Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers

Posted by samzenpus on from the try-and-try-again dept.

An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"

1 of 142 comments (clear)

  1. Re: Or so they say... by Dr.+Evil · · Score: 5, Interesting

    The examples from the wiki describe situations where the initial source was legal, but protected. E.g., placing a sting in the path of a suspect on the word of a protected informant, then omiting the reason for their 'luck' in finding the suspect. Or e.g., withholding NSA wiretaps from DEA until the citizen or geography of the source is determined to be foreign (unethical, but not illegal).

    In this case, they would be seizing servers (illegally), then searching them for a weakness to cover their asses, then lying to the judge about it(illegal), and hoping the logs agree with their probes (possibly revealing their lies), or altering them to match (illegal).

    I might be naive, but I think the discovery of the IP source through the weakness in the captcha is totally plausible. I also think that Joe law enforcement officer doesn't want to end his career in disgrace over something like this.