HugBunter's Deadman has been Switched
More than a week after Dread went down for maintenance, HugBunter’s deadman switch was triggered, indicating that the owner of the largest darkweb forum no longer had control over the forum or his own equipment. His staff, in a message on the Dread homepage, said to assume the worst.
Dread, the darkweb’s version of Reddit, has been offline for nine days at the time of publication, leaving many users concerned about the forum’s admin. The admin, HugBunter, has unexpectedly vanished in the past for “health reasons” or “equipment malfunctions.” In those cases, though, he made an effort to check in with a Dread staff member about his sudden disappearances.
This time, though, a Dread staffer confirmed that they had not received a message from HugBunter in three days. Although we do not know what specifically triggered the deadman’s switch, the trigger could have been something as simple as a certain number of days without an update from HugBunter. The worst case scenario for users of Dread (and HugBunter) is death or law enforcement intervention. While both are possible explanations, it is far too early to make such a conclusion without additional information.
Jump to this part if you only want the deadman’s switch info.
What is a Deadman’s Switch?
A deadman’s switch, as explained by one darkweb marketplace administrator, “is a type of security system that is put in place to ensure the individual who set up said system is alive.” The admin gave us some examples from television and real life as well. “This sounds very dramatic, like something you would see in an episode of Mr Robot but they have various uses as we have seen with both Edward Snowden and Wikileaks where if a predefined step or measure was not taken in a predefined amount of time files would be sent to a predefined location. It doesn’t always refer to the living status of an individual or being but the fact that if that person is not freely able to essentially flick off the switch something will be triggered.”
The administrator also provided us with the details of a deadman’s switch that would have worked for HugBunter:
Now here is a more digestible example of what a deadman switch would look like in relation to Dread; Hug purchased a cheap server, a script was put in place to send an email to every Dread moderator if no login was made on that server within X amount of days. Hug instructed (during a time where he was not compromised) his staff to publish this message without fail if they ever received this email/alert, that was their duty and Paris fulfilled it. Multiple of these types of systems could have been put into place, but the simple process is; if a step is not taken within a certain period of time the switch would go off. There is no way to activate a deadman switch it is all predefined with whatever variables there are, the only way to prevent said switch from going off would be to delete the system or fulfill the requirement set to delay or prevent it from going off.
HugBunter’s (Original) Message
More than a week ago HugBunter posted a message on the frontpage of Dread about working on upgrades “to provide increased stability” to Dread. The upgrade would also “reduce a whole lot of spam and phishing.” After that update, HugBunter logged into his private jabber account for several days before logging back out. He logged in and out again for a little while before logging out “for good.” More than three days and five hours have passed since HugBunter last accessed the jabber account used to communicate with his staff members and other members of the community.
In the past, HugBunter posted about Dread downtimes and maintenance on the /r/DreadAlert sub. He posted about downtimes that lasted only hours. It was important to HugBunter to inform Dread users that he still had control of the platform. The platform rarely went down without an explanation on /r/DreadAlert.
This downtime—the longest one yet—is the only recent exception. He never posted on the subreddit dedicated to Dread downtime and he never updated the message on the Dread homepage. Instead, on September 27, one of his staff members posted that the absence (or something related to the absence) had triggered the HugBunter’s deadman switch. Another member of Dread’s staff has confirmed that HugBunter had a deadman’s switch in place for when something bad had happened.
“HugBunter’s Deadman Has Been Switched”
The message was posted on the frontpage of Dread by Paris, one of the only people capable of accessing Dread servers. Paris signed the message with the public key associated with Paris’ account on Dread. The signature is valid. And the message is below:
HugBunter’s deadman has been switched. It has been three full days without any contact when in all purposes the site update should have been pushed already. Hug does disappear at times and recently he disappeared for just over a day do to personal problems. All I can hope is he is alive and well. Not harmed, captured, or dead.
However we must assume the worse in this case. If something happened and he is alive he will be able to validate himself with a signed PGP message and some internal information.
