Slashdot Mirror
Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers
An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"
... as long as there is no resourceful federal agency trying to get you.
Linux is for people who don't mind RTFM.
In other words: perjury, but you can't prove it.
At least that is what they are saying...
I think you misunderstand something. It doesn't matter if they are lying through their teeth when they say that. Because they claim it to be true, we can use that as further justification that the NSA's mass-surveillance hasn't done squat.
Two words: parallel construction.
No, we can't. That's not what they claim NSA mass surveillance is for. This is an FBI investigation. Law enforcement, that is.
The NSA shouldn't be involved, and the claim is that they weren't.
Back in 2006 it was already out that the NSA was sharing information with the FBI among others:
http://www.washingtonpost.com/...
With multiple leaders of the U.S. intelligence apparatus having been caught lying under oath, we'll never know. One of the techniques is for the NSA to pinpoint something then the FBI look at the target and find something else they can label as the "reason" they found out about it.
At this point, because of our government's shortsighted decision's (Bush/Obama) to pursue and institute a surveillance state (ala East Germany), we'll never know what the story was here and have to take any claim from the Feds with a huge dose of skepticism.
They could have been running the code for it on their server, doing a (perhaps asynchronous) request for the CAPTCHA image and that had been set up to use a direct IP address (or domain linking to one). The connection strings for AJAX requests and the like are often forgotten when handling domain-related issues/HTTPS/etc., so I'm not at all surprised.
https://www.nikcub.com/posts/a...
If you still believe that the server was discovered in the way the FBI described it - try it. I did. I setup a virtual machine with a web server running a Tor hidden server. I then accessed the hidden server over Tor and looked at the traffic. No matter how much I intentionally misconfigured the server, or included scripts from clearnet hosts, I never observed traffic from a non-Tor node or a "real" IP address.
Right, they got the data illegally, seized the servers, then examined them for a vulnerability they could have used to legally seize them and claimed that was the source.
You need the link to wikipedia so the regular folk know what youre talking about
parallel construction
But there is nothing you, the citizen, can do about it.
Comment removed based on user account deletion
Parallel construction is a farce and has no place in a legal system. The defendant is being intentionally lied to and thus unable to defend themselves. If you can not say how you got the info they should not be able to use it. Same goes for confidential informants. The people the NSA should be spying on are supposed to be dealt with via the CIA aka outside of the country assassinations.
No sir I dont like it.
Stick a php_info in your code or something equivalent. I don't believe the FBI was claiming that they received traffic from a non-tor IP, but rather that they received an IP address somewhere in the data sent over tor.
Nothing in tor prevents you from sending your name, address, and social security number in the html of a webpage that you serve. If I wanted to depend on a website remaining anonymous over tor I'd probably stick the entire thing on a private network (with private IPs) such that none of the machines ever contained identifying information (including traceable machine IDs or MACs/etc), heavily firewall it, and carefully control that nothing goes out except via tor. I'd treat every device on the network as if it were compromised and intentionally trying to communicate out every bit of data stored within, so it would be essential that none of these devices contain any information worth stealing.
Whether something is true or not matters little to the Slashdot hivemind, as long as it can feed the fires of perpetual outrage.
There is no reason whatsoever to believe this assertion. You're accepting it as fact for no reason. We call people like you a "useful idiot".
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's not about a server misconfiguration.
TOR connections are tunnels. You don't have to configure your webserver etc for TOR, your machine just has to behind a firewall etc that doesn't allow the traffic out (or really, a router that just doesn't NAT it in). The only way to access the webserver would be through the tunnel, so no TOR=no access.
I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.
If a defense attorney taught a jury about PC, then it would put the prosecution on the hotseat to prove his folks did not use it.
This seems an impossible task, unless folks trust the cops.
It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.
Which is why it was a dumb idea to break the rules in the first place.
> I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server
Do you find it hardto believe that Paypal's engineers make significantly more obvious mistakes? They do, of course. The thing about crime, and security, is that you can do a hundred things just right, and be taken down by the one thing you missed. It's adversarial like sports, but unlike sports 47-2 is a losing score for the team who scored 47. Those two items on which you let the authorities score put you in prison.
