On doxing Sheep Marketplace

a guest Nov 30th, 2013 999 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  2. Hash: SHA512
  4. On 2 November 2013, I was contacted on IRC by a pseudonymous chatter, "an
  5. anonymous security hobbyist". He said he had some information for me if I would
  6. swear to keep it secret. I agreed as long as it didn't involve violence like
  7. hitmen.
  9. He had been impressed by [my bet against Sheep &
  10. BMR](
  11. and agreed with me that the official Sheep story about ``
  12. was too stupid for words, and wanted to share the info with me. He then told me
  13. he had just finished researching Sheep Marketplace and was highly confident that
  14. the operator was a Czech programmer by the name of "Tomáš Jiřikovský", and
  15. further, earlier that day he had mailed off his results to the FBI. (He also
  16. claimed credit for the BMR & PBF leaks.)
  18. After reading through his results, checking some of the links to see if they
  19. were as described, agreeing with him that Tomas matches the profile for the
  20. Sheep operator uncannily well, and reflecting how stupid I was to not look
  21. harder at because as soon as you see the forum posts where
  22. Tomas complains about the problems of running a Bitcoin-using hidden service
  23. it's completely obvious that Tomas=Sheep, I suggested he contact Tomas. He
  24. declined, saying he didn't want to spook Tomas (he is not a big fan of drugs),
  25. although he agreed I could release the results within 7 months. The most I
  26. managed to get out of him was permission to [post a cryptographic hash
  27. precommitment](
  29.     $ echo 'Sheep Marketplace was founded and run by Tomáš Jiřikovský (random
  30.     nonce: 19093)' | sha512sum
  31.     43a4c3b7d0a0654e1919ad6e7cbfa6f8d41bcce8f1320fbe511b6d7c38609ce5a2d39328e02e9777b339152987ea02b3f8adb57d84377fa7ccb708658b7d2edc
  32.     -
  34. I was as precise as I could be at the time; saying it was a precommitment to
  35. Tomas's identity would have clearly breached the agreement.
  37. Anyway, I took his notes, made copies of all the webpages linked in, and
  38. prepared a single compilation in MAFF format:
  41. The basic overview of the findings:
  43. 1. Tomas owns the hosting service for the VPS server. There
  44. were very few domains hosted there as well, and he controlled several of them.
  45. 2. The site itself seemed to be very closely connected to SMP, using the same
  46. basic technologies and possibly a non-public API 3. The official excuse does not
  47. wash as was set up not long after SMP itself 4. Tomas is
  48. the earliest known promoter of SMP (1 February 2013), and recommened SMP & BMR
  49. over Silk Road (11 April 2013) 5. Tomas is a C++ QT Nette Framework Czech
  50. developer who runs Ubuntu, exactly like the SMP developer 6. Tomas has
  51. complained about the memory demand of `bitcoind` on a VPS server, and discussed
  52. the difficulties of functionality like email from hidden services 7. Tomas or
  53. his girlfriend are active users of Tor, as evidenced by screenshots of their
  54. computer 8. it's not clear what Tomas's current job is 9. but it is clear that
  55. as of October, he was working on an e-commerce site which was having problems
  56. with buggy accounting of deposits 10. Tomas posted a .htaccess file which has
  57. the same (buggy) functionality as that of SMP 11. He is an accused Bitcoin
  58. scammer
  60. A few of these could be explained as coincidence. But all of them? At this
  61. point, I would rate Tomas as >75% likely to be involved with SMP in some
  62. fashion.
  63. -----BEGIN PGP SIGNATURE-----
  64. Version: GnuPG v1.4.15 (GNU/Linux)
  66. iEYEAREKAAYFAlKaXHkACgkQvpDo5Pfl1oLDkQCfYjIF6jNhju0oRoMPYotXoozg
  67. b8sAniQkX1rR5G1IMSupouQpbYQAH0p7
  68. =VTjF
  69. -----END PGP SIGNATURE-----
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand