Forgot your password?
typodupeerror
Crime The Internet

Utopia, Silk Road's Latest Replacement, Only Lasted Nine Days 83

Posted by Soulskill
from the bet-you-feel-bad-about-the-grandiose-name dept.
Daniel_Stuckey points us to this story by Max Cherney: "This morning, anyone hoping to browse Utopia, the up-and-coming (but now defunct) competitor to Silk Road 2.0, was greeted with an unwelcome but at this point familiar message: 'This hidden service has been seized by the Dutch National Police.' The online black market was shut down a mere nine days after its much-anticipated launch. Despite rumors of a hack, Dutch cops have issued a statement saying they arrested five men in connection with running Utopia and seized computers, hard drives, USB sticks, and 'about 900 Bitcoins' — roughly $600,000. Utopia's servers were apparently housed in Germany, where another man was arrested on suspicion of weapons and drug trafficking. The Dutch launched operation CONDOR in early 2013 to uncover illegal marketplaces on the Tor network, of the likes of Silk Road 2.0 and Utopia. The investigation into Utopia pulled out all the stops: undercover agents and 'buy-busts,' not just of drugs, but also a contract assassination — much to the surprise of the Dutch public prosecutor."
This discussion has been archived. No new comments can be posted.

Utopia, Silk Road's Latest Replacement, Only Lasted Nine Days

Comments Filter:
  • by Anonymous Coward

    The surprised Dutch prosecutor looks hot.

    Note to self, don't set up tor based drug and arms trading site if you're already a drug or arms trader. They know who you are.

    • by bhcompy (1877290) on Wednesday February 12, 2014 @07:00PM (#46233365)
      Sounds like Tor itself is compromised
      • by mars-nl (2777323) on Wednesday February 12, 2014 @07:06PM (#46233401)

        Doubt it. What makes you say that?

        • by JCHerbsleb (2881347) on Wednesday February 12, 2014 @07:12PM (#46233459)
          I think it's a fair question -- in theory these sites should be untraceable. SilkRoad was taken down by exploiting a vuln in the TOR browser and planting malware on users' computers -- maybe this is law enforcement's new trick?
          • by amicusNYCL (1538833) on Wednesday February 12, 2014 @07:17PM (#46233507)

            SilkRoad was taken down by exploiting a vuln in the TOR browser and planting malware on users' computers -- maybe this is law enforcement's new trick?

            Are you sure about that? I thought it was because they traced the owner's account to a previous post he made when he was getting the thing set up where he included his personal email address.

            • Both.

              The malware attack seems obvious. Pose as customers and vendors. Inject malware from the other end. Malware injects to other customers and vendors. Now you have a map of customers,vendors and their connections.

              • How do you inject the malware? They don't need to infect everyone and build a map, all they needed to do was seize the server and get the database. They actually had a copy of the database before they even arrested him. I don't see any evidence to suggest that they exploited a vulnerability in the tor browser to spew malware all over the place. Where is an analysis of that malware? Has it gone undetected?

                • >How do you inject the malware?
                  The usual way. Get the target to point his browser at your stuff with social engineering, then buffer overflows, ROP and any Adobe software that may be present.

            • Lots of mistakes (Score:2, Interesting)

              by Anonymous Coward

              He was already under suspicion for illegal passports coming in from Canada, but he logged into his Gmail account through his VPN..that was the nail in the coffin

          • by Rich0 (548339) on Wednesday February 12, 2014 @11:45PM (#46235385) Homepage

            For all we know the site might have been untraceable as far as Tor was concerned.

            If I want to sell you something illegal like drugs online there are a bunch of problems we need to solve. We need a way to communicate. I need a way to advertise my wares. I need a way to advertise my reputation so that you're willing to pay me. You need a way to pay me. I need a way to send you the drugs.

            Any of those steps are susceptible to interception, and Tor really only addresses one part of the communications problem. If I am running a hidden service over Tor and my web server contains some vulnerability, then anybody looking at my website can get at data I possess, and if the server itself is used for other things or has any visibility to the internet then the attacker can get data that might help locate the server. Then there is the payment and delivery angle - the FBI can buy some drugs and watch where their payment goes, or see where their package comes from.

            Criminal enterprises usually have a weak link somewhere - the guy who is dumb and deposits $10M in cash in his local bank or whatever. Maybe the dumb conspirators send some text messages, which we learned months ago are basically read worldwide by the NSA (in the past I doubt they'd use that data for drug busting since they don't want to give away the fact that they're doing it, but today there really is no reason for them not to use it for everything).

