On Fri, Oct 04, 2013 at 08:16:48PM +1000, James A. Donald wrote:
Two security failures: The feds were able to find the Tor hidden web server, and, having found it, there was information on the web server that should not have been there.
Note that this thread has meandered around, discussed several different security failures, and you seem to be returning to the Silk Road one.
My understanding is that they found a bunch of Tor machines,
I don't see any evidence or claim that the investigation touched, investigated, or influenced any Tor relays in the published documents about the Silk Road arrest. Do you have any basis for this understanding? (BTW, it's *very* easy to "find a bunch of Tor machines", most of the Tor relays' IPs are listed in the public "consensus".)
installed malware by means of rubber hoses,
Again, I see no published claim that any malware was used in this investigation, nor that the investigators had to lean on anyone (much less torture them, as the phrase "rubber hose" indicates) to install malware.
and thus located the Silk Road hidden web server.
The complaint and the indictment are stunningly silent on that part of the investigation, and the press coverage I've seen also doesn't shed much light on exactly how the machine in "a certain foreign country" was located. A few possibilities have been raised: - an investigator exploited the Silk Road software stack via its public web UI and caused the server to disclose its IP by connecting to a service outside of Tor. This seems quite plausible, to me. - the investigation already had Ulbricht targeted, but without a smoking gun, and watched his SSH traffic using a standard wiretapping warrant. This should have shown up in the arrest complaint if so. - a NSA/GCHQ capture was used to locate the server, and the public disclosure so far is an example of "parallel construction". - a vulnerability in the Tor network let the investigators find the server, possibly assisted by the investigators running some number of Tor relays. - the IP was known to any of the several criminal elements known to be interested in Silk Road, and the investigators got it as part of a deal (to drop another investigation, or harass someone's enemy, or similar). Given the shoddy quality of the rest of Ulbricht's security posture, I strongly suspect that a "phone home" vuln in the SR server was the trigger. "Never trust anyone who's programming language of choice is PHP." -andy