Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers

Posted by samzenpus on from the try-and-try-again dept.

An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"

33 of 142 comments (clear)

  1. Re:With Tor you have expectation of anonymity... by sinij · · Score: 3, Informative

    No you don't have expectation of anonymity anywhere, but with Tor breaching your anonymity is prohibitively expensive for most scenarios.

  2. Re:Or so they say... by Anonymous Coward · · Score: 4, Insightful

    At least that is what they are saying...

    I think you misunderstand something. It doesn't matter if they are lying through their teeth when they say that. Because they claim it to be true, we can use that as further justification that the NSA's mass-surveillance hasn't done squat.

  3. Re:Or so they say... by Noah+Haders · · Score: 5, Insightful

    Two words: parallel construction.

  4. Re:Or so they say... by Anonymous Coward · · Score: 2

    No, we can't. That's not what they claim NSA mass surveillance is for. This is an FBI investigation. Law enforcement, that is.
    The NSA shouldn't be involved, and the claim is that they weren't.

  5. We'll never know by sasparillascott · · Score: 5, Insightful

    Back in 2006 it was already out that the NSA was sharing information with the FBI among others:

    http://www.washingtonpost.com/...

    With multiple leaders of the U.S. intelligence apparatus having been caught lying under oath, we'll never know. One of the techniques is for the NSA to pinpoint something then the FBI look at the target and find something else they can label as the "reason" they found out about it.

    At this point, because of our government's shortsighted decision's (Bush/Obama) to pursue and institute a surveillance state (ala East Germany), we'll never know what the story was here and have to take any claim from the Feds with a huge dose of skepticism.

  6. Analyzing the FBI's Explanation of How They Locate by I)_MaLaClYpSe_(I · · Score: 4, Insightful
    not at all:

    https://www.nikcub.com/posts/a...

    If you still believe that the server was discovered in the way the FBI described it - try it. I did. I setup a virtual machine with a web server running a Tor hidden server. I then accessed the hidden server over Tor and looked at the traffic. No matter how much I intentionally misconfigured the server, or included scripts from clearnet hosts, I never observed traffic from a non-Tor node or a "real" IP address.

  7. Re: Or so they say... by Anonymous Coward · · Score: 5, Informative

    You need the link to wikipedia so the regular folk know what youre talking about

      parallel construction

    But there is nothing you, the citizen, can do about it.

  8. Re:Or so they say... by silas_moeckel · · Score: 4, Insightful

    Parallel construction is a farce and has no place in a legal system. The defendant is being intentionally lied to and thus unable to defend themselves. If you can not say how you got the info they should not be able to use it. Same goes for confidential informants. The people the NSA should be spying on are supposed to be dealt with via the CIA aka outside of the country assassinations.

    --
    No sir I dont like it.
  9. Re:Analyzing the FBI's Explanation of How They Loc by Rich0 · · Score: 4, Interesting

    Stick a php_info in your code or something equivalent. I don't believe the FBI was claiming that they received traffic from a non-tor IP, but rather that they received an IP address somewhere in the data sent over tor.

    Nothing in tor prevents you from sending your name, address, and social security number in the html of a webpage that you serve. If I wanted to depend on a website remaining anonymous over tor I'd probably stick the entire thing on a private network (with private IPs) such that none of the machines ever contained identifying information (including traceable machine IDs or MACs/etc), heavily firewall it, and carefully control that nothing goes out except via tor. I'd treat every device on the network as if it were compromised and intentionally trying to communicate out every bit of data stored within, so it would be essential that none of these devices contain any information worth stealing.

  10. Re:Or so they say... by drinkypoo · · Score: 2, Interesting

    Whether something is true or not matters little to the Slashdot hivemind, as long as it can feed the fires of perpetual outrage.

    There is no reason whatsoever to believe this assertion. You're accepting it as fact for no reason. We call people like you a "useful idiot".

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  11. Seems unlikely to me by phorm · · Score: 4, Insightful

    It's not about a server misconfiguration.
    TOR connections are tunnels. You don't have to configure your webserver etc for TOR, your machine just has to behind a firewall etc that doesn't allow the traffic out (or really, a router that just doesn't NAT it in). The only way to access the webserver would be through the tunnel, so no TOR=no access.

    I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.

