US federal agents want Reddit to rat out five prominent Redditors active in the 'Darknet Markets' subreddit.
That dark web drug forum is where users can find links to popular drug markets, tutorials on how to use them, product reviews, and the equivalent of grocery store weekly circulars that let vendors advertise their wares, such as What to Buy Wednesday and Sell Your Shit Sunday.
The subpoena served on Reddit is apparently linked to the abrupt vanishing of Evolution.
Evolution was the top market (and, by some measures, the biggest ever) until its owners disappeared, along with up to $12 million (about £8.14 million) worth of Bitcoin, a few weeks ago.
The subpoena, sent by the Baltimore Department of Homeland Security (DHS) Immigration and Customs Enforcement, demands information on five users of the subreddit, all of whom discussed the fall of Evolution.
One of those users is moderator and security researcher Gwern Branwen, who shared the subpoena with Wired and then published a PSA post on the subreddit on Monday.
Branwen speculates that he was subpoenaed because he offered to vet the claims of another subpoenaed user, who said he had information and could dox the vanished Evolution administrators.
Branwen claims to never have received that information and that it was just typical of the scams that have emerged in the Evolution aftermath.
He writes that three of the five users the Feds are interested in were scammers who claimed to have secret information and offered to dox or attack the Evo admins (in exchange for Bitcoin payment, upfront) or who posted faked chats that Branwen said were actually rigged to deliver malware.
The fifth redditor to have received a subpoena was, Branwen says, an Australian vendor on Evolution as well as an employee "in a mostly PR capacity."
They were also the Reddit user who gave the drug community a heads-up about the Evolution exit scam and thereby clarified why users couldn't withdraw funds.
The subpoenas are asking for IP addresses, names, IP addresses, and dates and times of site visits.
The DHS is also looking for information that Reddit is unlikely to have - users’ phone numbers and financial data - given that signing up doesn't even require an email address.
Branwen's PSA offered advice for users about not panicking, in spite of the "Eye of Sauron" being upon the drug market forum.
He suggested switching conversations off of the public forum of Reddit and onto a Tor-protected forum in order to talk freely, without users getting subpoenaed or thrown into jail if even just one "naked connection" reveals a home IP address:
Just one naked connection revealing [user's] home IP would be enough and if he's like past market employees, a raid will turn up all the damning evidence one could hope for.
Indeed, the Feds likely have their fingers crossed when it comes to that one naked connection.
Reddit declined to comment when questioned about whether it planned to comply with the subpoenas.
The policy states that Reddit stores IP addresses associated with specific posts, comments, and private messages for 90 days.
Thus, if the company does comply with the government's demands, the government will get the data it's after.
https://nakedsecurity.sophos.com/2015/0 ... m-members/