What happens when someone creates a decentralized darknet marketplace that transacts using zero knowledge proofs? This is such a waste of resources. Just make all drugs legal and regulate them like anything else. How many times have I bought weed off a dealer in the last two years? The answer is zero, because I purchase my weed legally from a reputable company that follows all applicable regulations.
I've actually run into issues with drug laws from a side I never even thought about: prescription medication. I have asthma, but I don't have health insurance. Asthma inhalers in my country require a prescription.
I know what inhaler I need and I know how to use it, but I cannot legally purchase it. I have to go make a doctor's appointment, pay them a bunch of money so they can write a note that permits me to buy that inhaler. It's a lot of hassle and some cost. The end result is that I just don't have an inhaler. If I get difficulty with breathing I'll just drink coffee and wait until it goes away. Without prescriptions being required for something like this (eg more relaxed drug laws), I wouldn't have this issue.
These reasons are why these busts have to get more elaborate and have to be a precision strike all at once, because the governments know that they get one chance before the industry hardens itself in reaction.
The best practices are completely known, people just have no pressure to implement them until external pressure reveals itself.
Right now the user experiences suck for more secure things. Monero multisignature is hardly refined, so it cannot replace centralized escrow just yet, but now people might prioritize developing it. For example. This is antifragility in play, and a war of attrition for the state: the costs to make the busts get higher and the take gets smaller.
I think decriminalization and treatment programs are the answer. I don't think allowing direct sales of things like fentanyl, meth, and coke are the answer though. Perhaps treatment programs can provide safe product to addicts, but picking it up causally at a local dispensary seems a bit much. They're just not on the same level as weed.
It's extremely unsettling that my tax dollars go to waste like this to essentially ruin someone's life. The people now have records and all the unnecessary paperwork to go along with it.
The furthest I would be willing to compromise with this regime (won't call them a proper government) is to allow them to tax our substances. It's better than what they are getting as it is, because all they are doing right now is locking poor, innocent people up.
Prohibition and criminalization of mere substances never has, and will never work for us. Everyone I know who wishes to take drugs does so without as much as a single thought to the law.
In my state, weed dealers can offer a better experience than a retail shop because of too much regulation. The black market still thrives and quality/trust is not an issue. There is a balance somewhere, legalization with over regulation isn't quite the right answer.
Its unclear from the article, but it sounds like what happened is they seized some servers that had address info of some drug dealers.
Zero knowledge proofs aren't really relavent. If the market works in such a way it needs the address, zkp's wont change that. If its just a middle man, then old fashioned public key crypto would have been sufficient. (If the site was taken over for an active attack, then MITM is a possibility, but there are things you can do to make that detectable if you have out of band communications)
This is a decentralized market? Drug markets have a lot of links. The feds likely found a way to uncover one node and followed that thread.
I wouldn't assume that the "darknet" itself was compromised. There are still lots of bad targets out there which have long been in operation. The cops found another way to get inside the network.
Maybe not all drugs. Don’t throw the baby out with the bathwater here. There are very dangerous drugs that can cause addiction such that people will kill for more (and can never get enough).
That said, wiping away weed, peyote, and LSD from the list of criminal substances should make the DEA’s job much more realistic.
The regulations on anything that’s so addictive it’s debilitating would probably be to make it illegal. I realize it’s not the case for all drugs, but a lot of them fall under that umbrella.
> Just make all drugs legal and regulate them like anything else.
When those regulations are broken, should we just decriminalize that? I bring this up because "enforcement is a waste of resources," consistently applied, quickly approaches anarchy. We need other reasons for deciding whether a behavior should be criminal.
The money they claim 6M for 200 arrests is a pretty darn low dollar per person claim - this is a really weak bust in my opinion, and I assume a lot of those arrests are really unlucky people who happened to slip into this net, but not cybercriminal masterminds, or drug lords.
Let's celebrate when we catch the people who produce the shit, or even better, legalize as much of it as we can and establish social programs to help with awareness and recovery.
Keep your eye on the Sackler/Purdue Pharma case [1].
Purdue steered over $13B directly to the Sackler family by aggressively marketing opiates, misinforming doctors and the public about their dangers, and giving medical software companies kickbacks to push more addictive long-release versions of their opiates to doctors.
