- cypherpunks - lists.cpunks.org

[cryptome] snaps
by Eugen Leitl 09 Oct '13

09 Oct '13

----- Forwarded message from taxakis <taxakis(a)gmail.com> ----- Date: Wed, 9 Oct 2013 15:31:24 +0200 From: taxakis <taxakis(a)gmail.com> To: cryptome(a)freelists.org Subject: [cryptome] snaps Message-ID: <019501cec4f3$da288a30$8e799e90$@com> X-Mailer: Microsoft Office Outlook 12.0 Reply-To: cryptome(a)freelists.org Backdoors revisited by Ed Felten: https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003 / with a referral to: https://lwn.net/Articles/57135/ Blackhole malware exploit kit suspect arrested: http://www.bbc.co.uk/news/technology-24456988 How Lavabit Melted Down: http://www.newyorker.com/online/blogs/elements/2013/10/how-lavabit-edward-sn owden-email-service-melted-down.html ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

Re: NSA UTAH data center
by John Young 09 Oct '13

09 Oct '13

The NSA Data Center is bit more complicated than the usual commercial hotel or center, and perhaps is unprecedented, thus haunted by errata. It is composed of two apparently identical facilities, mirror images of one another, connected by an administrative block. Each facility has a data unit, a pair of 16-generator units, a bank of cooling towers, fuel tanks and appurtances. There is a single conventional electrical sub-station for the complex. It is it not known if both facilities were affected or only one of them. Nor is not known whether the power surges came from the conventional electrical power system or the generators, or from testing the emergency shutdown of the conventional and the kick-in of the back-up gen sets. Perhaps both powered up briefly simultaneously, overloaded surge protectors failed, excessive juice blasted the cables, panels, processors. The relatively small dollar amounts indicate that only some parts were affected. An odd feature is the banana shape, with non-parallel units, whether for aesthetics or to avoid some unknown richochet of parallelism so common in DoD and most other facilities. Imagine that the lack of parallelism, surely due to the conceit of crazed design architects eager to be different from insanely rational engineers, caused bizarre effects, or the engineers fought back with the customary make-work sabotage. This theory is most pleasing to this nuthouse designer. It fits the welter of new USG facilities worldwide which appear to have been designed by and for the bureaucratcially insane, aptly, expense not even considered, exemplary bloat essential, security bollixed to the max, national debt boosting cost over-runs and late completion obligatory for congressional inspection junkets, followed quickly by applaudable manifold jobs making repair of faults, corrections of errant design, IG investigations squelched and bigger appropriations next time. For evidence peruse the the bloated list of USG and commercial work by the data center architects, KlingStubbins. This is USACE and GSA heaven-sent pork unbridled by modesty of pre-911 war-winding-down pecuniousness. http://www.klingstubbins.com/clientlist/clientlist_alphabetical.html Then see the twisted edifice psycholpathology spread: the mirror-funhouse new headquarters for Canadian Communications Security Establishment in which the architects have been Boozed-Allened to barbarize disorienting havoc in concert with the agency's mission to cackle and banshee at the humongous wastage: http://www.hdrinc.com/portfolio/communications-security-establishment-canad… This is what has come from the massively copulating Internet, data, metadata, teradata, supercalifornication data. Imaginary only to be sure, processors idled, generators asleep, power errantly dribbling like release of Snowden's imaginary booze distillery.

2 1

NSA UTAH data center
by brian carroll 09 Oct '13

09 Oct '13

Power surges 'cripple NSA data centre' http://www.bbc.co.uk/news/technology-24443266 "It said civil contractors were confident the problem had been solved but a special US Army engineer investigation team had said the cause was "not yet sufficiently understood" to be sure that it would not happen again."

5 4

Re: [guardian-dev] Gibberbot: add strong encryption level
by Eugen Leitl 09 Oct '13

09 Oct '13

----- Forwarded message from Nathan of Guardian <nathan(a)guardianproject.info> ----- Date: Wed, 09 Oct 2013 05:53:49 -0400 From: Nathan of Guardian <nathan(a)guardianproject.info> To: Satz Klauer <satzklauer(a)googlemail.com> Cc: Guardian Project mailing lists <guardian-dev(a)lists.mayfirst.org> Subject: Re: [guardian-dev] Gibberbot: add strong encryption level Message-ID: <525527AD.9060905(a)guardianproject.info> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8 On 10/09/2013 01:28 AM, Satz Klauer wrote: > Sorry, I don't agree with you. Servers are "secured" by self-signed > certificates mainly. If not the whole certificate thingy itself is not > secure (as we have seen last years where certificate authorities have > been hacked and crackers have created their own, fully valid but wrong > certificates). Gibberbot v12 (aka "ChatSecure") does not use any Certificate Authority root trust anymore. We either use certificate pinning for known services like Google, Dukgo, Facebook, etc, or we present a dialog with the certificate information for manual verification. That said, as others have pointed out, the *entire* point of OTR is that you are not trusting the transport encryption or chat server with your message encryption. Even if the server is 100% compromised, you have a means to know that your session is being MITM'd as well, if you perform the verify stap. More on that below... > So key exchange is done via an insecure channel, a person does not > know who gets the key or if there is a man in the middle. So this > mechanism provides some elusory security. OTR provides two mechanisms for verification of a key, and we have worked to make it very easy in Gibberbot/CS to perform this operation, through a few actions. Once you start an OTR session up, you are prompted to "Tap to verify". This brings up the profile dialog box with three options 1) Manually verify fingerprint of the person you are chatting with by visually comparing your fingerprints (over the phone, etc) 2) Scan the fingerprint of the person using a QR code / barcode scanner, if you are standing near them 3) Use a Question+Answer or Shared Secret method to authenticate session (based on the OTR "Socialist Millionaire" protocol) from inside the OTR chat itself Once you've done this, you can trust that your session is private and not being intercepted. Otherwise, your concept about generating static keys outside of the session, and pre-sharing and verifying them directly with your contact is great... it's called OpenPGP! Many people have been asking to add some form of PGP support into Gibberbot/CS, and we are considering it. +n _______________________________________________ Guardian-dev mailing list Post: Guardian-dev(a)lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen(a)leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