    1. Re:Seems unlikely to me by _xeno_ · · Score: 3, Interesting

      The only way I can think of to accidentally do what the FBI is claiming is if he just grabbed an poorly written CAPTCHA program off the Internet and it constructed its own URLs back to the server using the server's IP address.

      Why it would do that instead of using the configured server name or, even better, just use a relative URL would be anyone's guess. But it's the only plausible way for the FBI's explanation to make any sort of sense.

      (Or, to put it another way, they're almost certainly lying.)

      --
      You are in a maze of twisty little relative jumps, all alike.
    2. Re:Seems unlikely to me by TheCarp · · Score: 4, Interesting

      > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on
      > a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP
      > and/or put the equivalent to a home internet router in front of it.

      as much as I would like to not believe it, this is one of those cases where, he has to be perfect every time, they have to catch him slipping up once.

      I don't know what his stack was, but typically, there are a lot of places information can leak. Including in error messages.

      The reality is, no hidden service (that isn't intentionally also a non-hidden one) should have a public IP where it can be reached. The last public endpoint should be its tor node, and the tor node itself should then only contact it via private IPs. It should then also only contact its backend databases by private IPs.

      If that means you have to setup backend VPNs for the transport.... then guess what....that means you have to setup backend VPNs for the transport.

      Frankly, what this guy did, overall, wasn't all that impressive. He put a bunch of tools together. He didn't develop tor, he just made the obvious leap. Being more willing to take the risk doesn't mean you are the best of the best, it just means you are confident enough to risk a fall on your face.

      --
      "I opened my eyes, and everything went dark again"
    3. Re:Seems unlikely to me by Anonymous Coward · · Score: 2, Interesting

      The only way I can think of to accidentally do what the FBI is claiming is if he just grabbed an poorly written CAPTCHA program off the Internet and it constructed its own URLs back to the server using the server's IP address.

      Why it would do that instead of using the configured server name or, even better, just use a relative URL would be anyone's guess. But it's the only plausible way for the FBI's explanation to make any sort of sense.

      (Or, to put it another way, they're almost certainly lying.)

      Well, you could actually read the dam court documents. If you put random junk into the CAPTCHA boxes sometimes you would get an error page back - over TOR - but which contained the true IP address of the server. It appears that while the web server itself was configured to route everything over TOR, the CAPTCHA add-on that was being used had not been properly reviewed to make sure it had no information leaks. Obviously such information leaks would not matter in a normal set-up, so there would be no reason for a CAPTCHA add-on writer to work hard to eliminate them - in fact for debugging purposes some of that information would be useful.

      I don't know why people seem to find it so hard to believe that the FBI would decide to target the highest-profile online illegal drug marketplace without prompting from "sinister forces", or that they would carefully review every byte returned from the server to see if there were information leaks that would lead back to the true location. It certainly makes more sense than your theory that it was all a conspiracy by the NSA, and then dozens of people in the FBI and the Icelandic police conspired to forge the evidence to insert a faulty CAPTCHA program into a bug-free server and repeatedly perjure themselves in a way that would be obvious if the defendant produced a back-up with a flawless CAPTCHA code.

  12. Re:With Tor you have expectation of anonymity... by SpzToid · · Score: 2

    That's how the Harvard kid got busted classically calling in a bomb threat on test day. The feds looked for outgoing Tor traffic from the Harvard LAN, which requires a MAC address BTW.

    http://www.forbes.com/sites/ru...

    --
    You can't be ahead of the curve, if you're stuck in a loop.
  13. Re:Or so they say... by Anonymous Coward · · Score: 2, Insightful

    If a defense attorney taught a jury about PC, then it would put the prosecution on the hotseat to prove his folks did not use it.

    This seems an impossible task, unless folks trust the cops.

    It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.

    Which is why it was a dumb idea to break the rules in the first place.

  14. Given that PayPal, banks make mistakes regularly by raymorris · · Score: 4, Insightful

    > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server

    Do you find it hardto believe that Paypal's engineers make significantly more obvious mistakes? They do, of course. The thing about crime, and security, is that you can do a hundred things just right, and be taken down by the one thing you missed. It's adversarial like sports, but unlike sports 47-2 is a losing score for the team who scored 47. Those two items on which you let the authorities score put you in prison.

