Tor: Darknet OpSec By a Veteran Darknet Vendor & the Hackers Mentality (Defcon 30)

Рет қаралды 27,903

Күн бұрын

Defcon 30: Tor - Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality
This version has the audio fixed, and the information regarding the informant in my case censored - per the request of the Assistant United States Attorney.
First and foremost, this is MY talk at Defcon 30 - on Tor, and Darknet Opsec by a veteran Darknet Vendor & the Hackers Mentality
War Story
The hacking subculture's closest relative is that of the Darknet. Both have knowledgeable people, many of whom are highly proficient with technology and wish to remain somewhat anonymous. They are both composed of a vast amount of introverts and abide by the same first rule: “Don’t get caught." Both tend to love Sun Tzu quotes as well. What happens when the hacker mentality discussed in the Hackers Manifesto is applied to things such as OpSec on the Darknet?
Over the past decade, there have been many DEF CON talks that have discussed Tor and the Darknet. None have ever come from a Darknet vendor. The approach was more academic, as opposed to economical. Having a background in IT, Infosec, and hacking, the goal is to present a unique perspective from a hacker’s point of view, as we look at how the hacker mentality applied functions in various hostile environments such as a Darknet Vendor, staff member of multiple Darknet Markets, and co-found of Dread, who then later would be a federal prisoner. Shortly after, he talks about how he was able to get himself out of federal prison 3 years early.
All of which was possible through the reconnaissance of various systems and methodologies. From the anticipated linguistical analysis that the feds were making of posts on Darknet forums to how to write a motion to a federal judge from a prison cell in order to make him understand what it was like there, we will take a journey through a variety of interesting places and times from a tour guide with unparalleled experience and access.
By focusing less on the basics of Tor and more on how insiders operate within it, we will uncover what it takes to navigate this ever-evolving landscape with clever OpSec. In addition to seeing what happens if you get caught. All through the perspective of the hacker spirit that refuses to submit.
Speaker Bio:
Former admin and co-founder on Dread Forum (Darknet), staff on multiple Darknet sites, Darknet vendor: 2happytimes2, lockpicker, hacker, hak5 enthusiast, haxme.org admin (Clearnet), Sam Bent spends his days writing technical manuals and doing graphics (using all Adobe Products) for the company he works for, while also doing federal prison consulting on the side. He is a certificated paralegal. Runs his blog where he does federal prison consulting, is currently about to publish a book on compassionate release for federal prisoners, and runs multiple youtube channels. He is also a college student.
He has been in the scene for almost 20 years. He has written multiple guides and published numerous whitepapers and how-to’s on hacking. Sam Bent’s former handles include killab, 2happytimes, 2happytimes2, and most recently, DoingFedTime.
Facebook: / doing.fedtime
Twitter: / doingfedtime
Reddit (my subreddit): / thefeds
Sites: www.doingfedtime.com , 2happytimes2.com , haxme.org/
My website is:
doingfedtime.com
Facebook: / doing.fedtime
Twitter: / doingfedtime
Linkedin: doingfedtime.com/www.linkedin...
#darknet #defcon30 #defcon #opsec #federalprisonconsultant #tor #darknetvendor #hacker
Big thanks goes out to cwade12c of Haxme.org for recording the live stream and sending it to me!
00:00 Defcon 30
00:07 Introduction
00:58 whoami
01:37 Dark Credentials/ My objective
02:11 Hacking Subculture vs Darknet Subculture
03:02 Education DNV vs Hacker
04:28 Know Thy Enemy
05:35 Postal Countermeasures for beginners
06:32 Drug Traffickers Moral Dilemma
08:17 I heart USPS
10:15 Drug sniffing dogs are misunderstood
10:50 Love Letters from feds
11:52 CDs - Controlled Deliveries
13:34 Branding on the Darknet
15:26 Past, Present, Future of intelligence gathering
16:49 Darknet busts = Law enforcement getting lucky
17:28 Hugbunter codes, I administer
18:24 Threat modeling
19:32 OpSec Mistakes you cannot afford
22:29 Building physical firewalls
23:17 Vulnerability Analysis
24:07 Illusion of security
26:12 Pulling the trigger
27:29 Ingress, Egress, Regress
28:51 Working for a Darknet Market
29:23 Bitcoin Tumblers are trash Use XMR
30:22 Post Exploitation
31:17 Operation Dark Gold
32:26 When the feds break the law, Franks Hearings
33:32 Censored image of my cousins statement against me
33:57 Incarceration in federal prison as a hacker
35:20 Fighting the system with it's own code - law
35:49 Shout out to Haxme.org and Reporting
37:08 Don't be a Darknet vendor
38:37 Q&A where I cannot hear anything