Attacking Tor: how the NSA targets users' online anonymity
by Eugen Leitl 09 Oct '13

09 Oct '13

(Use VM jails with amnesiac distros like Tails for daily browsing, separate security compartments using CubeOS and related, use air gap with USB sneakernet (using *nix with no USB autorun) to encrypt/decrypt and maintain sensitive information in general). http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-a… Attacking Tor: how the NSA targets users' online anonymity Secret servers and a privileged position on the internet's backbone used to identify users and attack target computers Bruce Schneier theguardian.com, Friday 4 October 2013 15.50 BST Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. Photograph: Magdalena Rehova/Alamy The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world. According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser. The NSA refers to these capabilities as CNE, or computer network exploitation. The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney. The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections. Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic. The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US. After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems. Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA. Exploiting the Tor browser bundle Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly. This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle. According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR. The Quantum system To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server. In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks. They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack. The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access". This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique. The FoxAcid system According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate. The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA. However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks. FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag [LINK REMOVED] is given in another top-secret training presentation provided by Snowden. There is no currently registered domain name by that name; it is just an example for internal NSA training purposes. The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSA operation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it. According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets. The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target's technical sophistication, the value of the exploit, and other considerations. In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers. FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. One of the top-secret documents provided by Snowden demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process. According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer. These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual. FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version 8.2.1.1 of one of them. FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process. The NSA also uses phishing attacks to induce users to click on FoxAcid tags. TAO additionally uses FoxAcid to exploit callbacks – which is the general term for a computer infected by some automatic means – calling back to the NSA for more instructions and possibly to upload data from the target computer. According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install "implants" designed to exfiltrate data. By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all.

1 0

Re: [drone-list] Joshua Foust on LARs
by Eugen Leitl 09 Oct '13

09 Oct '13

----- Forwarded message from Ali-Reza Anghaie <ali(a)packetknife.com> ----- Date: Tue, 8 Oct 2013 22:38:41 -0400 From: Ali-Reza Anghaie <ali(a)packetknife.com> To: drone-list <drone-list(a)lists.stanford.edu> Subject: Re: [drone-list] Joshua Foust on LARs Message-ID: <CAPKVt5+brytR4KqXYTywFQpCECHv347Y9msdywBv+r8_M1AD=Q(a)mail.gmail.com> Reply-To: drone-list <drone-list(a)lists.stanford.edu> On Tue, Oct 8, 2013 at 10:34 PM, Gregory Foster <gfoster(a)entersection.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > National Journal (Oct 8) - "Soon, Drones May Be Able to Make Lethal > Decisions on Their Own" by @JoshuaFoust: > http://www.nationaljournal.com/national-security/soon-drones-may-be-able-to… > > This unusual article is belied by its title, as it seems to marshal > evidence against the likelihood of military usage of lethal autonomous > robots (LARs) citing the very real fear of political consequences. > But freelance journalist Joshua Foust is a hawk and military realist, > so here's his hidden suggestion offered after illustrating how command > and control is a weak link in the global drone war machine: > >> It may be that the only way to make a drone truly secure is to >> allow it to make its own decisions without a human controller: if >> it receives no outside commands, then it cannot be hacked (at least >> as easily). And that's where LARs, might be the most attractive. > > gf I find his tone here curious since he is also quite insistent that NSA abuse is fairly mundane and - while agreeing with calls for more technical controls - seems perfectly happy to consider the existing ones good enough to agree with the NSA's assertions "no harm, no foul".. I also think that assertion of human control is glib-ludicrous, especially after calling out (rightfully) Greenwald's sudden "expertise" on all matters technical. I like Foust generally but he keeps getting the idea of controls balanced against human activity wrong IMO. -Ali -- Want to unsubscribe? Want to receive a weekly digest instead of daily emails? Change your preferences: https://mailman.stanford.edu/mailman/listinfo/drone-list or email companys(a)stanford.edu ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

NSA UTAH data center Power Consumption FOIA
by Moritz 09 Oct '13

09 Oct '13

https://www.muckrock.com/foi/united-states-of-america-10/nsas-utah-data-cen… "This is a request under the Freedom of Information Act. I hereby request the following records: A copy of any letters, emails, or other communications sent or received by the NSA to any representatives of Utah government agencies or policy makers regarding utility rates and taxes in connection with the NSA's Utah Data Center and/or Utah HB325." "As stated in our previous letter dated 14 June 2013, and based on the information you provided in your letter, you are considered an "all other" requester. You must pay for search time in excess of 2 hours and duplication in excess of 100 pages. We have expended your two free hours of search and some responsive records were located within that timeframe. A detailed review to determine the releasability of this information is required. We estimate that the costs involved to further search for material responsive to your request will be approximately $264.00. "

