Dark Forest aka ylym video discussion

SpecterP

Knows how to work it
VIP
May 22, 2018
2,289
3,493
113
USA
Libertas I'll give you a simple scenario. A pervert is arrested and cuts a deal with the feds. He goes back into the wild to help catch big time producers. His computer equipment is rigged with programs etc. which will be used to unmask bigger fish. Now multiply that situation and no Red Room potential producer would risk taking the chance knowing the basic security flaws in live streaming over Tor or any Darknet.
 

SpecterP

Knows how to work it
VIP
May 22, 2018
2,289
3,493
113
USA
JavaScript has been weaponized repeatedly in various cyber cases. Using JavaScript while using Tor is another no go situation if you're talking high end crimes. Just surfing YouTube to avoid ads doesn't require such security precautions.
 

Libertas

Death Addict
Apr 19, 2016
1,478
4,769
113
I'll reply to you post-by-post. :)

#1. A bit more doesn't mean *fully fucked*, if it were so -- I would've said so, but it's not. It's a game of cat and mouse, and since everything is done in real time, chances are they simply wouldn't be able to write out a subpoena in time, let alone arrest you.

Who in their right mind has Adobe Flash Player installed in 2019? At all? And no, you can't watch *anything* Flash via Tor Browser. There are quite a few logless VPN companies, with a proven track record. [1] [2]


[1] Private Internet Access' "No-Logging" Claims Proven True Again in Court - TorrentFreak
[2] PureVPN Explains How it Helped the FBI Catch a Cyberstalker - TorrentFreak (user fucked up here, read why)

#2. Sure, but like in most such cases, they will simply assume that guy's online persona, and an agent will obtain other user's information through the use of simple social engineering and bust them that way. Getting 0days for the small fish is simply not worth it. And even if it was, it's highly unlikely that they're gonna be able to get one right when they need it. Hence why I'm saying that it needs months and months of investigating.

#3. Sure it has, but it also has a lot to do with who is your adversary. If you're a drug marketplace operator and/or a child porn website operator, chances are they will try to fuck you any way they can, legal or illegal.

But if you're a regular surfer using YouTube, do you really think it matters whether or not you're using JavaScript? I'll tell you: It doesn't.

It also won't matter if you're using Tor with JavaScript enabled to browse a site like this either. There's a good reason that investigations into sites like Silk Road and AlphaBay took months.
 

SpecterP

Knows how to work it
VIP
May 22, 2018
2,289
3,493
113
USA
You're missing the main point. Red Rooms not YouTube. There's no way the security risks would be ignored the way you lay it out. And if a person is on the hook as bait then they would be giving a heads up to his handlers that the show will be on day x at time y. But it's all ridiculous in the end because it's Creepypasta.
 

Libertas

Death Addict
Apr 19, 2016
1,478
4,769
113
This is the Internet... Multiple jurisdictions and all that jazz. It would be pretty simple if everyone involved was in the same jurisdiction, but they very likely aren't -- and the infrastructure probably isn't either.

Let's say that a FBI field office in Houston starts working on a Red Room case after an agent got a tip from his CI, they got a link of the site, and let's say they have a week until the stream starts... That's still not enough time, not even close... Agent would have to open a case file, send it up the chain, tech guys would have to make an assessment and probe the website for common vulnerabilities that *could* result in the website's true IP address leaking, but even a complete idiot can make sure that doesn't happen. But sure, let's say they get an IP... Its location could be in Russia, and what then? You dun goofed, I'm afraid.

But if by some miracle, server ends up being in some European country, then you can send a MLAT, and it will take 48h at least for it to be processed. Then you need a day or two for them to try and do a network tap, because shutting it down wouldn't really achieve anything, and there's a high probability that it's just a proxy node, and not the *actual* location.

All I'm trying to say is that there's a reason that those cases take months, and some even a year or two... They end up needing to send dozens of subpoenas and MLAT's...
 

SpecterP

Knows how to work it
VIP
May 22, 2018
2,289
3,493
113
USA
So then start one up and we'll read about you in the newspaper. Lol. Your assumptions are too flawed for this particular situation. It's a stack of maybes for what's ultimately Creepypasta.
 

Libertas

Death Addict
Apr 19, 2016
1,478
4,769
113
Lmao, just because something is technically possible, doesn't mean you should go ahead and do it.

And no, they're not flawed, I stand by what I wrote, even though the FBI wouldn't work on a case like this, although the case *does* have to start somewhere, so it would likely be handed over to DHS.

In the case of a Red Room, which *should* have a limited shelf life, a proper LEA investigation is more or less impossible, unless you somehow learn about it months in advance.

Disagree with me all you want, but that doesn't change the fact that the wheels of justice turn slowly, but grind exceedingly fine. That's how it always was, and that's how it always will be when you play by the rules.

That's why you can't expect them to work on a case involving multiple jurisdictions, and finish it in a matter of weeks. It's just impossible, even when working overtime.
 

SpecterP

Knows how to work it
VIP
May 22, 2018
2,289
3,493
113
USA
Lol you're thinking about this all wrong. It's not a drug bust. It would be an unprecedented live stream of murder for a paying audience. Multiple international law enforcement and intelligence agencies would be mobilized. It wouldn't be casual the way you make it.
 

Libertas

Death Addict
Apr 19, 2016
1,478
4,769
113


All jokes aside, world doesn't work that way. Whether or not you think that a Red Room would be something unprecedented, that doesn't mean that they'd give a shit (especially if they couldn't verify the validity of the website's claims) unless it was someone important, e.g. some politician or a celeb.

Otherwise, there's a very big chance that it wouldn't even be investigated in time... Of course, we're just blindly assuming the facts here, in the real world each Red Room link would be unique to the member who purchased access, and chances of anyone finding out would be nil. Tor or no Tor...

There's a reason why all these supposedly real Red Room links are available on Hidden Wiki's and Paste sites... if they were real, you wouldn't be able to find them.
 
Top