            Carrying out one illegal transaction of any kind is usually pretty easy to get away with. If you make a single color photocopy of a $20 bill and buy a hamburger with it, there is a decent chance that you'll get away with it, though if you don't you're going to be in a world of hurt. Now, if you decide to quit your job and live off of poorly-made counterfeit bills, you won't be staying in business for very long. If you're going to try to run an amazon.com for drugs then you're going to generate enough clues that somebody will track you down.

          • by reikae (80981)

            I haven't been following very closely, but wasn't the malware distribution related to Freedom Hosting which hosted child porn forums?

          • by gweihir (88907)

            It gets pretty hard being untraceable if you are shipping physical goods. The police had that one figured out a century ago or so. It just may take a lot of effort.

            Simplified, it works like this:
            1. Order something
            2. When it is delivered, trace back as far as possible
            3. Go to the point closest to the shipper and repeat from there

            May take several iterations, and if shipping is done, e.g. via mailbox and stamps, you may have to observe a number of mailboxes for a while. But if will eventually get you any targe

      • by xatr0z (633279)
        Why would you say that?
        Anyway, in the press release (in dutch) it says they arrested them through the sale via an undercover agent. So they decided to meet IRL somehow.
        Sounds like old school police work like me.

        Also beta sucks.
      • Re: (Score:3, Interesting)

        by gwern (1017754)
        Is the most parsimonious explanation for why 1 of 20+ marketplaces was busted really 'the underlying communications protocol is broken'?
        • Re: (Score:2, Interesting)

          by Anonymous Coward

          Actually, yes, it is. Also your "1" is incorrect, we're on the third major public bust (and who knows how many kiddie porn rings quietly rounded up).

          We know that the government uses "parallel construction" to create a case against you when they can't tip their hand as to how they figured you out. SilkRoad #1 went down thanks to Canadian Post just happening to open a box that just happened to contain fake ids that DPR just happened to be stupid enough to have mailed to his own home. Or an agent dropped a

      • by ras (84108)

        It doesn't sound like Tor is compromised to me.

        Instead is sounds like that fact that the man running the original Silk Road was earning over $10M a month, and only got caught because he was sloppy got published far and wide. There is almost certain a flood of Silk Road clones out there now. It's probably one of the few things that outnumbers bitcoin clones. I expect most of them are run by 2 bit crims who picked up their l33t script kiddie skills from their prepubescent cousin.

        I am somewhat surprised ther

        • If you are running drugs for $10mil a month.... feds/gov bust you, seize all your stuff, and you go to jail. but If you are a bank making $10 Bil a month and defraud the whole world and almost destroy the global economy.... feds/gov slap you with a fine for 10% of 1 years profits.... So crime is ok as long as the government gets it cut.
      • by fearlezz (594718)

        Maybe, but not in this case. Dutch news sites report that the cops bought XTC, MDMA and cocaïne from the owners of utopia, and got the sellers to meet the cops in real life.

      • by Zeinfeld (263942)

        No, Tor is not compromised. Tor isn't really designed to protect the privacy of Web Sites. Tor is designed to protect the privacy of Web Site users.

        If you have a server that is visible to any client on the Tor network then either the server IP itself must be visible to an exit node put up by Law Enforcement or an intermediary node that is directly conspiring with the server has to be visible to law enforcement.

        That is just a basic limitation of onion routing. A client can hide because it gets to choose the

        • by Terrasque (796014)

          https://www.torproject.org/doc... [torproject.org]

          The hidden services doesn't even need an exit point. They choose entry nodes, just like clients, then tell via a DHT that to contact it clients should go through one of those nodes.

          Nodes which doesn't know the service's placement any more than they know the client's placement.

  • Why would they keep it in a private residence? Especially in a place with someone that is bound to attract attention. If I were to be running something like this, I would try to make sure it is at least 500 miles (804 Kilometers) away from anyone that I know. >.>
    • by mars-nl (2777323)

      804 km in any direction in the Netherlands would be a different country.

      • 804 km in any direction in the Netherlands would be a different country.

        And? Having jurisdictional issues can only help you.

        • Re: (Score:3, Informative)

          by cold fjord (826450)

          An EU arrest warrant would be a small thing to arrange. The question of jurisdiction for things like this would likely be a minor problem of little value to the suspects.

      • That might explain why it was hosted in Germany.

      • by msauve (701917)
        Sealand! [sealandgov.org]
      • 804 km in any direction in the Netherlands would be a different country.

        That's the good thing about the internet. If I was doing I'd have it all on the other side of the world. Isolated from myself as much as possible with everything done through fresh pseudonyms.

