| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by aty268 2090 days ago
	I've always wondered, why do these software engineers take such risks building and setting up these illegal marketplaces? I mean, are you really going to make that much more than you would as a regular software engineer at a company?

13 comments

msikora 2090 days ago

Most definitely a lot more than a regular software engineer. Alexandre Cazes was estimated to have a net worth of at least USD 23 mil, and that's a conservative estimate. This would all be in cryptocurrencies of course and you would have to find a way to money launder these assets. Another thing to consider is that many of these guys live in countries with cost of living much cheaper than USA (not even talking about Bay Area), Cazes himself was living in Thailand.

ShorsHammer 2089 days ago

Alexandre Cazes is an interesting case that basically never gets mentioned in these threads.

It's questionable whether he was doing it alone or even the head operator. But apparently it's all case closed now with no Dread Pirate Roberts type sensational court cases or extradition trial.

Also which country had him executed? I'm very certain it wasn't Thailand.

pfundstein 2089 days ago

Are you implying he didn't commit suicide[§]?

§ https://web.archive.org/web/20170714143352/https://www.deepd...

§ http://www.tvanouvelles.ca/2017/07/12/dark-web-le-quebecois-...

§ https://arstechnica.com/tech-policy/2017/07/report-alphabay-...

§ http://www.brisbanetimes.com.au/world/alphabay-suspected-cof...

§ https://www.europol.europa.eu/newsroom/news/massive-blow-to-...

§ https://www.justice.gov/opa/pr/alphabay-largest-online-dark-...

msikora 2088 days ago

It's more likely that Epstein's case was a suicide than Cazes' in my opinion.

pfundstein 2088 days ago

Absolutely. There was so much fuckery surrounding his apparent suicide I'm still surprised nothing came of it.

digianarchist 2089 days ago

He’s dead now. Was it worth it?

msikora 2088 days ago

It definitely wasn't worth it for him.

pfundstein 2089 days ago

Are you implying he didn't commit suicide?

digianarchist 2088 days ago

Not at all.

colinmhayes 2090 days ago

It's very lucrative and the competition is pretty inept so expectations are low. You can retire to thailand off the residuals. If you're a 20 year old who isn't looking forward to decades of corporate work that might not sound bad.

msikora 2090 days ago

This was something that always boggled my mind how inept these guys sometimes were. In this business your life literally (and I mean literally) depends on good security and they would make some really rookie mistakes.

Enginerrrd 2090 days ago

It's human. Mistakes can sometimes be really subtle and require only a moment's inattention but sound REALLY dumb when you look at it in fundamental terms.

Christ, trained CIA field agents with funding and support staff have made some really stupid mistakes en par. Things like being tracked by metadata from not turning off their cell phone because they thought a chip bag was a good enough faraday cage. Ostensibly it sounds dumb, but that might have only been one time for 20 minutes or something that allowed the Italian investigators to connect the dots.

Perfect security for a short time period with one incident is actually still really hard. When you make it a lifestyle going on for months/years, it's nearly impossible.

shiftpgdn 2090 days ago

Many many CIA agents sent into China have disappeared. If an agency with the greatest set of resources on earth are getting busted regularly what hope does the average Joe software engineer have.

croissants 2090 days ago

> Many many CIA agents sent into China have disappeared.

Source? This doesn't sound like the sort of thing with reliable public statistics?

ruggeri 2090 days ago

These aren’t agents sent into China, but assets in China who were arrested/killed. 18 to 20 between 2010-2012

https://www.nytimes.com/2017/05/20/world/asia/china-cia-spie...

mrtksn 2090 days ago

On the other hand, many get away with it.

Proper air gap maintained religiously should be able to solve a lot of problems in cyber crime. After all, we still interface with computers through meat and bones.

Enginerrrd 2089 days ago

Yes, it's just the maintaining it religiously part that's surprisngly hard.

Like, things and emergencies come up just like they do in a normal business but you have to go all the way back into secure mode to address them.

That process takes time and effort. Cleaning runs to location where you connect, switching hardware, activating all the vpn chains or tor connection, etc etc. Coordinating occasional OTP key exchanges, time/location randomization, etc. ...you didn't slip up and get lazy with the entropy generating your "secure" encryption key did you? You have to find drop shipping locations and those expire or go wrong.

Or there was a car at location X which is a choke point that is technically on your list of triggers for counter surveillance but it's 7PM on a Friday and that cute girl you're supposed to meet is waiting. Do you assume the worst and burn everything, re-do your secure connection point or just ignore it and go through your usual process since 99/100 it's likely to be a false alarm? Or hey, the delivery guy was a day late on the 1-day shipping you used to limit the time frame the agencies could use to get a warrant, and now it's outside your predetermined acceptable window. Do you have the discipline to take the loss and refuse the package?

