[nfbush]

Every time a market has been taken down it's been due to OPSEC failure and other information leaks (e.g. Silk Road captcha IP leak, DPR's advertising of market being linked to his personal email address). AlphaBay Which got taken down first in this operation was due to a personal email being included in the header of the welcome email sent out to new users 3 years ago [1]

[1] https://www.justice.gov/opa/press-release/file/982821/downlo... (pdf)

[Analemma_]

> Every time a market has been taken down it's been due to OPSEC failure and other information leaks (

This is true, but it dangerously misses the point. Every time someone gets taken down, the know-it-alls on various fora sneer and go "Ha! What terrible opsec! I wouldn't have made that mistake!" No, you would've made some other mistake.

To run a darknet market and not get caught, your opsec has to be perfect. Every second, every minute, every day, every person involved, forever. That is simply not possible once an operation exceeds a certain size. Like the IRA once said: "We only need to be lucky once. You need to be lucky every time". This is the "defender's dilemma" that guarantees you will be caught as t goes to infinity: sooner or later, you'll make some mistake that burns you.

Focusing on the specific mistakes made by bust-ees only boosts your confidence and ignores that you, in their situation, would've leaked information somewhere else.

[nissimk]

I'm sorry to nitpick and I mostly agree with you, but similar to a casino game that favors the house, if you are lucky and quit while you're ahead, you can avoid capture. Your statement is only true in the long run. Of course criminals usually become addicted to their risky behaviors just like gamblers... It's a frequent trope in crime movies: one last job before the criminal retires, but that last job is the one where he makes a key mistake.

[armitron]

This is a very superficial way to look at things, and ultimately, entirely wrong.

One of the cornerstones of OPSEC is persona creation & management. This is orders of magnitude easier to perform in cyberspace than in real life, and can be used as a catch-all safety -- for exactly when mistakes are made and layers are compromised --.

You will make many many mistakes, but part of a well-implemented OPSEC strategy, is to have those mistakes land in a compartment, an illusionary persona that you created out of thin air. Operation size has nothing to do with it and should be completely irrelevant when the compartmentation strategy used is solid.

[maratd]

> That is simply not possible once an operation exceeds a certain size.

A good argument for not getting too greedy and keeping things small. It's the nail that sticks out that gets hammered down.

[rothbardrand]

These opsec failures that you're talking about are very easy to find in the process of parallel construction.

So that these are the stated reasons is no indication that they are the real reasons.

They are, in fact, so very, very convenient the they smell like parallel construction to me.

Might not be, but they certainly aren't good evidence that parallel construction isn't going on.

[krapp]

>Might not be, but they certainly aren't good evidence that parallel construction isn't going on.

On the other hand, the evidence that parallel construction is going on appears to be a belief that everything is parallel construction.

[bripeace]

But where did they get the 3 year old email.

1) They were investigating AlphaBay for nearly 3 years 2) They came upon somehow control of an email address which contained 3 year old mail that contained the password reset email 3) They are capturing and storing large amounts of tor traffic much like the NSA does on clearnet see: xkeyscore

This isn't really explained in the indictment

[jdenning]

Apparently, he leaked the email address in an early email sent to site users. It contained his real first name and birth year, and he used the address on several other sites.

When he was busted he was logged in to the site, and had several passwords/keys stored in plaintext on his machine.

Multiple OpSec failures.

Good analysis here: https://medium.com/@thegrugq/dark-net-trap-545ae5dd8476

[fiatpandas]

They could have gained knowledge of the email address through classified means, and made up the email header story to hide their method of initially obtaining it.

[burger_moon]

This is a really interesting question. Knowing how they got access to such an old email from an external source.

[problems]

Honestly it doesn't seem that interesting - browsing /r/DarkNetMarkets, dnstats and just signing up yourself is enough. I've signed up for a few for shits and giggles but never bought anything, browsing is pretty interesting. You just need to find one person like me who'd be willing to give them the email... not exactly hard.

[CM30]

Perhaps it's from someone they were investigating for other crimes. I mean, it doesn't seem beyond the realm of possibility that law enforcement were going after say, a drug dealer who was using the site to sell goods, and found the welcome email from the platform he or she was using in their inbox.

That seems like one plausible possibility.

[ATsch]

This is my pet theory. A seller was busted and the emails were siezed. Seems like the most likely possibility.

[xorcist]

Isn't it likely that a number of recipients did not delete that particular message? Also that a number of them sold drugs by mail order, not uncommonly a short lived profession?

[math0ne]

I'm sure they sign up for every darknet site constantly.