One company, Allscripts, was able to pay $145M to resolve criminal and civil kickback allegations [2].
They directly killed over 400,000 people between 1999 and 2017 and indirectly killed many more/caused unimaginable human suffering.
The family is proposing to pay $3B over 7 years and an additional $1.5B by selling off another company they own.
This is the real opiate crisis jackpot and the high-scale, high-powered, industrialized version of the crimes that are happening on the dark web.
I'm sure there are more large companies and high powered individuals involved and agree that the 200 arrests/$6M is an infinitely tiny drop in the bucket, but it's way easier to prove and stick than the larger operations.
Kinda feel catching a ton of distributors is a good deterrent form becoming one. Most are not thinking of this as a business tho, but as a form of some sort of liberation and are junkies themselves.
Do any of these darknet markets or services operators ever successfully "exit" to enjoy their ill-gotten spoils in retirement?
Seems like they always get nailed in the end. Even the operator of Grams (darknet market search engine)and Helix (Bitcoin tumbler) who shut down his services in 2017 got arrested just this year. Seems like the heyday of Darknet markets was 5+ years ago and since then law enforcement started to win in a big way.
Who got away? Maybe the operators of Agora? Who else?
The cat is out of the bag. Sure a few close every year, but new ones start up. The risk is less than distributing anything on the streets, or dealing with anything physical.
Now they got 180 vendors by looking at data from last year, and probably by finding them at active markets and ordering from them and trying to backtrace mail, cross-reference the listings (someone got busted via a high res image that enabled law enforcement to acquire a fingerprint - and that was in the system).
But no news about any market shutdown.
And it probably takes a lot of work. The article claims that law enforcement got very good at this, but there's hardly any data to back this up.
You actually believe these FBI/DOJ notices that you can't hide? lol someone promote that public relations agent to a GS-15!
Darknet markets are bigger than ever, more hardened than ever, the investigations and busts are more expensive than ever and the results are smaller than ever.
This operation got a win because the server was seized and accessed. That part isn't supposed to happen.
Further hardening is that messages shouldn't be on the server. Everyone on Tor says use OTR on Jabber, EVERYONE.
On top of that, funds shouldn't be stored on the marketplaces, marketplace centralized escrow is still prevalent but multisignature is what should be used. (transaction is revertible by customer and merchant in the event that the escrow agent is incapacitated, customer and merchant can form a transaction again with the same funds elsewhere, or not, either way the state gets nothing whether they seized the server or seized the marketplace's wallets)
Next, bitcoin should be less used and Monero should become more used.
Monero with multisignature should become more used on top of that, which is not something I would consider "production ready" but following busts like this people might just prioritize developing it better.
There are a couple of inconvenient marketplaces that do all of the above. The user experience just has to improve.
After a certain level of abstraction the liability will shift away from the marketplace operators, or they'll evolve into completely unmanned autonomous organizations, in both cases they will both evolve into places where we really won't know where earnings go.
I've always wondered, why do these software engineers take such risks building and setting up these illegal marketplaces? I mean, are you really going to make that much more than you would as a regular software engineer at a company?
Most definitely a lot more than a regular software engineer. Alexandre Cazes was estimated to have a net worth of at least USD 23 mil, and that's a conservative estimate. This would all be in cryptocurrencies of course and you would have to find a way to money launder these assets.
Another thing to consider is that many of these guys live in countries with cost of living much cheaper than USA (not even talking about Bay Area), Cazes himself was living in Thailand.
It's very lucrative and the competition is pretty inept so expectations are low. You can retire to thailand off the residuals. If you're a 20 year old who isn't looking forward to decades of corporate work that might not sound bad.
I think it probably comes down to a combination of Ego and/or Thrill. They think they are too smart to get caught and they get a thrill out of outsmarting people (until they're not).
Whenever I see this it makes me think that making money by breaking the law is like playing a video game on cheat mode. Nearly anybody can make money illegally, but the consequences don't usually outweigh the benefits. So, it's almost pointless. The game that is much more gratifying is making lots of money by playing the game on hard mode.
>>> I mean, are you really going to make that much more than you would as a regular software engineer at a company?
Hell yeah.