Пікірлер: 66

@DoingFedTime Жыл бұрын

00:00 Defcon 30 00:07 Introduction 00:58 whoami 01:37 Dark Credentials/ My objective 02:11 Hacking Subculture vs Darknet Subculture 03:02 Education DNV vs Hacker 04:28 Know Thy Enemy 05:35 Postal Countermeasures for beginners 06:32 Drug Traffickers Moral Dilemma 08:17 I heart USPS 10:15 Drug sniffing dogs are misunderstood 10:50 Love Letters from feds 11:52 CDs - Controlled Deliveries 13:34 Branding on the Darknet 15:26 Past, Present, Future of intelligence gathering 16:49 Darknet busts = Law enforcement getting lucky 17:28 Hugbunter codes, I administer 18:24 Threat modeling 19:32 OpSec Mistakes you cannot afford 22:29 Building physical firewalls 23:17 Vulnerability Analysis 24:07 Illusion of security 26:12 Pulling the trigger 27:29 Ingress, Egress, Regress 28:51 Working for a Darknet Market 29:23 Bitcoin Tumblers are trash Use XMR 30:22 Post Exploitation 31:17 Operation Dark Gold 32:26 When the feds break the law, Franks Hearings 33:32 Censored image of my cousins statement against me 33:57 Incarceration in federal prison as a hacker 35:20 Fighting the system with it's own code - law 35:49 Shout out to Haxme.org and Reporting 37:08 Don't be a Darknet vendor 38:37 Q&A where I cannot hear anything

@AllHackingCons Жыл бұрын

Thank you for this!

@Dread_Pirate_Roberts_2013 28 күн бұрын

My favorite Defcon presentation ever!

@charleshendrickson72 Жыл бұрын

I think your the first vendor to be free and able to tell his story. Any others that are free got their tail between their legs from taking others down with them! The fact your conscious is clear shows you did your time without taking others down!!! Respect!!👊

@DoingFedTime Жыл бұрын

That, and my paperwork on Pacer! :) Yes, it seems most become truck drivers, or construction workers (not that their is anything wrong with those things, my fat ass is not doing either though). I never understood that. When I was a darknet vendor it always bummed me out that none had taught what they learned, that all of the ones had just become silent.

@headlights-go-up Жыл бұрын

The moment Sam said he needed a db of people he didn't care about screwing over...I knew he was going to pull up the NSOPW lol. Cheers, Mr. Bent.

@DoingFedTime Жыл бұрын

Hahaha thank you !

@johnmiller9931 Жыл бұрын

Hey, I just wanted to let you know this talk went up on the DEFCON channel within the past few days, if you'd like to see it there too. Thanks for putting it up here for us early. I enjoyed listening to your perspective!

@syx8op Жыл бұрын

One of the best talks I have ever watched period. From this video I started watching your channel daily. Keep up all the great content your doing great work for the people.

@DoingFedTime Жыл бұрын

Thank you! Will do! And it's great to have you!

@mikeheffins8025 Жыл бұрын

Seeing this back up brought a smile to my face. ❤️🏆

@mysticmae12 Жыл бұрын

I just listened to Jack’s podcast. I was hooked the entire time! I had to go see what you had going on. I’m happy to see that you’re making content. You’re a very intelligent dude!

@DoingFedTime Жыл бұрын

Real recognize real. It's great to have you here Mystic Mae!

@midnight1844 Жыл бұрын

Glad it's back up! Came back to rewatch it and I saw it was gone and was upset

@jimdiroffii Жыл бұрын

Downloaded! May all talks live forever. Damn the censors.

