Dark Markets, Cyber Crime

Icarus Market Exit Scam - Ex-moderator Mistsuki12's take on my previous article

Yesterday, I published an article on Icarus exit (which I strongly advise reading before continuing here) and what happened after it went dark, and particularly, specific claims of Mitsuki12, one of the ex moderators. It seems that he does not agree with some things I said, and posted a reply on Dread today at 10:09. Let's have a look at it. I will go through the parts of his message point by point and add comments under.

Mitsuki12 comments on Dread 1/8

First off, an apology, I did write that the sub was created by Mistsuki12, while it was in reality created by Azaeel (the other moderator). Apparently, /d/IcarusMarket was used to (privately) test various writing techniques to gather more users, and was then converted to a personal blog by Mitsuki12.

Mitsuki12 comments on Dread 2/8

As a reminder, his original post says:

You have one week (till 22nd, 20PM CET) to decide, after that time if the answer won't satisfy me (or there won't be any answer at all) then I'll let the game begin and yep, I'm gonna have a lot of fun playing it.
Mitsuki12 comments on Dread 3/8

Next is the part about the alleged FBI involvement. He says that Icarus admin, a sysadmin, was doing all the systems related work by himself, and probably noticed that the FBI was trying to tap the server. I am not saying that it is impossible that the admin noticed someone tapping the server (if that happened), but (and once again I'm not a LE expert, and we are missing a lot of elements, so that is just what I'm wondering):

  • If law enforcement had the server (and were spotted while trying to tap it), why didn't they display a banner saying that "This hidden site has been seized", as they love doing? If they did obtain the server and weren't able to do that, I can think of two things: either he erased the data before shutting all down, or full disk encryption was used for the disk. Neither of the possibilities sounds right. Being able to detect the intrusion and (reliably) remove all before LE could make a copy of the data doesn't seem right, and I never heard of a market using FDE on their server, especially if we assume that it is true that the admin had a bad opsec.
  • I don't see the FBI putting a pwned.txt in /root/ saying "The FBI was here" if they were trying to tap the server. So how did he knew it was them?

I agree that it is possible to do much more with a running server regarding data collection, but I don't see what is Mistuki12's point here.

As for the LE agencies and private sectors not following laws: yes, there has been abuse in the past, and there may be some now, but I don't see how it is related to the FBI seizing the server or not.

Mitsuki12 comments on Dread 4/8

Mitsuki12 also seems to claims that it would not be possible to find the admin thanks to the server discovery because nobody is connecting to a darknet server via SSH with his own IP address. This is, in theory, true, but remember that Alphabay's admin sent welcome messages using en email address he used on the clear net at some point. Also, there is so much more than that. For instance, it would be possible to track the origin of the funds used to pay for the servers (not to mention all the chat logs and wallets potentially present).

Mitsuki12 comments on Dread 5/8

Yes, Mitsuki12 did not say any details, or information allowing to identify him directly. That being said, and assuming this is true, if you narrow your search by looking for analysts that worked for companies having "secret" contracts with various law enforcement agencies, you switch from 7 billion potential suspects to a few thousands. Also, caring that much about an NDA when you are actively taking part in a dark market administration doesn't align well.

Mitsuki12 comments on Dread 6/8

I'm not going to go into politics, which is beyond the point here. What I was saying is that I doubt that any reputable company would intentionally help someone involved in a dark market getting any kind of revenge (also, if I was a darkmarket mod, I would certainly not get involved even remotely with LE).

Mitsuki12 comments on Dread 7/8

This is true that we don't know how much data Mitsuki12 have. However, if the AI was trained to profile the admins, I don't see what kind (and quantity!) of data he could have to make something useful and reliable, and that justify using any AI.

Mitsuki12 comments on Dread 8/8

This seems to be again some contradictory statement. Posting publicly would sure gather attention, and saying something will happen then the exact opposite does not make much sense.

To conclude this article, I would say that the opinion I had on my previous post did not change. There is a lot of talking in this answer, but nothing really relevant or giving credibility to the earlier claims.

Author image

About Ixonae

You've successfully subscribed to Ixonae on Security
Great! Next, complete checkout for full access to Ixonae on Security
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.