----- Forwarded message from mirimir <mirimir@riseup.net> ----- Date: Thu, 03 Oct 2013 20:58:57 +0000 From: mirimir <mirimir@riseup.net> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: <524DDA91.30008@riseup.net> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: tor-talk@lists.torproject.org On 10/03/2013 05:49 PM, Ahmed Hassan wrote:
One question is still remain unanswered. How did they locate Silkroad server before locating him?
They had full image of the server before his arrest.
From <http://www.bbc.co.uk/news/technology-24371894> we know:
According to the court complaint document, it was the discovery of the rossulbricht@gmail.com email address that gave investigators a major boost in their search.
Through records "obtained from Google", details of IP addresses - and therefore locations - used to log into Mr Ulbricht's account focused the search on San Francisco, specifically an internet cafe on Laguna Street.
Furthermore, detailed analysis of Silk Road's source code highlighted a function that restricted who was able to log in to control the site, locking it down to just one IP address.
As would be expected, Dread Pirate Roberts was using a VPN - virtual private network - to generate a "false" IP address, designed to cover his tracks.
However, the provider of the VPN was subpoenaed by the FBI.
While efforts had been made by DPR to delete data, the VPN server's records showed a user logged in from an internet cafe just 500 yards from an address on Hickory Street, known to be the home of a close friend of Mr Ulbricht's, and a location that had also been used to log in to the Gmail account.
At this point in the investigation, these clues, investigators concluded, were enough to suggest that Mr Ulbricht and DPR - if not the same person - were at the very least in the same location at the same time.
So they did have the server before they knew who he was. We also knew that he was sold out by his VPN provider. Hopefully, the identity of that VPN provider will come out soon. Given what I see in the complaints, I suspect that he was sold out by one of his administrators, perhaps the one (with a huge drug debt) that he tried to have killed. This is rather like Snowden, isn't it? More fundamentally, a business built around selling drugs by mail to customers' actual physical addresses was doomed. Anonymity in the physical world is much^N harder than on the Internet.
On Thu, Oct 3, 2013 at 1:26 PM, shadowOps07 <shadow.unit.x@gmail.com> wrote:
No, it was a rookie fuck-up that enabled old-fashioned detective work. if it wasn't a fookie fuck-up, then none of this would have happened.
On Thu, Oct 3, 2013 at 11:15 AM, Gordon Morehouse <gordon@morehouse.me
wrote:
Jonathan D. Proulx:
2) Traditional police work still works - this should be good news to the law and order folks that traditional methods still work and no extensive digital survailance state is needed.
Note I'm only anecdotally familiar with Silk Road so no personal opinion on wether he should be praised or flogged, I do think in a "dear legislator please don't ban privacy" kindof way point 2 is important.
A trillion times, this.
I knew Silk Road would very likely get busted by good old fashioned police work. It was too big to not leave trails that smart, patient, Bill-of-Rights-respecting (though that remains to be seen) cops can pick up.
Best, -Gordon M.
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5