If he does not return in one weeks time from his message all server’s content will be removed and the source code for dread will be released to the open public. In it’s current state (without the upgrades that HugBunter was supposed to push three days ago) the site would be full of spam and phishing in no time. On the final days before dread’s maintenance system was turned on, hours of time per day was spent removing content and accounts spamming the forum. It was unusable.
This downtime was only supposed to be a few days at most to get the final touches to the codebase upgrade done without needing to handle all the spam at the same time. While HugBunter at times does disappear for days he generally doesn’t do it when dread is down and can’t be brought back up. I just hope he is alive.
There might be a simple explanation for this (health problems for example) but until that time we must assume the worse.
Paris’ key is available here (.txt) and on Dread at dreadditevelidot.onion/paris.asc. The signed message is available below and the front page of Dread.
As Paris wrote, something as innocent as HugBunter’s health problems could have prevented the forum administrator from accessing a computer. There is no way to prove that HugBunter did not simply shut down his machines after overwhelming himself with the Dread update. The update is an important piece of the puzzle too; Paris pointed out that “HugBunter at times does disappear for days he generally doesn’t do it when dread is down and can’t be brought back up.” And another former Dread staff member backed up the claim by Paris, adding that HugBunter never disappeared during an update to Dread.
What Now?
The message posted by Paris does not provide evidence in support of any of the theories surrounding HugBunter’s disappearance. That does not mean users of Dread should react as if nothing happened though, according to DarkDotFail. “Dread users should assume Dread is compromised. Rotate all passwords you have ever used there immediately,” DarkDotFail wrote in an encrypted conversation. “Assume private messages are being read by an adversary right now. We have no proof of this. All we know is that Hugbunter is missing, but for OPSEC it is always best to assume the worst.”
“Hugbunter’s contributions to the darknet are unparalleled since the original Dread Pirate Roberts. To a good friend: I hope you are well and I wish you the best.” - DarkDotFail
The market administrator who explained deadman switches also added a comment about the situation:
Now I don’t want to speculate because I am sure we all have our own interpretations of what that message means. We need to know what type of system was put in place before we can come to any solid conclusions, however I just cannot help but think was this announcement made purely on the basis that Paris has never experienced Hug go MIA while the site has been placed in maintenance mode or otherwise not accessible or was there an actual deadman switch in place. Given Hug used to go MIA for extended periods of time I really don’t think there was any system in place or else we would have seen this before? I really don’t know.
“But what I do know is there will be a power struggle, a lot of stories, a lot of trolls to take advantage of this situation and cause chaos. Be careful, and be mindful as to which platforms you all switch to because some will have their own agendas and where you shop, who you trust, and ultimately who controls what is up for grabs.”
Regardless, I hope Hug turns up because as much shit as people like to give him the service he created really did enable the community to regroup and if Dread was to end here it would be a huge blow to the cryptomarket scene given the number of genuine hidden services is at an all time low
This story is still developing and likely warrants followup articles. I appreciate those who helped sort this out.
The Message From Paris
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bitcoin Blockheight: 596837
Block Hash: 00000000000000000001392879d1aa00ceef235690227437315aa003593e594e
HugBunter's deadman has been switched. It has been three full days without any contact when in all purposes the site update should have been pushed already. Hug does disappear at times and recently he disappeared for just over a day do to personal problems. All I can hope is he is alive and well. Not harmed, captured, or dead.
However we must assume the worse in this case. If something happend and he is alive he will be able to validate himself with a signed PGP message and some internal information.
If he does not return in one weeks time from his message all server's content will be removed and the source code for dread will be released to the open public. In it's current state (without the upgrades that HugBunter was suppost to push three days ago) the site would be full of spam and phishing in no time. On the final days before dread's maintance system was turned on, hours of time per day was spent removing content and accounts spamming the forum. It was unusable.
This downtime was only suppost to be a few days at most to get the final touches to the codebase upgrade done without needing to handle all the spam at the same time. While HugBunter at times does disappear for days he generally doesn't do it when dread is down and can't be brought back up. I just hope he is alive.
