Feds Shut Down Tor-Using Narcotics Store

Fluffeh writes "Federal authorities have arrested eight men accused of distributing more than $1 million worth of LSD, ecstasy, and other narcotics with an online storefront called 'The Farmer's Market' that used the Tor anonymity service to mask their Internet addresses. Prosecutors said in a press release that the charges were the result of a two-year investigation led by agents of the Drug Enforcement Administration's Los Angeles field division. 'Operation Adam Bomb, ' as the investigation was dubbed, also involved law enforcement agents from several U.S. states and several countries, including Colombia, the Netherlands, and Scotland. The arrests come about a year after Gawker documented the existence of Silk Road, an online narcotics storefront that was available only to Tor users. The site sold LSD, Afghani hashish, tar heroin and other controlled substances and allowed customers to pay using the virtual currency known as Bitcoin."

Headline = Misleading

[alphax45]

Why does Slashdot even bother to hire and pay an editor? They clearly don't do anything. That headline is so misleading. They didn't shut down the entire Tor network, they shut down a store that was USING the Tor network. Fix it!

Re:Headline = Misleading

[SendBot]

AGREED - I was jarred by this headline, then followed it with a heavy groan when I realized what was actually meant.

Say what you mean, mean what you say...

Re:Headline = Misleading

[Fluffeh]

Sorry chaps, I wrote the headline when I submitted it, it was before I had a coffee this morning my time. The heading is ambiguous and I will endevour to make sure that my headlines are no more so in the future.

Re:Headline = Misleading

[sheehaje]

You should be ashamed... Because I really was wondering how using a narcotics store could shut down Tor.

Hyphen!

[Oxford_Comma_Lover]

This is what hyphens are for.

Re:Hyphen!

[K. S. Kyosuke]

This is what hyphens are for.

You mean they could have shut down Tor using hyphens?

Re:Hyphen!

[M. Baranczak]

You mean they could have shut down Tor using hyphens?

No. That particular vulnerability was fixed a long time ago.

Re:Hyphen!

[Fluffeh]

If it helps, it was brought up during the submission phase of the post:

http://slashdot.org/submission/2025187/feds-shut-down-tor-using-narcotics-store [slashdot.org].

That was a solid ten to twelve hours before it was posted, I had hoped that it might be fixed on posting. Now, please, lets move on from the poor hyphenation, and get back to the article at hand shall we? I am sure it has much more interest to the community at large compared to my poor grammar. The last reason I submitted this was to start a (at this time) thirty post thread on the ambiguity of how the headline can be read or misread.

Re:

[Fluffeh]

You must be new here...

No, not really. Of course, compared to your number I am new, but I did read the site for a good few years before I became interested in posting to the threads, let alone submitting stories.

Also: Your sig, I agree with it, but: "You know what the difference is between you and me? I make this look GOOD." - J

Re:

[omnichad]

The URL version of the headline has hyphens...unfortunately a few too many.

Re:Headline = Misleading

[AmiMoJo]

You have illustrated exactly why we have editors - so that a second pair of eyes can check your work, and hopefully one of you will have had your morning coffee.

Re:

[azalin]

It would have made some really interesting reading though. Not that I have any idea in what part of the TOR protocol the would be used as an attack vector.

Re:Headline = Misleading

[DahGhostfacedFiddlah]

It's obviously just a Case Of The Missing Hyphen. The headline should read "Tor-Using Narcotics Store".

Re:Headline = Misleading

[Anonymous Coward]

>> Tor-Using Narcotics Store

I tried Tor once. That shit will fuck you up. One hit and I was running around the parking lot naked, dueling with gnomes (or the Pasadena Police Dept, depending on what astral plane you were on at the time).

Re:Headline = Misleading

[drinkypoo]

Missing just one piece punctuation can ruin your whole day. Just think of how much you'd miss your colon. And on a more typical note, for the lack of one period... Anyway, you can't have hyphenation if you lose your hyphen.

Re:

[Alex Belits]

That's nothing, I have seen a C++ method with colon cancer. They had to transplant a colon from some namespace.

Re:

[Compaqt]

I hope your friend's OK. There's a chance of getting std's like that.

Re:Headline = Misleading

[mcmonkey]

Came here to complain about the missing hyphen and the misleading headline.

Since that job is taken, I'll just add LSD and ecstasy are not narcotics.

I didn't RTFA, but I'm guessing whatever was done, it wasn't done by the Feds.

