Re: [tor-talk] Silk Road taken down by FBI
----- Forwarded message from mirimir <mirimir@riseup.net> ----- Date: Thu, 03 Oct 2013 20:58:57 +0000 From: mirimir <mirimir@riseup.net> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: <524DDA91.30008@riseup.net> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: tor-talk@lists.torproject.org On 10/03/2013 05:49 PM, Ahmed Hassan wrote:
From <http://www.bbc.co.uk/news/technology-24371894> we know:
So they did have the server before they knew who he was. We also knew that he was sold out by his VPN provider. Hopefully, the identity of that VPN provider will come out soon. Given what I see in the complaints, I suspect that he was sold out by one of his administrators, perhaps the one (with a huge drug debt) that he tried to have killed. This is rather like Snowden, isn't it? More fundamentally, a business built around selling drugs by mail to customers' actual physical addresses was doomed. Anonymity in the physical world is much^N harder than on the Internet.
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
This October 2, 2013, complaint describes US officials tracking a Silk Road narcotics vendor on- and off-line: http://cryptome.org/2013/10/sadler-white-complaint.pdf
On 2013-10-06 22:28, Eugen Leitl wrote:
Suppose someone is operating a big server that handles lots of traffic. From time to time, you storm that server with spam. NSA observes the corresponding traffic surges. Statistical correlation between spam attacks and data flow eventually reveals the server. We know silk road was attacked with spam and malware. That it was attacked with spam, suggests that malware did not suffice.
On Mon, Oct 07, 2013 at 05:55:02AM +1000, James A. Donald wrote:
We know silk road was attacked with spam and malware. That it was
We know that Freedom Hosting platform was compromised, and dropped malware via a known vulnerability in the TBB. We do not know how exactly TSR was taken down. There are reasons to suspect that the official story might be a parallel construct.
attacked with spam, suggests that malware did not suffice.
The rise in Tor traffic well predates the events, and seems to be entirely attributable to C&C traffic of a botnet.
On Mon, Oct 07, 2013 at 06:01:00AM -0300, Juan Garofalo wrote:
But that doesn't explain how freedom hosting itself was found in the first place, does it?
Let's say you run a piece of buggy PHP code as a hidden service, on a mass hoster allowing easy signups and installation of own code, with no hard separation of service hosted, and possibly not even firewall the VM traffic, forcing it through Tor. While it's possible they knew the physical host already, there are certainly far easier ways to nail your ass, given the above. It would be interesting to post a hidden service with actionable content as a honeypot with everything done right, to see what the parallel construct story would emerge. No, I'm not volunteering.
--On Monday, October 07, 2013 11:25 AM +0200 Eugen Leitl <eugen@leitl.org> wrote:
That is possible, but is there evidence of that actually happening, in the case of freedom hosting? Hadn't fh been running for a couple of years, like silk road? (or more?) - If fh's security was so lousy the so called authorities should have got him (way) sooner?
Yes, I realize that pwning the server through a PHP exploit or the like is far easier - The main reason I see that explanation as not fully satisfactory is that the attack (if it was possible) was not tried sooner.
Indeed.
No, I'm not volunteering.
hehe =)
On Tue, 2013-10-08 at 05:22 -0300, Juan Garofalo wrote:
The Wired articles mention that the FBI and the operator "struggled for control of the servers" by changing passwords on each other. You're ignoring the fact that once a server is exploited, it's an unbounded road from there to actionable, convictable evidence. Suppose the Freedom Hosting operator only ever logged in via SSH over another hidden service endpoint. How would the FBI find him? What if the servers they compromised were VMs with traffic forced through Tor? What if they were some other crazy configuration dreamed up by someone hosting a hidden service hosting service? For DPR, we know he got lazy, and more than that, that he was extremely sloppy. I'd bet that the Freedom Hosting guy was a similar situation. There are plenty of illegal *websites* that haven't been busted yet. -- Sent from Ubuntu
participants (5)
-
Eugen Leitl -
James A. Donald -
John Young -
Juan Garofalo -
Ted Smith