There might be a simple explaination for this (health problems for example) but until that time we must assume the worse.
At this time if you need a darknet discussion forum there is
Darknet Avengers: http://avengersdutyk3xf.onion
Envoy Forum: http://envoys5appps3bin.onion
The Hub Forum: http://thehub7xbw4dc5r2.onion
I wish everyone the best,
Paris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbfleES3oPdbct1q5DE1JcU+sN9gFAl2OFxkACgkQDE1JcU+s
N9gzyxAAkzxAr6Z1rDh6ozJazCoWIrjDJIkofBYqPIM4XnUAHhEW44v5HcLlR7n6
vsmUPXzAH4DrElRac+XxNeFrjjz+yL+HTQq18qOcUkxVBoDZ391+85gJseI54+7Q
ymCJtlKHK+qO6+9MxbAExicCHMBKGbRv4mAZRYFPP+19d8QRpbeGUu+OZEgSQnJ4
6esQzBjMxu+8m5rmzUhBnXCLFRxsv7OLKjDukKE87uRq33wRrB4NbeqF3sniGxZl
ydWRMRrl/CiZtTZaknKqHxn1OsO+zZzjMm01SCh8DkXXEKZBvH9XeQ6dDpAUX+zE
MrNLzRrmxuWCtvPmhJqIZA9oH5+zoJh8z7Wyk1CRkJKXaFhlxCjV+J/4jL58AsPj
C8EfrjWY8FVZM6g6QEUrTay2CNCwCjjX/uSOR3iGDZrcFTue2xrFMe+pwOqunLpn
u0Rmvo+bKwaDFbwI6QfNQLvBWXuh9JFVnd84XtIMLVh7C34U87HP21QwXXTcCzDp
//Aj2o3F1AWJ7eYIQBu6zH6jG7s5Yxy5bxqqPGUbMTwpfKyYo2cr/GbFGvEHALlI
v58LUNFa+owojsPcgFrimkTEa1drA7wCn3Rnjpp/0rQUtKB7uZt6JEtZKZYIikJy
E1tAluyOCNsHUhXXX9zPHXPpMwnnMXwD1mv/MPbmsjyWGfxv5AQ=
=mjsd
-----END PGP SIGNATURE-----
We are performing upgrades!
The site is under maintenance, we will be back up as soon as we can. Sorry for any inconvenience!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Working on a huge update to provide increased stability as the platform grows further and will reduce a whole lot of spam and phishing. The update includes a variety of bug fixes and new features and should be ready to go live by this evening. I am extremely sorry for the downtime and lack of communication right now, this is the biggest update to the codebase that I will have performed and completely restructures everything behind the scenes. Thank you for your continued patience.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl2IpgkACgkQ6GEFEPmm