1 0

[RISKS] Risks Digest 27.51
by RISKS List Owner 08 Oct '13

08 Oct '13

RISKS-LIST: Risks-Forum Digest Tuesday 8 October 2013 Volume 27 : Issue 51 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.51.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Cyber Schools Fleece Taxpayers for Phantom Students and Failing Grades (Mary Bottari) Our Founding Fathers wisely recognized the risks in voting (Paul Robinson) "Beyond the bottom line: The true cost of patent trolls" (Serdar Yegulalp via Gene Wirchenko) Risks of politics (Chris Adams) Lowering Your Standards: DRM and the Future of the W3C (Danny O'Brien via Dewayne Hendricks) Why you can't stop checking your phone (Monty Solomon) Silk Road's founder arrested (PGN) Technologists' Comment to the NSA Review Group (Joseph Lorenzo Hall) Re: Cost and Responsibility for Snowden's Breaches (Robert R. Fenichel) Bruce Schneier: NSA attacks Internet (via Steven J. Greenwald) Mugged by a Mug Shot Online (David Segal via Matthew Kruk) Adobe Announces Security Breach (David Kocieniewski via Matthew Kruk) Notarizations Go Digital in North Carolina (Gabe Goldberg) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 3 Oct 2013 14:02:08 PDT From: "Peter G. Neumann" <neumann(a)csl.sri.com> Subject: Cyber Schools Fleece Taxpayers for Phantom Students and Failing Grades (Mary Bottari) Mary Bottari, PRWatch: In recent years, there has been an explosion of full-time `virtual' charter schools paid for by the taxpayer. K12 Inc. and ALEC have pushed a national agenda to replace brick-and-mortar classrooms and hands-on teaching with computers and "distance learning." http://www.prwatch.org/news/2013/10/12257/junk-bonds-junk-schools-fleece-ta… ------------------------------ Date: Mon, 7 Oct 2013 11:57:41 -0700 (PDT) From: Paul Robinson <paul(a)paul-robinson.us> Subject: Our Founding Fathers wisely recognized the risks in voting Every two years I become a county employee, for two days. I work at the polling place as an election judge on the Primary election and the General election. I'm one of those petty bureaucrats that make you stand in line for hours and prevent you from voting. All kidding aside, I'm proud of the fact that at our little polling place, even under heavy loads of people showing up, 95% of the time, people are inside, already having been checked in and are simply waiting to use one of the voting machines. So, anyway, I point out to the other election judges the true reasons why the United States usually holds elections on "The First Tuesday after the First Monday" in the month of the election. Consider that when our forefathers set up this country, they didn't let every one who was over 21 and had a pulse (or even if they don't if you live in Chicago), you had to be a wealthy landholder, which almost always meant you were a rich, white male. Well, that usually meant you had a household to run and if the election fell on the first of the month, you might not have time to saddle your horse or hitch up your horse and buggy and ride for hours all the way to the polls, it was a long trek, and you had bills to pay and accounts to settle. So they wanted the election not to be on the 1st of the month. Now, they also didn't want the election falling on Monday. After a weekend of binge drinking - especially on Sunday, where, if you weren't binge drinking you might have to stay awake on Sunday when you're in church where the preacher would be giving his dull, boring sermon, and if you stayed awake long enough you might realize how really dull and boring he was and pull out your ball and powder pistol and plug him just for the fun of it or to get some excitement in your life - you'd be so hung over Monday morning that you wouldn't be able to see straight, let alone be able to vote. So, that's why elections are held on Tuesday so that hopefully you'd be sober and not suffering too much from a hangover. Those founding fathers were no dummies. Speaking of plugging people, that's also the reason Wyoming was the first state to give women the right to vote. A couple thousand years ago, the way you moved from Slave or peon to Citizen in Imperial Rome was you raised enough money to afford a sword and shield; you could now show anyone who dared to try to enslave you, a blade. Well, out west, women had to go armed. On the East Coast, this was rare; out west, there were lots of threats from rattlesnakes, both the ones with a tail and the ones on two legs; the best protection against sexual assault was a Colt .45, where it was said, "All men were created equal, but Samuel Colt allowed them to stay that way." and women going armed also made them equal to any man. So, a woman spent several hours to get to the polling place where she walks up to someone like me, rests her hands on her pistols, and declares that she wants to vote. That registrar is not going to tell some woman who's packing heat that she came out there for nothing, he's liable to soon become a permanent resident of Boot Hill. So, women having arms gave them the power to vote, which is usually where people got the power to vote, because they had the power to use violence if they were denied it. Paul Robinson <paul(a)paul-robinson.us> - http://paul-robinson.us ------------------------------ Date: Fri, 04 Oct 2013 12:54:50 -0700 From: Gene Wirchenko <genew(a)telus.net> Subject: "Beyond the bottom line: The true cost of patent trolls" (Serdar Yegulalp) Serdar Yegulalp | InfoWorld, 4 Oct 2013 Beyond the bottom line: The true cost of patent trolls The costs of patent trolling often aren't directly visible, but the benefits of fighting back are coming to light http://www.infoworld.com/t/intellectual-property/beyond-the-bottom-line-the… ------------------------------ Date: Tue, 1 Oct 2013 19:43:42 -0400 From: Chris Adams <chris(a)improbable.org> Subject: Risks of politics I noticed a fair amount of discussion today from people dealing with key resources disappearing from government servers: * XML parsers choking on documents which use a DTD maintained by a government organization: https://plus.google.com/u/0/106980687849423472398/posts/b1ubKCPJmy7 (A recurring RISK of an XML implementation anti-pattern: see the 2008 W3C post about the DoS effect of owning popular XML standards: http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/) * Dan Chudnov and Becky Yoose created mirrors of key Library of Congress datasets: https://twitter.com/dchud/status/385061127010668544 https://twitter.com/yo_bj/status/385070010965585921 * Ed Summers, a coworker at LC, posted about Linked Open Data disappearing and various challenges in distributed replication: http://inkdroid.org/journal/2013/09/30/preserving-linked-data/ * Code for America mirrored various census.gov datasets: http://forever.codeforamerica.org/Census-API/shutdown-2013.html * The Sunlight Foundation had a good general post talking about how they are impacted by canonical sources disappearing: http://sunlightfoundation.com/blog/2013/09/30/what-happens-to-gov-in-a-shut… The meta- risk here is assuming that any single point can be too big to fail. Government agencies commonly put considerable resources into making sure that a disaster won't take them offline but it's impossible to deal with a political crisis which prevents you from incurring any new expense whatsoever. That's where the more interesting questions for designing resilient systems come up because questions