Re:

[StikyPad]

The colloquial meaning of "narcotics" is different than the formal medical or legal definitions. You might as well argue about the definitions of "hacker," "gay," "the shit," "decimate," or any of the other various words that have different informal meanings or formal definitions that have changed as a result of such usage.

Re:Headline = Misleading

[StikyPad]

http://legal-dictionary.thefreedictionary.com/narcotics [thefreedictionary.com]

Perfectly clear

[Anonymous Coward]

Obviously, the feds used a narcotics store to shut down Tor.

Re:

[Requiem18th]

You don't know how right you are...

Re:

[Nidi62]

Where does the headline say they shut down Tor? THe only way you could come to that conclusion with this headline is by reading that the Feds used a narcotics store to shut down the Tor network. Otherwise it clearly reads that the feds shut down a narcotics store that uses Tor. This is more a case of bad reading comprehension than poor editing.

Re:

[Richard_at_work]

You don't need bad reading comprehension to come to the other conclusion, it's a poorly phased head line without the hyphen.

Re:

[geminidomino]

Where does the headline say they shut down Tor? THe only way you could come to that conclusion with this headline is by reading that the Feds used a narcotics store to shut down the Tor network.

"Feds shutdown Tor..." Right there. And that IS how they're saying they parsed it.

You're wrong. It's bad editing, since there should have been a hyphen between "Tor" and "using".

If what is supposed to be a straightforward sentence is structured such that the reader responds "What the fuck...?" on the first parsing, it's badly structured.

Re:

[Fnord666]

Where does the headline say they shut down Tor? THe only way you could come to that conclusion with this headline is by reading that the Feds used a narcotics store to shut down the Tor network. Otherwise it clearly reads that the feds shut down a narcotics store that uses Tor. This is more a case of bad reading comprehension than poor editing.

Really? Do you know the difference between a direct object and a preposition in a sentence? As worded the direct object in the sentence is Tor. What was meant was that the Feds shut down a narcotics store. What was said was that the Feds shut down Tor. The only reading comprehension fail is yours.

Re:

[Nidi62]

It's true that I could have been worded better, yes, but I've seen much worse-worded headlines on news sites such as CNN. But the context of the headline should have overcome any ambiguity in the title (how likely is it that the Feds would use a narcotics-selling website to shut down Tor, vs the Feds shutting down a narcotics-selling website that was using Tor?) I would have figured that most people reading slashdot (especially those that speak English as a second language) would read based more on contex

Re:

[RulerOf]

This is slashdot! We don't RTFA, we don't RTFS and we don't RTFH! And in the rare cases where we do read the article, the summary or the headline, we make damn sure we misunderstand it.

Hear, hear!

...what are we talking about again?

Re:

[gorzek]

Or: "Tor-based Narcotics Store Shut Down by Feds"

Re:

[agentgonzo]

That implies that the Feds used Tor to shut down a narcotics store, which is not what is meant. It is meant that there was a narcotics store that used Tor that the Feds have now shut down.

Re:Headline = Misleading

[nozzo]

wow all this posting over a missing hyphen. If only we could turn our energetic posting into solving cold-fusion then the world would be a happier place. Come to think of it we can skip the cold-fusion and just use the hot air on this forum. Don't mark me Troll - I'm a nice person!

Re:

[Arancaytar]

They didn't shut down the entire Tor network

In particular, they didn't shut it down using a narcotics store, as the headline claims. :P

Re:

[Chrisq]

No, they shut down tor! But they used a store to do it. No idea how that works.

Must have been an App Store

Finally

[royallthefourth]

Someone's finally found a good reason to use bitcoin

Nope

[betterunixthanunix]

1. Anonymous payment systems are not good because they let you evade the government, they are good because they protect spenders and merchants from various types of fraud.
2. A large drug dealing operation that uses Bitcoin is no better off than one which uses cash. The drug dealers still need to pay their rent and buy their groceries, and they cannot do that with Bitcoin. All the DEA would have to do is to watch Bitcoin exchanges to gather lists of suspects.
3. You still need to ship the drugs, so you are still going leave a trail that points to you.

Re:Nope

[TheLink]

The drug dealers still need to pay their rent and buy their groceries, and they cannot do that with Bitcoin.