How many sites out there are HTTPS but deliver some data via HTTP by mistake or oversight? Looks like that applies here too. Good job tracking this down. Plain old inspecting what your receiving and digging into it.
Recently there was this story about NSA guys leaking Tor bugs to devs and suggesting changes to "improve" Tor's design:
http://yro.slashdot.org/story/...
I vividly remember that Snowden's documents said that NSA tries to influence Tor's design, being unable to actually break it. This might be a way of doing it: they pretend to be "good guys" and suggest changes that, while removing purely theoretical vulnerabilities, actually open the doors to more serious ones.
I hope Tor developers aren't so foolish to follow those "suggestions".
Of course they aren't documenting their ability to subvert anonymity on Tor. It is probably the most powerful weapon an intelligence agency can wield right now. The rather simple (but un-falsifiable) fact is that with enough relay and exit nodes owned by one entity (and ownership is deliberately un-attributable) you can pretty effectively de-anonymize it by attrition (there are a few protocol weaknesses too, that allow you to leverage a lot of hosts). The only clue an outside observer might have that it is happening is inorganic changes in the network layout (i.e. a lot of nodes going online or offline) signalling a large single controller is at work. Luckily, at least this avenue is covered and you can see via the Tor Metrics portal what is going on across the network, and infer occasional events (like the de-anonymizing attack this past spring).
You need the link to wikipedia so the regular folk know what youre talking about
parallel construction
But there is nothing you, the citizen, can do about it.
Jury Nullification
It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.
Which is why it was a dumb idea to break the rules in the first place.
Yes absolutely correct. If the cops show themselves to be untrustworthy, then the whole law enforcement chain of evidence falls apart. This is the elephant in the room for the supreme court decision earlier this year, in which they ruled that police could stop and search somebody based on an "anonymous tip". And yet the law enforcement has been proven to sanction and encourage PC (part of the FBI docs earlier, in which LEOs got access to NSA data, was a manual saying the cops should use PC so they don't have to reveal the FBI/CIA program in court).
the situation is analogous to the poor dudes in gitmo. Everybody knows they're not terrorists, yet because they were seized illegally there's no way for the justice system to process them. but the military doesn't want to just set them free, because certain parts of the country and certain news channels would flip out. So they just sit in jail and wait, while becoming terrorists. wouldn't you?
Of course they aren't documenting their ability to subvert anonymity on Tor.
Stop spreading FUD. Actually they documented the fact that they do NOT have that ability. And they admit that in top secret documents, which aren't exactly supposed to be used for propaganda:
http://www.theguardian.com/wor...
Hence they probably try to influence Tor's design in the hope to make it weaker in future, as OP was saying.
The examples from the wiki describe situations where the initial source was legal, but protected. E.g., placing a sting in the path of a suspect on the word of a protected informant, then omiting the reason for their 'luck' in finding the suspect. Or e.g., withholding NSA wiretaps from DEA until the citizen or geography of the source is determined to be foreign (unethical, but not illegal).
In this case, they would be seizing servers (illegally), then searching them for a weakness to cover their asses, then lying to the judge about it(illegal), and hoping the logs agree with their probes (possibly revealing their lies), or altering them to match (illegal).
I might be naive, but I think the discovery of the IP source through the weakness in the captcha is totally plausible. I also think that Joe law enforcement officer doesn't want to end his career in disgrace over something like this.
I'm puzzled by this one. Surely all the justice system needs to do is say "The U.S. Constitution binds the actions of the U.S. government even outside U.S. territory" and then admit a writ of habeas corpus?
We have discovered so many lies from various LEAs and NSA about parallel construction (they even lie to judges and prosecutors) that it is impossible to believe them without iron-clad evidence at this point.
Perhaps they'd care to show us the code? Show us the log of the exploit? Bare assertions won't do.
That'd be one useless network though. If your devices have no information worth stealing - than what are they doing?
That's the problem with anonymity (and security in general). To be perfect, it's got to have no value.
In a more practical case like this one, I fully expect that administrators of those servers made one small mistake (more likely simply could not check every possible bit of code for information it may leak) and that was their downfall.
I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.
People make mistakes all the time. Even smart people.
You've never made a mistake? Never missed a bug? Never misconfigured a system? Ever?