6SKAzQ//bHDUegdtInNBWtDhIKTl9BizmCFC6L555YAdk73nq6FbcMx8WRXmFtvn
v48yaxz6MdK2rbMKTIuLwZJH7ytvBIthpOwAJUmaOdnB9fTbyxjXkYym8VxceRVS
vZVhYB21BUVICec01x5gJGIFzLUaVpPvdlyrg6oBjppeYxqfQPe8oQT47h3ugGyw
/Dh/8UT4dib09U5FYjExzK5JQYZxroFiknSiDkoUC5a+Rr77xD7Sr9gmkWACeU3r
frVn0JA0oPmGBOLLbYRh+ejQHISec9jk5D5Orq3lQVjNBAaCK2CsBKZbsC3wrIv3
kdfFeHvwkQzk7cjjR5saHJRYGVXRysNPIjRHCE9jX4IiuBxgTLYOvntHOEsa76WK
v53T6mUzd8ceLwlC0ITgMQHnBxA1kmOKyrxm8yM8ufyy2zqkUPVFSZo6LLUr0xTJ
wxfb0oTkdsjfPgSJK1K+kJARq7ImBch9vd/fimNBFnFmaYcJD7YLJ9RJYQnYA2Dm
5QTaTZhdv/aD261OHvtIWMOQSsl/S7bhxZx9z41x1+t+/riz0SYpB/WXDF1LxzhW
a1ewX+BixAwciiSKueg35t07qe2ImFLZO98H9Xs4UNKhZNV8By4hLoiJStjNIdKg
G/qggxpaoE7ltR6RmMC3ImJ/a9PwaJxWgZfRLg1h682tNK5NxW8=
=2R+j
-----END PGP SIGNATURE-----
Paris’ PGP Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFzSHcwBEADnEYuy4u4a9kUK98nA4nYdCNHyxNI+3ixXhpSs2zbOebKAvus+
zCIhMUi7hDR/02ToUEqMpyo6KFNNjf/We8/iIC76u+Pb0Jqezu/n0RdLgPyXkTXf
6Rdjs06nph7yNuM2lJ2huRebggRRGrJ1bhiWQrcaufG2a7nT+GmRiJ0gtpOPcqqg
BUAgK6JgcRvEC5hiXQGRksYk0zbEKHbrXJ2X08/unGTCXsioWbfxP0xavqswGqR8
rtC/Jd4NqB+OML5EgNDs2+41L2yelnOVksh/iW3JtaOo0VJmPUfBimUDnD7bkhV7
RMvj//TIpExhTq+4wJ8BMiLVTREJOxw481la6PDUMW0PEXHX0rm5EPESIXh7nVQS
AJRz1aB9hwNpI8odtSok1eciAbbeUK3OjfBJLYBIT8m4E9qYIwGZFONp9bapckJb
Q9oEJMSDcvvPOL2ELSlNLYx/iTwRXXiMLqwhBUsGi/YE772hpQBt/I8wY79UFfTx
ecb0mPq5e/EhtK30o9SFvk3C5RRSJGz0aFjEPKcmBYyj5dowMN3m70t+pZPxLOWl
LqgXYHDPMqr9KdBX0IJEXG4cHazlyUoACZ4gVNh+8La8Dzc76ujqUnqEis/ud3cq
FEdueJzNP/QAZi4twWBLMIiaaN/sendVR3KJS3qS5sm2f2nlrZfSCFx9lQARAQAB
tB9wYXJpcyA8YW1hemluZ3NpZ2h0c0BpbnRlci5uZXQ+iQJOBBMBCAA4FiEEbfle
ES3oPdbct1q5DE1JcU+sN9gFAlzSHcwCGyMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQDE1JcU+sN9hZZg//RaM0O7wBKTOH3wshlUvbfLhbXGP9lGslebeE2bEJ
o59Bv3iIncpB0DmACdCxkugx46uAecI4IB8T8h5Q7fVMbrhj4uR1eBI1Kd8Czg2n
mBxjb8+9GAbnpf3Tmxg3zmAxDeMTQVmjiSMmoXTJ7Gj24iq1GzpZ+oaPKpuU3XLc
AJyvWAE/8TZFxdqHtlaaZkniV+VI04WxWQ1LCVFK9kRga9APsK8+Tfct3Ou730VG
UAh8LC99TbEmZpRJzBtJJG8yhAtbW41N5b2KcXKY0sh1ycCxKk68RMVc911HcN/c