The big boys just use stuff like Wachovia/Wells Fargo and Bank of America: http://www.bloomberg.com/news/2010-06-29/banks-financing-mexico-s-drug-cartels-admitted-in-wells-fargo-s-u-s-deal.html [bloomberg.com]
A few more details here: http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs [guardian.co.uk]

Wachovia admitted it didn't do enough to spot illicit funds in handling $378.4 billion for Mexican-currency-exchange houses from 2004 to 2007. That's the largest violation of the Bank Secrecy Act, an anti-money-laundering law, in U.S. history -- a sum equal to one-third of Mexico's current gross domestic product.

Must have been really difficult to notice the flow of 378 billion over 3 years?

Or maybe not:

"It's the banks laundering money for the cartels that finances the tragedy," says Martin Woods, director of Wachovia's anti-money-laundering unit in London from 2006 to 2009. Woods says he quit the bank in disgust after executives ignored his documentation that drug dealers were funneling money through Wachovia's branch network.

If you're going to make those drugs illegal you should make the money laundering illegal AND enforce those laws. No wrist-slaps. You see the Feds doing anything that would make the Banks change?

"There's no capacity to regulate or punish them because they're too big to be threatened with failure," Blum says. "They seem to be willing to do anything that improves their bottom line, until they're caught."

That's complete bullshit. All you have to do is throw those involved into prison. Keep the bank running and let others take over the jobs. I'm sure the bank can figure out who was involved in the 300 billion. If the bank can't then the people responsible for keeping track should go to prison, just for criminal negligence.

They seem able to throw the small fry into prison:

All three Oropezas pleaded guilty in U.S. District Court in Brownsville to drug and money-laundering charges in March and April 2008. Oscar Oropeza was sentenced to 15 years in prison; his wife was ordered to serve 10 months and his daughter got 6 months.

So in my opinion this shutting down of narcotics stores is just an expensive and pointless show.

Re:

[account_deleted]

Comment removed based on user account deletion

Silk Road was dumb for using bitcoins

[Weezul]

Bitcoins aren't even slightly anonymous. All these sellers were outed by the feds simply buying some drugs with bitcoins and watching the bitcoin transactions through block explorer. A few tracked bitcoins wound up passing their way through a legitimate exchange like Mt Gox. Voila, the feds start tracing the transaction history back up the chain. It's actually less secure than old fashioned money laundering.

Re:Silk Road was dumb for using bitcoins

[Time_Ngler]

All these sellers were outed by the feds simply buying some drugs with bitcoins and watching the bitcoin transactions through block explorer.

Citation? This sounds like some serious BS. First, TFA states the feds never revealed how they caught the suspects. Second, according to the TFA, the farmers market used at least 4 methods of payment, including paypal and western union, so there was no need to trace somebody through bitcoin. Third, if the Feds were tracing purchases through bitcoin, then how would they know when the bitcoin had changed ownership? If the bitcoins that were used to buy the drugs were then spent by the selling party on incense candles, and then spent again by a third party for a pair of Alpaca socks, before being changed to dollars, how would the Feds know who the original purchaser was?

Re:Silk Road was dumb for using bitcoins

[Time_Ngler]

Yes, I know transactions are visible through the block explorer. What it doesn't reveal is who owns each address, and many are used for only a couple transactions at most. In fact, if you ever really dealt with Mt Gox, you'd realize that they create a new address to send to every time you deposit money. So how are the Feds going to find out that this address belongs to the alpaca socks guy, or that one belongs to Mt Gox? In other words, how would they have any clue, from looking at a record of transactions, that indeed it went through Alpaca, and then Mt. Gox, vs. some other random chain of merchants and exchange?

Re:

[Grishnakh]

Yes, the shipment of the drugs is probably one of the main weak points where the feds can catch you. However, if you live in a major city and mail from a random mailbox every day, in a totally nondescript package, I think it would be very hard for them to catch you. Even so, to be profitable, you'd have to deal in a fair amount of volume, and patterns will emerge: your packages will probably have a certain look to them that postal workers in that city can be trained to watch for, so at least the supply of

Re:Nope

[BitterOak]

Anonymous payment systems are not good because they let you evade the government,

Well, that's a matter of opinion.

Re:

[DarwinSurvivor]

But since bitcoin is not anonymous (only the account holder's name is), all they have to do is find an account receiving money for drugs, then find out which hotel that account paid for and pick the person up.

Re:

[azalin]

That's exactly what I thought. I mean slashdot had many stories about bitcoins getting mined or stolen but this is the first time I remember bitcoins actually being used to purchase real world goods in an online shop. Looks like they aren't hypeware after all.

Re:

[mysidia]

Unfortunately it's not a legitimate use of bitcoin. It's the kind of use that will be at risk of getting bitcoin banned, if someone doesn't popularize a legitimate reason for using bitcoin soon.