@killowatraibikio2855 10 ай бұрын

All the way from South Africa Thank you Darknet Diaries. This is so interesting.

@codymustafa5034 Ай бұрын

you deserve the following that posers who have only read about things and maybe went on dread once like mental outlaw have. you're knowledgeable and solid, much respect.

@DoingFedTime Ай бұрын

Thank you! I appreciate the kind words (as well as you taking your time to let me know how you feel!).

@KeiranR Жыл бұрын

Love your talk mate ... Thanks for the re upload...

@septim8312 Жыл бұрын

Hell yeah!! And it's back up! Glad to see free speech winning against threats :D

@MichaelOfRohan Жыл бұрын

Threats is all someone has when their collective evidence is insufficient to mark you. Never, ever believe a threat or a promise from anyone.

@licklack159 Жыл бұрын

Let's go! Glad to see this back up

@spacet1me Жыл бұрын

Great talk, watched it all the way thru and wasn't planning on it. I've been to 3 DEF CONs in a row, woohoo!

@cmorche Жыл бұрын

Thank you for speaking and for uploading this again! 😀 Easily one of the best talks I've seen from DEFCON. Stay safe my friend!

@R41D Жыл бұрын

old DNM mod here. loved the talk, time to dig deep into ur channel XD -DTH

@ifofcourse Жыл бұрын

So im a complete stranger to the Darknet and its culture, but this was super fun and interesting. Great job!

@theREALchriszito Жыл бұрын

Amazing talk dude I just got recommended your page and I am so glad. There is a good chance we interacted. I was a mod on r/dnm at the very end until we got banned. I love the shoutout to GG! When I ordered from him it didnt come from NL lol.... I wont say where, but it just goes to show his opsec level was pretty sophisticated.

@band0x1337 Жыл бұрын

Glad you got it back up man!

@kngnothingGT Жыл бұрын

Also super awesome that you got it back

@blackthebanner Жыл бұрын

Glad to see this was reposted and by YOU at that stay strong brother

@bawlout9367 Жыл бұрын

I creep on your videos but this is the one that made me sub, using the kid piddlers addy as a return is epic lmao

@kuukeli Жыл бұрын

thank you for re upload

@GranMastaB Ай бұрын

Let me preface my question by letting u know I stumbled across ur video eval of Archetyp (awesome btw & def would love more of such content) which lead me to ur channel. Its understatement to say the info u share there & specifically w/ this presentation is lifesaving knowledge. Thank You for being one of the few who is paying it forward..... but outta curiousity, in ur case re the warrantless package inspection, what even was their grounds for inspection? & how did they connect that package to u during its transit? Also, re Op Dark Gold, did u personally use that individual to cash out ur bitcoin? On a regular basis? Why? Is using a proxy personal ID w/ legit SSN/ DL/ etc too much & bring on there own vulnerabilities? Or if done in a very sanitized way, such an alternate persona can be useful in that situation & possibly others? **any info shared here is strictly for entertainment & being used simply as conversational debates in possible future social media posts/interactions.

@DoingFedTime Ай бұрын

"what even was their grounds for inspection? " They had none, or none was stated. If I had to guess, it would be that she (my cousin) had brought it 10 or so packages and ever 3rd one had a different return address. "how did they connect that package to u during its transit? " They didn't. The opened it, found drugs, and then used the footage of my cousin in the post office to ask around about her. They got her plate number and ended up following her back to my house (were she had a room). "Op Dark Gold, did u personally use that individual to cash out ur bitcoin?" Yes. After converting the BTC -> XMR then back to BTC. "On a regular basis?" No, but rather about 4x. It's were each one of my 'money laundering' charges came from. Even though, they couldn't prove that I had gotten he crypto from an illegal act. " Why?" Buying and selling of crypto isn't illegal, and there were no DEXs around back then. The only other options for direct cash out would have been KYC exchanges, like coinbase, were are your absolutely WORST way to cash out. " Is using a proxy personal ID w/ legit SSN/ DL/ etc too much & bring on there own vulnerabilities? " OpSec is about controlling your information. If you're giving it away to a third party, you're jeopardising your operation in a big way. "Or if done in a very sanitized way, such an alternate persona can be useful in that situation & possibly others? " You would have to invent a person with a tax history, SSN etc to do this. For me the exposure in doing so alone was to much, never mind the risk of ID fraud. "**any info shared here is strictly for entertainment & being used simply as conversational debates in possible future social media posts/interactions." It's also historical information. It's about as dangerous as me telling you how they loaded cannons in the revolutionary war.