like replication and trust really need to be considered first-class requirements. Using a protocol like BitTorrent could solve many of the challenges for widely replicating large datasets but it would still require some sort of attestation protocol to decide what copies are trustworthy. One more technical aspect is also the benefit to reusing standard Web technologies where possible: much of the data which currently down can be recovered from the Internet Archive if it's easily accessible to crawlers. An unlinked API or anything with access control will fail much harder. ------------------------------ Date: Oct 3, 2013 3:42 PM From: "Dewayne Hendricks" <dewayne(a)warpspeed.com> Subject: Lowering Your Standards: DRM and the Future of the W3C (Danny O'Brien) Danny O'Brien, EFF, 2 Oct 2013 (via Dave Farber) <https://www.eff.org/deeplinks/2013/10/lowering-your-standards> On Monday, the W3C announced that its Director, Tim Berners-Lee, had determined that the "playback of protected content" was in scope for the W3C HTML Working Group's new charter, overriding EFF's formal objection against its inclusion. This means the controversial Encrypted Media Extension (EME) proposal will continue to be part of that group's work product, and may be included in the W3C's HTML5.1 standard. If EME goes through to become part of a W3C recommendation, you can expect to hear DRM vendors, DRM-locked content providers like Netflix, and browser makers like Microsoft, Opera, and Google stating that they can now offer W3C standards compliant "content protection" for Web video. We're deeply disappointed. We've argued before as to why EME and other protected media proposals are different from other standards . By approving this idea, the W3C has ceded control of the "user agent" (the term for a Web browser in W3C parlance) to a third-party, the content distributor. That breaks a -- perhaps until now unspoken -- assurance about who has the final say in your Web experience, and indeed who has ultimate control over your computing device. EFF believes that's a dangerous step for an organization that is seen by many as the guardian of the open Web to take. We have rehashed this argument many times before, in person with Tim Berners-Lee, with staff members and, along with hundreds of others, in online interactions with the W3C's other participants. But there's another argument that we've made more privately. It's an argument that is less about the damage that sanctioning restricted media does to users, and more about the damage it will do to the W3C. At the W3C's advisory council meeting in Tokyo, EFF spoke to many technologists working on Web standards. It's clear to us that the engineering consensus at the consortium is the same as within the Web community, which is the same almost anywhere else: that DRM is a pain to design, does little to prevent piracy, and is by its nature user-unfriendly. Nonetheless, many technologists have resigned themselves to believing that until the dominant rights holders in Hollywood finally give up on it (as the much of the software and music industry already has), we're stuck with implementing it. The EME, they said, was a reasonable compromise between what these contracts demand, and the reality of the Web. A Web where movies are fenced away in EME's DRM-ridden binary blobs is, the W3C's pragmatists say, no worse than the current environment where Silverlight and Flash serve the purpose of preventing unauthorized behavior. We pointed out that EME would by no means be the last "protected content" proposal to be put forward for the W3C's consideration. EME is exclusively concerned with video content, because EME's primary advocate, Netflix, is still required to wrap some of its film and TV offerings in DRM as part of its legacy contracts with Hollywood. But there are plenty of other rightsholders beyond Hollywood who would like to impose controls on how their content is consumed. Just five years ago, font companies tried to demand DRM-like standards for embedded Web fonts. These Web typography wars fizzled out without the adoption of these restrictions, but now that such technical restrictions are clearly "in scope," why wouldn't typographers come back with an argument for new limits on what browsers can do? Indeed, within a few weeks of EME hitting the headlines, a community group within W3C formed around the idea of locking away Web code, so that Web applications could only be executed but not examined online. Static image creators such as photographers are eager for the W3C to help lock down embedded images. Shortly after our Tokyo discussions, another group proposed their new W3C use-case: "protecting" content that had been saved locally from a Web page from being accessed without further restrictions. Meanwhile, publishers have advocated that HTML textual content should have DRM features for many years. In our conversations with the W3C, we argued that the W3C needed to develop a clearly defined line against the wave of DRM systems it will now be encouraged to adopt. ... Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/> ------------------------------ Date: Mon, 7 Oct 2013 10:38:14 -0400 From: Monty Solomon <monty(a)roscom.com> Subject: Why you can't stop checking your phone To fight texting and driving means confronting a bigger problem, say experts: our technology is reprogramming us. Leon Neyfakh, *The Boston Globe*, 6 Oct 2013 DRIVE FOR LONG ENOUGH in America, and you're bound to see someone texting behind the wheel. Maybe it'll be the guy ahead of you, his head bobbing up and down as he tries to balance his attention between his screen and his windshield. Or maybe it'll be the woman weaving into your lane, thumbing at her phone while she holds it above the dashboard. Maybe it'll be you. A recent study by the Virginia Tech Transportation Institute showed that drivers who are texting are twice as likely to crash, or almost crash, as those who are focused on the road. It's a disturbingly common habit: According to a survey analyzed by the Centers for Disease Control and Prevention, nearly one-third of American adults had e-mailed or texted on their phones while driving at least once during the previous month. And while most get away with it unscathed, many do not. The National Safety Council estimates that 213,000 car crashes in the United States in 2011 involved drivers who were texting, up from 160,000 the year before. ... http://www.bostonglobe.com/ideas/2013/10/06/why-you-can-stop-checking-your-… ------------------------------ Date: Wed, 2 Oct 2013 13:57:03 PDT From: "Peter G. Neumann" <neumann(a)csl.sri.com> Subject: Silk Road's founder arrested Ross William Ulbricht (a.k.a. Dread Pirate Roberts, a name well known from The Princess Bride) arrested in San Francisco, charged with conspiracy to distribute narcotics, computer hacking, money laundering, after at least two years of running an online black market for drugs. Silk Road is a service hidden by Tor's anonymization and operated as an "eBay for illegal goods and services." CNN reports that he had successfully been using Tor, but that his apprehension resulted after he posted his Gmail address online! [In the movie, Dread Pirate Roberts was not a unique identity, with multiple people taking on that alias. It is of course conceivable that there might be other DPRs lurking. PGN] Tim Hume, CNN, 5 Oct 2013 http://www.cnn.com/2013/10/04/world/americas/silk-road-ross-ulbricht/index.