I mean, what companies could they possibly work for? Google? Accenture?
These only have offices in a handful of cities across the planet. You have zero job prospects as a software engineer as a person living in countryside Asia or Latin America or even Europe outside of metro areas. You might as well try to build your own web business.
Not everyone focuses solely on cash in life, and for some the thought of becoming a 'regular software engineer at a company' might be existentially boring.
I blame ageism in Tech. Where else should we go except jumping the Ättestupa[1][2] /s :-)
I guess everyone is different, but if you read the story behind Paul LeRoux[3] there is a lot more to becoming a criminal (including personal hardship and a pre-existing proneness for Denning Kruger - which seems more rampant in our field than anywhere else). And like learning vi / emacs it's actually really hard, so once you get very good in this it's hard to stop
(I'm trying too hard to be funny and understand my analogy sounds ludicrous but there are psychological concepts at work which connect difficulty/struggle of a task with whether we can identify with what we are doing and if it fulfills us. Ofc there is also that who else would do this kind of work if not a software/security engineer.)
I think you answered your own question as I am pretty sure they really do get paid that much more. The same thinking goes into starting a business or becoming self-employed. The people I have met doing those for longer than a year seem to make more than the people working full time jobs.
It’s hilarious how small these busts are. 179 people, 500 kg of drugs, $6.5 million of cash/crypto? $6.5 million probably doesn’t build the entryway to the “Sackler gallery.”
I sometimes enjoy taking psychedelics in a safe environment with good people and darknets are invaluable for sourcing them. I simply don't have enough contacts to be able to source them otherwise. I'm a tax paying and responsible citizen who knows how to use tor + tails + monero...and dang it...I'm going to. I have the right to control my consciousness as long as I don't harm others. If you are interested, start by searching for Dread in duckduckgo on the tor browser. Be careful. Measure 10x, cut once.
Two of the biggest dark web criminals are serving a combined 16 1/2 years in federal prison. One is a former Secret Service agent and the other is a former DEA agent.
I assume there's at least something interesting in there about how they actually did the disruption. It'll be interesting to see the technical details once they come out.
Maybe a "How we disrupted tor during Operation DisrupTor" talk at defcon next year :-)
Here are two metrics that law enforcement might use to measure their “war on drugs”:
1. The total amount of drugs imported into or produced within the country. This measures the problems related to addiction.
2. The total number of drug dealers in the country. This is a measure of social problems related to gangs/violence etc.
The dark web changes the game because the D2C model competes against gangs and offers law enforcement an easy choke point on producers and importers. We should be careful not to send the market back to the streets.
Personally I’d rather live in a society without drugs. Right now it is not legal to use drugs, nor is it legal to exclude drug users.
[+] [-] intotheabyss|5 years ago|reply
[+] [-] Aerroon|5 years ago|reply
I know what inhaler I need and I know how to use it, but I cannot legally purchase it. I have to go make a doctor's appointment, pay them a bunch of money so they can write a note that permits me to buy that inhaler. It's a lot of hassle and some cost. The end result is that I just don't have an inhaler. If I get difficulty with breathing I'll just drink coffee and wait until it goes away. Without prescriptions being required for something like this (eg more relaxed drug laws), I wouldn't have this issue.
[+] [-] vmception|5 years ago|reply
The best practices are completely known, people just have no pressure to implement them until external pressure reveals itself.
Right now the user experiences suck for more secure things. Monero multisignature is hardly refined, so it cannot replace centralized escrow just yet, but now people might prioritize developing it. For example. This is antifragility in play, and a war of attrition for the state: the costs to make the busts get higher and the take gets smaller.
[+] [-] Klinky|5 years ago|reply
[+] [-] metadatabad|5 years ago|reply
The furthest I would be willing to compromise with this regime (won't call them a proper government) is to allow them to tax our substances. It's better than what they are getting as it is, because all they are doing right now is locking poor, innocent people up.
Prohibition and criminalization of mere substances never has, and will never work for us. Everyone I know who wishes to take drugs does so without as much as a single thought to the law.
[+] [-] annoyingnoob|5 years ago|reply
[+] [-] onion2k|5 years ago|reply
It's a very profitable waste of resources.
