Leading DarkNet Market Agora Temporarily Suspends Service Over Tor Vulnerability Concerns

from the here-come-the-fuzz dept

As the government continues to play Whac-a-Mole with darknet drug bazaars, one of the Silk Road's leading darknet market replacements says it has temporarily suspended service over Tor vulnerability concerns. In an encrypted post to the site's buyers and dealers (copied over to PasteBin and over at the /r/darknetmarkets subReddit), Agora's administrators say the darknet market is nervous about law enforcement's ability to take advantage of recent Tor vulnerabilities, and as such are pulling the market offline for an undisclosed amount of time to protect the site:
"Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations. Most of the new and previously known methods do require substantial resources to be executed, but the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources. We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement."
While the post doesn't specify which Tor vulnerability the market's responding to, a paper recently published by researchers from Qatar University and MIT (pdf) argued that it was possible to use a Tor vulnerability to identify Tor hidden services with as much as 88% accuracy. Tor director Roger Dingledine responded to these findings in a blog post back in July. Dingledine downplayed the ability of the vulnerability to be exploited in the wild, while pointing out that researchers have long over-estimated the ease of such fingerprinting methods in the real world.

To succeed in the fingerprinting process, the attacker needs to control the Tor entry point for the server hosting the hidden service, and have previously collected unique network identifiers allowing for the fingerprinting for that particular service. Still, Agora itself strongly hints that they've seen some (presumably law enforcement) behavior in the wild already attempting to take advantage of the vulnerability, and wasn't willing to take the risk:
"...We have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again, however this is only a temporary solution. At this point, while we don't have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved."
Agora's decision to forgo possible revenue for the sake of OPSEC (operational security) resulted in some Reddit posters praising Agora for its "iron testicles". The outfit does appear to be slowly paying funds back to dealers and users (funds for DarkNet markets are usually held in escrow until deals are completed), but payments appear to be taking 24 to 48 hours for Agora to process. Meanwhile, admins for other darknet markets, like Middle Earth, have subsequently proclaimed that they have already covered their bases and aren't worried about the vulnerability:
"We noticed the strange happenings early on. We KNOW that TOR devs are the best of the best. This is only theoretical paper from MIT students. TOR updates daily on a development level, they would fix any vulnerabilities from any theoretical paper. Emphasis: Theoretical Paper, Not Successful Tests. We have covered all bases."
While the Agora shutdown combined with dropping Bitcoin value (due to the potential forking of currency development by those concerned about scalability) have Bitcoin advocates and Darknet market users sweating a bit, Agora's shutdown would seem to be only a temporarily bump in the road to future darknet opsec skirmishes. Agora already had survived last November's Operation Onymous, which took down Silk Road 2 and 400 other websites. It's still debated whether those seizures were thanks to a Tor vulnerability or old-fashioned detective work (law enforcement obviously isn't keen on being illuminating).

Even if Agora doesn't return, there's a half-dozen or more already established Darknet markets happy to fill the void and satiate the globe's inexhaustible supply of drug buyers and dealers, those entertained by the endless game of opsec cat and mouse, and the government's insatiable need to fill its mole-whacking quota.

Filed Under: bitcoin, dark market, security, suspension, tor, vulnerability
Companies: agora


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Aug 2015 @ 10:57am

    i dont get this vulnerbility
    "control the Tor entry point for the server ... collected unique network identifiers"
    surely if your in a position to obtain this information then you would already know the servers real ip

    reply to this | link to this | view in chronology ]

  • icon
    GMacGuffin (profile), 27 Aug 2015 @ 4:43pm

    I think it's wise of Agora to shut down and move servers for a bit. After all, even a tiny chance of getting caught is worth avoiding when it means going to jail for life. Yay drug war.
    _______

    Since nobody cared about this but me, I'll note as aside that bitcoin price crash was not really because of potential forking by BitcoinXT. It was a 10k BTC short (approx. $2.3M) on Bitfinex exchange causing a flash crash and margin calls on the way down.

    That was Wed. 8.19 and BitcoinXT build had launched the previous Sunday. But the mainstream press didn't get to the XT issue until days later and was all kinds of wrong about it (Bitcoin At Risk of Dividing into Two Currencies!). So there was an unrelated crash, and the wrong press contributed to panic selling by those who didn't get it.

    Simple fact is XT won't kick in unless there's 75% using it, and only after Jan 2016. If so, there will be two blockchains until the miners/nodes on the wrong blockchain move to XT. If the miners don't, they will stop making money. So that'll take maybe hours or days. Then the XT will be called "Bitcoin" and will be scalable (bigger blocks), which current Bitcoin Core is not.

    The devs who launched XT are being castigated for taking things into their own hands, but since consensus could not be reached, this was a way to force it. Ugly, but effective. They contend the reason the Bitcoin Core devs who object to increased block size do so because they are involved with Blockstream, which is developing Lightning Network sidechain tech designed to take load off the small 1MB blocks. If the block size increases, all the Lightning Network VC/Angel money and work will be obsolete before it launches. So the Bitcoin Core devs are basically accused of wanting to have a "low volume settlement network" whereas the idea is for a global currency, which means more than 7 transactions per second, which is about the max right now.

    https://groups.google.com/forum/#!msg/bitcoin-xt/PBjK0BuB7s4/30ENrtLqBQAJ

    tl;dr The point being here, another (alleged) example of monied parties trying to hold back technological advances for their own purposes. (In case we needed more examples.)

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Aug 2015 @ 7:54am

      Re:

      But the mainstream press didn't get to the XT issue until days later and was all kinds of wrong about it (Bitcoin At Risk of Dividing into Two Currencies!).

      I'm shocked. Shocked, I say!

      Then the XT will be called "Bitcoin" and will be scalable (bigger blocks), which current Bitcoin Core is not.

      If I'm understanding this right, this doesn't do anything about the total supply of Bitcoins. That seems to me to be a serious limiting factor in its potential growth.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 28 Aug 2015 @ 5:59am

    Drugs, drugs, drugs... Seriously, start treating it as a public health issue...

    reply to this | link to this | view in chronology ]

  • icon
    GMacGuffin (profile), 28 Aug 2015 @ 9:25am

    If I'm understanding this right, this doesn't do anything about the total supply of Bitcoins. That seems to me to be a serious limiting factor in its potential growth.

    Bitcoin is a deflationary currency by design. The 21M total is hard-coded into the protocol. It is meant to emulate finite precious metals, which is why it is "mined." This is a good thing because nobody can just "print more money" and inflate it, causing the value to drop. It's also not a problem because it's divisible to 8 decimal points; and they already have names for fractionals (0.00000001 = 1 Satoshi).

    So even if 1 BTC is worth $1M, it's not really a problem. (The hardcore anarchist fanboys think Bitcoin will supplant the banks and other currencies, but that's neither realistic nor desired. If it did, there might be deflation issues, but it won't. As long as there are governments, there will be government-backed currencies.)

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Aug 2015 @ 9:51am

      Re:

      So even if 1 BTC is worth $1M, it's not really a problem.

      That in itself isn't a problem, but if the value is more or less consistently going up, nobody will want to spend them because it will be more valuable as an investment. So the actual use of bitcoins as currency could pretty much disappear.

      reply to this | link to this | view in chronology ]

      • icon
        GMacGuffin (profile), 28 Aug 2015 @ 10:18am

        Re: Re:

        ... yes, there is the investment vs. currency problem. This ties into the biggest threshold issue -- the "adoption" problem. I think the idea is that if adoption is more widespread, more stability will follow, and then it's just like any other currency whose value is always changing relative to different currencies. (e.g., USD is 'strong' right now.)

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.