… Thomas Claburn, Information Week, 2 Oct 2013 http://www.informationweek.com/security/vulnerabilities/silk-road-founder-a… Brian Krebs on Security http://www.krebsonsecurity.com [no longer the first item. PGN] ------------------------------ Date: Saturday, October 5, 2013 From: Joseph Lorenzo Hall Subject: Technologists' Comment to the NSA Review Group EFF and CDT submitted a public comment to the NSA Review Group on behalf of 47 leading technologists (including yourself, of course!). It emphasizes the need for technical input into oversight processes, that the NSA is making everyone unsafe by planting backdoors and subverting encryption, and, finally, that U.S. commitments to privacy and civil liberties require honoring the human rights of non-U.S. people online. CDT blog post: https://www.cdt.org/tech-comment-nsa-review EFF blog post: https://www.eff.org/deeplinks/2013/10/47-prominent-technologists-nsa-review… PDF of comment: https://www.cdt.org/files/pdfs/nsa-review-panel-tech-comment.pdf CDT and EFF coordinated this effort on behalf of the following 47 technologists: Ben Adida Ross Anderson, University of Cambridge Dan Auerbach, Electronic Frontier Foundation Brian Behlendorf, Board Member at EFF, Mozilla, and Benetech Steven M. Bellovin, Columbia University Matt Blaze, University of Pennsylvania Scott Bradner, Harvard University Eric Burger, Georgetown University L. Jean Camp, Indiana University Stephen Checkoway, Johns Hopkins University Nicolas Christin, Carnegie Mellon University Alissa Cooper, Center for Democracy & Technology Lorrie Faith Cranor, Carnegie Mellon University Nick Doty, University of California, Berkeley/World Wide Web Consortium Jeremy Epstein, SRI International David Evans, University of Virginia David Farber, Carnegie Mellon University/University of Pennsylvania Stephen Farrell, Trinity College Dublin Joan Feigenbaum, Yale University Edward W. Felten, Princeton University Bryan Ford, Yale University Daniel Kahn Gillmor Matthew D. Green, Johns Hopkins University J. Alex Halderman, University of Michigan Joseph Lorenzo Hall, Center for Democracy & Technology James Hendler, Rensselaer Polytechnic Institute Nadia Heninger, University of Pennsylvania David Jefferson, Lawrence Livermore National Laboratory Micah Lee, Electronic Frontier Foundation Morgan Marquis-Boire, Citizen Lab, University of Toronto Siobhan MacDermott, AVG Technologies Jonathan Mayer, Stanford University Sascha Meinrath, Open Technology Institute, New America Foundation Peter G. Neumann, SRI International M. Chris Riley, Mozilla Phillip Rogaway, University of California, Davis Runa A. Sandvik, Independent Researcher Jeffrey I. Schiller, Massachusetts Institute of Technology Bruce Schneier, BT Seth Schoen, Electronic Frontier Foundation Micah Sherr, Georgetown University Christopher Soghoian, American Civil Liberties Union Ashkan Soltani, Independent Researcher Brad Templeton, Electronic Frontier Foundation/Singularity University Dan S. Wallach, Rice University Nicholas Weaver, International Computer Science Institute Philip Zimmermann, Silent Circle LLC https://josephhall.org/ ------------------------------ Date: Tue, 01 Oct 2013 15:14:53 -0700 From: "Robert R. Fenichel" <bob(a)fenichel.net> Subject: Re: Cost and Responsibility for Snowden's Breaches (RISKS 27.50) Jonathan S. Shapiro's statement that The only questions were *who* would leak it and *how soon*. It happened to be Snowden, but if not for Snowden it would have been somebody else. is optimistic. Snowden was the first one to reveal some of NSA's activities to responsible journalists, but there's no reason to believe that there were not earlier leakers of the NSA-induced vulnerabilities, leaking to less savory recipients than the NYT and the Guardian. Robert R. Fenichel, M.D. http://www.fenichel.net ------------------------------ Date: Tue, 8 Oct 2013 08:47:03 -0400 (GMT-04:00) From: "Steven J. Greenwald" <sjg6(a)gate.net> Subject: Bruce Schneier: NSA attacks Internet (*The Guardian*) Bruce Schneier, theguardian.com, 4 October 2013 Why the NSA's attacks on the Internet must be made public By reporting on the agency's actions, the vulnerabilities in our computer systems can be fixed. It's the only way to force change. http://www.theguardian.com/commentisfree/2013/oct/04/nsa-attacks-internet-b… Today, the Guardian is reporting on how the NSA targets Tor users, along with details of how it uses centrally placed servers on the Internet to attack individual computers. This builds on a Brazilian news story from last week that, in part, shows that the NSA is impersonating Google servers to users; a German story on how the NSA is hacking into smartphones; and a Guardian story from two weeks ago on how the NSA is deliberately weakening common security algorithms, protocols, and products. The common thread among these stories is that the NSA is subverting the Internet and turning it into a massive surveillance tool. The NSA's actions are making us all less safe, because its eavesdropping mission is degrading its ability to protect the US. Among IT security professionals, it has been long understood that the public disclosure of vulnerabilities is the only consistent way to improve security. That's why researchers publish information about vulnerabilities in computer software and operating systems, cryptographic algorithms, and consumer products like implantable medical devices, cars, and CCTV cameras. It wasn't always like this. In the early years of computing, it was common for security researchers to quietly alert the product vendors about vulnerabilities, so they could fix them without the "bad guys" learning about them. The problem was that the vendors wouldn't bother fixing them, or took years before getting around to it. Without public pressure, there was no rush. This all changed when researchers started publishing. Now vendors are under intense public pressure to patch vulnerabilities as quickly as possible. The majority of security improvements in the hardware and software we all use today is a result of this process. This is why Microsoft's Patch Tuesday process fixes so many vulnerabilities every month. This is why Apple's iPhone is designed so securely. This is why so many products push out security updates so often. And this is why mass-market cryptography has continually improved. Without public disclosure, you'd be much less secure against cybercriminals, hacktivists, and state-sponsored cyberattackers. The NSA's actions turn that process on its head, which is why the security community is so incensed. The NSA not only develops and purchases vulnerabilities, but deliberately creates them through secret vendor agreements. These actions go against everything we know about improving security on the Internet. It's folly to believe that any NSA hacking technique will remain secret for very long. Yes, the NSA has a bigger research effort than any other institution, but there's a lot of research being done -- by other governments in secret, and in academic and hacker communities in the open. These same attacks are being used by other governments. And technology is fundamentally democratizing: today's NSA secret techniques are tomorrow's PhD theses and the following day's cybercrime attack tools. It's equal folly to believe that the NSA's secretly installed backdoors will remain secret. Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government. But it wouldn't take a rogue NSA employee; researchers or hackers could discover any of these backdoors on their own. This isn't hypothetical. We already know of government-mandated backdoors being used by criminals in Greece, Italy, and elsewhere. We know China is actively engaging in cyber-espionage worldwide. A recent Economist article called it "akin to a government secretly commanding lockmakers to make their products easier to pick -- and to do so amid an epidemic of burglary." The NSA has two conflicting missions. Its eavesdropping mission has been getting all the headlines, but it also has a mission to protect US military and critical infrastructure communications from foreign attack. Historically, these two missions have not come into conflict. During the cold war, for example, we would defend our systems and attack Soviet systems. But with the rise of mass-market computing and the Internet, the two missions have become interwoven. It becomes increasingly difficult to attack their systems and defend our systems, because everything is using the same systems: Microsoft Windows, Cisco routers, HTML, TCP/IP, iPhones, Intel chips, and so on. Finding a vulnerability -- or creating one -- and keeping it secret to attack the bad guys necessarily leaves the good guys more vulnerable. Far better would be for the NSA to take those vulnerabilities back to the vendors to patch. Yes, it would make it harder to eavesdrop on the bad guys, but it would make everyone on the Internet safer. If we believe in protecting our critical infrastructure from foreign attack, if we believe in protecting Internet users from repressive regimes worldwide, and if we believe in defending businesses and ourselves from cybercrime, then doing otherwise is lunacy. It is important that we make the NSA's actions public in sufficient detail for the vulnerabilities to be fixed. It's the only way to force change and improve security. Bruce Schneier writes about security, technology, and people. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive. He is a member of the EFF's board of directors. ------------------------------ Date: Sun, 6 Oct 2013 02:13:54 -0600 From: "Matthew Kruk" <mkrukg(a)gmail.com> Subject: Mugged by a Mug Shot Online (David Segal) David Segal, *The New York Times*, 5 Oct 2013 http://www.nytimes.com/2013/10/06/business/mugged-by-a-mug-shot-online.html… [This is a relatively long but remarkably well researched article on how mug shots persist even if the would-be culprit is exonerated, how a blackmail-like industry has developed to supposedly remove mug shots, how some real perps are able to get their mug shots removed, and much more. It is mandatory reading for RISKS readers. PGN] ------------------------------ Date: Fri, 4 Oct 2013 02:00:15 -0600 From: "Matthew Kruk" <mkrukg(a)gmail.com> Subject: Adobe Announces Security Breach (David Kocieniewski) David Kocieniewski, *The New York Times*, 3 Oct 2013 http://www.nytimes.com/2013/10/04/technology/adobe-announces-security-breac… Hackers infiltrated the computer system of the software company Adobe, gaining access to credit card information and other personal data from 2.9 million of its customers, the company acknowledged on Thursday. The security breach, which Adobe called a part of a "sophisticated attack," also allowed hackers to obtain encrypted passwords and other personal information from customers. Hackers also illegally took copies of the source code of some of the company's widely used products, which are run on personal computers and businesses servers around the world. There was no indication that the attackers obtained unencrypted credit card numbers, Adobe said in a statement. As a precaution, however, the company said it had notified customers and credit card companies about the breach and reset customer passwords to prevent further unauthorized access. "Cyberattacks are one of the unfortunate realities of doing business today," Adobe's chief security officer, Brad Arkin, wrote in a blog post on Thursday. "Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers." The breach at Adobe is one of a recent spate of hacking episodes at prominent organizations. Already this year, hackers have infiltrated database aggregators like Lexis-Nexis and Dun & Bradstreet and the security firm Kroll Associates, as well as the National White Collar Crime Center, which helps businesses protect their computer systems. Concerns about the security of data at Adobe were first raised last week, when a technology researcher and an independent journalist investigating the hacking episodes discovered copies of Adobe source code on a server that was believed to have been used in the previous attacks. Brian Krebs, the journalist, informed Adobe about his findings, and on Thursday publicly reported the hacking on his site, krebsonsecurity.com. One of the products that had its source code stolen is ColdFusion, which, according to Adobe, is used by the United States Senate, 75 of the Fortune 100 companies and more than 10,000 other companies worldwide. Adobe security officials said they were not aware of any specific risks to customers. But because the source code contains the DNA of the software program, computer experts said it could allow hackers to find and exploit any other potential weaknesses in its security. ------------------------------ Date: Tue, 01 Oct 2013 17:41:09 -0400 From: Gabe Goldberg <gabe(a)gabegold.com> Subject: Notarizations Go Digital in North Carolina North Carolina standardized a new process that allows for notarization to be completed electronically. Some state officials are calling the program the first and most robust move to e-notarizations on a statewide level. Notarizations are traditionally completed manually with paper documents and require an authorized "notary public" to approve, sign and seal official documents -- often for legal purposes. Laws require that when documents are notarized, both the notary public and the parties involved with the documents are physically present for the notarization. Although notarizations can now be completed electronically in North Carolina, often with the help of laptops or other mobile devices, the state still requires that both the notary and involved parties be physically present when the e-notarization transaction is completed. The move to digital notarizations was spearheaded by the Secretary of State's office and its current Secretary Elaine Marshall to enhance the signature value on official documents while still upholding statewide standards. http://www.govtech.com/computing/Notarizations-Go-Digital-in-North-Carolina… Aside from the usual "What could go wrong?" query, it's not really clear what's happening, since notary and involved parties must still be physically present. So only the documents can be electronic? Not a word about how they're presented, authenticated, protected, disabled from changes... ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request(a)csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request(a)csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe(a)csl.sri.com or risks-unsubscribe(a)csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall(a)newcastle.ac.uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks(a)CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.51 ************************