Do a hundred things right, and one thing wrong, and just guess which one will get caught.
http://www.geoffreylandis.com
this is what Tails tries to do.
Really you could just run tor on a vm and then setup all client machines on the LAN to VPN into it. then set each client's firewall to drop any traffic to any interface except tun/tap.
You could also run dansguarian+squid on that tor vm to sniff for and catch reg-ex's that look like your public IP or PII.
Jury Nullification
The reality is that this almost never happens. And it will not happen in this case, where the "defendant" is not only accused of being a drug kingpin, but also of putting out "hits" on people he didn't like. He's not going to look good to a jury. Say what you will about drug laws, but this guy "allegedly" took substantial steps to murder people.
If you want news from today, you have to come back tomorrow.
as long as it can feed the fires of perpetual outrage
Well, winter will come soon; I have to keep myself warm somehow.
Ezekiel 23:20
There is a difference between no identifying information, and no information.
Rips of DVDs, for example, would be information - but they would not contain any identification other than the program used to make them, and the DVDs in question.
It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.
Parallel Construction doesn't catch criminals. It hides criminal activity by the government. It is an institutionalized form of lying which isn't acceptable in our court system.
I am becoming gerund, destroyer of verbs.
I'm puzzled by this one. Surely all the justice system needs to do is say "The U.S. Constitution binds the actions of the U.S. government even outside U.S. territory" and then admit a writ of habeas corpus?
well, that's the rub. there's no way to transfer the prisoners from gitmo to a regular prison, because if the justice department brought these people to a civilian court, the judges would laugh them out of court, give the defendants a condolence basket, and buy them a free ticket home. it's really hard to send them abroad, because all other countries have refused to take them and have responsibility for them. And Obama doesn't want to cut them loose - not in an election year! so these poor people, who everybody agrees are innocent, are stuck in in a military prison. Oh yeah, they also have restricted access to lawyers so it's hard for them to even defend themselves. way to go Obama.
all this being said, I never understood what a "writ of habeas corpus" meant.
Well, in their case they are running a storefront. That has a few components.
1. You need a searchable catalog of stuff that you are selling, and the ability to put together orders. That isn't too sensitive up until you checkout since your goal is to advertise the catalog anyway.
2. You need to be able to collect info on where to ship the goods. This is sensitive information if you don't want people figuring out who your customers are. You can't avoid collecting this info from your customers, but you could control storage of it. The first time somebody sets up an account you could collect info from them, but then you could take that data off the network and just reference their account number inside the network. As long as the customer sticks with the same delivery address and doesn't care that the order doesn't show it, then their info could be safe from compromise a few days after their first order.
3. You need to handle payment. Since they traded in Bitcoin this also could be done in a way that doesn't eliminate the risk of problems, but it does greatly mitigate it. For each transaction create a bitcoin account, and the tor-connected network can provide those details to the client so that they can make payment. At that point you can remove that data from the tor-connected network and move it elsewhere. That means that if somebody gets onto the network they can only get your bitcoin credentials for a few days worth of transactions, and future transactions going forward. Money would be moved out of those accounts into another set of accounts whose credentials were never at risk as soon as it was received, so if there were an attempt to seize funds it would be limited to accounts that only received funds recently.
All the order fulfilment can happen off of the tor-connected network. Getting data between the networks could involve sneakernet, or maybe even manual printing of paper orders. An operation like Silk Road is no doubt very high-margin, and I can't imagine that they can operate at high volume without risk of detection. So, a manual process where tor tells you ship 2kg of product A to customer 123 just means punching 2, A, and 123 into another application which prints out the shipping label - that system doesn't need to be attached to the internet. Dealing with bitcoin account numbers and credentials might be more of a pain, since they are long numbers.
You asshat troll. Juries DO THINK THIS WAY which is why they are "shown the proof and if there is proof then the jury considers him not looking good."
Now TOR (or whom ever) can fix it.
"If any question why we died, Tell them because our fathers lied."
No, jury selection (which should be illegal) makes sure that juries do not think this way.
The only selection of a jury should be by means of an RNG. Preferably a low-tech one, like a bingo-ball cage. And audit the shit out of that thing on a regular basis. We don't want biased juries.
Lawyers. Queering the deal since... forever.
