Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers

Posted by samzenpus on from the try-and-try-again dept.

An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"

16 of 142 comments (clear)

  1. Re:With Tor you have expectation of anonymity... by sinij · · Score: 3, Informative

    No you don't have expectation of anonymity anywhere, but with Tor breaching your anonymity is prohibitively expensive for most scenarios.

  2. Re:Or so they say... by Anonymous Coward · · Score: 4, Insightful

    At least that is what they are saying...

    I think you misunderstand something. It doesn't matter if they are lying through their teeth when they say that. Because they claim it to be true, we can use that as further justification that the NSA's mass-surveillance hasn't done squat.

  3. Re:Or so they say... by Noah+Haders · · Score: 5, Insightful

    Two words: parallel construction.

  4. We'll never know by sasparillascott · · Score: 5, Insightful

    Back in 2006 it was already out that the NSA was sharing information with the FBI among others:

    http://www.washingtonpost.com/...

    With multiple leaders of the U.S. intelligence apparatus having been caught lying under oath, we'll never know. One of the techniques is for the NSA to pinpoint something then the FBI look at the target and find something else they can label as the "reason" they found out about it.

    At this point, because of our government's shortsighted decision's (Bush/Obama) to pursue and institute a surveillance state (ala East Germany), we'll never know what the story was here and have to take any claim from the Feds with a huge dose of skepticism.

  5. Analyzing the FBI's Explanation of How They Locate by I)_MaLaClYpSe_(I · · Score: 4, Insightful
    not at all:

    https://www.nikcub.com/posts/a...

    If you still believe that the server was discovered in the way the FBI described it - try it. I did. I setup a virtual machine with a web server running a Tor hidden server. I then accessed the hidden server over Tor and looked at the traffic. No matter how much I intentionally misconfigured the server, or included scripts from clearnet hosts, I never observed traffic from a non-Tor node or a "real" IP address.

  6. Re: Or so they say... by Anonymous Coward · · Score: 5, Informative

    You need the link to wikipedia so the regular folk know what youre talking about

      parallel construction

    But there is nothing you, the citizen, can do about it.

  7. Re:Or so they say... by silas_moeckel · · Score: 4, Insightful

    Parallel construction is a farce and has no place in a legal system. The defendant is being intentionally lied to and thus unable to defend themselves. If you can not say how you got the info they should not be able to use it. Same goes for confidential informants. The people the NSA should be spying on are supposed to be dealt with via the CIA aka outside of the country assassinations.

    --
    No sir I dont like it.
  8. Re:Analyzing the FBI's Explanation of How They Loc by Rich0 · · Score: 4, Interesting

    Stick a php_info in your code or something equivalent. I don't believe the FBI was claiming that they received traffic from a non-tor IP, but rather that they received an IP address somewhere in the data sent over tor.

    Nothing in tor prevents you from sending your name, address, and social security number in the html of a webpage that you serve. If I wanted to depend on a website remaining anonymous over tor I'd probably stick the entire thing on a private network (with private IPs) such that none of the machines ever contained identifying information (including traceable machine IDs or MACs/etc), heavily firewall it, and carefully control that nothing goes out except via tor. I'd treat every device on the network as if it were compromised and intentionally trying to communicate out every bit of data stored within, so it would be essential that none of these devices contain any information worth stealing.

  9. Seems unlikely to me by phorm · · Score: 4, Insightful

    It's not about a server misconfiguration.
    TOR connections are tunnels. You don't have to configure your webserver etc for TOR, your machine just has to behind a firewall etc that doesn't allow the traffic out (or really, a router that just doesn't NAT it in). The only way to access the webserver would be through the tunnel, so no TOR=no access.

    I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.

    1. Re:Seems unlikely to me by _xeno_ · · Score: 3, Interesting

      The only way I can think of to accidentally do what the FBI is claiming is if he just grabbed an poorly written CAPTCHA program off the Internet and it constructed its own URLs back to the server using the server's IP address.

