HugBunter's Deadman has been Switched
More than a week after Dread went down for maintenance, HugBunter’s deadman switch was triggered, indicating that the owner of the largest darkweb forum no longer had control over the forum or his own equipment. His staff, in a message on the Dread homepage, said to assume the worst.
Dread, the darkweb’s version of Reddit, has been offline for nine days at the time of publication, leaving many users concerned about the forum’s admin. The admin, HugBunter, has unexpectedly vanished in the past for “health reasons” or “equipment malfunctions.” In those cases, though, he made an effort to check in with a Dread staff member about his sudden disappearances.
This time, though, a Dread staffer confirmed that they had not received a message from HugBunter in three days. Although we do not know what specifically triggered the deadman’s switch, the trigger could have been something as simple as a certain number of days without an update from HugBunter. The worst case scenario for users of Dread (and HugBunter) is death or law enforcement intervention. While both are possible explanations, it is far too early to make such a conclusion without additional information.
What is a Deadman’s Switch?
A deadman’s switch, as explained by one darkweb marketplace administrator, “is a type of security system that is put in place to ensure the individual who set up said system is alive.” The admin gave us some examples from television and real life as well. “This sounds very dramatic, like something you would see in an episode of Mr Robot but they have various uses as we have seen with both Edward Snowden and Wikileaks where if a predefined step or measure was not taken in a predefined amount of time files would be sent to a predefined location. It doesn’t always refer to the living status of an individual or being but the fact that if that person is not freely able to essentially flick off the switch something will be triggered.”
The administrator also provided us with the details of a deadman’s switch that would have worked for HugBunter:
Now here is a more digestible example of what a deadman switch would look like in relation to Dread; Hug purchased a cheap server, a script was put in place to send an email to every Dread moderator if no login was made on that server within X amount of days. Hug instructed (during a time where he was not compromised) his staff to publish this message without fail if they ever received this email/alert, that was their duty and Paris fulfilled it. Multiple of these types of systems could have been put into place, but the simple process is; if a step is not taken within a certain period of time the switch would go off. There is no way to activate a deadman switch it is all predefined with whatever variables there are, the only way to prevent said switch from going off would be to delete the system or fulfill the requirement set to delay or prevent it from going off.
HugBunter’s (Original) Message
More than a week ago HugBunter posted a message on the frontpage of Dread about working on upgrades “to provide increased stability” to Dread. The upgrade would also “reduce a whole lot of spam and phishing.” After that update, HugBunter logged into his private jabber account for several days before logging back out. He logged in and out again for a little while before logging out “for good.” More than three days and five hours have passed since HugBunter last accessed the jabber account used to communicate with his staff members and other members of the community.
The Original Downtime Message on Dread
In the past, HugBunter posted about Dread downtimes and maintenance on the /r/DreadAlert sub. He posted about downtimes that lasted only hours. It was important to HugBunter to inform Dread users that he still had control of the platform. The platform rarely went down without an explanation on /r/DreadAlert.
More than three days have passed since HugBunter last accessed jabber
This downtime—the longest one yet—is the only recent exception. He never posted on the subreddit dedicated to Dread downtime and he never updated the message on the Dread homepage. Instead, on September 27, one of his staff members posted that the absence (or something related to the absence) had triggered the HugBunter’s deadman switch. Another member of Dread’s staff has confirmed that HugBunter had a deadman’s switch in place for when something bad had happened.
“HugBunter’s Deadman Has Been Switched”
The message was posted on the frontpage of Dread by Paris, one of the only people capable of accessing Dread servers. Paris signed the message with the public key associated with Paris’ account on Dread. The signature is valid. And the message is below:
HugBunter’s deadman has been switched. It has been three full days without any contact when in all purposes the site update should have been pushed already. Hug does disappear at times and recently he disappeared for just over a day do to personal problems. All I can hope is he is alive and well. Not harmed, captured, or dead.
However we must assume the worse in this case. If something happened and he is alive he will be able to validate himself with a signed PGP message and some internal information.
If he does not return in one weeks time from his message all server’s content will be removed and the source code for dread will be released to the open public. In it’s current state (without the upgrades that HugBunter was supposed to push three days ago) the site would be full of spam and phishing in no time. On the final days before dread’s maintenance system was turned on, hours of time per day was spent removing content and accounts spamming the forum. It was unusable.
This downtime was only supposed to be a few days at most to get the final touches to the codebase upgrade done without needing to handle all the spam at the same time. While HugBunter at times does disappear for days he generally doesn’t do it when dread is down and can’t be brought back up. I just hope he is alive.
There might be a simple explanation for this (health problems for example) but until that time we must assume the worse.
The Message Posted by Paris on Dread
As Paris wrote, something as innocent as HugBunter’s health problems could have prevented the forum administrator from accessing a computer. There is no way to prove that HugBunter did not simply shut down his machines after overwhelming himself with the Dread update. The update is an important piece of the puzzle too; Paris pointed out that “HugBunter at times does disappear for days he generally doesn’t do it when dread is down and can’t be brought back up.” And another former Dread staff member backed up the claim by Paris, adding that HugBunter never disappeared during an update to Dread.
The message posted by Paris does not provide evidence in support of any of the theories surrounding HugBunter’s disappearance. That does not mean users of Dread should react as if nothing happened though, according to DarkDotFail. “Dread users should assume Dread is compromised. Rotate all passwords you have ever used there immediately,” DarkDotFail wrote in an encrypted conversation. “Assume private messages are being read by an adversary right now. We have no proof of this. All we know is that Hugbunter is missing, but for OPSEC it is always best to assume the worst.”
“Hugbunter’s contributions to the darknet are unparalleled since the original Dread Pirate Roberts. To a good friend: I hope you are well and I wish you the best.” - DarkDotFail
The market administrator who explained deadman switches also added a comment about the situation:
Now I don’t want to speculate because I am sure we all have our own interpretations of what that message means. We need to know what type of system was put in place before we can come to any solid conclusions, however I just cannot help but think was this announcement made purely on the basis that Paris has never experienced Hug go MIA while the site has been placed in maintenance mode or otherwise not accessible or was there an actual deadman switch in place. Given Hug used to go MIA for extended periods of time I really don’t think there was any system in place or else we would have seen this before? I really don’t know.
“But what I do know is there will be a power struggle, a lot of stories, a lot of trolls to take advantage of this situation and cause chaos. Be careful, and be mindful as to which platforms you all switch to because some will have their own agendas and where you shop, who you trust, and ultimately who controls what is up for grabs.”
Regardless, I hope Hug turns up because as much shit as people like to give him the service he created really did enable the community to regroup and if Dread was to end here it would be a huge blow to the cryptomarket scene given the number of genuine hidden services is at an all time low
This story is still developing and likely warrants followup articles. I appreciate those who helped sort this out.