It was also congress that insists that they stay.
Honestly this whole blame the president is getting tiresome, this is a failure of the US government and all branches should be held accountable...our government is a embarrassment and there is no one side that is more embarrassing then the other..they are all corrupt cronies without a ounce of humanity to them.
Oh, I wouldn't just worry about flash. I'd assume that somebody I don't like is going to find an exploit in my webserver, and run arbitrary code on that host, and every other host it can reach via the network. All of this stuff has to run in a DMZ that contains no identifying information at all. That is certainly a challenge to do in practice.
For every lie NSA gets printed on the news...
The thing about writing the website or configuring the system to tunnel data through any kind of proxy/tor is that for every packet or http request or whatever you work with you have to EXACTLY specify what happens as in what comes in and what goes out, the lie is just too retarded.
I've made like a dozen network backends for different kinds of applications and progarms. I know.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
dude, chillax on this bush vs. Obama stuff. Obama has been leader of the free world for 6 years now. on day one he promised to close gitmo. we can criticize Obama for his failures, without caveating that with the failures from prior adminsitrations. history will judge GWB.
Where a group of FBI boffins are cheering, hooting and hollering about the find, and a group of NSA boffins, rolling their eyes and being coy, "Awe! Look at them, you'd think they just broke codes!".
Silk road != Tor servers
It's like you have no clue how jury selection works; and have only seen the movie Runaway Jury. Juries can vary in size, anywhere between 6-12 plus backups totaling about 15-30. Attorneys can only challenge the selection a set number of times. Most cases this is 3. So in a majority of cases at least one juror is completely untouchable by the attorneys (if you exclude the backup set).
They're saying the server leaked its own IP address. Unless you've set up your system so that your Tor hidden server is on a computer not connected directly to the Internet and it connects to a physically-separate Tor node that blocks any network flows other than ones going over the Tor proxy, then any Tor hidden server also has a leakable IP address. A Web server error message (or embedded error message from a third-party service, for example), header, or other piece of data might then contain the server's IP address.
That's pretty thin information by itself. But if any part of your server is configured to listen on all network interfaces (instead of, say, localhost), then someone making an HTTP request to that IP address gets a page from your server. That's fairly damning evidence.
Is that like Plausible BS -- or am I using a too technical word here?
I always figured that the "illegally gained intelligence" whether it be to get rid of a politician or someone affecting the status quo, would be an "anonymous tip" or "via great sleuthing."
This great sleuthing never occurs if it's a bank or someone politically connected -- strange.
>>"ad space available -- low rates!!!"
The intelligence agency has done this before to help the DEA and domestic law enforcement. Parallel construction has been proven for other investigations. It's unlikely any of them will give it up until they are forced to do so. https://www.muckrock.com/news/... http://www.reuters.com/article...
Our Supreme Court is fascist. I fully expect them to uphold the "we got an anonymous tip" and provide a hole a truck can drive through with all this "NSA metafile information that won't ever be used against you..."
And off the record, we see here you visited a certain bunny ranch in Vegas, we'd like to see a larger number on next years budget in the appropriations committee.
The threat posed by the Silk Road is orders of magnitude less than "anonymous" evidence in FBI court cases. This is the morning before we wake up to a boot on our neck --- and I don't that's hyperbole.
>>"ad space available -- low rates!!!"
It doesn't matter if they are lying through their teeth when they say that. Because they claim it to be true, we can use that as further justification that the NSA's mass-surveillance hasn't done squat.
Because they're busy using that surveillance spying on political and business opponents. Come on, citizen, you don't want to take resources away from that to put then to unimportant stuff like catching criminals and preventing terrorism, do you? Heck, if we caught terrorists before they strike, the terror would be gone and this would risk pulling resources away public support from the surveillance!
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
I'm making an assumption that you're talking about illegal NSA surveilance
And you think that's the only way to gather intelligence illegally? I still might guess parallel construction, but my mind didn't jump to the NSA. There are plenty of other options out there.
That would only make sense if the criminal didn't deserve to be prosecuted. You can't fix the problem post-hoc.