  15. Re:NSA leaks Tor's bugs by jeffmeden · · Score: 2

    Recently there was this story about NSA guys leaking Tor bugs to devs and suggesting changes to "improve" Tor's design:
    http://yro.slashdot.org/story/...

    I vividly remember that Snowden's documents said that NSA tries to influence Tor's design, being unable to actually break it. This might be a way of doing it: they pretend to be "good guys" and suggest changes that, while removing purely theoretical vulnerabilities, actually open the doors to more serious ones.

    I hope Tor developers aren't so foolish to follow those "suggestions".

    Of course they aren't documenting their ability to subvert anonymity on Tor. It is probably the most powerful weapon an intelligence agency can wield right now. The rather simple (but un-falsifiable) fact is that with enough relay and exit nodes owned by one entity (and ownership is deliberately un-attributable) you can pretty effectively de-anonymize it by attrition (there are a few protocol weaknesses too, that allow you to leverage a lot of hosts). The only clue an outside observer might have that it is happening is inorganic changes in the network layout (i.e. a lot of nodes going online or offline) signalling a large single controller is at work. Luckily, at least this avenue is covered and you can see via the Tor Metrics portal what is going on across the network, and infer occasional events (like the de-anonymizing attack this past spring).

  16. Re: Or so they say... by irq-1 · · Score: 5, Informative

    You need the link to wikipedia so the regular folk know what youre talking about

    parallel construction

    But there is nothing you, the citizen, can do about it.

    Jury Nullification

  17. Re:Or so they say... by Noah+Haders · · Score: 4, Insightful

    It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.

    Which is why it was a dumb idea to break the rules in the first place.

    Yes absolutely correct. If the cops show themselves to be untrustworthy, then the whole law enforcement chain of evidence falls apart. This is the elephant in the room for the supreme court decision earlier this year, in which they ruled that police could stop and search somebody based on an "anonymous tip". And yet the law enforcement has been proven to sanction and encourage PC (part of the FBI docs earlier, in which LEOs got access to NSA data, was a manual saying the cops should use PC so they don't have to reveal the FBI/CIA program in court).

    the situation is analogous to the poor dudes in gitmo. Everybody knows they're not terrorists, yet because they were seized illegally there's no way for the justice system to process them. but the military doesn't want to just set them free, because certain parts of the country and certain news channels would flip out. So they just sit in jail and wait, while becoming terrorists. wouldn't you?

  18. Re: Or so they say... by Dr.+Evil · · Score: 5, Interesting

    The examples from the wiki describe situations where the initial source was legal, but protected. E.g., placing a sting in the path of a suspect on the word of a protected informant, then omiting the reason for their 'luck' in finding the suspect. Or e.g., withholding NSA wiretaps from DEA until the citizen or geography of the source is determined to be foreign (unethical, but not illegal).

    In this case, they would be seizing servers (illegally), then searching them for a weakness to cover their asses, then lying to the judge about it(illegal), and hoping the logs agree with their probes (possibly revealing their lies), or altering them to match (illegal).

    I might be naive, but I think the discovery of the IP source through the weakness in the captcha is totally plausible. I also think that Joe law enforcement officer doesn't want to end his career in disgrace over something like this.

  19. Re:Or so they say... by pjt33 · · Score: 2

    the situation is analogous to the poor dudes in gitmo. Everybody knows they're not terrorists, yet because they were seized illegally there's no way for the justice system to process them.

    I'm puzzled by this one. Surely all the justice system needs to do is say "The U.S. Constitution binds the actions of the U.S. government even outside U.S. territory" and then admit a writ of habeas corpus?

  20. Too bad we can't trust them by sjames · · Score: 2

    We have discovered so many lies from various LEAs and NSA about parallel construction (they even lie to judges and prosecutors) that it is impossible to believe them without iron-clad evidence at this point.

    Perhaps they'd care to show us the code? Show us the log of the exploit? Bare assertions won't do.

  21. Re:Analyzing the FBI's Explanation of How They Loc by Anonymous Coward · · Score: 2, Interesting

    this is what Tails tries to do.

    Really you could just run tor on a vm and then setup all client machines on the LAN to VPN into it. then set each client's firewall to drop any traffic to any interface except tun/tap.

    You could also run dansguarian+squid on that tor vm to sniff for and catch reg-ex's that look like your public IP or PII.

