On 2013-10-06 22:28, Eugen Leitl wrote:
----- Forwarded message from mirimir <mirimir@riseup.net> -----
Date: Thu, 03 Oct 2013 20:58:57 +0000 From: mirimir <mirimir@riseup.net> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: <524DDA91.30008@riseup.net> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: tor-talk@lists.torproject.org
On 10/03/2013 05:49 PM, Ahmed Hassan wrote:
One question is still remain unanswered. How did they locate Silkroad server before locating him?
They had full image of the server before his arrest.
Suppose someone is operating a big server that handles lots of traffic. From time to time, you storm that server with spam. NSA observes the corresponding traffic surges. Statistical correlation between spam attacks and data flow eventually reveals the server. We know silk road was attacked with spam and malware. That it was attacked with spam, suggests that malware did not suffice.