DGgAtqoADu6zPO+ZBGvfmhqSaeCpgLjo51DFrqmqWyclgxmbAHyC4tnhc1APUdVG
ss7K8JXZj0O2Z98+m9+r7SRv9GKDvCFGmozjqj/pnn+WqnIxmWeyJyDMLpWFEnbK
tTUFDGryB5v9fFpiSQ7rPqigpZpWSIiScWTRndlPfRRI+WRhnVIyE1k9UJu44g78
qbeliiv+fzBsYQc/Q+tB7qX1pnf3x7NwYb1P1emWoOvIcpRv2VdLgIyiPsZiYV6w
ddS78matP36hl2yqMHmNjYKCw7rjFkVEpZ21XqDbVmiYhgFCiktyXS399fTQ8bPB
qm8xRkc+ArSveRX9prTlbugTCF1XJ1t/z2c72NptoIFJMx3zfwOpIlNtg8zcWWzu
gYy5Ag0EXNIdzAEQAMcX4cC81S8UHc6A5rDDIZm3eKH5qEAl7hJ+/6PUqAhJPAY6
T4mItmB0lL6qicEvmJcQ0c7PFeVoHwTsWXt4OvmMtPUHz4PCH3JbYi8PoYO6jXbM
ph7WA7NZ8DWksIv+RIDjrS8LAHQVglDlsAeSSdISf/vRbaiiCoQTuoeVIPDZWAqr
zUY696iqQrpystuUzDW34Ivi+XxvkKXdcFUWKaBCaVawWJ26UboAiCfrpbePXE8L
K//4UiodHSdXAY9gwEodI8Yy88FVhNyDftrauRbnWMD8gu6UGT/mNurbJ1GbR0gl
sC+M614VZiO7a9GqWlPnoxleQX24etBjuB+NYqvSTA+hG13qeTsJZnv+4ZGFpIKv
251B5nSKozrtzsjJ+E0Q8ZweX6FxUEQd/p9UBJzVl+sfky1pxaH5nAUv34N8JNLB
7G2X1BGv0QNuvPeHUKheyz0wr2zMRkQAhDmmak2uTtBlHvQuzGamK08DzNe4/ml2
X8RuXIug2BIQIe7ecS6NHFbbggx4QLyZrR4NRnvKrq1cSEL/7q2J7yCdkMzNX71p
4R4BnImrnBZOHWFkrWF0790VHEYvVTzW0IbZx6sQKomFYuk7J3k7lgsN8K6CtdEk
fRkwN6v8xDUMC4wu1o2JieDg4DhNQA1wph2N3UWh8s2YTyRXYBm9WDMHLjE9ABEB
AAGJAjYEGAEIACAWIQRt+V4RLeg91ty3WrkMTUlxT6w32AUCXNIdzAIbDAAKCRAM
TUlxT6w32K4ZEAC4OrHG8yuDYR1BgZMqdHFfl+haIn92+ksLwaeYGA+zOJ3RPkje
9bHt/hGShpmO+6YQzmm15HBi0HgErMRxyJds9ro8aX0xWAjAVNf7VP93ksKO731A
O1VspQvHiQ4Q5May5vwQsuJvdVf793GUfIWcX/Ld4OxuhheijS7ghdCmJkSXmSoE
Vx4y1M6xn1GySEQoRGpYNnbyAN/Gi/+DUJbyIU6cw6Yn4ts4kmIi2tRkST8kA79F
U2hlD1IsusJ2L+pVtG/VsmDvwUGMiqngWxxq6c6GSw3Lmn8w6JhwIQ0/MDQhULen
d9PztWrxHyDAb9/8v2tQ5v6lzNya2xS5S6OcvCRjJmezqRqF8JqcyWXht7X/W5p2
N1FwbXLaDyR70HH0WsJViYn9wSxeMtLjgNCXXiEmFNAG43LXoqsE4ofEDrPAcMQN
d8ArZg4ABVwbYATFMmVTyQmquQPcQcddldDTxm+tCGwAwOA6denmhlKBVgK6vqju
8G6eODnTJ5htjndR0wyyrL6nn3WYsk7PVRWy0vffFgXmLKNgWld137vcGVzYKVRN
ySET7WRLuzorcUNAbJT+eKiMlHvxXQ/6K7ON59H36SUclSDHnqu6NeQqZEwrsI8w
vhzD5ccSOo2uKr42IuexpN/lUfaqVxzbGc5xP6/gqz2QvXz6WsFPEpPzFA==
=0sVn
-----END PGP PUBLIC KEY BLOCK-----