You get the idea. It's exhausting and people make one stupid mistake and get called out on the internet for being a moron.

dredmorbius 2089 days ago

The difference between impunity and immunity.

State actors (officials) even acting internationally (outside jurisdiction), tend to have a high level of immunity from legal sanction. Independent and non-state actors less so.

The CIA agent might blow cover or case but usually gets out alive and remains free. The DarkNet criminal, not so much.

shp0ngle 2089 days ago

I was looking at this once

One reason they are inept is those guys usually end up doing all the work themselves, for security reasons (you won't tell random people "hey I will run a drug empire, will you help me?").

So there is a lot to do when you need to build the platform yourself from the ground up; plus, you need to spend a lot of time on moderation and spammers and attackers; and, you need to make the platform easy to use, which sometimes goes against security; read any forum for darknet markets and people always struggle with basic PGP usage. (PGP is used for encryption in darknet markets; Signal-like protocols leak way too much metadata.)

Also, people that are good at infosec will not start doing this risky stuff, as they can do something better.

There used to be a market that required PGP in all messages, and users hated that, from what I remember.

I no longer visit forums for this stuff, but look up "dred", darknet market forum.

I always wondered, why are none of the darknets operated from some "rogue state" (like North Korea) or militia-controlled areas, like FARC in Colombia. Or by actual mafias in Russia or Ukraine. But I guess even they are not that dumb and focus on what they know how to do, rather than branching into darknet.

yholio 2089 days ago

All it takes is one rookie mistake and it wipes out the other 99.9% perfect. Yes, there are guys and girls that can do 100% of what you need to run a darknet market perfectly, but they are typically in very high demand on the employment market, so their acceptable risk to reward ratio makes participation in criminal conspiracies very unlikely. So crime naturally selects for half-asses.

arkitaip 2090 days ago

That's ALL criminals for you. They can be very smart and yet consistently commit silly and avoidable mistakes.

4gotunameagain 2090 days ago

That's all criminals that you know about, because they got caught.

im3w1l 2090 days ago

Well there are three classes really. (1) Criminals who got caught. (2) Crimes that were obviously committed, but were never solved. (3) And crimes that were performed so well that we don't even know they happened.

I think you would be very hard-pressed to create a large scale drug marketplace in category 3. Thus we can look at ratio of 1 and 2, to see how clever criminals are.

jonwachob91 2090 days ago

Samuel Little is a perfect example of some one category 3, that was eventually caught...

He was charged with 4 counts of murder in 2013, but in 2018 he was connected to a murder in Texas. Further investigations connected him to over 50 murders over almost 40 years, but he claims 93. The police hadn't connected ANY of the murders until he was picked up on narcotics charges and his DNA matched a bunch of cases in LA. He'd been in and out of jail 26 times between '61 and '75 for lessor charges, and was even charged with murder in '82, but was acquitted.

https://en.wikipedia.org/wiki/Samuel_Little

watwut 2090 days ago

Large marketplaces are know to enough people. Had one operated for super long, it would be known.

torified 2089 days ago

That's all people.

gherkinnn 2089 days ago

Some people can’t make a stable living in regular jobs, so they resort to some form of crime. And it takes very little to add “Anybody can make money on the internet. Zuck did it and he’s a dropout.” and “Drugs make money” together.

The rest of the story tells itself.

torified 2089 days ago

Just like anyone, they make mistakes.

Think of the most boneheaded thing that you did in the last two years, then imagine that could have been the one mistake that gets you busted.

Also they probably get complacent about the whole thing eventually.

bawolff 2089 days ago

Maybe the type of personality willing to gamble it all on running a drug market isn't they type to dot their i's and cross their t's.

redisman 2090 days ago

In most of the world working as a SWE is a middle-class job. Six figure salaries and RSUs are really only a thing in a few top US and EU cities.

qes 2089 days ago

Six figure (albeit lower end of that, and without RSUs) SWE jobs exist in quantity all over the U.S. There isn't a single state where you shouldn't expect to be getting a six figure salary with no more than 5 years working experience as an SWE - and I think saying even 5 years is generous.

bonestamp2 2090 days ago

I think it probably comes down to a combination of Ego and/or Thrill. They think they are too smart to get caught and they get a thrill out of outsmarting people (until they're not).

Whenever I see this it makes me think that making money by breaking the law is like playing a video game on cheat mode. Nearly anybody can make money illegally, but the consequences don't usually outweigh the benefits. So, it's almost pointless. The game that is much more gratifying is making lots of money by playing the game on hard mode.

mkoryak 2090 days ago

Why do criminals do crimes?

If you want to break the law and you happen to be a SWE, I don't think it makes much difference.

anemoiac 2090 days ago

I'm not sure if this was your implication (I may be reading too far into your relatively succinct comment), but I don't think most "criminals" do crimes because they explicitly want to break the law. I would imagine that there are about as many potential reasons for doing things that happen to be against the law as there are for doing things that don't happen to be against the law.

I'm not even all that sure what qualifies someone to be considered a "criminal." Is it simply breaking the law, which virtually everyone has done at some point? Is it getting caught committing a criminal act? Getting caught committing a felony-level offense? Is someone who smokes cannabis in Kansas (illegal) a criminal, but not someone who smokes cannabis across the state border with Colorado (legal)? What if the smoker from Kansas crosses the border into Colorado - are they no longer a criminal? What if the smoker from Colorado smoked cannabis before it became legal to so - did they stop being a criminal when cannabis was legalized? What if the smoker from Colorado walks across the border into Kansas - are they a criminal for having smoked cannabis in Colorado, given that doing so is illegal in Kansas? This list could continue, but it's probably already bordering on pedantic... Point being, if breaking the law is all it takes to be considered a criminal, aren't we all criminals?

HenryBemis 2090 days ago

Criminals will do crime. The thing that always buffles me is WHO buys heroin, cocaine, weed, etc. over the internet.. Aren't they scared that DHL, FedEx, USPS will scan/sniff the packages? Or they use "Drug delivery express"?

Or they buy online and they meet someone in a parking lot for the pick-up? Why not buy then and there then?

As we see in the movies, most drug trafficking is a drive-by thing.. is it not?

myself248 2090 days ago

I don't think there are "criminals" as a type of person like "musicians", who are just compelled to do crime because there's an inner force that just makes their toe tap a certain way.

Maybe some small fraction, I guess.

But I think the majority of criminals are simply rational actors, who look at the incentives and the odds, assess them (sometimes wrongly), and do what seems sensible to achieve their goals. The goal is not "do crime", the goal is "make money" and the environment is structured such that crime makes money.

SCHiM 2090 days ago

Having drugs sent to you is not proof that you bought them. I mean, it'd be too easy to blackmail someone if I could just send you a 'package' and then drop a tip @OurFriendsInBlue, no?

That said, if you keep getting busted with marching powder in your magazines, at some point people will stop accepting that excuse ;)

ChrisKnott 2089 days ago

Having drugs sent to you is evidence you bought them. Maybe not conclusive evidence by itself, but certainly good evidence. Almost certainly there would be corroborating evidence such as drugs paraphernalia, financial transactions, positive blood test, internet history, etc

You are unlikely to get caught because you are unlikely to have the package intercepted. If it is, you should expect to be convicted.

HenryBemis 2089 days ago

I was misunderstood, my bad, bad writing.

My question/wondering was on: why the hell would someone buy drugs online, and how to they accept the risk on consuming these when they arrive. Buying an iPhone cable online is a risk I can accept. Buying heroin online (I don't do drugs) it goes beyond me on the risk acceptance of such deed.

I get it that darkweb has a scoring system like Amazon, eBay, Etsy, but heroin? Cocaine? Weed?

It is not about "police can't charge you" it is about "who the hell is going to inject something that was bought on the darkweb in their veins??

What goes through their mind? I assume not much since these are people who buy heroin, online.. so that answers my question.

SCHiM 2089 days ago

Well it's a direct market, customer service is king.

The sellers cannot really move their 'brand' from one market to another. An opportunist could reserve their username on another market, and users know that anyone could be behind that new account. They don't trust the name, only the reviews you have on your particular market.

What I want to say is that the reputation of their anonymous brand is worth something, because they can't take it somewhere in a hurry and takes time to build (if you build it legitimately, it always seems easy to cheat with a bot).

Reviews from other users, (who also have a visible reputation, to combat botting), are taken seriously. The markets themselves provide escrow, if you screw your users and don't have a high standing you're likely won't be receiving payment.

This incentivizes sellers to provide a high level of customer service.

"So, in order to attract customers in this high stakes and very competitive situation, you need the highest possible rating."[0]

"This may help to explain why drugs bought on the dark web tend to be much purer than drugs bought on the street. "[0]

[0]:https://unbabel.com/blog/customer-service-dark-web/

s-lambert 2089 days ago

> The sellers cannot really move their 'brand' from one market to another. An opportunist could reserve their username on another market, and users know that anyone could be behind that new account. They don't trust the name, only the reviews you have on your particular market.

