Navigation
Recherche
|
Dark markets have evolved to use encrypted messengers and dead-drops
lundi 14 janvier 2019, 19:06 , par BoingBoing
Cryptocurrencies and Tor hidden services ushered in a new golden age for markets in illegal goods, especially banned or circumscribed drugs: Bitcoin was widely (and incorrectly) viewed as intrinsically anonymous, while the marketplaces themselves were significantly safer and more reliable than traditional criminal markets, and as sellers realized real savings in losses due to law enforcement and related risks, the prices of their merchandise plummeted, while their profits soared.
But much of the security of dark markets was an illusion. The anonymity of cryptocurrencies could often be pierced; the services themselves could be subverted by law enforcement in order to roll up many sellers and buyers at once; and the 'last mile' problem of shipping illegal substances through the mails exposed buyers and sellers to real risks. The buyers and sellers in dark markets have responded to these revelations and new facts on the ground with a range of ingenious, high-tech countermeasures. Buyers are now more likely to conduct sales negotiations through encrypted messenger technologies, and each customer is assigned their own unique contact, staffed by a bot that can answer questions on pricing and availability and broker transactions. Many of these transactions now take place through 'private cryptocurrencies' that have improved anonymity functions (there is a lot of development on these technologies). Delivery is now largely managed through single-use 'dead drops' -- hidden-in-plain-sight caches that are pre-seeded by sellers, who sometimes use low-cost Bluetooth beacons to identify them (these beacons can be programmed to activate only in the presence of a wifi network with a specific name: a seller provides the buyer with a codeword and a GPS coordinate; the buyer goes to the assigned place and creates a wifi network on their phone with the codeword for its name, and this activates the Bluetooth beacon that guides the buyer to their merchandise). The logistics of these dead-drops are fascinating: there's a hierarchy on the distribution side, with procurers who source merchandise and smuggle it into each region; sellers who divide the smuggled goods into portions sized for individual transactions, and sellers, whose 'product' is just a set of locations and secret words that they give to buyers. The hierarchy creates the need for auditing and traitor-tracing to prevent the different layers from ripping each other off. Dead drops are randomly audited and audits are verified by reporting on the contents of unique printed codes that accompany each drop. Distributors post cryptocurrency 'security' (bonds) with sellers and lose their deposits when their dead drops fail. In a fascinating paper on the rise of these 'dropgangs,' Jonathan 'smuggler' Logan identifies some key weaknesses in the scheme, including the persistence of trackable coins being spent by buyers at the end of the transaction (dropgang members are more likely to adopt private coins than buyers); and the lack of the buyer-and-seller reputation systems that the dark markets provide. Logan proposes that this can be resolved with 'proofs of sale' that would be published on public forums, which increases the risk from law enforcement. Logan also proposes that ultrasonic chirps may replace Bluetooth beacons, with per-drop codephrases doing a call-and-response to help buyers home in on their purchases. Given the developments in technology and methods, it is very likely that black markets will spread in both availability and demand. All kinds of goods will be widely available, anonymously, securely, in our cities and urban environments. More people will find their livelihoods in taking part in these distribution networks, since required skills and risks are low, while a steady income for the industrious can be expected. Instead of delivering papers, teenagers will service dead drops. This will lead to further developments that serve the convenience and security of black market merchants and customers. A plausible next step would be the development of markets for dead drop operators that make their living by picking up product from one dead drop and placing it in another, working as a proxy for the customer to increase his safety and to reduce his efforts. This would also make this distribution model wider spread and available to more products, which will blur the lines between the black and the legal market. On this blurred line new services and technologies will establish themselves, inherently dual use services like lock boxes that can be paid by peer-to-peer cryptocurrencies. Looking even further into the future, it seems plausible that the whole urban environment might find itself integrated into a dynamic landscape of very short-lived dead drops that are serviced by humans and cheap drones (unmanned aerial vehicles), which are already cheaply available and likely only require one market actor to develop and spread a mechanism to pick up and drop goods. Both merchant and customer could use drones, that are available for rent through dedicated Apps, to deliver product to a meeting point on a roof, where another drone would pick it up. Chaining multiple exchanges like this will make the tracing of the delivery extremely hard, essentially leading to mixing techniques so far used only in anonymizing digital communication. Given the additional plausible development that long distance, high payload drones become available more widely, and for much less cost, the procurement layer of Dropgangs will also become more secure and efficient. Dropgangs, or the future of darknet markets [Jonathan “smuggler” Logan/Opaque Link] (via Four Short Links) (Image: Ian Muttoo, CC-BY-SA)
https://boingboing.net/2019/01/14/drone-serviced-dead-drops.html
|
56 sources (32 en français)
Date Actuelle
ven. 22 nov. - 08:28 CET
|