  22. Re: Or so they say... by Frosty+Piss · · Score: 2

    Jury Nullification

    The reality is that this almost never happens. And it will not happen in this case, where the "defendant" is not only accused of being a drug kingpin, but also of putting out "hits" on people he didn't like. He's not going to look good to a jury. Say what you will about drug laws, but this guy "allegedly" took substantial steps to murder people.

    --
    If you want news from today, you have to come back tomorrow.
  23. Re:Or so they say... by wiredlogic · · Score: 3, Insightful

    It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.

    Parallel Construction doesn't catch criminals. It hides criminal activity by the government. It is an institutionalized form of lying which isn't acceptable in our court system.

    --
    I am becoming gerund, destroyer of verbs.
  24. Re:Or so they say... by Noah+Haders · · Score: 2

    the situation is analogous to the poor dudes in gitmo. Everybody knows they're not terrorists, yet because they were seized illegally there's no way for the justice system to process them.

    I'm puzzled by this one. Surely all the justice system needs to do is say "The U.S. Constitution binds the actions of the U.S. government even outside U.S. territory" and then admit a writ of habeas corpus?

    well, that's the rub. there's no way to transfer the prisoners from gitmo to a regular prison, because if the justice department brought these people to a civilian court, the judges would laugh them out of court, give the defendants a condolence basket, and buy them a free ticket home. it's really hard to send them abroad, because all other countries have refused to take them and have responsibility for them. And Obama doesn't want to cut them loose - not in an election year! so these poor people, who everybody agrees are innocent, are stuck in in a military prison. Oh yeah, they also have restricted access to lawyers so it's hard for them to even defend themselves. way to go Obama.

    all this being said, I never understood what a "writ of habeas corpus" meant.

  25. Re: Or so they say... by letherial · · Score: 2

    It was also congress that insists that they stay.

    Honestly this whole blame the president is getting tiresome, this is a failure of the US government and all branches should be held accountable...our government is a embarrassment and there is no one side that is more embarrassing then the other..they are all corrupt cronies without a ounce of humanity to them.

  26. Re: Or so they say... by Noah+Haders · · Score: 2

    dude, chillax on this bush vs. Obama stuff. Obama has been leader of the free world for 6 years now. on day one he promised to close gitmo. we can criticize Obama for his failures, without caveating that with the failures from prior adminsitrations. history will judge GWB.

  27. Re:Or so they say... by AntiAntagonist · · Score: 2

    The intelligence agency has done this before to help the DEA and domestic law enforcement. Parallel construction has been proven for other investigations. It's unlikely any of them will give it up until they are forced to do so. https://www.muckrock.com/news/... http://www.reuters.com/article...

  28. Re: Or so they say... by omnichad · · Score: 2

    I posted this reply to the wrong place the first time. So here I go again:

    No - anyone who knows anything about subject matter involved in a trial (computers, forensics, medicine, etc.) will be excluded from the jury during the selection process with the attorney's. You're supposed to have people who will only listen to the "expert witness" and not use your own knowledge. It's a certain guarantee that this skews the jury pool toward people a little dumber than you'd want.

  29. Re: Or so they say... by SomePoorSchmuck · · Score: 2

    It's like you have no clue how jury selection works; and have only seen the movie Runaway Jury. Juries can vary in size, anywhere between 6-12 plus backups totaling about 15-30. Attorneys can only challenge the selection a set number of times. Most cases this is 3. So in a majority of cases at least one juror is completely untouchable by the attorneys (if you exclude the backup set).

    I've been through voir dire twice and in both cases (criminal assault) not only did the attorneys get their allotted strikes, but toward the end of the questioning process the judge also had notes and called certain members of the pool to the bench and further questioned them about their opinions, dismissing some of them to go home. The judge is already there as a representative of the State, so naturally his dismissals will also tend to enforce jury orthodoxy. No libertarian who believes in nullification is EVER getting on a jury unless he perjures himself.

    --

    Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
  30. 127.0.0.1 by ehiris · · Score: 2

    The IP will probably be revealed as being 127.0.0.1.

    The judge will accept it as evidence, and the jury will convict because we are still living in a society of imbeciles trying to impose on how everyone should live under the premise that they know better as a collective decider.

    We are destroying basic human rights and severely punishing people simply so we can "show them a better path" in life.

    It's absurd. Why can't we just close all these ineffective branches of government fighting pseudo crimes already?