Re:Finally

[omnichad]

And what hasn't come under attack that has a single illegitimate use? We have bittorrent, home email servers, MP3, dvd rippers... If it has one illegal use, the whole lot of users will be deemed criminals.

Re:Finally

[Hatta]

Sorry, it is a legitimate use of bitcoin. Evading oppression is not only a legitimate use, but the most important possible use of technology. Buying drugs with Bitcoin is every bit as honest and just as, e.g., evading the Great Firewall with Tor.

Re:

[nu1x]

BTC is as much fake money as you are a fake person.

You are, after all, just some letters on screen.

Re:

[icebraining]

I don't think this store (The Farmer's Market) used Bitcoin; that's Silkroad. This used Paypal AFAIK.

Re:

[clang_jangle]

News For Turds, Stuff That Splatters

More stores will spring up

[GeneralTurgidson]

Clearly there is a market for this, and no amount of government bullying will stop it.

Read between the lines

[Anonymous Coward]

The last thing government wants is to "solve" the "problem" and eliminate the black market. After all, they created the black market. They created it specifically to justify the expansion of their business (i.e. by "solving" the "problems" which they themselves created). Notice that I quite deliberately called government a business.

If you need proof, simply follow the money. Prohibition has justified hundreds of billions in spending, and the kicker is that the "tougher" they get (i.e. the more they spend), the more sophisticated the black market becomes, and therefore the more money they need to "solve" the "problem". It's a cycle of WIN for government, and a cycle of LOSE for everyone else (at least the ones who can see through the smokescreen and admit the truth).

When it comes to government, ALWAYS follow the money before listening to a word they say.

Re:Read between the lines

[RadioElectric]

Because of who gets the money that the government spends.

Re:Read between the lines

[thej1nx]

Kickbacks. If you as a govt official/senator/president/etc, spend govt. money(on pretext of "wars") to benefit your friends in the industries, you get a golden parachute and get a guaranteed place on the board of directors of some company with a hefty salary, and/or get nominated VP/Chairperson to more openly do your shilling and pimping. If you are a politician with any ambition, you get your next political campaign fully financed, as way of thanks.

If you have laws that pretty much strictly punish the govt. officials for benefiting in this manner, once they leave their jobs, you will find plenty of "wars" and problems out-right disappearing.

Re:

[Grishnakh]

Every manager wants to be a bigger manager, to manage a bigger department, to handle a bigger budget. Being a bigger manager handling a bigger budget means you're more important, you have more power, and you collect a larger paycheck. And that's in organizations which aren't corrupt. In corrupt organizations, managers want bigger budgets so they can give money to their buddies at contracting companies with no-bid contracts, and then collect handsome kickbacks.

Re:

[mysidia]

Yep. And pretty soon ISPs will be asked to identify customers using Tor at this rate.

Utilizing Tor will become probable cause for a search and seizure of all interesting data processing devices, in order to search for evidence of criminal wrongdoing.

I mis read it anyway....

[trancemission]

I first read it as:

Feds Shut Down For Using Narcotics Store.

Hooray I thought.

I should lay off the Narcotics......

Re:

[starworks5]

You mean like Iran-Contra? Except actually getting shut down this time?

LSD and extasy

[blind biker]

LSD and extasy (i.e. MDMA) are two of the least addictive drugs. In fact, LSD isn't addictive at all. And the side effects are very mild to none in either case.

But yeah, good job federal agents of the USA, your work is making the world a better place.

Re:

[mbone]

And, neither one is a narcotic at all, at least from a medical standpoint.

Re:LSD and extasy

[AshtangiMan]

A friend did her dissertation on the long term effects of MDMA ... For people who have done it more than 25 times there is a remarkable decrease in ability to strategize. The 25 times did not have to be in a quick time period, but generally had occurred over 5 years. The population she used was one that was not using other substances (alcohol, marijuana, caffeine, etc). Strategizing in this case was things like skipping a question you struggle with and coming back to it after finishing the other questions. Very interesting. I think MDMA is useful, but should be used carefully.

Re:

[Inda]

Only 25 times?

Shit.

Re:LSD and extasy

[betterunixthanunix]

Except that scientists have studied LSD, for decades, and there has been little evidence of people forming dependences on it. This is in stark contrast to the three most popular legal drugs: caffeine, tobacco, and alcohol.