  • Tor (Score:3, Interesting)

    by Anonymous Coward on Wednesday February 12, 2014 @07:08PM (#46233423)
    So wait TOR isn't magical unbreakable software that makes you immune to laws and invisible to enforcement? Who knew? At this point if they want you they are going to get you. Use proxies if you want, use VPNs if you want, try TOR or I2P or Freenet or freaking pixies with smoke signals but cracking is easier than securing so just as soon as you make it worthwhile to get you they are going to come. In ten years or so there will be a horde of people crying out over some future data leak that shows backdoors and government zero days in what is considered 'secure' software and saying "Gee, everyone knew this was all compromised back in 2014. This isn't news." /rant
    • Re:Tor (Score:5, Insightful)

      by houstonbofh (602064) on Wednesday February 12, 2014 @07:21PM (#46233551)

      At this point if they want you they are going to get you. Use proxies if you want, use VPNs if you want, try TOR or I2P or Freenet or freaking pixies with smoke signals but cracking is easier than securing so just as soon as you make it worthwhile to get you they are going to come.

      Funny... They seem to want the pirate bay fairly badly... Perhaps security is possible, but doing things well is hard work.

      • by E-Rock (84950)

        If the pirate bay was facilitating transactions and keeping a portion as a fee, I think it would be a lot easier to shut them down.

      • The difference is that The Pirate Bay deals in bits, whereas the Silk Road clones deal in physical goods that need to be shipped by post. If all these drugs could be cheaply assembled by a molecular 3d-printer or something, so only information needed to be transfered, I promise the sites would be every inch as resilient as The Pirate Bay.

      • I've heard through slashdot that security is always pyramid shaped. There's no such thing as 100% secure, but you can eliminate most threats.

        GP mocks a belief that tor is magical. I suspect no one thought that it was, I'm guessing the people who set up utopia thought they'd be lower on the priority list of criminals. Their mistake was likely not believing too much in tor, their mistake was assuming that governments would be more interested in going after rapists and murderers than going after a few ne
        • by Zeinfeld (263942)

          The Dutch government is very clear about not being a haven for drug dealers shipping to other countries. Unlike the US police, they don't spend time going after domestic pushers or users. But anyone who is shipping through the Netherlands to another country is in for serious grief.

          >Hmm... perhaps their mistake was even dumber than simply believing tor is magic.

          Magical thinking is very common in security. Lots of people think BitCoin is anonymous despite the fact the transaction log is public.

          Call Tor ser

    • So wait TOR isn't magical unbreakable software that makes you immune to laws and invisible to enforcement?

      If everyone doesn't think every intelligence agency on earth does not treat as "top priority" ALL communication coming from someone who uses TOR, you are nuts.

      If everyone were using TOR it might be a different matter, but we all know that most people using TOR are hiding something, and the intelligence agencies do not like things hidden except what they want to hide...

      • by ultranova (717540)

        If everyone were using TOR it might be a different matter, but we all know that most people using TOR are hiding something, and the intelligence agencies do not like things hidden except what they want to hide...

        I use TOR. Every single thing I do is hidden for the reason that it's not your copulating business what I do. Congratulations, you Flying Dutchmen and the Three-Letter Evils, for inspiring another permanent TOR node. And a Freenet one.

        • That's fine, but realize you are in a minority and it absolutely means every network connection or phone call you make is getting extra attention.

          I agree it's no-one else's business what I do. I just don't like to go about that in such a way that it makes people look.

    • by jythie (914043)
      Just like some people try to use overly literal and unrealistic interpretations of the law as a defense (see: sovereign citizens), some people give technology too much credit in protecting them even though it is just a single link the the chain. The best encryption network in the world does not save you if you agree to meet an undercover agent in person to make in illegal transaction.
  • by nitehawk214 (222219) on Wednesday February 12, 2014 @08:07PM (#46233939)

    I hope Jackie Chan was involved.

  • by Anonymous Coward

    That's operation "commodore", not "condor".

  • Translation (Score:5, Informative)

    by sandertje (1748324) on Wednesday February 12, 2014 @09:34PM (#46234601)

    For those not able to understand Dutch, I'll translate the message by the public prosecution.

    "In an investigation to criminal market places on the internet, the police arrest 5 men - among which a convicted criminal - on Tuesday. On anonymous, deeply hidden websites drugs and weapons were offered. With permission of the public prosecution undercover agents bought drugs and fire arms on multiple occasions during the past few months. They also received an advance payment for a contract murder.

    The police arrested two men aged 30 and 31 in Enschede [city near the German border], who are suspect of drug and weapon trade on illegal online market places. It concerns Black Market Reloaded and Utopia, Tor websites which were most likely involved in the illicit market places.