1 0

Feds Arrest Alleged Top Silk Road Drug Seller
by Eugen Leitl 08 Oct '13

08 Oct '13

https://krebsonsecurity.com/2013/10/feds-arrest-alleged-top-silk-road-drug-… Feds Arrest Alleged Top Silk Road Drug Seller Federal authorities last week arrested a Washington state man accused of being one of the most active and sought-after drug dealers on the online black market known as the “Silk Road.” Meanwhile, new details about the recent coordinated takedown of the Silk Road became public, as other former buyers and sellers on the fraud bazaar pondered who might be next and whether competing online drug markets will move in to fill the void. NOD's feedback from Silk Road buyers, according to the government. A complaint unsealed Oct. 2 by the U.S. District Court for the Western District of Washington at Seattle alleges that Steven Lloyd Sadler, 40, of Bellevue, Wash., used the nickname “NOD” on the Silk Road, and was among the “top one percent of sellers” on the Silk Road, selling high-quality cocaine, heroin and methamphetamine in small, individual-use amounts to hundreds of buyers around the world. Investigators with the FBI and U.S. Post Office inspectors say they tracked dozens of packages containing drugs allegedly shipped by Sadler and a woman who was living with him at the time of his arrest. Authorities tied Sadler to the Silk Road after intercepting a package of cocaine and heroin destined for an Alaskan resident. That resident agreed to cooperate with authorities in the hopes of reducing his own sentence, and said he’d purchased the drugs from NOD via the Silk Road. Agents in Seattle sought and were granted permission to place GPS tracking devices on Sadler’s car and that of his roommate, Jenna White, also charged in this case. Investigators allege that the tracking showed the two traveled to at least 38 post offices in the Seattle area during the surveillance period. Interestingly, the investigators used the feedback on NOD’s Silk Road seller profile to get a sense of the volume of drugs he sold. Much like eBay sellers, merchants on the Silk Road are evaluated by previous buyers, who are encouraged to leave feedback about the quality of the seller’s goods and services. According to the government, NOD had 1,400 reviews for individual sales/purchases of small amounts of drugs, including: 2,269.5 grams of cocaine, 593 grams of heroin and 105 grams of meth. The complaint notes that these amounts don’t count sales going back more than five months prior to the investigation, when NOD first created his Silk Road vendor account. Cryptome has published a copy of the complaint (PDF) against Sadler. A copy of Sadler’s case docket is here. NOD’s reputation on the Silk Road also was discussed for several months on this Reddit thread. Many readers of last week’s story on the Silk Road takedown have been asking what is known about the locations of the Silk Road servers that were copied by the FBI. It’s still unclear how agents gained access to those servers, but a civil forfeiture complaint released by the Justice Department shows that they were aware of five, geographically dispersed servers that were supporting the Silk Road, either by directly hosting the site and/or hosting the Bitcoin wallets that the Silk Road maintains for buyers and sellers. Two of those servers were located in Iceland, one in Latvia, another in Switzerland, and apparently one in the United States. See the map above. As if the subset of Bitcoin users who frequented the Silk Road already didn’t have enough to worry about, there are indications that the individual(s) responsible for creating a competing Tor-based drug market — SheepMarketplace — may have made some missteps that could make it easier for authorities to discover the true location of that fraud bazaar as well. Check out this Reddit thread for more on that. Also, there are some indications that a Silk Road 2.0 is in the works, at least according to DailyGadgetry.com. If that doesn’t work out, perhaps would-be future Dread Pirate Robertses will turn to Bitwasp, a budding Github project which aims to provide open source code for setting up standalone markets using Bitcoin. “I think what you’re going to see is that a lot of me-too communities spring up and get squished pretty quickly,” said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at University of California San Diego. “Part of the reason why the Silk Road was so useful was that it was so popular, and a half dozen smaller markets could be far less efficient than these larger markets. But personally, I’m betting we’ll soon see a fair number of them.” Finally, it seems a large number of Bitcoin users have been spending tiny fractions of their coinage to send messages to the FBI’s Bitcoin address on Blockchain. Some of the love letters to the FBI are amusing, such as, “All your Bitcoins are belong to us,” while others sound a defiant tone, including this one: ”One star is born as another fades away. Which one will come next? is my favorite riddle.” Said a girl puffing rings in a dot, dot, dash haze. “No worry, No hurry. They can’t stop the signal.” Update, Oct. 8, 2013: The BBC is reporting that four men have been arrested in the U.K. for alleged drug offenses on the Silk Road, and that more arrests are expected in the coming weeks. The BBC quotes the U.K. National Crime Agency as saying such sites would are a “key priority.”

