Wednesday, July 31, 2013

The Blockbuster Heist That Rocked the Deep Web


Before he gutted and nearly destroyed one of the most influential criminal markets on the Internet, a man using the nickname Boneless published a detailed guide on the art of disappearing.

“I have some experience in this area,” he wrote, detailing how fugitives should best go about buying phony passports, dodging cops, and keeping their stories straight.

The guide was just one of many contributions Boneless made to HackBB, a popular destination on the Deep Web, a group of sites that sit hidden behind walls of encryption and anonymity. Back in 2012, the forum was a top destination for buying stolen credit cards, skimming ATMs, and hacking anything from personal computers to server hardware. And thanks to Tor’s anonymizing software, members were shielded from the ire of law enforcement around the globe. It was one of the safest and most popular places on the Deep Web to break the law.

Then one day in March, HackBB simply vanished, its databases destroyed. One user likened the events to burning a city—its library, market, bank, and entire community—to the ground. It wasn’t hard to guess who’d done it. A few days earlier, Boneless had disappeared—and with him, a serious chunk of the market’s sizable hoards of money. (...)

All business is inherently risky on the Deep Web. Escrow funds in particular require serious trust, which is itself a valuable commodity on the anonymous Web. The popular drug market Silk Road established a highly successful escrow service by building years of trust and name recognition.

Silk Road’s founder, Dread Pirate Roberts, is rumored to conduct thorough background checks on staff, an act that would require extraordinary trust, considering the immense illegality of Silk Road’s existence. Such a policy, though extremely difficult to enact, would severely diminish the chances of a staff betrayal. It would also create a delicate house of cards that could completely collapse if Dread Pirate Roberts were ever apprehended.

At HackBB, Boneless either shared no identifying details with OptimusCrime, or he was supremely confident in his ability to go away without getting caught. He did, after all, write the book on how to disappear completely.

Such was Boneless’s reputation that, after the attacks, many wondered if he was really even responsible in the first place. Forum members suggested Boneless actually sold his powerful administrator account to the highest bidder.

"Someone got a hold of his credentials somehow," wrote one HackBB moderator, "He probably sold them."

by Patrick Howell O'Neill, Daily Dot | Read more:
Image: uncredited