Re:

[blind biker]

To be precise, caffeine forms a light dependency, but tobacco and alcohol both create strong physical dependencies which require heroic efforts to overcome.

Re:LSD and extasy

[mcgrew]

Wrong. Addiction is a physical dependency. If you have physical withdrawal symptoms, it's an addictive drug. Caffiene's withdrawal symptom is headaches. LSD is neither addictive nor does it have habituation (in tobacco, the habituation is almost as bad as the physical withdrawal).

Re:LSD and extasy

[Iskender]

Reference please?

http://www.drugabuse.gov/publications/infofacts/hallucinogens-lsd-peyote-psilocybin-pcp [drugabuse.gov]

Most users of LSD voluntarily decrease or stop its use over time. LSD is not considered an addictive drug since it does not produce compulsive drug-seeking behavior. However, LSD does produce tolerance, so some users who take the drug repeatedly must take progressively higher doses to achieve the state of intoxication that they had previously achieved.

I don't have the time to dig up a scientific paper but the article does have sources at the end.

Re:

[betterunixthanunix]

https://www.erowid.org/references/refs.php?S=lsd [erowid.org]

Going all the way back to the 1950s, in several languages.

Re:

[c0lo]

Somebody [wikiquote.org] said it best:

It's easy to quit smoking. I've done it hundreds of times.

Re:

[YttriumOxide]

Yep, ask a tobacco smoker and he will tell you that tobacco isn't addictive at all and he can stop at any time. News at 11.

As a tobacco smoker and LSD user; I can tell you that tobacco is insanely addictive and hard to quit, whereas LSD is something I enjoy from time to time when the circumstances are right (anywhere between 2 and 6 times per year these days) but if I were to never take it again, I'd not feel the slightest "craving" as I do with tobacco (I'd probably miss it a bit, but no differently than I miss good friends who move away).

Tobacco - extremely addictive. LSD - not at all.

Wikipedia [wikipedia.org] backs me up stating it is non

They're not drug dealers, they're job creators

[jholyhead]

Just another example of the job killing regulations enacted by the Obama administration. When will the federal government get out of the way of small business owners and job creators?

As usual, no technical details

[BenEnglishAtHome]

From the article, emphasis mine:

...the operators used software provided by the TOR Project that makes it virtually impossible to track the activities of users' IP addresses. The alleged conspirators also used IP anonymizers and covert currency transactions to cover their tracks. The indictment, which cited e-mails sent among the men dating back to 2006, didn't say how investigators managed to infiltrate the site or link it to the individuals accused of running it.

I'm willing to bet that money transfers and the transfer of goods sold are still far more discoverable than individual Tor users but any assurances of that would certainly be welcome. I hope the Tor Project will be forthcoming with some as soon as some technically useful info is available.

Re:As usual, no technical details

[betterunixthanunix]

I hope the Tor Project will be forthcoming with some as soon as some technically useful info is available.

They might not even know. There are quite a few people in the computer security community who keep their work on breaking the security of systems like Tor a secret, and only tell US law enforcement about their results. I have met such people, and they are generally well-meaning -- they really do believe that they are helping to catch dangerous criminals (and they can cite cases where that happened, usually child sex abuse cases).

Unfortunately, because such researchers believe that fixing these problems will help "the enemy," they generally refuse to disclose details. One of the common themes is variations on fingerprinting attacks, where you communicate with your target over Tor but use a covert channel that can be used to distinguish your target from other Tor users. These sorts of attacks usually involve narrowing down the geographic area where your target is, but for attacking a drug dealing operation that is not hard to do -- just look at where packages from the operation are coming from.

Re:

[edave22]

From the article, emphasis mine:

...the operators used software provided by the TOR Project that makes it virtually impossible to track the activities of users' IP addresses. The alleged conspirators also used IP anonymizers and covert currency transactions to cover their tracks. The indictment, which cited e-mails sent among the men dating back to 2006, didn't say how investigators managed to infiltrate the site or link it to the individuals accused of running it.

I'm willing to bet that money transfers and the transfer of goods sold are still far more discoverable than individual Tor users but any assurances of that would certainly be welcome. I hope the Tor Project will be forthcoming with some as soon as some technically useful info is available.

They use bitcoin. The security reaches only as far as bitcoins security. You can hide behind an IP in the middle of the red sea if you wanted. If your bitcoin transaction can be tracked, you bet your ass you can be tracked as well.

Example proves what many have long suspected...