3 2

Re: [tor-talk] Silk Road taken down by FBI
by Eugen Leitl 08 Oct '13

08 Oct '13

----- Forwarded message from mirimir <mirimir(a)riseup.net> ----- Date: Thu, 03 Oct 2013 20:58:57 +0000 From: mirimir <mirimir(a)riseup.net> To: tor-talk(a)lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: <524DDA91.30008(a)riseup.net> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: tor-talk(a)lists.torproject.org On 10/03/2013 05:49 PM, Ahmed Hassan wrote: > One question is still remain unanswered. How did they locate > Silkroad server before locating him? > > They had full image of the server before his arrest. >From <http://www.bbc.co.uk/news/technology-24371894> we know: > According to the court complaint document, it was the discovery of > the rossulbricht(a)gmail.com email address that gave investigators a > major boost in their search. > > Through records "obtained from Google", details of IP addresses - and > therefore locations - used to log into Mr Ulbricht's account focused > the search on San Francisco, specifically an internet cafe on Laguna > Street. > > Furthermore, detailed analysis of Silk Road's source code highlighted > a function that restricted who was able to log in to control the > site, locking it down to just one IP address. > > As would be expected, Dread Pirate Roberts was using a VPN - virtual > private network - to generate a "false" IP address, designed to cover > his tracks. > > However, the provider of the VPN was subpoenaed by the FBI. > > While efforts had been made by DPR to delete data, the VPN server's > records showed a user logged in from an internet cafe just 500 yards > from an address on Hickory Street, known to be the home of a close > friend of Mr Ulbricht's, and a location that had also been used to > log in to the Gmail account. > > At this point in the investigation, these clues, investigators > concluded, were enough to suggest that Mr Ulbricht and DPR - if not > the same person - were at the very least in the same location at the > same time. So they did have the server before they knew who he was. We also knew that he was sold out by his VPN provider. Hopefully, the identity of that VPN provider will come out soon. Given what I see in the complaints, I suspect that he was sold out by one of his administrators, perhaps the one (with a huge drug debt) that he tried to have killed. This is rather like Snowden, isn't it? More fundamentally, a business built around selling drugs by mail to customers' actual physical addresses was doomed. Anonymity in the physical world is much^N harder than on the Internet. > On Thu, Oct 3, 2013 at 1:26 PM, shadowOps07 <shadow.unit.x(a)gmail.com> > wrote: > >> No, it was a rookie fuck-up that enabled old-fashioned detective >> work. if it wasn't a fookie fuck-up, then none of this would have >> happened. >> >> >> On Thu, Oct 3, 2013 at 11:15 AM, Gordon Morehouse >> <gordon(a)morehouse.me >>> wrote: >> > Jonathan D. Proulx: >>>>> 2) Traditional police work still works - this should be good >>>>> news to the law and order folks that traditional methods >>>>> still work and no extensive digital survailance state is >>>>> needed. >>>>> >>>>> Note I'm only anecdotally familiar with Silk Road so no >>>>> personal opinion on wether he should be praised or flogged, I >>>>> do think in a "dear legislator please don't ban privacy" >>>>> kindof way point 2 is important. > > A trillion times, this. > > I knew Silk Road would very likely get busted by good old fashioned > police work. It was too big to not leave trails that smart, > patient, Bill-of-Rights-respecting (though that remains to be seen) > cops can pick up. > > Best, -Gordon M. > >>> -- tor-talk mailing list - tor-talk(a)lists.torproject.org To >>> unsusbscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>> >> -- tor-talk mailing list - tor-talk(a)lists.torproject.org To >> unsusbscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> -- tor-talk mailing list - tor-talk(a)lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

5 7