No - anyone who knows anything about subject matter involved in a trial (computers, forensics, medicine, etc.) will be excluded from the jury during the selection process with the attorney's. You're supposed to have people who will only listen to the "expert witness" and not use your own knowledge. It's a certain guarantee that this skews the jury pool toward people a little dumber than you'd want.
I posted this reply to the wrong place the first time. So here I go again:
No - anyone who knows anything about subject matter involved in a trial (computers, forensics, medicine, etc.) will be excluded from the jury during the selection process with the attorney's. You're supposed to have people who will only listen to the "expert witness" and not use your own knowledge. It's a certain guarantee that this skews the jury pool toward people a little dumber than you'd want.
The examples from the wiki describe situations where the initial source was legal, but protected. E.g., placing a sting in the path of a suspect on the word of a protected informant, then omiting the reason for their 'luck' in finding the suspect. Or e.g., withholding NSA wiretaps from DEA until the citizen or geography of the source is determined to be foreign (unethical, but not illegal).
Yes, but in this case, mass analysis of Tor traffic by the NSA could have thrown up a suggestion to the FBI "if you want to find the real source of the servers, all you need to do is exploit the CAPTCHA servers". The activities of the NSA don't have to be illegal for the FBI to obfuscate how they got to the final result. I doubt the FBI spent load of time just hacking around. The Government started with the problem "how do we reveal the true source of the Tor anonymized traffic" and fitted the solution to identifying it to some fully legal and totally unnefarious. It is in the Government's best interest to make criminals think they are incompetent.
D.O.U.O.S.V.A.V.V.M.
I've been thinking about this over the last few days, ever since the story popped up in wired.
If they exceed the captcha's rate limit, the captcha -might- leak information in its rate-limiting error message. The message would be something like "your server at IP has exceeded its request limit."
This is likely because if you exceed the rate limit you'd kind of want to know which one of your front-ends was be the bad one.
Nobody really would test that sort of thing either.
Ah, in this case it is even easier to anonymize then, assuming you don't care about the buyers or the sellers. Just store all the data on the servers with nothing identifying, and the only thing you have to deal with is getting the listing fees off the site.
I'll confess I don't know a great deal about the Silk Road, as I've never visited the site.
true story, bro: a couple years ago a candidate for NZ prime minister dropped out at the last moment because emails were anonymously leaked to reporters that he was having an affair. how much do you want to bet that he had some anti police state views, and the security apparatus leaked the emails.
My example was contrived. The point is that tor doesn't prevent you from leaking identifying info. There are LOTS of ways this can happen, including:
1. Some application happens to embed a non-private IP in the data stream (maybe in a header or something). This is a classic problem if you try to run bittorrent over tor.
2. Somebody manages to run arbitrary code on your server via an exploit and this code has access to identifying information, such as a non-private IP, mac address, or just the ability to send packets to the internet (which can be sent to a server controlled by the attacker revealing the source IP).
Neither of these requires NSA-like capabilities to pull off, or the ability to defeat tor in general.
he's useful??
When I was called for jury duty (in California), the attorneys had something like 10 peremptory challenges each. Everyone who wasn't a slack-jawed dimwit was removed. This was only for a traffic accident case - I imagine the lawful-corruption would be even worse in a more serious case.
In Centrist America, it's only a jury of your "peers" if you ride the short bus.
This is the morning before we wake up to a boot on our neck
Sorry, too late by about a decade. The old Republic was sick for a long time, and died an inglorious death in 2001. Long live the Empire!
I call that misinterpretation of events. They probably didn't pick the other jurors because they were stupid. They picked them over you, because they weren't as opinionated as you were. They're trying to select jurors that would not be biased. They don't want someone who thinks they're an expert on the law. It just so happens that stupid people aren't necessarily as opinionated on a given subject.
Yes, that's a good little Centrist - lick that boot. No one could possibly have an experience with the legal apparatus that contradicts the fairy tales you were taught in high school Civics class...
Regardless of your baseless opinion on why I was removed, the fact is at least 11 of 12 original jurors were removed. The attorneys cycled thru something like 18 of the 30-ish potential jurors by the time I was excluded. Jury selection continued after I left.
It's pretty obvious juries in my city are not juries of the defendants' peers, but rather juries of select persons favored by attorneys.