[dryriver]

That none of the various "anonimizer" services out there, from HotSpotShield to Tor, actually give you any kind of tangible identity protection in the "real world" of the current internet. Hell, maybe these services were even setup expressly to lure people seeking "increased anonimity" for various reasons to make use of one these services, so it becomes that much easier to identify, tag, track & monitor them. Maybe some or all of these services have been electronically monitored 24/7 from the day they were born, but we are still told, over and over, and quite falsely, that these services magically "hide your identity" and give you some "online privacy"... In the increasingly Orwellian online and offline world we live in, precisely that being done by the powers-that-be would make a lot of sense, no? Tell all sorts of gullible internet users that using "Service X" magically "hides your identity on the internet", then monitor precisely that service 24/7, to get your hands on the data of a subgroup of internet users who seek to be "more anonymous" online. ... If your organizational mantra consists of "People who try to hide themselves online must have something important to hide, and must be monitored carefully", then you would to precisely that, no? You'd set up a dozen or so "anonimity services" under a variety of different names and front companies, then monitor the f__k out of the people who use those services, on an around-the-clock basis.

Re:Example proves what many have long suspected...

[ledow]

"The indictment, which cited e-mails sent among the men dating back to 2006, didn't say how investigators managed to infiltrate the site or link it to the individuals accused of running it."

For all you know, they packaged up the drugs without wearing gloves and their fingerprints were in a database somewhere, and they then posted them (with a nice local postmark) to a Fed posing as a customer (how would you know? Their customer will be just as anonymous). Somehow you had to get a physical product to someone else - and that's probably the weak-point. Hell, they could have just offered to drop it off on a street corner as a "one-off" delivery and got caught that way, you have no idea.

It's then only a small step and the simple matter of suspecting they may be a vast drug operation in place, finding out anything you can from the drugs collected by similar methods and narrowing down until you can just tap someone's whole Internet connection (Tor provides ANONYMITY, not SECURITY). Which they seem to have because they have emails of these people talking to each other.

Or maybe they just talked their way into an IRC channel or something that these guys used. You have absolutely no idea how they were caught, or whether they were just incredibly thick.

Using a tool badly does not mean the tool is broken.

Re:Example proves what many have long suspected...

[Rakarra]

TOR doesn't provide anonymity or security, that's the real problem. Sympathizers like yourself can continue to blame the end user all you like, still doesn't change the fact that TOR doesn't do what it advertises. At best it's a quick way for a troll to get around an IP ban, that's about all.

And you know that how?

The story doesn't give any details about how the criminals were caught -- for all you know it might not have had anything to do with TOR at all. What we do know is that the trafficers used TOR, Western Union, Paypal, Bitcoin, and real-world physical delivery. All of those other options are significantly less secure than TOR, and the whole chain is only as strong as its weakest link. Once you combine TOR with other systems, you're no longer secure.

Re:Example proves what many have long suspected...

[betterunixthanunix]

That none of the various "anonimizer" services out there, from HotSpotShield to Tor, actually give you any kind of tangible identity protection in the "real world" of the current internet

Except that these are not the be-all and end-all of anonymity systems. The anonymous remailer system is much more secure than Tor, and is not vulnerable to the sort of fingerprinting attacks that Tor is vulnerable to. Intelligence agencies have known for decades that perfect receiver anonymity is possible: broadcast an encrypted message (online, this is alt.anonymous.messages on Usenet, or other similar media).

The problem is that people want to be able to do things in real-time. People are not content to wait 48+ hours to receive a message. People are generally willing to sacrifice some security to get speed and convenience, and thus Tor is the most popular strong anonymity system out there.

Re:Example proves what many have long suspected...

[AmiMoJo]

Tor is open source so you can check what it is doing for yourself. It works, no-one can tell where a Tor connection comes from as long as you don't leak that information in some other way (DNS requests, exposing personal data and so on). It is known that there are Tor exit nodes being monitored but that was always assumed to be the case, i.e. Tor does not rely on trusting exit nodes.

What got these guys was the need to exchange goods for real money. Goods have to ship or be collected from somewhere. Money has to change hands at some point. From the information we have it appears that the Tor part worked fine.

Tor has limitations

[betterunixthanunix]

It works, no-one can tell where a Tor connection comes from as long as you don't leak that information in some other way

There are a number of well-known attacks on Tor that can compromise your anonymity, especially if your location can be narrowed down to a small geographic area. Suppose that I can narrow your location down to a small town, and I can make a reasonable guess that you are using WiFi. Here is an attack:

1. I establish a connection with your computer over Tor. This might be done by convincing you to download a large file from a server I control (or visa versa if you are running a hidden service or connecting to a P2P network), or by engaging you in a chat, etc.
2. I create a recognizable pattern of latency in my connection to you; that is, I create a covert channel that can be externally observed.
3. I use a high-gain WiFi antenna and search for a signal that exhibits that latency pattern.
4. I am now in a position to locate you, using radio direction finding equipment.