@mathewbeats2658 Жыл бұрын

Thanks bro!

@bobbyrandomguy1489 Жыл бұрын

Glad you got it put back up. Weird I cant see any comments.

@DoingFedTime Жыл бұрын

I think it's an issue with YT. I had the same issue! I had to organize the comments by "newest first" instead of "top comments" and they showed up.

@tobimoody7292 Жыл бұрын

And we're back

@skreminpanda7006 Жыл бұрын

Really interesting

@jonathangallagher3116 Ай бұрын

bro introduced himself

@user-vv7js7iz8v Жыл бұрын

It’s back up!!

@bemek01 Жыл бұрын

you the guy!

@randomlegend631 Жыл бұрын

🎉

@trik9464 Жыл бұрын

Wooo

@sergiol.3755 Жыл бұрын

Its back

@kngnothingGT Жыл бұрын

Did you have issues getting this back up? I’m downloading it just in case

@DoingFedTime Жыл бұрын

So, I censored the part were it showed my PSI and my cousins statements against me. Now that I am not showing a confidential document there is no issue with it being up.

@Thedude897 Жыл бұрын

@@DoingFedTime lol confidential? Can't it be found through a clerk of court or a FOIA request? Safe to keep the feds happy though if that's all they requested. They know you have the power to get some people out of prison and since that's all they requested it's best to play safe.

@ilikeapple8551 Жыл бұрын

yay we got the video back up xDD

@MichaelOfRohan Жыл бұрын

BACK UP?!?! SHWEEET!!!

@kyoko703 Жыл бұрын

Woohoo! It's back!!!!!!!!!!!!!!! :)

@BALDNHAPPY Жыл бұрын

back up!

@grumps5940 Жыл бұрын

I wonder who the informant is..

@DoingFedTime Жыл бұрын

Well you totally cannot google "Sam Bent" and see articles about me - and my only co-defendant and make the connection that way - totally impossible! :)

@Kakerate2 Жыл бұрын

intro song?

@DoingFedTime Жыл бұрын

No clue, sorry. :(

@msonnayn Жыл бұрын

13:48 20:42

@baconblaster6422 Жыл бұрын

lol i know half of this information just by reading through dread and entire darknet bible. Wonder if Fed Time contributed to most of those

@DoingFedTime Жыл бұрын

DN Bible has been around for a while, and slowly over time been added to. I never personally added to it. It was the other half (the half you said was missing) that I was aiming to disclose. :)

@baconblaster6422 Жыл бұрын

@@DoingFedTime yes thanks I enjoyed your talk very much.

@baconblaster6422 Жыл бұрын

@@DoingFedTime one thing that stuck out to me though, hypothetically if we had to pick a return address and you chose those offenders mentioned in the talk, I would think they already had flagged addresses that would bring more attention To you in the first place ? Not saying there’s a better option for return address patsy (random business address ?) , but I would of though S offenders already have flagged addresses which would have you burned too quickly. Thanks again

@Fatvod Жыл бұрын

So you put your illegal activities onto your neighbor? Not cool dude.

@DoingFedTime Жыл бұрын

I use their internet connection. There's a pretty massive difference between this and what you describe.

@Fatvod Жыл бұрын

@@DoingFedTime you literally describe the feds raiding their house as your warning sign. You know exactly what you were doing. You are making your activities someone else's problem to deal with.

@miguelhxrnandez 6 ай бұрын

@@Fatvod being a criminal while also being morally ethical is in of itself impossible to do. civiliians will get caught in harms way, stop bitch8ng about it and move on.