[+] [-] UrSuchAGenius|5 years ago|reply
Everybody knows that, what you don't realize is that drugs are the perfect excuse for many things.
[+] [-] akvadrako|5 years ago|reply
You still need a market for reputation; how do you trust a vendor? How do you know decentralized reviews are not fake?
[+] [-] bawolff|5 years ago|reply
Zero knowledge proofs aren't really relavent. If the market works in such a way it needs the address, zkp's wont change that. If its just a middle man, then old fashioned public key crypto would have been sufficient. (If the site was taken over for an active attack, then MITM is a possibility, but there are things you can do to make that detectable if you have out of band communications)
[+] [-] cortesoft|5 years ago|reply
[+] [-] gexla|5 years ago|reply
I wouldn't assume that the "darknet" itself was compromised. There are still lots of bad targets out there which have long been in operation. The cops found another way to get inside the network.
[+] [-] jimbob45|5 years ago|reply
Maybe not all drugs. Don’t throw the baby out with the bathwater here. There are very dangerous drugs that can cause addiction such that people will kill for more (and can never get enough).
That said, wiping away weed, peyote, and LSD from the list of criminal substances should make the DEA’s job much more realistic.
[+] [-] brightball|5 years ago|reply
[+] [-] ARandomerDude|5 years ago|reply
When those regulations are broken, should we just decriminalize that? I bring this up because "enforcement is a waste of resources," consistently applied, quickly approaches anarchy. We need other reasons for deciding whether a behavior should be criminal.
[+] [-] HashingtheCode|5 years ago|reply
[+] [-] codezero|5 years ago|reply
Let's celebrate when we catch the people who produce the shit, or even better, legalize as much of it as we can and establish social programs to help with awareness and recovery.
[+] [-] roymurdock|5 years ago|reply
Purdue steered over $13B directly to the Sackler family by aggressively marketing opiates, misinforming doctors and the public about their dangers, and giving medical software companies kickbacks to push more addictive long-release versions of their opiates to doctors.
One company, Allscripts, was able to pay $145M to resolve criminal and civil kickback allegations [2].
They directly killed over 400,000 people between 1999 and 2017 and indirectly killed many more/caused unimaginable human suffering.
The family is proposing to pay $3B over 7 years and an additional $1.5B by selling off another company they own.
This is the real opiate crisis jackpot and the high-scale, high-powered, industrialized version of the crimes that are happening on the dark web.
I'm sure there are more large companies and high powered individuals involved and agree that the 200 arrests/$6M is an infinitely tiny drop in the bucket, but it's way easier to prove and stick than the larger operations.
[1] https://www.reuters.com/article/us-purdue-pharma-bankruptcy-...
[1] https://www.reuters.com/article/us-purdue-pharma-investigati...
[+] [-] dzhiurgis|5 years ago|reply
[+] [-] msikora|5 years ago|reply
Seems like they always get nailed in the end. Even the operator of Grams (darknet market search engine)and Helix (Bitcoin tumbler) who shut down his services in 2017 got arrested just this year. Seems like the heyday of Darknet markets was 5+ years ago and since then law enforcement started to win in a big way.
Who got away? Maybe the operators of Agora? Who else?
[+] [-] pas|5 years ago|reply
Now they got 180 vendors by looking at data from last year, and probably by finding them at active markets and ordering from them and trying to backtrace mail, cross-reference the listings (someone got busted via a high res image that enabled law enforcement to acquire a fingerprint - and that was in the system).
But no news about any market shutdown.
And it probably takes a lot of work. The article claims that law enforcement got very good at this, but there's hardly any data to back this up.
[+] [-] NicolasGorden|5 years ago|reply
We see the successful legal businesses without seeing those that failed.
We see the failed drug dealers without seeing those that succeeded.
[+] [-] vmception|5 years ago|reply
Darknet markets are bigger than ever, more hardened than ever, the investigations and busts are more expensive than ever and the results are smaller than ever.
This operation got a win because the server was seized and accessed. That part isn't supposed to happen.
Further hardening is that messages shouldn't be on the server. Everyone on Tor says use OTR on Jabber, EVERYONE.
