcon reported in his post, the others remain unknown.
The Silk Road moderators ranged from pleading or threatening the hackers:
stealth
To a complete shock:
tang To an Apology:
docclu
The users reaction was not much different obviously and ranged between shocked / angry / desperate or accusing the sites admins to the thief’s themselves:
IS ANYONE ELSE BUYINGGGG THIS? !!! WE ARE FIXING ESCROW  WE ARE FIXING VENDOR REFUNDS? WE ARE DOING ALL WE CAN
THIS SHEEP !!!! STYLE FUCKING BY OUR TRUSTED SR GUYS ,
ITS FUCKING PLAIN AND SIMPLE ESCROW SYSTEM WAS A SCAM SO EVERY COCKSUCKER WHO DIDNT FINALZE THE COINS STAYED IN THE BANK AND OPPS WE HAVE BEEN HACKED
!!! WE ARE FIXING THE VENNDOR REFUND ? YEAH RIGHT RIGHT ANOTHER PERFECT SCAM, MORE COIN IN THE BANK AND AT THE RIGHT TIME
AGAIN OOPSS WE HAVE BEEN HACKED \
DEFCON GO FUCK YOUR SELF , U GUYS HAVE NOT DOMNE NOTHING ABOUT THE ESCROW SYSTEM , U HAVE DONE NOTHIGN ABOUT VENDOR REFUND , ALL U GUYS DID IS LET THE FUCKING BANK  BUILD UP AND SORRY GUYS WE HAVE BEEN HACKED
EVERY DOG GETS THERE DAY AND I CANT WAIT TILL I SEE ONE OF U FALL
Some even tried to help in some way.
For us – the big question is “how much”? , we will keep following up on this and updating this post as we get new information – for now, you can check out other site on this list.

Get more info here: http://www.reddit.com/r/SilkRoad/comments/1xtv7z/sr_20_hacked_all_btc_gone/

Original thread here:  http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/

Wednesday, February 05, 2014

Alleged Silk Road creator indicted on 'kingpin' charges

 Ross Ulbricht, who allegedly went by "Dread Pirate Roberts" and operated the black market drug site, is charged with hacking, money laundering, narcotics trafficking, and operating a criminal enterprise.
 
 
 
(Credit: Silver Underground
 

The alleged operator of the online drug bazaar Silk Road, which was seized last October, has been indicted on four charges.
The US Attorney for the Southern District of New York Preet Bharara announced Tuesday that Ross Ulbricht, who allegedly went by the moniker "Dread Pirate Roberts," could now face a minimum of 30 years in prison and a possible maximum sentence of life in prison.
Ross Ulbricht allegedly operated the anonymous online drug marketplace Silk Road.
(Credit: Ross Ulbricht/LinkedIn) 
 
The charges against Ulbricht include counts of narcotics conspiracy, continuing criminal enterprise, conspiracy to commit computer hacking, and money laundering conspiracy. The "continuing criminal enterprise" charge, or "kingpin" charge, is especially serious because it's geared toward criminal organization leaders, such as mafia or drug cartel bosses, and comes with a minimum 20 years prison time. The Justice Department claims that Silk Road was used by more than 100,000 people to buy and sell illegal drugs, goods, and services since it started up in 2011. Allegedly, the site had roughly 13,000 drug listings under titles like "cannabis," "ecstasy," "opioids," "psychedelics," and "stimulants."
"Silk Road emerged as the most sophisticated and extensive criminal marketplace on the Internet, serving as a sprawling black-market bazaar where unlawful goods and services, including illegal drugs of virtually all varieties, were bought and sold regularly by the site's users," the Justice Department wrote in a statement. "While in operation, Silk Road was used by several thousand drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other unlawful goods and services to well over a hundred thousand buyers, and to launder hundreds of millions of dollars deriving from these unlawful transactions."
Ulbricht, 29, was arrested in San Francisco on October 1, 2013. He was the alleged mastermind behind Silk Road and was able to keep the site anonymous via the secure Tor browser. Purchases were typically made with the virtual currency Bitcoin and sales are said to have totaled more than $1 billion.
The Justice Department said that between November 2011 and September 2013 law enforcement agents conducted more than 100 undercover purchase of drugs from Silk Road vendors, including heroin, cocaine, ecstasy, and LSD. Since Ulbricht's arrest, authorities have also arrested a handful of other people allegedly involved with the site, including Ulbricht's alleged assistants, supposed vendors, and Bitcoin CEO Charlie Shrem. In the case of Shrem, authorities claim he was involved in a scheme to sell more than $1 million in Bitcoins for use on Silk Road.
While the FBI shuttered the Silk Road Web site in October, replacing it with a seizure notice, another black market drug site is said to have appeared in its place. Silk Road 2.0 reportedly opened for business last November -- the news was announced by Twitter user Dread Pirate Roberts, which is allegedly the same moniker as Ulbricht.

 http://news.cnet.com/8301-1023_3-57618370-93/alleged-silk-road-creator-indicted-on-kingpin-charges/

Tuesday, February 04, 2014

An Anonymous Site Called 'Utopia' Is Replacing Silk Road As The Web's One-Stop Shop For Guns, Drugs, And Fake Money

 UTOPIA adress (reqires TOR):  http://ggvow6fj3sehlm45.onion/

Silk Road is certainly the most famous place online to buy your less-than-legal materials — the site operates on the TOR network, which anonymizes its traffic, and conducts all transactions in Bitcoin, the equally anonymous digital currency.
The site became even more famous after the arrest of Ross Ulbricht, the alleged owner and operator, who was charged with facilitating drug deals.
Now a new marketplace is up and running. It's called Utopia, and it has Silk Road users intrigued.
Users report that the site loads much more quickly than Silk Road (perhaps a function of it being a newer site not yet discovered by the swarm). Additionally, the site doesn't have the same CAPTCHA login error that's been driving Silk Road users nuts.
There are few differences of substance here. It's still a place to buy stuff when you don't want the seller (or parents, teachers, and law enforcement) to know who you are. Time will tell if it grows enough for Silk Road to feel any sort of pinch, or for law enforcement to take an interest.
In the meantime, here is what you can see on the site.

Visit UTOPIA Market (reqires TOR):  http://ggvow6fj3sehlm45.onion/

Here's the main welcome page. Browse categories on the left or get shopping immediately with the items that appear.

Here's a look at the current listings for weed for sale.


This is a listing for an ounce of weed, going for ~$300.


You've also got your choice of some harder stuff. Here's some cocaine for sale (free shipping!).


Perhaps you don't want drugs at all. Here's a single-shot gun for sale.



Taking a closer look, we can see that this is, in fact, an untraceable 3D-printed gun.

You can score $100 in counterfeit twenties for ~$35.


The vendor even includes these helpful instructions on how to spend them safely.


Not into counterfeit money? How about fake identities?



There's an entire category for "chemicals."

 

This is a listing for three e-books on ATM hacking.


After you order some things, you can follow their progress here in your "orders" page.



 UTOPIA adress (reqires TOR):  http://ggvow6fj3sehlm45.onion/


Original thread here: http://www.businessinsider.com/utopia-anonymous-marketplace-2014-2?op=1