Easy to pull off? Not at all -- this is something that would only really be done for a high-value target, a priority target on which resources can be spent. This attack has already been used in the past, not when dealing with Tor but when dealing with legal barriers to wiretapping. It is not unreasonable to think that the Chinese government might try something like this to crack down on political dissidents.

Obviously there are some assumptions here that are hard to meet in the general case. How do I narrow down your geographic location? How can I be sure that you use WiFi? In the case of a drug dealer, narrowing down the geographic location is not terribly hard, since packages have to be shipped; the dealer might make long drives to far away post offices, but with enough packages one could get a good idea of where the deal is physically located (again, we should assume that this is a large-scale dealer, someone who would ship large numbers of packages -- someone the police could order a large number of packages from). WiFi is just a good guess, but it is not strictly necessary; an ISP could identify the covert channel too, and I would not be surprised if that was ruled legal by the courts.

At the end of the day, Tor cannot protect you from a concerted, well-funded attack. There are other systems that offer a higher security level (Mixmaster comes to mind) but which are less flexible than Tor, and thus less popular. Tor makes several trade-offs to achieve low latency, and nobody should claim that it could protect you from an intelligence agency or a military force (the DEA comprises both).

Re:Example proves what many have long suspected...

[Americano]

I doubt they even had to "crack encryption" on any of these services. Place an order, or two or three, and see where they originate. Chances are, you can locate the origin point pretty quickly. Then you just put some surveillance on the place(s) the shipments are originating from, and place some more orders, and find the people who are inexplicably rich while not leaving the house all day except to go to the post office. Put THEM under surveillance and chances are you just busted your Tor-using drug shop, congratulations Agent!

As soon as you're shipping physical products through a public shipping network, you're going to be relying solely on "blending in with the crowd" to maintain your anonymity.

Re:

[swillden]

Sorry, but we really don't know if it was a flaw in tor or bitcoin or something similar that led to the arrests.

It's much, much more likely that they compromised it through the physical distribution channels.

Perhaps Not Relevant to Silk Road

[SaroDarksbane]

Given the nature of Bitcoin, the feds would probably have to rely on tracking the shipments of illicit goods back to their source to try and bust Silk Road. But as I understand it, Silk Road does not sell the drugs themselves; they simply act as an eBay-like service for others to sell their drugs. So even if the feds do find the initial source of a package, the most they've accomplished is to remove one seller from Silk Road, and not the site itself.

Identifying Tor websites

[gedeco]

It's not a easy job, but the Feds have better resources.

What I imagine as workable

- Monitor up/down time of such website.
- Match them with provider related or internet related troubles.

Eventually when identifying the provider, you can tune it done by provoking a temporary connection failure. A connection failure on the right bottleneck will even make TOR traffic unreachable for the rest of the world. This should lead you to the ip of the TOR webserver

lessons learned

[green1]

What the lesson should be:
- We already have the resources and abilities to tackle real crimes using new technologies. no new laws are required.

What lesson law enforcment/government will likely spin on this one:
- Criminals are now using new technologies, we need more draconian laws to allow us to catch every single one of them.

Re:Bad title

[Dark$ide]

Hyphenation is your friend. The title is extremely misleading. "Feds Shut Down Tor-Using Narcotics Store".

Real writers re-write to avoid the problem: "Feds shut down narcotics store that had been a TOR user". But you're right the standard of English grammar used today leaves a lot to be desired. Samuel Johnson, the Merriams and Noah Webster can be heard spinning at very high revolutions.

Re:

[AC-x]

Real writers re-write to avoid the problem: "Feds shut down narcotics store that had been a TOR user".

Or even the more catchy "Feds shut down Tor-based narcotics store"

Re:

[Fnord666]

Samuel Johnson, the Merriams and Noah Webster can be heard spinning at very high revolutions.

Maybe we could hook their corpses to a generator. The way Slashdot is going, we could probably power a small city!