      Why it would do that instead of using the configured server name or, even better, just use a relative URL would be anyone's guess. But it's the only plausible way for the FBI's explanation to make any sort of sense.

      (Or, to put it another way, they're almost certainly lying.)

      --
      You are in a maze of twisty little relative jumps, all alike.
    2. Re:Seems unlikely to me by TheCarp · · Score: 4, Interesting

      > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on
      > a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP
      > and/or put the equivalent to a home internet router in front of it.

      as much as I would like to not believe it, this is one of those cases where, he has to be perfect every time, they have to catch him slipping up once.

      I don't know what his stack was, but typically, there are a lot of places information can leak. Including in error messages.

      The reality is, no hidden service (that isn't intentionally also a non-hidden one) should have a public IP where it can be reached. The last public endpoint should be its tor node, and the tor node itself should then only contact it via private IPs. It should then also only contact its backend databases by private IPs.

      If that means you have to setup backend VPNs for the transport.... then guess what....that means you have to setup backend VPNs for the transport.

      Frankly, what this guy did, overall, wasn't all that impressive. He put a bunch of tools together. He didn't develop tor, he just made the obvious leap. Being more willing to take the risk doesn't mean you are the best of the best, it just means you are confident enough to risk a fall on your face.

      --
      "I opened my eyes, and everything went dark again"
  10. Given that PayPal, banks make mistakes regularly by raymorris · · Score: 4, Insightful

    > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server

    Do you find it hardto believe that Paypal's engineers make significantly more obvious mistakes? They do, of course. The thing about crime, and security, is that you can do a hundred things just right, and be taken down by the one thing you missed. It's adversarial like sports, but unlike sports 47-2 is a losing score for the team who scored 47. Those two items on which you let the authorities score put you in prison.

  11. Re: Or so they say... by irq-1 · · Score: 5, Informative

    You need the link to wikipedia so the regular folk know what youre talking about

    parallel construction

    But there is nothing you, the citizen, can do about it.

    Jury Nullification

  12. Re:Or so they say... by Noah+Haders · · Score: 4, Insightful

    It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.

    Which is why it was a dumb idea to break the rules in the first place.

    Yes absolutely correct. If the cops show themselves to be untrustworthy, then the whole law enforcement chain of evidence falls apart. This is the elephant in the room for the supreme court decision earlier this year, in which they ruled that police could stop and search somebody based on an "anonymous tip". And yet the law enforcement has been proven to sanction and encourage PC (part of the FBI docs earlier, in which LEOs got access to NSA data, was a manual saying the cops should use PC so they don't have to reveal the FBI/CIA program in court).

    the situation is analogous to the poor dudes in gitmo. Everybody knows they're not terrorists, yet because they were seized illegally there's no way for the justice system to process them. but the military doesn't want to just set them free, because certain parts of the country and certain news channels would flip out. So they just sit in jail and wait, while becoming terrorists. wouldn't you?

  13. Re: Or so they say... by Dr.+Evil · · Score: 5, Interesting

    The examples from the wiki describe situations where the initial source was legal, but protected. E.g., placing a sting in the path of a suspect on the word of a protected informant, then omiting the reason for their 'luck' in finding the suspect. Or e.g., withholding NSA wiretaps from DEA until the citizen or geography of the source is determined to be foreign (unethical, but not illegal).

    In this case, they would be seizing servers (illegally), then searching them for a weakness to cover their asses, then lying to the judge about it(illegal), and hoping the logs agree with their probes (possibly revealing their lies), or altering them to match (illegal).

    I might be naive, but I think the discovery of the IP source through the weakness in the captcha is totally plausible. I also think that Joe law enforcement officer doesn't want to end his career in disgrace over something like this.

  14. Re:Or so they say... by wiredlogic · · Score: 3, Insightful

    It would be unfortunate if PC backfires and results in releasing the bad guys it was intended to catch.

    Parallel Construction doesn't catch criminals. It hides criminal activity by the government. It is an institutionalized form of lying which isn't acceptable in our court system.

    --
    I am becoming gerund, destroyer of verbs.