Doubts cast over FBI 'leaky CAPTCHA' Silk Road rapture - Security bod says affadavit makes no sense, omitted exploitation works
I feel like your attitude is proving my point.
Who would be so stupid to run a server like that without masquerading? That is not credible at all. A simple masquerading firewall before the actual server makes sure that a) no non-TOR traffic ever reaches or leaves the actual server and b) the server itself does not know the public IP it is reachable under. This is really basic protection and set up withing a few hours. It also makes sure nothing like the FBI claims can ever happen.
The only sensible explanation is that the FBI is lying through its teeth.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It is not complete BS. If the server war really stupidly configured and did not have an additional masquerading firewall before it, something like this could happen. That claim is however not credible at all and this is likely a fairy-tale for the gullible.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
A masquerading firewall will also protect you and you do not need any "special" TOR node for that (which you cannot get anyways). Simple to set-up and standard in any LAN-WAN connection where the LAN has private IP addresses.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yes, apparently. To bad many people will believe this obvious fairy-tale.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It's like you have no clue how jury selection works; and have only seen the movie Runaway Jury. Juries can vary in size, anywhere between 6-12 plus backups totaling about 15-30. Attorneys can only challenge the selection a set number of times. Most cases this is 3. So in a majority of cases at least one juror is completely untouchable by the attorneys (if you exclude the backup set).
I've been through voir dire twice and in both cases (criminal assault) not only did the attorneys get their allotted strikes, but toward the end of the questioning process the judge also had notes and called certain members of the pool to the bench and further questioned them about their opinions, dismissing some of them to go home. The judge is already there as a representative of the State, so naturally his dismissals will also tend to enforce jury orthodoxy. No libertarian who believes in nullification is EVER getting on a jury unless he perjures himself.
Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
Ahhh... so you believe only subjects with a credulous & servile attitude should be included on a jury?
Did the Feds have a warrant for searching this particular server? Quote the 4th Amendment:
... and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Did they have a warrant specifically describing the place to be searched, and the persons or things to be seized?
If not, they were violating the CSRA, by accessing a server without authorization, which is exactly what they tried to charge Aaron Schwarz with.
It is not permissible to break the law in order to enforce the law. This is a principle older than the United States itself.
Paypal engineers do not go to prison for an extended period of time when they are caught. Paypal engineers are also the cheapest possible that can just about get the job done.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If they had a sanely configured masquerading firewall, it could not, as nothing on the server would know its public IP address. And of course, the captcha will be locally generated as including an external one reveals your location via the captcha service (that would get a nice NSL in this case).
Plain fact is that what the FBI here claims is exceedingly unlikely to be true, not in the least because of course a site like this gets attacked all the time and such problems would have been found and fixed a long time ago.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
My personal take is that this was much more likely some Bitcoin-based attack where they were able to identify him via some Bitcoin they gave him and that he spent afterwards. The claimed scenario would require terminal stupidity on the side of the server set-up and also that nobody of the countless people trying to attack these servers ever getting lucky. Not credible at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
> Paypal engineers do not go to prison for an extended period of time when they are caught.
Neither does the script monkey that Ulbricht hired to set up the captcha.
He had a huge criminal enterprise to run, tons of money to launder, murders to order, and hopefully he'd make some time to enjoy his ill-gotten gains before he eventually made a mistake and got busted. If he was wasting his time setting up a captcha, that was pretty stupid. The smart thing would be for him to have someone eho understands banking and finance take care if the banking and finance, someone who understands programming take care of the programming, someone who understands high-capacity server infrastructure take care of the server infrastructure, ehile he ran the whole operation and spent some time on his boat. Actually, not really. He was successful before silk road,so the smart thing to do would have been to continue to make money legally. That has the advantage of not ending with a prison sentence.
Loaded question says what?
I'll take that as a "yes".
The IP will probably be revealed as being 127.0.0.1.
The judge will accept it as evidence, and the jury will convict because we are still living in a society of imbeciles trying to impose on how everyone should live under the premise that they know better as a collective decider.
We are destroying basic human rights and severely punishing people simply so we can "show them a better path" in life.
It's absurd. Why can't we just close all these ineffective branches of government fighting pseudo crimes already?
You can take it however you like. I'm not intolerant. But don't put quotes around it.