On top of that, funds shouldn't be stored on the marketplaces, marketplace centralized escrow is still prevalent but multisignature is what should be used. (transaction is revertible by customer and merchant in the event that the escrow agent is incapacitated, customer and merchant can form a transaction again with the same funds elsewhere, or not, either way the state gets nothing whether they seized the server or seized the marketplace's wallets)
Next, bitcoin should be less used and Monero should become more used.
Monero with multisignature should become more used on top of that, which is not something I would consider "production ready" but following busts like this people might just prioritize developing it better.
There are a couple of inconvenient marketplaces that do all of the above. The user experience just has to improve.
After a certain level of abstraction the liability will shift away from the marketplace operators, or they'll evolve into completely unmanned autonomous organizations, in both cases they will both evolve into places where we really won't know where earnings go.
[+] [-] aty268|5 years ago|reply
[+] [-] msikora|5 years ago|reply
[+] [-] colinmhayes|5 years ago|reply
[+] [-] redisman|5 years ago|reply
[+] [-] bonestamp2|5 years ago|reply
Whenever I see this it makes me think that making money by breaking the law is like playing a video game on cheat mode. Nearly anybody can make money illegally, but the consequences don't usually outweigh the benefits. So, it's almost pointless. The game that is much more gratifying is making lots of money by playing the game on hard mode.
[+] [-] mkoryak|5 years ago|reply
If you want to break the law and you happen to be a SWE, I don't think it makes much difference.
[+] [-] user5994461|5 years ago|reply
Hell yeah.
I mean, what companies could they possibly work for? Google? Accenture?
These only have offices in a handful of cities across the planet. You have zero job prospects as a software engineer as a person living in countryside Asia or Latin America or even Europe outside of metro areas. You might as well try to build your own web business.
[+] [-] detritus|5 years ago|reply
[+] [-] DyslexicAtheist|5 years ago|reply
I blame ageism in Tech. Where else should we go except jumping the Ättestupa[1][2] /s :-)
I guess everyone is different, but if you read the story behind Paul LeRoux[3] there is a lot more to becoming a criminal (including personal hardship and a pre-existing proneness for Denning Kruger - which seems more rampant in our field than anywhere else). And like learning vi / emacs it's actually really hard, so once you get very good in this it's hard to stop
(I'm trying too hard to be funny and understand my analogy sounds ludicrous but there are psychological concepts at work which connect difficulty/struggle of a task with whether we can identify with what we are doing and if it fulfills us. Ofc there is also that who else would do this kind of work if not a software/security engineer.)
[1] https://www.youtube.com/watch?v=DwD7f5ZWhAk
[2] https://en.wikipedia.org/wiki/%C3%84ttestupa
[3] https://magazine.atavist.com/the-mastermind
[+] [-] birdyrooster|5 years ago|reply
[+] [-] tester34|5 years ago|reply
[+] [-] vmception|5 years ago|reply
[+] [-] lobster45|5 years ago|reply
[+] [-] duxup|5 years ago|reply
[+] [-] ponker|5 years ago|reply
[+] [-] froawayyes|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] jeremiahlee|5 years ago|reply
[+] [-] silveraxe93|5 years ago|reply
I don't think the FBI would ever say that without cracking encryption they'd catch no criminals. Only that many who don't get caught today _would_ be.
[+] [-] seebetter|5 years ago|reply
[+] [-] blakesterz|5 years ago|reply
The docs are here:
https://www.justice.gov/opa/documents-related-september-22-2...
I assume there's at least something interesting in there about how they actually did the disruption. It'll be interesting to see the technical details once they come out.
Maybe a "How we disrupted tor during Operation DisrupTor" talk at defcon next year :-)
[+] [-] CPLX|5 years ago|reply
[+] [-] jl2718|5 years ago|reply
1. The total amount of drugs imported into or produced within the country. This measures the problems related to addiction.
2. The total number of drug dealers in the country. This is a measure of social problems related to gangs/violence etc.
The dark web changes the game because the D2C model competes against gangs and offers law enforcement an easy choke point on producers and importers. We should be careful not to send the market back to the streets.
Personally I’d rather live in a society without drugs. Right now it is not legal to use drugs, nor is it legal to exclude drug users.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] ur-whale|5 years ago|reply
[+] [-] worldmerge|5 years ago|reply
[+] [-] torified|5 years ago|reply