Re:

[Lakitu]

Samuel Johnson, the Merriams and Noah Webster can be heard spinning at very high revolutions.

just how high are their revolutions, mein fuhrer? I was taught to consider six feet under relatively low.

p.s. "Feds Shut Down Tor-based Narcotics Store"

Re:Bad title

[K. S. Kyosuke]

Except that there are rules in English writing that say that headlines must omit as much sentence elements as possibly to be as short and possible, and the ambiguity is welcome as publicity can never be bad, right? Seriously, you'd want to deprive us of such marvelous headlines as "Iraqi Head Seeks Arms", "Prostitutes Appeal to Pope", "Include Children When Baking Cookies", "Miners Refuse to Work After Death", "Eye Drops Off The Shelf", "Squad Helps Dog Bite Victim", "Juvenile Court to Try Shooting Defendant", "Queen Mary Gets Bottom Painted", "British Union Finds Dwarfs in Short Supply", "Hospitals Sued by Seven Foot Doctors", and many others?

Re:Even that is ambiguous..

[TheCarp]

Now if they would just stop this crusade against people who don't choose alcohol as their drug of choice, it would be an even bigger step. Maybe if they stopped driving all this business underground, and stopped putting it all in the hands of major drug cartels....that would be swell too.

Maybe if they let Glaxco-smith-kline put all the major drug cartels out of business? That should take all of a few months for them.

Even dumber is...these sites tend to be pretty small. I doubt many cartels are using them, so its mostly small time dealers who are also techies. This isn't a win, this is more stupid. More lives ruined over a problem the government caused initially by creating the black markets.

Nearly every drug problem they have tried to "solve" with prohibition has only gotten worst. The ones they have driven off the streets completely tend to be the less popular drugs anyway, and just drive the users to even less safe alternatived.

Good job morons. Maybe if they keep banging their heads against the wall, the problem will just go away....clearly they just need to arrest, strip search, and lock up a few more people. That will totally solve the problem!

Re:The Hyphen is your friend

[ledow]

The reverse classic is obviously

Panda: Eats, shoots and leaves.

Putting commas in without thinking about them can be just as bad as leaving them out. Thus they *are* a vital part of communication.

Re:

[RulerOf]

Capitalization is even more important.

It's the difference between helping your uncle jack off the horse, and helping your Uncle Jack off the horse.

Re:

[L4t3r4lu5]

The same can be said about capitalisation. The example I use is "While working on his farm, I had to help my Uncle Jack off a horse."

Now switch the J to lowercase. o_O

Propaganda

[betterunixthanunix]

"Narcotics" sounds scary, so we should call all drugs narcotics! This is not a new propaganda strategy; marijuana was first called a narcotic in the 1930s during the hearings on banning the drug.

Re:

[arisvega]

Drugs are bad, m'kay?

Re:

[__aaltlg1547]

Heroin is though. It seems that all illegal drugs are often called "narcotics" even though that word has a specific meaning that isnt related to whether it is legal.

Unfortunately the misuse of language extends well beyond the headline. I wouldn't blame law enforcement for bad use of language. Often the first time I see a new malapropism is in the press.

Re:

[agentgonzo]

Neither LSD nor ecstacy is a narcotic, so this is obviously nonsense.

Really? I thought they were. Wikipedia states "When used in a legal context in the US, a narcotic drug is simply one that is totally prohibited, or one that is used in violation of strict governmental regulation, such as heroin or morphine.". Does LSD/ecstacy not fall under this definition?

Re:

[Hatta]

Wikipedia states "When used in a legal context in the US, a narcotic drug is simply one that is totally prohibited

The problem is that the in the legal context, it's a made up word. Narcotic comes from the Greek 'narkos' which means sleep. Narcotics are sleep inducing drugs, no matter what a LEO might tell you.

The fact that law enforcement uses "narcotic" to refer to stimulant drugs is an indication that they don't actually care, or know, what these drugs do. They don't think about it. To them, drug =

Re:Narcotics?

[Americano]

Narcotic is mostly useless as a medical term, anyway. It originally described sedatives - e.g., "drugs that put you to sleep," hence the 'narc' in the name. It was also used to describe opioids - e.g., heroin, morphine - most of which DO have a sedative effect, but not all sedatives are opioids. Toss in the legal system overloading the term to mean "anything illegal," and you're pretty much left with relying on context to determine what's meant.

DEA is a legal entity, arrests were made; it's reasonable to assume 'narcotic' is being used in the legal sense, rather than the medical/pharmacological meaning.

Re:Comma

[beaverdownunder]

Actually, a hyphen would fix it:

Feds shut down Tor-using narcotics store.