how to use Tor securely (Re: Silk Road founder arrested ...)

[James A. Donald]

On 2013-10-05 04:49, Andy Isaacson wrote:
> On Fri, Oct 04, 2013 at 08:16:48PM +1000, James A. Donald wrote:
>> Two security failures:  The feds were able to find the Tor hidden
>> web server, and, having found it, there was information on the web
>> server that should not have been there.
>
> Note that this thread has meandered around, discussed several different
> security failures, and you seem to be returning to the Silk Road one.
>
>> My understanding is that they found a bunch of Tor machines,
>
> I don't see any evidence or claim that the investigation touched,
> investigated, or influenced any Tor relays in the published documents
> about the Silk Road arrest.  Do you have any basis for this
> understanding?
>
> (BTW, it's *very* easy to "find a bunch of Tor machines", most of the
> Tor relays' IPs are listed in the public "consensus".)
>
>> installed malware by means of rubber hoses,
>
> Again, I see no published claim that any malware was used in this
> investigation, nor that the investigators had to lean on anyone (much
> less torture them, as the phrase "rubber hose" indicates) to install
> malware.

Freedom hosting was forced to install malware on servers, which attacked 
the browsers used by tor clients.

This attack did not itself directly expose Silk Road, but Silk Road was 
successfully attacked at about the same time, so, possibly part of the 
same operation.

Silk Road was directly attacked by malware - they issued numerous 
complaints about this, and were repeatedly taken down by malware.  This 
happened at about the same time as the Freedom Hosting malware, though 
there is no direct evidence of a direct connection, other than timing 
and modus operandi.

Simply generating huge amounts of spam and firing it off at Silk Road 
from time to time would enable a correlation attack.  We know, however, 
that Silk Road was attacked both by huge amounts of spam, and malware.