Sellers can move their brand across markets with a different username because they would still have the same PGP key. There's even a search engine to find the same vendor on multiple markets by looking them up by their PGP key.

vkou 2089 days ago

> My question/wondering was on: why the hell would someone buy drugs online, and how to they accept the risk on consuming these when they arrive.

The alternative is buying them in person, where the dealer you have worked with for years may have been flipped last week.

And it's not like injecting something you bought from your dealer doesn't have similar risk factors. Why do you think overdoses have been skyrocketing over the past decade?

cmrdporcupine 2089 days ago

The amount of fentanyl and similar compounds on the street sounds just awful now. I can't imagine buying an E in the club or wherever from a stranger in this day and age.

shajznnckfke 2090 days ago

Low level purchasers don’t seem to be targeted in these busts. They are after the suppliers. The risk of buying from a darknet market is probably lower than buying from a local dealer, especially for a consumer who doesn’t have any connections. You could go looking for someone dealing on the street, but you won’t know if their stuff has five star reviews. Or you might just get mugged.

frower1 2090 days ago

Not something I have firsthand experience of, but I believe that the sellers are rated in part on the quality of their delivery. It comes through regular post to the buyers door. But that’s no implication of crime so as a regular consumer it’s fairly safe.

Aside from that, the quality of Darknet drugs is significantly better than street drugs. The drugs people (used to) buy on the street have been through a lot of hands and there’s often little substance left at the end. Also, who you going to complain to? At least with a marketplace, sellers are looking for good ratings. It’s also a lot cheaper. I’ve heard nothing but good reports from people buying online.

user5994461 2090 days ago

>>> I mean, are you really going to make that much more than you would as a regular software engineer at a company?

Hell yeah.

I mean, what companies could they possibly work for? Google? Accenture?

These only have offices in a handful of cities across the planet. You have zero job prospects as a software engineer as a person living in countryside Asia or Latin America or even Europe outside of metro areas. You might as well try to build your own web business.

detritus 2089 days ago

Not everyone focuses solely on cash in life, and for some the thought of becoming a 'regular software engineer at a company' might be existentially boring.

Loughla 2089 days ago

This is the reason my regular dealer sold various items when I was in college.

He figured he had the rest of his life to be boring, but the excitement of dealing was too tempting right now to turn down. I'm betting a lot of the people running these sorts of things are in that area; it's just too interesting to try and too much adrenaline at times.

Also, are you named after just general detritus, or the Pratchett character?

detritus 2089 days ago

ha, I quite like the idea of General Detritus! Just detritus generally. It's strange for me as I've been using it for so long now, my mind skips a beat and I feel like I've had a post update whenever I come across the word IRL :)

I've actually just picked up my first ever Pratchett - "Small Gods" - after having somehow avoided reading him for the past 30 years!

"Detritus was the first troll member of the Ankh-Morpork City Watch..." - I'll look forward to that, thanks!

DyslexicAtheist 2089 days ago

> why do these software engineers take such risks

I blame ageism in Tech. Where else should we go except jumping the Ättestupa[1][2] /s :-)

I guess everyone is different, but if you read the story behind Paul LeRoux[3] there is a lot more to becoming a criminal (including personal hardship and a pre-existing proneness for Denning Kruger - which seems more rampant in our field than anywhere else). And like learning vi / emacs it's actually really hard, so once you get very good in this it's hard to stop

(I'm trying too hard to be funny and understand my analogy sounds ludicrous but there are psychological concepts at work which connect difficulty/struggle of a task with whether we can identify with what we are doing and if it fulfills us. Ofc there is also that who else would do this kind of work if not a software/security engineer.)

[1] https://www.youtube.com/watch?v=DwD7f5ZWhAk

[2] https://en.wikipedia.org/wiki/%C3%84ttestupa

[3] https://magazine.atavist.com/the-mastermind

birdyrooster 2090 days ago

I think you answered your own question as I am pretty sure they really do get paid that much more. The same thinking goes into starting a business or becoming self-employed. The people I have met doing those for longer than a year seem to make more than the people working full time jobs.

tester34 2089 days ago

Not everybody is living in USA or country with strong currency

vmception 2090 days ago

Yes, you make a lot more and you don't actually get busted.

lobster45 2090 days ago

Money! And they think they are smarter than those who failed

duxup 2090 days ago

For some it has been highly profitable, and many of them have strongly libertarian style personal beliefs.