    Black Market Reloaded went offline at the end of last year, after a surge of visitors. This sudden surge arose when the FBI took down Silk Road - one of Black Market Reloaded's largest competitors - and arrested its owner in October.

    The Dutch suspects maintained an own illicit market place under the name Utopia. The servers on which this website ran have been found in the German cities of Bochum and Düsseldorf, and were seized yesterday. After taking down the website, the police left a note that the hidden service had been seized by police.

    Upon request of the Public Prosecution [NL], the Bundeskriminalamt [German] arrested a 21 year old man on Tuesday who is suspected of trade in drugs and weaponry. The man presumably offered not only hard drugs [Dutch law makes a distinction between semi-legal 'soft' drugs (marijuana and mushrooms) and entirely illegal 'hard' drugs], but also offered munition and stolen credit cards for sale.

    A 46-year old fellow suspect was already arrested in October 2013 when he was en route to Germany with 1.5 kilograms of marijuana, over 40 grams of cocaine, three kilograms of amphetamine and 1.5 kilograms of XTC pills. The man has been arrested again in his cell today, now for involvement in the illicit online trade and evoking murder.

    The police investigation under codename Commodore was started in early 2013 on account of signals about drug trade on internet via anonymous, deeply hidden websites. There would be large scale trade in drugs and other illegal goods and services. Drugs could be ordered through these websites, and were subsequently send and delivered world-wide by post.

    The Tor network allows one to surf anonymously on the internet without leaving a trail. Illegal market places within the Tor environment make it possible to acquire illegal goods, services and information. Through the use of Tor it is furthermore difficult to determine the physical location of the web servers.

    The illegal and accessible character of these websites with digital payments in bitcoin makes them societally unwanted and a severe disruption of the rule of law. The Commodore investigation gives a clear signal to those who wish to conduct crimes within digital anonymity. The investigation and prosecution of these crimes have high priority for the police and Public Prosection.

    The police made contact with the suspects through undercover agents. The agents bought drugs and fire arms with ease. It concerns several thousands of XTC pills, raw blocks of MDMA and tens of grams of cocaine. The undercover agents were offered to buy several kilograms of cocaine.

    To the dismay of the police and Public Prosecution, the undercover agents were also requested to "bring someone to the other world". The target would be extorted and subsequently killed. The contact led to a physical meeting, where an advance payment was made.

    During the search of the residences of the suspects, computers, storage devices such as hard disks and usb drives, and 900 bitcoin worth approximately 400,000 to 600,000 euros, have been seized. The in the Netherlands arrested suspects are being brought to court on Friday. The Public Prosecution has requested the extradition of the German suspect."

    • by Firethorn (177587)

      I know, different legal systems, but I found this part funny:

      The man has been arrested again in his cell today, now for involvement in the illicit online trade and evoking murder.

      I'm picturing the cops busting him in his cell like how police in the USA often bust people in their houses on COPS or similar shows. I understand it's probably closer to what we know of as 'booking', IE informing him of the charges against him, updating jail records to show that he's now in for much more serious crimes, etc...

      Though I wonder how much he had to do with the contract murder. My sick fascination makes me wonder who they wanted kill

  • I don't understand why the big cartels aren't in on this. Direct sales via post would solve a lot of their problems...seizures probably wouldn't be more than they have now (with mules smuggling condoms of drugs in their guts and such), some middle men would be eliminated (increasing their share of the street value), and they could make an App Store-style cut off of the sales they aren't doing directly. They could even host it in some country they have control of, like Colombia or Mexico, reducing the chan

    • by Firethorn (177587)

      Direct sales via post would solve a lot of their problems...

      Not really. The cartels bring the stuff in by the semi-load. I half think that mules smuggling drugs through airports in various creative ways are the drug lord's entertainment. The amounts are ultimately pocket change, but give the drug enforcers somebody to catch, news stories and such, distracting attention away from the methods that really work for massive amounts of product, like the new tunnel authorities regularly find every 3-4 months. Thing is - most of the tunnels have probably been in operati

    • Criminal organizations aren't typically as well-run as they're presented in cinema. Organizations with as much violence as the Mexican cartels are going to be a nightmare to manage, with so little trust, so many people worried that they'll get murdered for random reasons, etc.

      Government and corporate bureaucracies have a problem with ass-covering, people acting defensively to their own benefit but to the organization's detriment. How much worse isn't that going to be in places where you get killed for makin

  • Aren't there better countries for hosting black market silk road style servers? Like Russia, or Chechnya? Liberia?
  • This just goes to show, anyone stupid enough to sell drugs doesn't know a damn thing about privacy, security, or protection online.

Those who can, do; those who can't, simulate.

Working...